[carrier_lost]

I appreciate Bruce Schneier's pragmatism and his acknowledgement that the problem is bigger than an individual can reasonably be expected to solve, if that individual wishes to participate in modern society. Too often, privacy concerns are met with, "Use Tails + Tor + a hosts file + a burner phone + a burner laptop, etc. etc." But Grandma isn't going to do that, and frankly neither am I. While an individual chooses to use online services, at a certain point societal and career expectations make it not really much of a choice at all. There must be a better way than placing all of the burden on the individual.

[kerkeslager]

One particularly horrifying example of this is dating. In Brooklyn where I live, dating has moved online so thoroughly that many women I've talked to simply refuse to consider men they meet in person as potential partners. It's definitely still possible to date the old fashioned way, but it's obviously more difficult. I don't date online, but I've been blessed with fairly good looks, a successful career, and decent social skills. I can definitely empathize with guys who feel they have to choose between giving up their privacy and giving up finding relationships. And that's a completely unreasonable choice.

The way we form relationships is one of the most personal parts of our lives.

[pavel_lishin]

> many women I've talked to simply refuse to consider men they meet in person as potential partners.

There's no way for me to phrase this question without it sounding very insulting, so I apologize in advance, but - is this something women have told you, or are you inferring this from being turned down by women you meet in real life?

[kerkeslager]

It's something women have told me. Women have good reasons; it's much safer to vet people online before you risk interaction in places that you go in your day-to-day. What I said should not be construed as a criticism of women's choices to date online. If anything, I think online dating is the way of the future; I just hope it moves toward decentralized models that give people more control of who they share their information with.

[pavel_lishin]

If I were in your place, I would ask them what prevents them from vetting someone online after meeting them offline. Is a Tinder profile any more likely to contain truth than my words?

[kerkeslager]

I'm not going to do that. If they're not interested in me I don't see any reason to persuade them. I would rather date people who are enthusiastic about dating me.

There's also an implicit assumption you're making that the women I've talked to about this are women I'm trying to date. That's not usually the case.

[pavel_lishin]

> There's also an implicit assumption you're making that the women I've talked to about this are women I'm trying to date. That's not usually the case.

Yeah, that was part of my potential insult.

I'm married with a kid, and most of my friends are paired up, so this topic rarely comes up for me. Thanks for letting me pick your brain.

[drraid0]

That's very hard to believe. Is this 100% anecdotal or are there studies?

[kerkeslager]

What part don't you believe?

[handsomechad]

How old are you / the women in the demographic you are talking about, if you do not mind me asking?

[kerkeslager]

If I'm not willing to give my personal information to Tinder, why would I post it on HN?

[Nelkins]

Your personal website with an "About" page is in your HN profile...

[kerkeslager]

My website contains a very limited picture of my life.

[heartbreak]

I'm guessing 30, male, NYC.

[anigbrowl]

Oh please, nobody is going to hunt you down based on what approximate stage of life you are at.

[notyourday]

If you are planning on sleeping with them I find it quite curious that you do not want them to know who you are.

[kerkeslager]

I have no problem with dates knowing who I am. I do have a problem with Tinder knowing who I am in the same detail as someone I might date, however.

[nkohari]

There's a difference between getting to know a prospective partner and loading your personal information into a computer system so it can automatically match you with potential partners (and also do who-knows-what-else).

[benbenolson]

Perhaps this is a good reason to have some sort of technocracy element to the federal government. I lean extremely far right, but in this case, this seems like one of the few things that the federal government should be doing-- breaking up stout monopolies that can't be competed with.

I'm unfamiliar with the decision, but why split up a company like Microsoft in 1999, but leave Facebook and Google alone?

[richardwhiuk]

It's not against the law to have a monopoly - it's against the law to exploit having a monopoly to enter another market.

Microsoft was seen to be exploiting it's consumer OS market share to gain a monopoly in the browser market and the productivity software market, AIUI.

