For one example, we saw with Cambridge Analytica that political advertising can be tuned to your personal hot button issues. Those worried by immigration can be sent an outright (and outrageous) lie that remaining in the EU will result in all of Turkey moving to the UK. Those with different interests/concerns got different ads.

Turns out many of them were illegal too. No one knew until too late because it was invisible to all except the advertiser, Facebook (in this case) and recipient.

Until it becomes visible - it's really hard to make people care, or realise. Perhaps a few on the receiving end of the brexit/CA issue realised, if they remember the ads they saw, and read one of the many follow up stories. Like anything algorithmic, unless you a-b test how do you know what you saw that others didn't, what you aren't seeing, or where it discriminates?

Keep this up and we could easily lose most of the progress of the 20th century, invisibly.

And is this not what happens traditionally as well? Politicians give different speeches to different audiences. Candidates before election talk very differently to various groups of demographies. Candidates who meet individual voters on market squares and public places obviously try to find out which of the voter's wires are hot and try to deliberately connect on those levels that are meaningful to the potential voter.

The structure and interpretation of politicians predates internet and digital surveillance. "If you have to say it, it's not true" applies very well to politicians and especially to political advertisement no matter if it's targetted or general.

That's becuase, in terms of consent, you're consenting to such actions by going out to the public square. You're not knowingly consenting to your life's history being sold and traded on a black market that's then used to target you for such speeches when browsing on the internet.

For your analogy to be comparative to what's going on, you should, instead, think of it in terms of a politician showing up to solely your house because you're the sole democrat in a republican city in, say, Texas. (This demonstration based on the fact that this is an American board.) This could be easily inferred from your social media, browsing history, metadata collected by the government, etc.

EDIT: Not saying the argument is incorrect, just that it will not convince the public.

I wasn't making an argument, I was redressing the logical fallacy of the parent comment.

>the public will say that they will trust their own judgement

The public trusted it's own judgement before, during, and after the civil rights movement and that didn't really work-out too well in the public's favour, did it?

>...and that they are simply not susceptible to lies by politicians...

(Since this is an American board.) Do they believe that they weren't susceptible to the lies about the Iran-Contra Affair, Watergate, McCarthyism, surveillence by the government, MK Ultra, etc., either?

>...especially if they don't match with what is said in mainstream media.

See: the Leave Bus in the Brexit Referendum.

Clearly, billions of pounds are not going to the NHS, now, correct? Just because you see it and it's spread across social media, it doesn't mean it is implicitly true. All of your points were met for this example; yet, it was resultantly found to be a total fabrication. How would they account for that? Instead, will your argument now amended to be "some of it doesn't match it with social media"...?

I don't think the mechanism matters fundamentally here. I do think it is wise to consider all political speech fraudulent by default, whether it happens on public spaces or on the internet. They're all selling anyway, and if someone approaches you to sell something you know they have more to gain than you do.

Then, we have this internet which is somewhat good at targetting content based on your online activities. This internet is used by virtually everyone to do targetted advertising and promoting of products, ideas, and younameit. I find it weird this would not be OK when it comes to politicians and political parties. They're out selling as much as the next guy, and the way to do targetted advertising is online.

It is another discussion whether online tracking is good or bad, how much of that happens with or without a consent, implicitly or explicitly, but because online tracking is prevalent it would be foolish to assume that nothing you do online will be tracked. Any advertisement, political or otherwise, must be assumed to be targetted at you before interpreting its meaning.

I don't find a single thing that would make a targetted political advertisement inherently worse than any other targetted non-political advertisement or any non-targetted political advertisement.

People seldom understand how changes in quantity/ease/volume translate to quantitative changes...

Politicians giving "different speeches to different audiences" (something that happens since time immemorial) and the technologically amplified ability for all the social and traditional online media one consumes to give them 24/7 targeted echo-bubble ads, news, and recommendations based on what audience group they belong to, is like the difference between eating a whole cake and filling a little stuffed, and gorging for a month on sweets upon sweets and dying from a heart attack...

There's good reason many nations have laws severely restricting political advertising including spending limits and extra restrictions near voting time, or banning custom pricing and other forms of discrimination. Saying whatever bullshit it takes to get the vote/sale must continue to come with serious consequences or we're right back where we were in the 17th and 18th centuries.

