Yeah, except that's not what I said though, was it?
I said that the majority of issues that you pointed out were user driven, that's all. I've also said, very clearly that I realise that there will always be some level of loss and that we cannot account for illegal behaviour, and for that matter, the powers of the state, even when used legally.
So...user driven, except when it's not?
The "when its not" component is an exceptionally fast growing segment. Its faster than people can keep up with and is ever more weighted to this default position. Device ID capture is a perfect example of this. You cannot opt in/out of that if you own a smart phone.
Again, what I am trying to do, is find a line between protecting privacy where it can be protected and accepting loss where it cannot.
Your point was that if you use a smart phone there is nothing you can do because it's "game over". My response, so far is, that almost everything you've pointed out can be managed.
Game Over is clearly a hyperbolic comment, but its not far from the truth. While almost everything ive pointed out can be "managed", it rarely is. Or is managed by those like yourself that care. The problem is the less people care, the less need/market there it to keep working on stuff for people that do care. Its obvious from the behaviors of the vast majority of users and generational changes what direction were moving in - hence Game Over.
Yep, user behaviour, laziness, apathy, convenience, etc. All issues that are up to the user.
Yep AKA the majority of users. Soon to be a bigger majority as a generation of users passes.
Sorry, that is inaccurate:
Signal periodically sends truncated cryptographically hashed phone numbers for contact discovery. Names are never transmitted, and the information is not stored on the servers. The sesrver responds with the contacts that are Signal user and then immediately discards this information. Your phone now knows which of your contacts is a Signal user and notifies you if your contact just started using Signal.
Also
: Privacy of user data. Signal does not sell, rent or monetize your personal data or content in any way – ever.
You can read their privacy policy here
: https://www.signal.org/legal/#privacy-policy
so Signal periodically access your device (because it doesn't store data on servers) to collect information, that data goes to a server to get matched with other data and then send matches back to the relevant devices, then deletes the records of this matching? Right. SO you're saying you cant build an association map from this? Its basically mapping associations every time it does this! We have to take their word that they just delete the data afterwards. Yeah even if I buy that their data is deleted, that could change either at a company policy level or directed by a government. I know that sounds tinfoil hat like, but again, its happened before and happens all over the world, so I sort of feel like trusting companies to do what they say with data is a 50/50 gamble most days.
And sure, say we trust them. Their ethos/mission statement is pure. For now.
Google also started with the mission statement of "do no evil". While I don't think not paying taxes for large wads of profit is strictly "evil", or sniffing wifi addresses from your street view cars is "evil" it certainly isn't pure. Google as you know has lots of questionable activities, often in the name of progress. Like I said. Money is a powerful motivator to do the wrong thing. Or at least the thing that's kinda cool, but might not be great for everyone. That's kinda "soft evil" in my book.
If privacy laws are changed by governments requiring tech companies to share certain data sets, fat lot of good a company's position on the matter would be. Or like the US government, you can ignore a whole bunch of laws you made because they don't suit you and just take what you want when you want. Apologise later. The NSA still exists and it still does what it was doing before snowden, the difference is now there's PR, there's some dressed up accountability controls (which we'd never know if they are operating effectively or not, because you know, matters of national security) etc.
Signal requests permissions to enable certain features, such as sharing a photo or displaying your contacts. You can verify how these permissions are used by looking through the source code. Signal...
support.signal.org
Take a quick look as the permissions you give signal when you use it. It's probably no different than any other messaging app. You are giving it effective full access to everything on your phone including location/gps data. Mull that over the list a bit, then consider the below.
In the permissions, you might notice something I've been banging on about - •
read phone status and identity -
Allows Signal to determine your phone number and Device ID. These are used to register for Signal.
So while no messaging data is stored or number (or is it stored, dunno, the messaging seems conflicted) or names, what is stored with your signal registration is your Device ID. It shows the Signal network that you're an authorised network user. Cryptohashed or not, Signal knows who you and the rest of its users are, explicitly, all the time. Combine that with all the other Device ID data you can just buy openly and legaly, what do you have? You have a company that can easily generate and sell insights. Worst is, to them those insights are identifiable on the individual level.
At the risk of repeating myself, I am aware of how the ecosystem works around the monetisation of data.
I think you demonstrate a good understanding of it, but i think there are also gaps in your broader understanding of it. i.e. Device ID and what it means for privacy and data collection/monetisation seems to have been completely missed in your earlier points.
This is a moving target. When device id become the next privacy crusader target (which it has somewhat not surprisingly), expect the industry to pivot, just like the reserch chem drug market. Its simply too good to let go of.
Google almost had a monopoly on Device ID because it gave all these phone manufacturers Android for free. But it wasn't really free, see? It gave Google the ability to geofence all users by name and location and expand its advertising capabilities an away that was unimaginable at the time. Now that other companies have identified ways to make Device ID useful to them, its cutting into google advertising revenue. Would you believe it's Google now that is leading the charge to break how Device ID is/can be used? Google developed a product soo good, that others started exploiting it taking money away from google, now google is trying to break the system it created. Do no Evil, huh. They have something else on the boil. You can smell it. The hypocritical thing is that Google is posturing like it didn't create the market for device id exploitation.
Yep, as mentioned, ensuring privacy requires continued effort to ensure awareness and nothing can account for illegal behavior.
At the risk of repeating MYself, continued effort is not the name of the game. Convenience is. The majority of users are becoming less concerned with privacy. That's not an opinion either.
Yes, and that's a very interesting discussion to have. I do not agree that there is nothing you can do about it, even if for the simple logic that if great minds can develop a pro-tech, great minds can also develop anti-tech. The initiative is with the pro-tech, of course, but if we gave in to the pro-tech without any effort, we would not have systems like missile defense, anti-submarine warfare or anti-virus software. None of this stuff is water tight, of course, nothing is. But it does provide a level of safety and risk management.
You could live in a faraday cage if you wanted actual privacy?
As you rightly point out the initiative is clearly moving in one direction. Great minds are progressing the human race and its technology and its been doing it for decades without checking in for permission (for the most part). Privacy has been and will continue to be a casualty of the progress we make in technology. We've seen it eroded, ignored by governments while waving a progressive privacy stance flag forever and a day. You have to admit, we have less privacy today than we did 10 years ago. Why is that?
Reckon we'll just some how go back to pre internet levels of privacy or do you think its more likely the various classifications of data change to make less things classified as sensitive or worthy of being considered private?
Of course, there are limits to what we can know and protect against. But that still doesn't convince me that there is no point doing what you can.
Do what you can. Its your prerogative. I support your right to do whatever you feel like with your devices. I'm just here to tell you your devices are doing a whole bunch of shit you didn't know about that you have zero control over. And the thing is, no one is actually hiding it.
But to forge something like a free streaming service because of privacy concerns about signing in etc. seems a bit misguided in the big picture. You miss all the great programing and you don't really prevent collection of anything that likely hasn't been collected in some other way already.
www.adcellerant.com
