[badjeans]

> I don’t have FB or or WhatsApp but my Insta account (using a separate email address and no personal details) keeps recommending my therapist to me.

So what? What's the harm?

People sure like to write emotionally charged posts arguing for privacy, but they're always suspiciously low on details on what bad things (actually) happened.

Even in this case with phone numbers and other data leaked, so what? What harm do data leaks cause?

Seems like making a fuss about nothing.

> How are we still ok with this shit?

We're ok with a lot of shit. I think if we were to make a list of shit this would rank pretty low.

[andrepd]

What's the harm of people watching you while you shower? Everybody does it, you won't get hurt, so what's the harm of stealing your nude pictures?

> they're always suspiciously low on details on what bad things (actually) happened.

- Hyper-targeted advertising

- Voter manipulation

- Surveillance of dissent

- Arresting dissidents

- Leaking sensitive medical data

- Leaking private pictures, videos, conversations

- Leaking your home and work address (hello stalkers and jealous ex-husbands!)

- Being refused medical treatment or having premiums skyrocket

But yeah, nothing serious, why are you so paranoid man? Conform, citizen!

[cookiengineer]

You've obviously never been a victim of identity fraud, stalking or psychological terror.

As long as the legal justice system hasn't caught up with that (in the sense of efficiency and prevention of financial problems) every data point that's leaked about you is a potential threat.

> fuss about nothing

Ever heard about rape victims? Ever heard about stalkers? Ever heard about psychological threats? Ever heard about someone being forced to do something they don't want? Ever heard about the fappening? How do you think those things have happened in the past and literally ruined people's lives?

[kelnos]

> You've obviously never been a victim of identity fraud, stalking or psychological terror.

And that's the point: most people haven't, and many who have probably weren't able to link it to something specific like "Facebook vacuumed up all my data and then lost it". And "most people" are the people who influence and make policy.

[YarickR2]

Do you compare FB to SS and Stazi ?

[ordu]

> Even in this case with phone numbers and other data leaked, so what? What harm do data leaks cause?

Lets imagine a situation. You've got an officially looking letter, from unknown to you organization, claiming that for example, your lawn is infected by a grass variant of COVID-19 and must be disinfected, and this organization could do it in a jiffy for a mere $1k.

Probably it is a scam, isn't it? How do you judge it? One of the sign of a scam is a lack of personal information in the letter. But if you see that letter contains your name, address, phone number, lawn dimensions, then you probably shouldn't throw letter to a garbage bin, you should find some other kind of test to judge is it a scam. Isn't it?

So when you made your personal information public, scam detection is going to impose bigger costs on you. Even if we assume that you are perfect scam detector and will not let any of scam to pass you undetected, then the lot of people are not perfect in this regard. So the more difficult detection is, the more prey for scammers. It impose costs for a society overall, because society start to give money to scammers, to finance all that activity that is counter productive for an economic growth.

But as for me it is just a nuisance to decipher such letters trying to spend as little time on a scam detection as possible while having no false positives.

[rpastuszak]

> People sure like to write emotionally charged posts arguing for privacy, but they're always suspiciously low on details on what bad things (actually) happened.

Two bad things (random selection, because the comments below already make some really good points):

1. targeted behavioural advertising is proven to increase polarisation, literally turning people against each other.

A single instance of violating someone's privacy doesn't matter as much as your single vote won't shift the result of elections. But a single vote does matter, because is a part of a bigger whole.

2. My family member suffers from PTSD acquired because of living in an abusive relationship for 2 decades. That person started a new life, but ads targeted at her and her partner more than once triggered actual panic attacks. I know this might sound ridiculous without the context. This is because that person didn't understand how clever the tech behind targeting was and assumed that the ads were related to their partner cheating on them. It's irrational, I know, but we're talking about someone who is psychologically vulnerable.

I'd still say that 1. is a more important argument here, 2. just follows the line of thinking presented in your comment. (the main problem behind 2. is that person's mental state and the actions of their abuser, yet the amount of suffering that could've been removed is not negligible.)

> Even in this case with phone numbers and other data leaked, so what? What harm do data leaks cause?