And yes, the regulatory systems do seem to be failing to cope with the new way of things.

Wait, what? If the electorate had a vote, who are “the Swiss” who overturned it?

"the supreme court has now voided the result on the grounds that voters were not given full information, and the vote must be re-run."

If only British referendums were similarly protected...

https://www.bbc.co.uk/news/world-europe-47879777

"The elites decided that the expressed will of the people can be ignored, because they were not exposed to enough propaganda beforehand to convince them to select the choice that the elite wanted. We'll just keep holding new referendums and pumping out propaganda until they make the correct choice, i.e. the choice that the elite want."

Not perfect, but not a bad sanction against achieving a result via disinformation or outrageous advertising claims.

How would you convince someone of that?

The issue is not seeing something someone else may not - that's but a symptom that allows the burying of much illegal and discriminatory activity. There's been plenty of examples of both in recent years - Cambridge Analytica is just one.

WW2 was a result of a far right government and its rapid rise to power, mainly as a result of propaganda and misinformation. So...

It wouldn't have happened either, way, all of Turkey would have gone to Germany.

> political advertising can be tuned to your personal hot button issues

But it was always already the case with newspapers and TV news, you wouldn't target the same population with Fox news vs CNN or the Sun vs the Guardian. And people wouldn't have seen ads for the "other side" since they wouldn't have opened the other newspaper or switched to the other channel

Probably true - the whole Cambridge campaign seemed to be built on outright lies.

> with newspapers and TV

That was always highly visible - so errors or breach of process was instantly caught. Nor could it break down beyond Sun readers or Fox viewers - which covers an awful lot of ground ranging from centre ground moderates to extremists on the fringes. You end up catching a fraction.

Now you can pick off just those thought susceptible, or false promises to those wanting and those not wanting $thing. Which starts to make a mockery of countries with funding or campaign restrictions.

It was always a fine game trying to promise all things to all voters, but remained within the bounds of legality and common sense. Now we seem firmly outside and we need a thorough refresh of oversight. Or I suppose we could believe Cambridge was a one-off.

Illegal drug shipments for older people are mainly offshore pharmacies. And that's not heavily penalized, with confiscation and warning letters being the norm. Otherwise it's recreational drugs. And apparently that's also rarely prosecuted, except for dealers.

It also seems that copyright violations aren't being heavily prosecuted. I guess that the MPAA figured out that bad PR was worse than people pirating.

More generally, there's the issue of being gamed by well informed sellers. Basically paying more for stuff that they know we really want. And getting tricked into buying stuff that we don't really need. Also, electing candidates that we don't really want ;)

The world has a terrible habit of not counting bad things that should have happened but didn't, even in cases where we know with a fair degree of confidence that it should have gone worse.

Prime examples:

Y2K is often remembered as "Ha! Can you believe they ever thought that was going to be a real problem!"

It was predicted the Kuwait oil fires would burn for years and be a global environmental catastrophe. They were put out in six months.

We didn't celebrate this amazing success on par with the hand wringing we had done about the expected outcome. No one danced in the streets at this glorious news that we averted disaster globally. Instead, it was a minor footnote in stories with more drama.

[1] https://ndg.asc.upenn.edu/wp-content/uploads/2018/06/Centola...

Incomprehensibility and powerlessness are overwhelming emotions. They flood the nervous system, so people shut them out in order to be able to continue to function on a daily basis. It’s the same reason why people continue to ignore climate change.

It’s not a rational problem, or a probabilistic one. It’s a problem of emotion. It’s a trauma problem.

(This is also similar to why we don't worry about an asteroid striking the earth, a pandemic wiping out humanity, or nuclear war. There is little that we personally can do, so why spend mental energy?)

I don't know if his insights have since been confirmed.

Laymen Argument 1:

Mark Zuckerburg who has majority control of the largest source of private data in the world bought the two plots of land next to him for privacy reasons.

Laymen Argument 2:

Forward me all of your emails if privacy isn't an issue. crickets

The average person doesn't care about these because it doesn't affect them right now, but it's a "boil the frog" situation...you won't know you're getting boiled to death until it's too late.