[0xCMP]

And as Jim Clark, co-founder of Netscape, said in a recent interview on This Week In Startups the problem was Microsoft was not just bundling their browser (not a big deal), but pressuring OEMs that they'd be unable to sell Windows or lose access if they bundled Netscape too.

They used their monopoly position to force vendors to prevent Netscape from being bundled. Thats where they went too far.

Disclosure: IANAL

[jondubois]

It's such a strange arbitrary law though. At the root, it's about preventing companies from using their position of power to gain an unfair advantage in other markets.

But huge corporations like Google, Facebook and Amazon are using their scale and their positions to take over markets. They can easily take control of any market they want, for them it's just a matter of doing so in a way that doesn't upset regulators. Regulators are already the bottleneck for them.

[pmoriarty]

"It's not against the law to have a monopoly - it's against the law to exploit having a monopoly to enter another market."

What about the breakup of Ma Bell?

[richmarr]

> What about the breakup of Ma Bell?

"AT&T was, at the time, the sole provider of telephone service throughout most of the United States. Furthermore, most telephonic equipment in the United States was produced by its subsidiary, Western Electric. This vertical integration led AT&T to have almost total control over communication technology in the country, which led to the antitrust case, United States v. AT&T. The plaintiff in the court complaint asked the court to order AT&T to divest ownership of Western Electric"

i.e. AT&T used its network monopoly to maintain control over hardware manufacture.

https://en.wikipedia.org/wiki/Breakup_of_the_Bell_System

[dragonwriter]

The breakup was a settlement of an anti-trust lawsuit over them leveraging their handset hardware monopoly to subsidize network costs so as to protect their telephone service monopoly, IIRC.

[rlucas]

No, it can be against the law merely to have (and keep) a monopoly.

It is against the law to acquire, or to perpetuate, a monopoly by any combination or conspiracy in restraint of trade.

Although you're quite right that the move into the browser market was a big part of the case against Microsoft, there were other pieces to that case. There was a whole bunch of work around APIs/ABIs and in particular, denying other parties access to secret or privileged APIs in order to cripple potential challengers to the existing OS market (e.g. Java/Sun).

(Notwithstanding that the Microsoft strategic work around the browser stuff was a very correct reading that the browser was destined to become the de facto OS.)

Yes, it's complicated and there's a whole century+ of interesting jurisprudence. But it's not sufficient to just declare it's OK to have a monopoly -- you can be at risk of antitrust suits even just 1. having a de facto monopoly and 2. doing the "normal" smart business things to hang onto it.

For further reading, start with https://www.justice.gov/atr/us-v-microsoft-courts-findings-f...

[matthewmacleod]

I disagree with this argument – it can be illegal to participate in uncompetitive business practices while holding a monopoly position (even when those practices would be competitive in another market) but that does not make it illegal to have a monopoly position. The parent is right - having a monopoly position in a market is not illegal.

[DanielBMarkham]

This is a good point. And with all the big internet companies doing so much to "help" us by setting up complex AI filters to catch and filter hate speech, what they're effectively doing is shutting the door to competition. They're raising the bar to the point where there will be no new Facebook or Google. New companies won't be able to afford the CPU cycles or manual content reviewers.

[lowbloodsugar]

"I lean extremely far right, but in this case, this seems like one of the few things that the federal government should be doing-- breaking up stout monopolies that can't be competed with."

Doesn't sound like you are far right at all then. I'm wondering if we're actually a good judge of our own political leaning. I think that I'm libertarian (little 'l'), but Facebook ad policy thinks I'm far left. Maybe Facebook knows me better than I do.

[devrandomguy]

Sounds to me like the GP believes in minimally constrained competition, where monopolism is one of the many undesirable constraints on their way of life. They are correctly identifying large corporations as analogous to overbearing governments. That, to me, is a classic right-wing belief, and one that I can empathize with, as a staunch Decentralist Green.

