[axx]

That's the thing with personal pictures online. Most people can't imagine what is going to happen in the future. People on Hacker News well understand this issue, but ask your non-computer friends and family.

If you'd tell them, that you can take a picture of a random person and search that picture out of a pool of people and get their contact info (as a private company / random programmer with enough data), they won't believe you or tell you that something like this is only possible in movies.

Even today it's no problem to analyze the Facebook picture of some random person and calculate a chance of that person being an alcoholic in X years based on the number of party pictures they share.

Before sharing personal information online, people should not ask themselves what could be done with that data now, but what is possible with that data in the future.

If Facebook is going out of business (just as a thought), their data has a lot of value. Don't think that they will delete everything. It will go to the highest bidder!

[kardos]

That's a really hard battle to fight, even for those of us who understand the full implications. The entire population is not going to drop facebook overnight, it does deliver some sort of value to them despite it's heavy privacy price.

I'm beginning to believe that the answer is to simply devalue all that information. We can do it in some contexts on the technical side, for example, rotating passwords devalues stolen credentials, virtual credit cards, random MAC for wireless scanning, etc.

So how far can we push this? If you got into my email, but 90% of the messages there were generated by AI and 10% are legit, can you accurately profile me?

To get a little more on topic, how close do you think we are to 3D printers that can print a mask of your face? Once that happens, will the value of these "face recognisers" drop off a bit?

[btown]

For your point about face recognition, this art project may be of interest to you: https://cvdazzle.com/

A very interesting idea that email privacy might realistically turn into a steganography problem - how do you make it so the real content is indistinguishable from fake content, and given that this is imperfect, make it so that all but the most sophisticated attackers wouldn't be able to tell that a hidden message even exists?

[kardos]

That sounds a lot like security by obscurity, one blog post later and the world can distinguish the two.

Cvdazzle is unlikey to be the answer, it's just today's CAPTCHA to slow down face recognition, tomorrow's recognition will cut through that

We need a more radical solution to devalue our private information. Consider by analogy cell phones: IMEI blacklists (in theory) fundamentally devalue stealing phones. What can we do that fundamentally makes assembling troves of personal information useless? Poisoning it with plausible garbage might be part of the answer. Also the answer /might/ be regulatory. HIPAA has teeth, we could add something else with teeth. Or perhaps an insurance-driven approach: if holding personal information was a big liability in the event of a leak, it would be prudent to keep as little as possible.

[pavel_lishin]

> if holding personal information was a big liability in the event of a leak, it would be prudent to keep as little as possible.

But this kills the social network, and the cloud photo app, and a lot of other businesses.

edit: nevermind, I think I misunderstood the suggestion. kardos's reply makes a lot of sense.

[kardos]

Not at all. People can opt-in and send their own photos, holding that data would be kosher. Holding photos of those who did not opt in, or those who explicitly opted out, would be where the liability comes in.

If we can penalize people for possessing some kinds of data (pirated software, movies, etc) in the name of defending someone else's copyright, or for not decrypting things, it can also be done in defence of personal privacy.

[tomc1985]

Good!

Or perhaps it would result in only the companies that need that data actually holding it, and doing so with care. I would love to see a big nasty liability poison pill attached to PII

[axx]

I have hope that this will change. Because more and more people live a fake life on social media.

Some people go crazy and share everything, but more and more people share less[^1] and if they share something, it's only something that holds together their "clean image".

1: http://www.theverge.com/2016/4/7/11387604/facebook-personal-...

[kardos]

Sure, that's a good sign, but it's still undone by someone else who posts a photo or recording of you. If I recall correctly, facebook used to (maybe still does) solicit users to "report" anybody who is not using their real name on the site. When will facebook start soliciting/rewarding users for uploading photos of others? How much does that guy in your class value your personal privacy?

[bduerst]

I think is more phobia about technology than an actual problem.

I get that this is a radical view on HN, but when topics like this come up, it's always slippery slopes and fantastic nightmare scenarios (like 3D printing your face). I feel like we're in the 1980's debating over how to handle traffic laws for our flying cars in 2010 just because someone built one.

[kardos]

> it's always slippery slopes and fantastic nightmare scenarios

It already is a nightmare scenario for some [1]. How bad should we let things get before we try to fix them?

[1] https://news.ycombinator.com/item?id=11721600

[bduerst]

That HN comment you linked to is _still_ just a nightmare scenario.

If you read the article, you would see that they are lying about what happened. Even your question, based on incorrect information, is implying a slippery slope.