President of USA, travels with a ~100 men security cover all the time, does not mean USA is unsafe to move around and you should stay in home with a gun in hand.

It doesn’t??? Most other OECD presidents/PMs/HoS don’t bother.

I don’t have any data to back it up but I could see them being no. 1 assassination target globally.

OTOH few years back I was walking and passing near former president of my small European country. Since he is rather charismatic I asked if I can shake his hand and get a photo. He agreed and we did so, however I learned few minutes later from a friend lagging behind, that couple random bystanders twitched and totally focused on our interaction. Obviously personal security. So it’s not like security isn’t there, we might just not see it.

In this time period, three American presidents were assassinated. The UK lost one MP, who was not the PM, and apparently the killers only targeted him because he happened to be walking with their main target at the time. None of the UK royals were assassinated in that period.

https://en.wikipedia.org/wiki/Groupe_de_s%C3%A9curit%C3%A9_d...

Fun story: at the time of its creation, in 1983, under president Mitterand, one (unofficial) mission was the protection of the illegitimate daughter of the president.

What do I get in return? Privacy is a trade off, and that's how it's sold. "We need more CCTV cameras to stop crime". Do you want more crime or more privacy? Depends on how bad the crime is, I guess. "We need to record your likes to show you more stuff you like". Is FB worth it? It is to many, apparently.

It's highly interesting that nobody would even dream of saying something like "apparently, most people on Earth think transsexuals are evil", or "do global warming and the increasing extinctions of species matter? not according to most, apparently". Why do people in "tech" outsource their judgement on this topic to people who aren't even in the room, a mythical "average person", every single time the issue comes up?

What was the breaking point for, say, to start fighting for and making headway when it came to sexual self-determination? Once more than half of the people on the planet were for it? Or did Rosa Parks decide "now is the time, most people in the US support the end of segregation, now that it's only a formality, I won't change seats?". No, that's not how it works. You figure out what you consider to be right, and then you fight for it. You don't know the outcome, you know what you know to be right, or wrong. You get sick of something, and then you refuse to participate in it, because you'd rather die. And historically, it sometimes takes a small amount of dedicated people to change things for the better.

I haven't seen a person who is really strong-willed about not caring about their own privacy. It's not like most people who "don't care about privacy" are fighting against it, they're sleepwalking. They'll just as happily sleepwalk into another direction, so that they don't care can't be an excuse, ever. Right now, it's easier, and less socially painful, to not care about privacy. That can be changed.

If people don't have experience with totalitarianism, and don't learn about it, and don't smell it in the wind today, then of course they will balk at any inconvenience to prevent it. But if it happens again on sufficient scale, it'll be a point of no return. There will be no more humanity; Earth will be an eternal torture chamber at worst, just empty of human agency at best, at any rate a boot stamping on a human face, forever. You would just need a way to give someone a really lucid dream, getting tortured for a few weeks in a dictatorship. Upon waking up, they will realize they need a few tools, privacy and human rights that apply to all being among them. People who don't have the empathy and imagination to have completed such thought experiments in their youth don't have any blessing to give, so I wouldn't even worry about ways to retrieve it from them.

The same reason they use the "average person" as a straw man in arguments about OS usability and whatnot: deep down they believe that they are better than other people because they know tech stuff. People can sense this too, it's one of the reasons tech people, as a group, aren't well liked.

I'm not outsourcing my judgement, I don't use Facebook. But many people do, so they seem to view it as a net benefit, unless Facebook has literally started to strap people to their chairs and force them onto the app. You can argue that they are wrong and shouldn't value "connecting with friends and seeing memes" over privacy, but that's a different discussion.

You're conflating rights issues with a choice. You can choose to use Facebook just as you can choose to drink coffee, eat lots of sugar or live a sedentary life style. Sure, let's talk about free will, but that's completely unlike sexual self-determination, slavery, segregation etc.

> You figure out what you consider to be right, and then you fight for it.

No, I don't. I figure it's right to not drink alcohol, but I don't fight so that nobody may drink alcohol. I just don't drink it, but it's fine if you do. Be their free will or not, I'm not forcing anybody to live by my standards.

