Tech companies: you have 63 days to make these 5 changes to protect your users before Trump is sworn in

Using the data is one thing. Abusing it is another. Lots of evidence of the former, is there evidence of the latter?

What kind of evidence will you accept for secret and hidden spy programs? Snowden wasn’t enough?

4 Likes

What is the difference between #4 and #5? Is there a transit that doesn’t involve sending data from one end to another end, or a case where data is somehow going ‘end-to-end’ that doesn’t involve transit between those ends?

Re: #3, I think a better (although more difficult) suggestion would be to implement a clear data retention or data lifetime policy that defines what data is kept and how long (ex: former revisions of content are preserved until the content is deleted, error/activity logs are deleted after 30 days, deactivated accounts are deleted after 3 months except that the username stays on a list of ‘previously-used usernames’, etc.) - but that requires thinking about what you need to keep and why, as well as for how long.

the reasons would be slightly more abstract, but certainly no less desirable. i can’t tell if i’m being baited.

https is strong encryption, and you use it all the time. it may be a big red flag, but it’s a big red flag on nearly all communication, so it creates a bit of a needle-in-a-haystack problem.

2 Likes

“Staffed” is less important than “owned”. And even amongst the staff, the techworld’s version of “liberal” tends to be “socially tolerant hyper capitalist”.

Expecting Google and Facebook to protect you from Trump is rather akin to trusting in the social conscience of BMW and Bayer.

2 Likes

Related:

The modern political situation (preceding Trump; it was bad enough already) renders online radicalism actively dangerous. Talk on the net about anything that opposes the powers that be, and the intelligence agencies will record it.

So, if you plan on actually doing something: delete your account. Shut up. Online communication is a trap; don’t use it.

However…my personal skills are pretty much the opposite of what you’d want in a revolutionary. I’m an Aspie; I am ridiculously bad at concealing deception, and very easy to deceive. I can spot bullshit at a distance, but in person I’m a prime-grade sucker. Any revolutionary movement that includes me is going to be infiltrated by the secret police within milliseconds.

So: I’m a useless revolutionary. Getting personally involved would be actively counterproductive.

So what can I do?

Chaff.

Talk loudly and openly online about politics, while staying away from it in meatspace. Make the secret police waste their time investigating ineffective ol’ me, while the less-incompetent folks are hopefully achieving something in the shadows.

It ain’t much, but it’s all I’ve got.

6 Likes

It’ll do. :slight_smile:

2 Likes

I think it’s a mistake to characterise all digital communications this way. It is largely true of “the internet”, which was not designed to be secure, and is largely compromised. But this says nothing of “the alternet” of making other kinds of digital networks and protocols. As a public forum, the internet is still useful, just not for strategic or tactical specifics.

even better: a needle-in-a-needlestack problem. because good encryption is highly entropic everything looks the same from the outside (ignoring meta data like communication partners etc)

1 Like

You aren’t.

Snowden leaked lots of stuff about the government’s collection and use of data, but I don’t remember any reports of large-scale abuse of data.

Item 4, “In-transit” refers to the Internet packet protocol: they want every site using HTTPS instead of HTTP, and not just on e-commerce transactions. Google is already trying to push sites to use this if they want a better ranking, although not for the exact reason the EFF wants it.

Additionally, the EFF wants companies to give end-users the option to (#5) encrypt the content of their private messages to others, if not make it a default. For example, they’d like an easy-to-use built-in option for an e-mail user to place public key encryption on a message or, better yet, have that feature enabled by default for any message sent. Another example might be making Whatsapp automatically encrypt its text messages like Signal Private Messenger does instead of sending them in cleartext. I doubt any of that can be implemented and rolled out on a mass scale in under two months unless a company has serious resources to throw at it.

With both in place, you’re sending an encrypted message (#5, roughly equivalent to “content”) over an encrypted transfer protocol (#4, very roughly equivalent to “carriage”). That makes it more difficult for the message to be intercepted en-route, and to be decoded if it is – especially if millions of others are doing both, too.

You aren’t, or at least not competently.

3 Likes

When does rhetoric and agenda have to be based on reality?

2 Likes

That has little to do with the earlier do-no-evil policies that appear to have disappeared into the aether over the last 10 years.

2 Likes

Citation needed? That certainly doesn’t match my lived experience of 20+ years in the industry. I meet far fewer libertarians than I do normal progressives.

Good thing Google and Facebook aren’t the entirety of the tech sector then?

Google is not “most tech companies” and the constant conflation of Google with the entire tech sector is sadly amusing. Google is an advertising company.

That said, I’ve rarely met a libertarian Googler and I used to eat lunch their daily for my work.

You think that things like PRISM aren’t inherently “abuse?” Hell, even Congress said that the NSA probably broke the law.

The thing about secret programs is that they are…secret. I’m glad you’re willing to trust the NSA though.

They had private Ron Paul rallies, I find the nonexistence of Libertarians working there to be doubtful.

1 Like

I didn’t say “nonexistience” but I do find the implicit assumption that folks who only seem to know people at tech companies (especially Silicon Valley ones) from reading news stories that tech folks are all Libertarians to be sadly deficient. Folks should look at the financial contributions of companies and their members to progressive causes or even the Democrats and compare it to their Libertarian donations.

For example, Microsoft was the bluest of the Blue companies I’ve ever been around. Democrats through and through except for a small contingent of conservative ex-military folks in a few places.