[vorpalhex]

The Figma example that's given seems to completely undercut the "Productivity vs Privacy" argument. Figma didn't discover those use cases by spying on users, they did it by talking with users and working WITH them. You know, using that whole consent thing?

The issue isn't collaborating with your users and involving them in the design process - do that! It's awesome and it'll generally help you make better products.

The problem comes when you want to harvest intelligence from your users WITHOUT cooperation. If you need to do that to be "productive" ala Google, then yes, you are going to be hampered by privacy. That's a tradeoff for users to make, and it's only a real tradeoff when we aren't dependent on the moods of Google or Facebook but instead can rely on the underlying technological basis.

And you can be very interoperable and maintain privacy - but your users will need to choose to enable that interopability. Facebook can "promote interopability" by linking my Instagram and Facebook, or forcing me to use Facebook on Oculus and that is interopability - but it's sort of by force and not in a way that is acting with my consent. On the other hand, my email I send with Protonmail is perfectly interoperable - I can email anyone and get email from anyone, import and export emails and use whatever client I want - as long as I choose to allow it to be by decrypting my emails.

[jessems]

Hey, OP here. Thanks for taking the time to read and respond.

> The Figma example that's given seems to completely undercut the "Productivity vs Privacy" argument. Figma didn't discover those use cases by spying on users, they did it by talking with users and working WITH them. You know, using that whole consent thing?

Figma is a great example of non-obvious productivity gains being _discovered_. I believe building a multiplayer experience like Figma would be considerably more difficult if you would need to also keep everything e2e, managing multiple keys, etc. In that sense I think there might be some tension with privacy-preservation. The primary reason I mentioned Figma, though, was the discovery part. I could've made that more clear.

> And you can be very interoperable and maintain privacy - but your users will need to choose to enable that interopability. Facebook can "promote interopability" by linking my Instagram and Facebook, or forcing me to use Facebook on Oculus and that is interopability - but it's sort of by force and not in a way that is acting with my consent. On the other hand, my email I send with Protonmail is perfectly interoperable - I can email anyone and get email from anyone, import and export emails and use whatever client I want - as long as I choose to allow it to be by decrypting my emails.

You can be interoperable, but I see many scenarios where it's not straight forward. For instance, you lose control over the preservation of privacy when your ProtonMail user forwards an email to his Gmail friend with an entire conversation in it, even though on a technical level you're completely interoperable.

[gingerlime]

Absolutely. But even not all harvesting is privacy invasive. As a search engine I can know that 3.054% of users search for sex toys. As long as they don’t know or harvest who is doing these searches, there’s no privacy violation.

[jessems]

Valid point, but this doesn't amount to a very convincing promise to many users imo. You're relying on the service provider to not abuse their power. If that were sufficient I don't think we would see these e2e services pop up to begin with.

[gingerlime]

Yes, you’re absolutely right. Unfortunately services blatantly and openly violate their customers privacy and by and large customers don’t care. I would also prefer zero trust as a first choice, but for now would be happy to settle for trusting companies that just seem decent. Sadly those are few and far between and the norm is to harvest, sell and abuse customer data.

[vorpalhex]

> I would also prefer zero trust as a first choice, but for now would be happy to settle for trusting companies that just seem decent.

It's an incentives problem. If the company can always make a bit more money by harvesting data, then why would it not? Especially if it could avoid getting detected or at least avoid getting in trouble.

That's the benefit of E2E - I don't have to trust the middleman. I still have to trust the other end (and that has a whole can of issues to be sorted) and I have to trust myself (and again, that has plenty of problems) but it at least removes an entire vector.