[Altheasy]

The author: Privacy does not mean stopping the flow of data; it means channeling it wisely and justly to serve societal ends and values and the individuals who are its subjects, particularly the vulnerable and the disadvantaged.

You are wrong, privacy mean stopping the flow of the data completely. No one should spy on your life.

[onion2k]

No one should spy on your life.

Absolute statements are always wrong. ;)

The problem with this way of thinking is that it's very hard to define what 'spying' is, and what 'your life' is. This is best illustrated with an example - when you read this comment you'll have loaded a page on HN. That means HN's server probably has a log of your IP address, browser agent string, etc. There's a complete history of every article you've ever read, upvoted, commented on there for you (and the public at large for some things) to see;

Your profile: https://news.ycombinator.com/user?id=Altheasy

Your comments: https://news.ycombinator.com/threads?id=Altheasy

Your favourited articles: https://news.ycombinator.com/favorites?id=Altheasy

Taking the first page of your comments and that favourite I can reasonably assume that you're a developer, you don't like testing much, you have a cat, you have a judgemental attitude about how other people spend money, you have a smart phone, etc. Not great insights but you're pretty new here. If I trawled through the comments of someone who has 20,000 comments I could learn a lot.

So... is HN spying on you? Am I spying on you when I read those pages? I don't think so. You put that data out there in the open. The same is technically true for most data that people say is spying - eg Google Analytics isn't spying on you when it tracks everything you do on 50% of the websites you visit. You're giving that data away. That's fine. It's useful. It makes the internet better.

The flow of data in itself is OK. It only really becomes spying when the data is misused. That's what people want to control.

[cousin_it]

Grandparent's statement is pretty absolute, but I find myself in agreement with it. Data collection is the right place to intervene, because once collected, data can be copied and misused at any time in the future.

> when you read this comment you'll have loaded a page on HN. That means HN's server probably has a log of your IP address, browser agent string, etc.

Such logging isn't technically necessary to serve web pages, and ideally shouldn't be done without consent.

> Am I spying on you when I read those pages?

That's not spying, because the user consented to making their comments public. (Not sure about favorites though, there's a small note on the profile page but maybe the favoriting action should make it more explicit.)

> Google Analytics isn't spying on you when it tracks everything you do on 50% of the websites you visit.

It's spying if you didn't consent to it.

[viraptor]

> Such logging isn't technically necessary to serve web pages, and ideally shouldn't be done without consent.

It's needed as soon as you want to do: non-trivial spam protection, context connection for errors/exceptions, dos mitigation, correlation of issues across browsers, and a few other things.

For most of those you could theoretically hash the IP because you're interested in matches not actual values (although matching either the AS or at least /24 makes things easier). But until we migrate to IPv6 hashing doesn't make sense (and once we move, keeping individual addresses doesn't make sense).

Basically the bigger the site, the more important that information is for operations.

[Retric]

You can do all of those things without logging that information. It’s a cheaper solution to the problem, but that does not mean it’s required.

Which devolves your argument into collecting this information is significantly more profitable. Which I think is generally accepted as true, but not nessisarily enough to make it acceptable.

[viraptor]

How would you match traffic from the same source without keeping the record of that source?

[Retric]

That’s a technique not a goal. What are you trying to do?

[onion2k]

It's spying if you didn't consent to it.

There's no explicit consent but the fact you've told your computer to download some code and run it looks a lot like implied consent.

[cousin_it]

I think that argument proves too much. To a user browsing the web, clicking a link that says "check out this nice article" signifies intention/consent to read that article, not to suffer the effects of all possible JS tripwires including pwning their computer and such.

[onion2k]

This is the point I was making about misuse of data. Thinking usage analytics on a website is a tripwire is quite extreme. Thinking that building a complete profile of someone based on their activity on lots of websites is a tripwire is quite reasonable. Hence the difficulty in defining what 'spying' really is.

[cousin_it]

If by analytics you mean something like a hit counter from the 90s, which doesn't require recording user sessions, then I agree with you. But if it's recording user sessions, I think it's a good idea to require consent for that.

[eadmund]

Sure, but all this tracking isn't a product of JS tripwires pwning computers: it's a natural result of downloading an article from a server.

[TeMPOraL]

No, it's a result of the article telling the browser to also download and execute analytics scripts. It's abusing the good faith HTTP protocol was built upon. That's why I consider ad/content blockers OK and desirable. They're a way for users to express that they don't consent to loading and execution of some resources.

[kazagistar]

That's true of malware too. Consent is different from actions.

[matz1]

Then its the misuse itself that need to be fixed.

Its like knife can be used to kill people, lets get rid of knife instead.

[guillim85]

> Absolute statements are always wrong. ;)

Love the irony here :)

[ad404b8a372f2b9]

No, spying does not require malicious intent. If you look through your neighbours' blinds every night, just to ensure they're doing well, you're still invading their privacy and spying on them. By definition spying is to collect information furtively, which I think qualifies the behaviour of all internet trackers as 90% of the population is unaware of their existence and 99% of the population doesn't know the extent of their consolidated online profile. The uncontrolled collection of data is itself harmful, that's why the GDPR requires companies to justify the pieces of information they collect.

[matz1]

>neighbours' blinds every night, just to ensure they're doing well

What harm does it cause ?

[YeGoblynQueenne]

>> No one should spy on your life.

That actually sounds as a pretty straightforward, self-explanatory request. I don't see where the confusion arises.

[matz1]

Disagree. Information wants to be free. Good luck trying to stop the flow of data. The solution of privacy should be embrace the flow of data or even increase it by increasing transparency. Sure, there are going to be issue in regards data being public and thats what should be fixed instead.

[theaeolist]

"Should". But they do nevertheless. It's a fact.