[kiliantics]

The original libertarians were actually far left. There is a large portion of the left that hates the State as much as American "Libertarians" do, but from a different perspective (which I believe is far more consistent). It seems to surprise a lot of Americans to learn that you can be socialist and libertarian at the same time:

https://en.wikipedia.org/wiki/Libertarian_socialism

[graphitezepp]

Eh, I think it is more a problem with "broad umbrellas" and simple labels being inherently incapable of accurately describing something as complex as ones own politics, rather than lack of self judgement. I know precisely what my politics are but the right/left dichotomy is to simple for me to even pick a side for example, both tribes have ideals that I very much agree with.

[eeZah7Ux]

Spot on.

The test at https://www.politicalcompass.org/ works reasonably well.

[zanny]

That test was accurate in pinning what I do believe my political leanings are, but the questions were awful and loaded. In the surrounding exposition and in the questions themselves the authors demonstrate what I believe to be a staunch leftist / progressive leaning. A lot of questions I read thinking "just because of how they worded this I have to say X because they are making an absolutionist statement on something I'm not absolutionist about".

[eeZah7Ux]

> That test was accurate

> the authors demonstrate what I believe to be a staunch leftist

Sounds like somebody is biased here.

> "just because of how they worded this I have to say X because they are making an absolutionist statement on something I'm not absolutionist about".

That's how and why the test works. It need to extract the user's leaning by choosing between extremes.

[hammock]

>Perhaps this is a good reason to have some sort of technocracy element to the federal government

Thought you were going to say "regulate privacy protections." Instead you went for breaking up monopolies. Impressive leap

[simias]

He has a point though. Right now if you have an android smartphone, use gmail and google search you're telling google basically everything you do, where you are, what you have an interest in and the people you know.

Each of these services in isolation can know a great deal about you but being able to correlate the data makes it so much worse.

That's why I try to avoid putting all of my eggs in the same basket, I have an android phone but I use duckduckgo for search, my own server for email and firefox for browsing the web. If Mozilla, my server host or ddg decides to betray me (or gets hacked) at least they only have access to a slice of my life.

[DanielBMarkham]

That's why I try to avoid putting all of my eggs in the same basket

This is what I had been trying up until six or seven years ago. At that point it just got too complex to build and maintain.

With ISPs selling our location and traffic data, I think there's no engineering your way around the problem now. Perhaps the best we can do is damage mitigation.

[devrandomguy]

Can you recommend a good source of info about running a personal email server? I have heard that it is extremely difficult to get mainstream email providers to accept email from unrecognized sources, but if that is not the case, or if there is a good method for dealing with that madness, then I am very much interested in managing my own email.

[simias]

I just use dovecot, postfix and spamassassin. It did take me many hours and a lot of googling to configure it but it's very low maintenance after that.

I don't have any problem getting my emails accepted by gmail and friends.

The trick is to use an IP range that's not "fishy" (that basically precludes hosting email on your home connection, everybody expects spam from those and they're blacklisted everywhere). Then use DKIM, SMTPS, DMARC, SPF and be very careful not to allow any kind of open relay for spammers and you should be mostly fine, at least in my experience.

There are many websites online that offer to test your email setup for obvious flaws (open relay, missing headers etc...), for instance https://www.mail-tester.com/ and https://mxtoolbox.com/diagnostic.aspx . You should also check if some blacklists have your IP or domain blacklisted for some reason, and then request a delisting (after making sure that you're actually not sending spam because of a bad config): https://mxtoolbox.com/blacklists.aspx

It's definitely not plug-and-play but it's pretty interesting if you don't mind system admin. You also have a lot of flexibility if you want to filter and automate your emails in any way. I was also pleasantly surprised by the efficiency of spamassassin, properly trained there are very few false negatives and almost no false positives.

[BenjiWiebe]

I didn't find it hard at all. Don't expect for it to work on a residential IP address though. I have dovecot and postfix running on a linode.

[saint_fiasco]

If they were all different companies, eventually consumer data would be commoditized and they would sell that data to each other anyway.

[sageikosa]

Microsoft wasn't split. It was informed that they could only do so much product integration.

[amelius]

We simply need laws against data brokerage.