[DougN7]

Once the nightmare scenario arrives though, it's usually too late to do anything about it. Look how impossibly hard it is to stop the NSA from gathering all of the network traffic. I wouldn't doubt for a second that Kim Jung would use this against protesters (if North Koreans had social networking). Just this morning I heard on NPR about a group working on genetic modifications to make half-human, half-animal beings, apparently for organ harvest reasons. However you feel about that, nipping things in the bud is so much easier than trying to reverse history.

[bduerst]

Right, same with every other "sky is falling" argument.

The PRISM dark fiber exploit has since been blocked by most tech companies, and honestly, you're more likely to be negatively affected by slipping in your shower or a car accident. Doesn't mean don't be aware, it just means you don't need to wear a tinfoil hat. Or worry about hypothetical nightmare scenarios.

[parhurst]

What makes you think they are lying? Our view on the downsides of technology might be biased because we are (often, unless you're a moderator or a victim) sheltered from them[1]. [1] http://www.theverge.com/2016/4/13/11387934/internet-moderato... Edit: grammar

[bduerst]

They lied about persecution of gays and sex workers. The article was about a small group created to raise awareness about face recognition by trying to identify porn actresses, before closing entirely. Hardly a nightmare made real.

I'm also not sure how YouTube mods from 10+ years ago are relevant in a discussion about tech advancement. If anything, the automation of child porn detection since is proof that technology keeps up and prevents nightmare scenarios.

Also, why create the new account to question?

[dclowd9901]

You don't need to drop Facebook -- just turn privacy settings so that your face can't be identified publicly or beyond 1 degree of connection. People should know how to do at least that.

[germanier]

That doesn't really help if Facebook is in it - and let's be honest, what stops them from mining the photos set to "private"?

[nitrogen]

Your main profile picture is always public, as is your cover photo, so you will have to use a picture that doesn't identify you, which may be confusing to your friends.

[imgabe]

> Even today it's no problem to analyze the Facebook picture of some random person and calculate a chance of that person being an alcoholic in X years based on the number of party pictures they share.

The problem is not that this calculation exists, but that people so easily misinterpret it. It doesn't mean "Person with these photos has a 65% chance of being an alcoholic in 5 years", what it REALLY means is "65% of the people with these photos became an alcoholic in 5 years".

That is a HUGE difference. For the remaining 35% there is perhaps some additional factor not included in the existence of the photos that guarantees there is a 0% chance of them ever becoming an alcoholic. When you try to apply general statistics about a large population to a single individual, it's not as simple as just saying "65% of the time this person will become an alcoholic". That's ridiculous anyway, because the person will only live one life, one time.

[logicchains]

The calculation is useful from a marketing perspective. If I decide to advertise alcoholism treatments to these people in five years' time, I'll have a lot more success then if I'd just picked people at random to advertise to.

[phaemon]

..and in the meantime, you can advertise alcohol to these people. It's a win-win! </evil>

[sbov]

This distinction seems relevant only if you target one person, which seems pretty rare. In reality you're going to use this metric on a pool of people, in which case 65% of them would become an alcoholic in 5 years.

[imgabe]

It becomes a problem when it's used for profiling, such as "Don't hire that person, there's a 65% chance they'll be an alcoholic" or "send a drone to kill that person, there's an 80% chance they're a terrorist"

[sbov]

I agree that it's a problem, but your distinction still seems generally pointless. If you have a company policy to not hire alcoholics and you reject 1,000 people based upon this metric then 65% would have been an alcoholic.

[imgabe]

It is a problem for the 350 non-alcoholics who are unable to get a job because the hiring manager doesn't understand statistics.

[weavie]

The thing is, under a certain age everyone is doing it. When this current teenage generation grows up and gets into leadership positions - especially politics, they are all going to have their entire upbringing exposed for the whole nation to see.

The few that haven't will be viewed with cynicism and will most likely not be accepted by the population.

The population will be voting for their leaders based on how they were brought up.

It is going to be quite an interesting social phenomenon to witness.

[pavel_lishin]

> When this current teenage generation grows up and gets into leadership positions - especially politics, they are all going to have their entire upbringing exposed for the whole nation to see.

But that whole generation will be in the same situation. Everyone will have had to deal with it; embarassing/compromising college-era party photos will just be a thing that nearly everyone has dealt with.

Decades ago, having had an abortion or a child out of wedlock was a mortal social sin. Today, it doesn't matter.

[redmaverick]

That's a good point. But the only generation that's going to be affected is the facebook generation.The current teenage gen will just stick to whatsapp/kik conversations or snapchat and won't advertise themselves like fb gen did.

[germanier]

In that case analyze the photos sent on snapchat or whatever network is cool today. The problem is not only photos posted publicly (though it's most visible there).

[seren]

In a way it is already here, with questions if US presidents have smoked/inhaled pot, if they were drafted or not in Vietnam.

I don't believe that it has a huge impact on voters.

