Hacker News new | ask | show | jobs
by btown 3690 days ago
For your point about face recognition, this art project may be of interest to you: https://cvdazzle.com/

A very interesting idea that email privacy might realistically turn into a steganography problem - how do you make it so the real content is indistinguishable from fake content, and given that this is imperfect, make it so that all but the most sophisticated attackers wouldn't be able to tell that a hidden message even exists?
1 comments
kardos 3690 days ago
That sounds a lot like security by obscurity, one blog post later and the world can distinguish the two.

Cvdazzle is unlikey to be the answer, it's just today's CAPTCHA to slow down face recognition, tomorrow's recognition will cut through that

We need a more radical solution to devalue our private information. Consider by analogy cell phones: IMEI blacklists (in theory) fundamentally devalue stealing phones. What can we do that fundamentally makes assembling troves of personal information useless? Poisoning it with plausible garbage might be part of the answer. Also the answer /might/ be regulatory. HIPAA has teeth, we could add something else with teeth. Or perhaps an insurance-driven approach: if holding personal information was a big liability in the event of a leak, it would be prudent to keep as little as possible.

link
pavel_lishin 3690 days ago
> if holding personal information was a big liability in the event of a leak, it would be prudent to keep as little as possible.

But this kills the social network, and the cloud photo app, and a lot of other businesses.

edit: nevermind, I think I misunderstood the suggestion. kardos's reply makes a lot of sense.

link
kardos 3690 days ago
Not at all. People can opt-in and send their own photos, holding that data would be kosher. Holding photos of those who did not opt in, or those who explicitly opted out, would be where the liability comes in.

If we can penalize people for possessing some kinds of data (pirated software, movies, etc) in the name of defending someone else's copyright, or for not decrypting things, it can also be done in defence of personal privacy.

link
tomc1985 3690 days ago
Good!

Or perhaps it would result in only the companies that need that data actually holding it, and doing so with care. I would love to see a big nasty liability poison pill attached to PII

link