And prohibit ad-based monetization on services with >100M users.

[ashark]

> We simply need laws against data brokerage.

This is the right answer. Collecting, retaining, using, and selling all this crap should simply be illegal. For Google, for Amazon, for Target, for Visa. Any of 'em.

The more pragmatic libertarians ought even be on board with this, since even if they don't care about massive corporations having all this stuff, allowing its collection gives de facto access to it by the government, and you can't effectively opt out even if you take extreme measures like not communicating with anyone except over encrypted comms and not having any kind of cell phone—you are still in pictures others post to social media, for example, or mentioned in others' unencrypted messaging/email conversations, et c. Your only hope is to become a hermit, basically, which is unreasonable.

[dhimes]

I'm ok with ads. I don't like tracking.

[sageikosa]

...and a police force with arrest powers, and corporate compliance offices that follow the letter of the law, and federal investigators that try and parse code...

And once you get big, you can't get any more revenue.

And I want to be king.

[anigbrowl]

Those will fail on first amendment grounds. I've been saying for years that you won't have privacy without a constitutional amendment/rewrite, but that's looking more and more likely every day.

[hammock]

Why does the number of users matter?

[amelius]

Well, I suspect that prohibiting data-brokerage basically helps big players like Google, because it eliminates smaller players who don't have access to such large amounts of data. See [1].

On the other hand, prohibiting ad-based monetization schemes lowers the incentive to excessively track users.

Of course, you could say that everything is proportional to the number of users, but I suspect that's not how it works.

[1] https://adexchanger.com/data-driven-thinking/eus-general-dat...

[Jesus_Jones]

because you get lots of market power when have zillions of users.

[hammock]

And 100M users is the tipping point? How many services have 100M users?

[DarkKomunalec]

Data-gathering companies can and do co-operate, or someone wanting to learn something can just buy the data from several of them - price per bit of data should be the same. So breaking them up isn't really a solution to this problem.

As for why monopolies aren't getting broken up, I'd say a combination of increased corporate control of government, and global trade necessitating ever larger companies to compete, because tariffs are 'evil'.

[api]

People want to carry around little location aware Internet connected computers studded with sensors and that run third party apps, and there is just no hope of securing these systems against all possible vectors for unauthorized snooping. There is no technical solution. Ultimately I think this can only be fixed with legislation.

If there is money to be made in invading peoples' privacy, it is going to happen unless there are regulations in place that make it costly by imposing fines.

Here's a simple starter idea: extend HIPAA type protection to the most sensitive forms of PII like location information, photos not explicitly shared, microphone data, and health sensor data. Sale or other release of this information without explicit per-sale or per-release user consent is illegal. Leaks or intentional distribution results in fines that start at $10,000 per incident.

Gather your users' locations and sell them? That'll be $10k per user per 24 hour period in which any location data points were leaked.

Microphone and camera data should be subject to further protections. It should be illegal to store such data for longer than what would be needed for legitimate algorithmic uses or to use such data for other than its explicitly intended purpose unless the user explicitly shares it. So something like Siri could leverage cloud compute to parse your verbal commands but it better throw that data away afterwords... leaks would be $10,000 per user per audio recording.

The only exemptions should be for things like IP addresses since this would require fundamental re-engineering of the entire Internet. These do reveal some location data but it's nowhere near as accurate (and hence intrusive) as device location data. There also are techno hacks like VPNs that can be used to obscure such data if a user wishes to do so.

Edit: as far as government snooping goes that also must be fixed at the legislative level. There are legitimate reasons for governments to conduct surveillance but these must be subject to strict regulation and oversight. It's the only way. Government agencies like NSA, CIA, and FBI (and their equivalents in other places) are well funded and very good and there is no hope of preventing them of leveraging the Internet for surveillance unless the legislative branch explicitly regulates their actions.

TL;DR: the only solution here is the rule of law. Techno-fixes won't work and are a cop-out to avoid confronting the dysfunction of our political system.

[JustSomeNobody]

Doesn't he address this by saying make this a political issue?