The point that the people who argue against privacy are liars which will abuse fears to try to get people on their side was missing so far. Thanks for adding it.

> "We need to record your likes to show you more stuff you like"

Okay. You can only use it for that.

Do you honestly believe that CCTV is completely useless wrt crime prevention and detection?

Counter 2: I don't trust you doesn't mean I trust no one. I wouldn't give you 20k to watch either, but I would give that much to a bank without a second thought.

2. If all of people’s emails we’re getting forwarded to random other people they encounter on online forums like HN, then people would be upset.

The point is that people don’t get terribly upset at extremely small risks of minor negative consequences from privacy issues.

These counterarguments are pretty weak, and are essentially:

Oh, so you don’t worry about getting struck by lightning? Then why don’t you go out in a field holding a lightning rod during a lightning storm? crickets

No, they don't get terribly upset because they don't (1) understand the potential consequences well enough and (2) it doesn't affect them until it does. We have a very clear mental model of what happens if we get struck by lightning (I go to the hospital and my skin gets charred) but we don't for data privacy.

But somehow there seems to be a cognitive dissonance, where people are more than happy to share absolutely everything to anyone, just because it's happening in comfort and privacy of their home, while typing into a device they own.

If they don't know when their data is used against them, or how, or by who it doesn't change the fact that they are worse off for it, but they don't have the ability to connect the dots and see the problem.

I'm not sure 5 year olds share the same fears as adults so think of it more as an explain like I'm 15.

Do you think someone's who's been sexually assaulted and tried to search for resources online would like their coworkers to find out about it? Do you think someone with HIV, or depression, wants everyone in the world to know? What if someone is in an abusive relationship and they reach out for help online and their abuser finds out before they can safely get out? What if you have some teenager who's homosexual or atheist in a conservative religious community and people find out through their search history - they could be killed, or cut off from their family.

I could go on and on. At some point in their life almost everyone is going to run into something that they need to educate themselves about and that they don't want the whole world to know about. What's your suggestion, that they go to a library and try to check out a book about it?

Conversely, I know people who grew up hiding that they were bi, in one case because they grew up in the Middle East. That fear is much more comprehensible, as it could’ve literally killed them.

If I like midget porn, or have a foot fetish, why exactly should I have to suppress that? It's not illegal, and it's not immoral, but I'd still prefer my coworkers not be aware of the specifics of how and why I get my rocks off.

Now, it's illegal to ask that in an inteview, but the boss might buy that data, and your wife will never get a job.

Let's say you are a supporter of a political movement that is not mainstream, all of that data can be used to exclude you from society one small step at a time.

Not only do such services exist, they are already selling the data and for exactly the purpose you describe iirc:

https://news.ycombinator.com/item?id=18988289

Oh come on. If "the boss" is interviewing a married woman of a certain age he/she already knows there's a good chance of children on the horizon.

I hope the answer is still yes, but once the answer becomes no then everyone cares.

That’s my attempt to explain.

I think if anything current tech would make civil rights movements easier. My example is last years revolution in Armenia. Police knew all of the initial group of protesters, and tapped all their phonecalls, but by decentralizing, by using low risk forms of protests (e.g. honking, blocking the streets by going back and forth on the crossing), by using constant live streams from everywhere, protesters managed to gain and demonstrate support of enough people that the old government had to give up.

That awful ex-partner knows where you work, when & where you're out with friends. They can show up.

The Eternal Value of Privacy

https://www.wired.com/2006/05/the-eternal-value-of-privacy/

You're going to pay more than me every time you buy something because your profile indicates you aren't as price sensitive.

That's just commercial surveillance though.

Fiduciary duty is the only thing that comes close to what you might be describing, and well, my bank isn't my financial advisor, and they aren't investing my money for me. As far as I'm aware, they don't actually have a fiduciary duty toward me.

Do you keep your money under a mattress too?

I have ~$30K in gold and silver, in plastic boxes hidden under my bed. But you'd need to remove floorboards to access it. I bought for cash at swap meets, years ago.

Nothing, hence my confusion.

> No, my argument is that security is theatrical.