[user_0001]

Didn't seem to effect George W too much

[aquadrop]

What I'm more afraid of, is that if you say that to regular people, they'll answer "So, what?" and keep not thinking of any their online actions.

[digi_owl]

For me the trick seems to be to get people to treat the net as if it was downtown during high noon.

Just because you are sitting there typing in your undies do not mean that what you post has the same privacy.

Also the worrying bit is not so much the data, as the actions taken on their basis.

Denying someone a job because they have a few photos of them enjoying a colorful drink is just the tip of the iceberg.

What about the day a kill shot is approved because the computer says the face is above a certain likelihood of being some big bad terrorist? At 70% there is still a 1 in 4 chance of being wrong.

[adrianN]

Who needs face recognition? Metadata is enough to kill

http://www.nybooks.com/daily/2014/05/10/we-kill-people-based...

[qaq]

Do you really want to work for a place like that?

[dangrossman]

Employers routinely subject applicants to personality tests, IQ tests, fitness tests for jobs that have nothing to do with manual labor (essentially age/gender discrimination), background checks, credit checks even when the job doesn't involve handling money, and yes, looking them up on social media. Do people really want to work for these places? Yes, because they need to pay their rent, and don't have the nestegg of a well-paid Silicon Valley software developer, or recruiters chasing them to offer them work.

[qaq]

This holds true for 3d world countries in US for 90% of people the only reason to be in this position is one's own choices.

[nitrogen]

The sense of free will is an illusion of physics and consciousness; choices are made by quasi-deterministic electrochemical processes before our conscious minds are ever aware of them.

[qaq]

if we view things at this depth then this whole discussion is pointless :)

[nihonde]

Two approaches to stave off the inevitable come to mind:

1. Do whatever it takes to be "behind the curtain" and one of the people who is in a position to do the exploiting, rather than being exploited. (It's up to you what you do with that power.)

2. The opposite of signal is noise. The same hackers who build these Big Brother tools will inevitably build the tools that flood Big Brother with noise. Disinformation campaigns will always be capable of re-training the surveillance machine.

[mohlerm]

So true. And even if you're careful with your own data...some other person might not and upload and tag photos with your name.

[fixermark]

It honestly may be more productive to operate under the mindset of "My private information that is acquirable by a cursory examination of me (this includes face, which is obviously publicly visible) will inevitably find its way online in a way outside my control. What do I do given this reality?"

[miander2]

Exactly. We cannot have any expectation of privacy in public and likewise, we cannot have any expectation of privacy in online social media.

[germanier]

There is a fine line between "somebody who knows me (even if not personally) can recognize me on the street" and "everybody can know everything I do out in public or online"

[randomgyatwork]

To the best of my knowledge, I've removed all the pictures associated with my name from the internet... with the exception of LinkedIn.

[qaq]

Cool none will ever mine LinkedIn for personal data

[nxzero]

Easy to exploit this today too and not that uncommon either.

[ape4]

I use fake photo as a profile photo in facebook.

[aub3bhat]

This is an unbelievably ridiculous argument, the government has data on almost entire population thanks to all sort of identification cards and other innumerable sources of data. Why should corporations and other people be denied the same access & privilege.

You are spreading pure FUD, out of ignorance and misplaced sense of paternalism. The reality is that most people correctly understand the trade-off between privacy and utility. That's why they share information on social networks. They are not paranoid running around fearing government conspiracy theories. They just want to enjoy their short lives.

[axx]

So what you're saying is, just because our governments collect everything, everybody else should be allowed to do it too, or stop worrying?

The fight for privacy is not for us, it's for generations to come.

[aub3bhat]

>> So what you're saying is, just because our governments collect everything, everybody else should be allowed to do it too, or stop worrying?

Yes, Strong corporations and public rights, are necessary to ensure, that government does not becomes too powerful. And there is at least some balance of power.

>> The fight for privacy is not for us, it's for generations to come.

Please define "us"?

"us" or "people" or "generations" are rhetorical devices, with little basis in reality. The romantic notion of "people" quickly disappears when those people either organize into corporations or political parties. At certain level Corporations & Governments are people, or aggregate expression of will of the people. The economies of scale necessitates strong corporations which can protect "people" from government and vice versa.

[jmcmichael]

> Yes, Strong corporations and public rights, are necessary to ensure, that government does not becomes too powerful. And there is at least some balance of power.

Are you suggesting here that corporations are a meaningful brake on state power?

Given that corporations are a legal fiction only made possible by the state institutions of law, currency, markets, international treaties, trade, and war, I don't see how this assertion can be supported; the origin, future, incentives, and fortunes of states and corporations have always been inextricably linked.

