Fact is, dealing with your privacy protection is an impossible task.
First, even if you lead a simple life, you’re probably going to be dealing with dozens of different organizations each with their own privacy agreement written in difficult-to-understand legalese, several pages long, which the organization reserves the right to reword whenever they feel like. Who has time to keep up with that?
Second, it’s not even clear whether taking the proper steps to opt out of their data sharing makes any difference at all. It’s not like you have any way of monitoring the proper safeguarding of your data and violations of your agreement. Even if you could prove someone broke the privacy agreement, what sort of penalty could you exert? Most of the time, you’ll be offered credit monitoring services for a few years, but what good is that going to do against advertisers or foreign governments? And if an organization goes bankrupt, quite often your data gets purchased by someone else to whom you have no agreement or control over and there doesn’t seem to be anything you can do about it.
Without even trying to hint that BB has unusually invasive practices in this regard for its size, here’s where a little self-disclosure in context could go a long way. Put this in context for the people reading this on your website. What sorts of things do you know/track/see/think/remember/care about with respect to us?
I would genuinely appreciate knowing that, in a fashion other than what might be gleaned from a close reading of some fine print somewhere–although I can appreciate that you’ve tried to make your fine print readable. But no matter how accessible the language you use to talk about this or that third-party data analytics sharing arrangement, it becomes difficult to comprehend for people who aren’t steeped in the business end of the internet. Can you explain it as thoroughly and as accessibly as you might explain the plot of a cool YA science fiction story?
For example, and this is ultra-trivial, but I remember Antinous (of blessed memory) sarcastically apologizing to a commenter for having to live in the location that the commenter’s IP address pointed to. Of course I already knew that incoming IP addresses were basically visible to people at the other end, and I suppose it followed that Antinous (whoever or whatever s/he ultimately was to the site) could have access to that information, but it was kind of amazing, in a jarring sort of way, to see that so openly turned back on a user. Yet that’s not a very common sort of omission–and I think the average web-surfer could be forgiven for forgetting that people really are peering out at her from the Panopticon.
I assume, if only because there’s been no reason not to, that BB does nothing unusually shady or invasive for a website of its traffic and for-profit status. In other words, this isn’t a “gotcha!” question–I’ve already made my peace with the baseline. But how about a look at what it means from the perspective of people who, however fully disclosed, are collecting data on us from cookies and analytics and whatever else?
we can choose to give an app access to our data, or we can choose not to install the app – but we can’t choose to install the app and then block or spoof its attempts to pull that information from our devices.
This is not entirely correct, for Android there is XPrivacy - https://play.google.com/store/apps/details?id=biz.bokhorst.xprivacy.installer
Granted, it’s only going to be usable to a small subset of people that have a recent version of Android and a rooted device. But, I enjoy knowing that I’m sending back random information.
Well, I think that’s part of the problem there- The knowledge barrier to even attempting to control your data.
I mean, I’m not a programmer, but I’m reasonably computer savvy- I know how to maintain my machines, install hardware and drivers, troubleshoot basic problems, use 5 different OSs every day, and know enough HTML and CGI to be able to put together a nice website from scratch or Drupal. By no means an expert, but I feel confident saying that I know how to use a computer.*
I never heard of XPrivacy. I have no idea how I would even learn how to root my phone, and I’m worried it would impair my ability to use the two pieces of software I bought the phone to run in the first place. I’ve actually tentatively looked into it, and here’s a major problem: I don’t know enough about programming or hacking to even tell which instructional sites are legitimate, let alone how to fix it if I screw up.
It’s a paradox I’ve run into before in other contexts: When the degree of knowledge you need in order to determine whether someone will be a worthwhile teacher, is itself enough knowledge that you no longer need that teacher.
And the thing is, I’m sure I could learn programming, but it would mean taking time away from making music, running my business(es), and my charity work- Which my day job is already cutting into more than I can really manage.
So, what to do?
*Seriously, follow that link. It’s a great and depressing article.
This is a big one a lot of Android hackers completely neglect. For a lot of (non-Nexus) phones, the process to root them is “Hey, run this random binary that I (some random from the Internet) made on your computer and/or phone, that uses a security exploit to get root access! I totally promise I won’t take advantage of that at all!” Not to mention that most ROMs, even CyanogenMod, are either impossible or at the least extremely difficult to download securely compared to good practice in the GNU/Linux world.
I actually came here to discuss part of this. Here’s a list of 3rd party domains that execute JavaScript on the very page that contains Cory’s writeup:
- scorecardresearch.com
- quantserve.com
- embedly.com
- wp.com
- google.com
- googleapis.com
- googletagservices.com
- google-analytics.com
Some of these plainly exist only for the purpose of tracking users. google-analytics.com and scorecardresearch.com have no place executing on an article about privacy.
Awesome link! 2 observations.
There was never a time when 95% of computer users were computer literate in the sense the author mentions.
If Powershell makes you feel like a hacker then listening to Taylor Swift makes you feel like a gangster. 
I love that this article gets right to the problem, that we willingly give our private data to strangers. However, the piecemeal solutions cited only make it seem more hopeless that anyone could ever fight back.
I’ve been working to define a much broader approach that addresses the question directly, and relieves you from giving anything away going forward. I call it a cloudspace, and it’s a new default destination for all your data. With a set of communication APIs on top, it does everything that Facebook (and any other collect/share-based service) does, except privately and securely.
Read more at www.arthurfontaine.com. I’d love to hear folks who are serious about this topic give feedback on its practicability.
Thank you- That’s EXACTLY what I’m talking about.
Great conversation about this complicated issues. As many of you mention, it’s a pipe dream to expect average consumers to understand A. What’s at risk and B. How to protect themselves.
I talk about how we’ve been complicit with advertisers in creating our digital souls AND how to protect them in a recent TEDx, link here: https://bitly.com/1R3pOF1
In a nutshell, my gripe is not with commercial actors (it’s the use of consumer data in marketing that has made our lives arguably better). Rather, I’m concerned that by hitting “accept and continue” for 15 years, we’ve helped law enforcement gain access to intimate information about us from a VERY small, accessible set of sources (through the backdoor, if necessary).
I’m excited by tech solutions to the problem that protect our privacy AND keep commerce moving. I’m going to check out @afontaine’s work. I might also suggest checking out YouBase as a blockchain/encrypted/distributed ID provider. Check out their white paper, here: paper.youbase.io/content/
Creating a secure ID system won’t be hard. Giving advertisers enough info about consumers so that they can target us WELL and ANONYMOUSLY is a completely different story in terms of technology, performance, and bringing it to market. Would love to hear what others thing. Find me on Twitter @petergenuardi.
This topic was automatically closed after 5 days. New replies are no longer allowed.