Claiming this in a general sense is a strong claim. Are you suggesting that end to end encryption is theatrical? Or by sidechannels do you mean that anyone can come along and beat you with a hose until you reveal your password? You're being very coy, speaking only in vagueties, and that makes it difficult to not overinterpret what you're saying.

In fact you seem self-contradictory, saying that security is theatrical yet appearing to claim a bank is safer than a mattress. Which is it?

But since you ask. A fireproof safe is significantly more prudent than an ordinary mattress. And if I had such a thing, I wouldn't be bragging on the internet about where I keep it. Happy?

> Your trove of personal data has monetary value. With a few pieces of info, your identity can be stolen. If a company gets hacked or an employee siphons data, it's sold and used, with you facing severe consequences and maybe them too.

is exactly the same as

> Your trove of actual money has monetary value. With a few tricks, your money can be stolen. If a bank gets robbed or an employee embezzles, it's stolen and disappears, with you facing severe consequences and maybe them too.

Yet we don't appear to have any issues with putting our money in banks.

> You're concerned with literal cash money, I'm concerned about personal data.

No, I'm concerned with things of equivalent value. If I have $1,000,000 in cash, I'm happy to entrust it to a bank. I doubt my personal information is worth that much, yet you appear to suggest that I shouldn't feel comfortable giving a group something much less valuable. In other words, your ELI5 about privacy risks isn't compelling, except to you, who is already concerned about privacy. But you're not the intended audience. The person who isn't concerned about privacy is, and you still haven't done anything to convince them, because banks.

Here's one argument against what I've said, as an example: information is not like money. Its very difficult, and often impossible, to "take it back". So we should bias away from doing so.

Excuse me, but your approach to this conversation has been rather uncharitable. The assumption, that you omitted from earlier replies, is

>> Your trove of personal data has monetary value...

> is exactly the same as

>> Your trove of actual money has monetary value...

Which is factually incorrect, which is why I was unable to read your mind in this particular regard. Rather than present your concerns with an omission in my answer in a clear and constructive manner, you challenged me to defend a position that I have zero interest in taking. The latter half of your response here is clearer, so thank you for taking the time to explain your concerns.

> The person who isn't concerned about privacy is, and you still haven't done anything to convince them, because banks.

That's the conclusion you've jumped to. Next time, this could be rephrased without the implication that I'm an idiot for not jumping to the same conclusion. A more generous approach to this conversation could look like, "Can you explain how data stored by an online company differs from money held by a bank? I don't think your argument is adequately differentiates the two."

As you note, "information is not like money." What I presented was a process by which the monetary value of information can induce people to steal it. As you note, money is fungible, and data is extremely personal -- so these assets are not exactly the same.

With regards to banks. A bank robber does not have the power to empty your account -- only the bank's cash on hand. This isn't the wild west, banks are insured, and cash on hand is an insignificant fraction of a bank's holdings. If an employee embezzles, there is a remote chance that your personal account will be targeted. However, banks are regulated and these actions will be traceable and correctable -- you might be broke for a few months, but you'll almost certainly get your money back. As we have both mentioned, banks are not without risk -- but there is significant infrastructure in place to mitigate that risk. For instance: if you have $1m in cash, you might want to proceed with extra diligence when entrusting it to a bank -- FDIC only insures deposits up to $250k.

As you note, there's no take-backs when your data is stolen or scummed. There's a possibility that your livelihood will be ruined, and that loss can actually exceed $1m. Your identity is not insured in the same manner as bank deposits.

Companies which peddle personal data have almost zero regulation -- the actions of employees and hackers may be traceable in some cases, so they might face punishment. But that punishment will not remediate the damages you'll face -- and if they are caught, you can try to sue them, but you likely won't receive even a fraction of the damages.

> Ok, now explain why I should trust a bank with my money, but not $any-internet-company with my personal info.

Instead of a good faith response, like, for example "money and personal information differ, here's why", you said

> Trust is an emotion, I won't rationalize it for you. You can distract yourself and others with math and rules and sturdy construction, but there's always sidechannels.

Which is mostly meaningless to me, and I'm quite confident completely meaningless to someone who isn't familiar with security.

The data leak of HIV patients' identities which happened in the UK a couple of years ago. Think you'd struggle to find anyone who thought "Oh, that's not a problem - noone really needs privacy". I think most people also understand that there should be general enough rules to cover all situations like that.