'Anarcho-capitalist' and libertarians solutions for non-state corporations have always appeared to me to be shallow hand-waving (speaking as a former anarcho-capitalist and hand-waver myself).

[dragonwriter]

> Strong corporations and public rights, are necessary to ensure, that government does not becomes too powerful

Corporations are an exercise of government power; their strength isn't a safeguard against government power, it is government power.

So the real message here seems to be that exercises of government power that disproportionately favor a certain narrow elite are seen as necessary to prevent government exercising power in ways that benefit other groups.

[axx]

By that i mean, that our decisions today, will effect everything that follows.

If we educate people that privacy is a privilege, they might not do things (sharing personal information) in the future, that they would otherwise do.

And i'm not talking about world-changing stuff here, it's the little things, like sharing very personal information on social media, like my party picture example from above.

The problem is, most people don't understand the implecations of their doing. And that's why we, who understand those issues, need to educate them.

Another thing is, social media is sold as this warm and cozy place where all your friends are. But in reality, you share your information with big corporations that want to make money (which is totally fine, they provide a service).

People just need to understand, that social media is not a private and social environemnt, it's a tool, provided by a company that has (in most ways) no interest in your personal privacy.

[blub]

As long as everyone has access to the data that's fair. What happens in practice though is that only a few actors with large resources do, thereby giving them even more power.

[allemagne]

>Why should corporations and other people be denied the same access & privilege.

Should we be offering that access and privilege to governments? Assuming that we should, your argument seems to be that it's "unfair" not to offer the same to businesses? Bizarre. Perhaps you can clarify.

>The reality is that most people correctly understand the trade-off between privacy and utility.

I would argue against that. However, even if "only" something like 20-30% of people don't understand the trade-off, that's a huge problem. Additionally, those who understand the trade-off that they are personally making in the present may not be giving thought to problems it will have for them personally in the future (the argument of the commenter you are responding to), or problems access to huge amounts of data causes in society right now or in the future.

[aub3bhat]

>> Should we be offering that access and privilege to governments?

They already have it.

>> your argument seems to be that it's "unfair" not to offer the same to businesses? Bizarre.

In Sorrell vs IMS Health (2011) Supreme Court ruled 6-3 in favor IMS Health, that Commercial Speech was protected under First Amendment. This case is particularly relevant since IMS Health counsel successfully argued that Government could use Prescription data to market cheap generics to physicians however Pharmaceutical companies were prohibited from using the same information. The judges decided that this was unfair and amounted to restriction of commercial speech.

And few days ago the US Supreme Court in 6-2 decision in Spokeo inc. vs Robins ruled that there has to be a concrete evidence of harm/injury before data brokers can be sued.

So regarding my reasoning being Bizarre I think not.

https://en.wikipedia.org/wiki/Sorrell_v._IMS_Health_Inc

http://www.scotusblog.com/case-files/cases/spokeo-inc-v-robi...

http://fortune.com/2016/05/16/supreme-court-spokeo-decision/

[allemagne]

Whether the government already has data is immaterial when the question is whether they "should" have it from a moral or philosophical standpoint, which is the context I'm assuming we're working within. The legality of their having it certainly has questionable constitutionality.

In Sorrell vs IMS Health, the issue does not seem to be whether government and private companies could use the same data to market pharmaceuticals, but whether pharmacies could sell prescription data without doctors' consent. "Fairness" to companies using the same data as government appears to have nothing to do with it. You missed a period at the end of your link, so I added it in mine below.

If we ignore that and assume your interpretation is correct, your conclusion that private individuals and organizations are privy to the exact same personal information that all government organizations may have is definitely not the conclusion that outcome would point towards and is still, indeed, a bizarre belief.

As to your final argument, who is talking about suing companies? If you're responding directly to something I said, the logic to connect it to your response is unclear at best.

https://en.wikipedia.org/wiki/Sorrell_v._IMS_Health_Inc.

[Houshalter]

This is an unbelievably ridiculous argument. Just because the government has something doesn't mean everyone can or should.

[aub3bhat]

You do realize the irony in your argument, considering its the Russian government which has probably the worst track record in recent times when it comes to a corrupt government abusing its power.

What you are essentially saying is that [1] this is bad but a government having a similar tool is fine.

[1] https://en.wikipedia.org/wiki/Human_flesh_search_engine

[Houshalter]

I never said the government having it is fine. But the fact that it does doesn't mean you shouldn't be concerned about corporations and private people having it. And I certainly did not mention the Russian government.

[kardos]

> Why should corporations and other people be denied the same access & privilege.

Why should I be denied the option to keep my personal information private from said corporations/people?

[EGreg]

I wrote a piece about this phenomenon two years ago:

http://magarshak.com/blog/?p=169