[Drakim]

I think it's not good enough to merely prevent it from happening with sandboxing or permissions, that's a very technically-oriented way of solving the problem (and obviously what most of us here on HN would go to first).

But merely preventing it on a technical level creates this race where companies and startups are always finding new ways to violate our privacy, while we stumble after trying to patch the latest evil, hoping that it's even possible to patch this time. Stop ajax calls to third party domains? What if they start piping it though the first party server? etc.

There fundamentally needs to be laws and principles in place that sets clear lines as to what's okay and not, it shouldn't come down to "whatever is technically possible". You may NOT take my personal data, my contact list, my browsing habits, and sell them to a third party, even if it's hidden somewhere deep in your T&S. No human actually wants you to do that, if you offered somebody on the street five bucks for their phone contact list they wouldn't say yes. It's only possible because you are doing these evil things hidden from view.

[Ntrails]

> No human actually wants you to do that, if you offered somebody on the street five bucks for their phone contact list they wouldn't say yes.

There is an argument i have with a guy who stands on the street offering 'free coffee'. So i ask for a voucher, and he explains i have to download an app. I am not convinced that is truly free.

[nl]

Plenty of people will just tell you their password if you ask them nicely (https://www.google.com/amp/s/nakedsecurity.sophos.com/2015/0...) so I'm pretty sure they'd give up their contact list.

[lucio]

There are a lot of humans that are OK with that. The average person do not value privacy that much. There are a lot of people willing to trade data/usage patters for a free app. On the proposition "Pay $5/month or pay $0 but let me track you" a lot of people will choose the 2nd.

[chii]

they may choose the 2nd option, but it's unknown if they would continue if told what the ramifications are. People chose brexit without knowing its ramifications, because they did not understand fully their choice. I suspect those who opt for tracking is also making this mistake.

[matz1]

I doubt it, as a tech savy user I know the ramifications but still going to for the 2nd option. Why ? Because the ramifications is largely inconsequential or not harmful enough for me to care

[skummetmaelk]

And this is the problem. You know the ramifications for you as an individual are fairly small, but this is a problem of scale. Billions of people handing over their data allows the creation of much more sophisticated and insidious models. The costs of your decisions are externalized to society as a whole and will affect you one day. You just don't see that.

It is the classic tragedy of the commons. Everyone doing whatever is best for themselves leads to the absolute worst outcome for everyone (including yourself) in the end. E.g you running 50 kWh of AC per day is pretty inconsequential. 2 billion people doing the same is not.

[matz1]

So then what is the effect on me ?