The challenge in my view isn't explaining why privacy is good and needed. It's convincing them that their privacy is actually at risk.

“That would never happen here!” is the thinking.

It’s not easy to see that you’re paying more online, or being offered different ads and products because of all the personal data collected about you.

They don't want their neighbours to see inside their house, they don't want all their friends know what some of their friends know about them, and they might not want their spouses to know what sort of porn they watch. Simple enough. They also understand they don't want to live in a DDR era surveillance by a central government, one that is obviously a bad and violent actor.

But tracking of data on the internet and refining personal information to build a profile, an identity is sort of impersonal. It's not local or pathological. There is no such context for privacy (or the lack of it).

The person doesn't have a relationship towards these unknown surveying and tracking parties and, conversely, they really don't know these people in the social sense. People might realise that their social media posts, shopping habits, and browsing habits might be collected under a profile somewhere but for the most part that's just a bunch of data somewhere: there's no evidence that this profile would change the behaviour of other people who are relevant in the person's life.

Being a programmer, I have to admit I don't know myself how bad things could turn, for instance, in my own case. For the most part, even I don't see any immediate threats with Google or Facebook having some bits of my personal life stored online or Amazon having a good history of what sort of things I've so far needed. What keeps me from being liberal in sharing stuff is merely my nerd instinct: I just know I don't want to expose too much surface to the outside unnecessarily. Hence incognito windows, Firefox containers, ad blockers, uBlock, and other stuff. But fifteen years of Google and ten years of Facebook have not really had any unwanted influence in my real (i.e. physical) life. I also grew up in an internet where pseudonyms were the norm so it's always an exception to give a service my real name.

Data breach and identity theft? The risk is fairly low and the latter happens even without breaches into online personal data.

Custom pricing? I hunt for prices in private windows so that I'm less likely to trigger an interest for an item, and potentially higher prices, in the browser that has links to my personal profile.

Sensitive information? I don't think my blood test results or list of surgical operations would stand out much: surely I have things in that area I don't want all my friends or relatives to know but worrying about that would have to mean the information I have stored on Google and some medical providers' profiles would have to become publicly accessible and my friends or relatives would have to know to look for them and then identify my records to find out. That's a long bridge to be built, I don't think it's a particularly realistic worry.

Do I have something to hide? As much as I hate that argument and while there surely are things I don't advertise and my friends don't know about they could just ask and I'd probably tell them. If a stranger sat next to me and told me something about my life I thought only I knew is both unexpected and a bit hypothetical. The privacy would now have become local and I'd probably be more interested in the social context, i.e. what would the stranger want to approach me like that and what would be the price. On the other hand, if all he has is information then all he can do is reveal it. I don't think any of that information would be detrimental. Uncomfortable, maybe, but not the end of the world. And I'll be dead anyway in fifty years.

Connectivity surveillance? I'm not particularly worried that my ISP or government will see who I've called. They aren't interested in me personally. My frieds might be but the chance of them getting access to that information is slim. Again I don't like the idea of logging connectivity but I personally don't see the downsides either.

Most of the stuff online is also quite transient. The value of me buying a particular tool ten years ago is only so much. I'll block ads anyway.

I am perhaps an average person in that sense. I know there's a strong sense of "not right" in collecting so much information, and as a programmer I know how data can be massaged into information but I can't see credible enough threats on a personal level in that area to change much of even my own behaviour.

I'm not surprised that average people aren't all freaked out about tracking and online privacy issues.

The right answer is not "this dataset shouldn't exist" - it's "what benefits does this data give us, and do those benefits outweigh the risk of abuse?".

Come 1940 the Nazis had a beautiful "leaked database" to use as a reference.

Today they'd use 23andme, and only your relatives have to sign up for them to get you.

This is easily obtainable information for any regulatory type oversight government level agency(DEA/ICE in the US) if the appropriate presidential order goes through

Doesn’t seem like “Nazis used it, therefore it’s bad” is a valid argument. I agree that the government having a list of personal preferences for no reason is bad, but census data is useful for other reasons, and not having it isn’t going to stop other committed groups of people from doing bad things.