Cambridge Analytica, voter manipulation, bias in behavioural targeting, increased polarisation in media--please Google these queries and educate yourself. There's a tonne of resources on the subject, including peer reviewed academic papers.

[disgruntledphd2]

> targeted behavioural advertising is proven to increase polarisation, literally turning people against each other.

Can you provide some evidence for this please? Certainly, filter bubbles make it easier for people to radicalise themselves, but I've not seen very much evidence that it's specifically the advertising.

And polarisation in (US) media has been underway since long before Mark Zuckerberg left elementary school.

[kelnos]

I guarantee you that the majority of the population does not understand or care about your #1.

And I expect that the majority of the population has not experienced the horror of your #2.

If the majority (in this case, likely vast majority) doesn't care about something, there probably is not going to end up being any public policy protecting against it.

[seaman1921]

Post your personal phone number right here and I will show you what harm it can cause.

[cookiengineer]

Also @badjeans should give you all passwords for all email accounts, and all encryption keys.

Because you know, what does it matter, right?

[YarickR2]

you're confusing security, privacy, and personal details

[cookiengineer]

Please elaborate. If security is not a measurement to uphold and defend the right to privacy, then what is it?

[dijksterhuis]

It's a common misconception that the purpose of security is used to provide privacy. I'll deal with that first, then we'll get on to the comment thread.

Information security can be about trust, i.e. I trust that person A sent this message because of X, y, z. I also trust that the message hasn't been tampered with because of X, y, z.

Privacy is a sub/side topic of information security. E.g. keeping all network connection data about an individual obfuscated at all times i.e. All data is kept hidden in a way that cannot be made unhidden.

Privacy is part of information security, and serves to ensure certain systems could be considered secure in certain cases (depends on the threat model/requirements of the system).

Basically, you've got it the wrong way around. Privacy (as a purely technical idea) exists to keep some information secure in certain cases.

Recent Fawkes paper is a good example of privacy as a security consideration.

Now for a case where it doesn't matter...

Whenever you're asked to run an MD5 hash check of a file you've just downloaded, that's an example of authentication/verification.

Doesn't matter if someone has seen that you've downloaded the file, just that the downloaded file is correct (for you).

Good example is Linux OS distribution ISOs.

Privacy doesn't really matter in that case (depending on your threat model), what matters is that the file you've downloaded matches what you wanted to downloaded. No-one intercepted and tampered with the data in transit.

You can trust the data that you've downloaded.

It doesn't matter if Mr FBI saw that I downloaded it, because it's not illegal. So why waste energy and resources on solving a problem that's not a problem?!

Now on to protection of confidential data...

Facebook is actually a good example of this. Most people are not anonymous on there. You can search and find people (depending on settings). Privacy, in that sense, is not provided.

However, they do (or are supposed to) keep our data protected from external malicious adversaries, whilst not making it completely private to everyone.

I can see my friends information, it is not private. It is, however, supposed to be protected and kept safe e.g. a credit card number.

A credit card number can't be completely obfuscated because then it can't be used. Instead, that personal information should be protected.

https://en.m.wikipedia.org/wiki/Information_security

Now, in relation to the parent of the parent of the.....

The point of the comment, and I agreed with it, is that if personal information is leaked to the public -- that's not privacy, it is improper confidential data access -- really bad things can happen.

I can call that number every 2 minutes to perform a denial of service attack (eventually they'll turn their phone off, no more phone service!).

I could send horrific child porn to that number.

I could do X, y, z with a phone number.

I don't need passwords and encryption keys or zero day access to your hardened Linux box to fuck up your life.

I can do it with a phone number.

And here's the real kicker --- I don't even know who this person is! They're anonymous to me. Their privacy is mostly intact, but I've got access to confidential information which means I can fuck up their life regardless.

So your point of "well, why don't they just give out access to ALL the confidential information" was, actually, kind of on point!

That's exactly the kind of data we definitely do not want out in the wild. That's extremely sensitive data with which I could cause absolute havoc!

Where you fell down was the "leak all of it cos why not". One tiny piece of leaked confidential data can be massively dangerous. That was the point of the comment.

One tiny piece of data and I can ruin your life. I don't need everything, just one thing. One phone number.

Hopefully that was helpful. It's all a shade of grey depending on your threat model tbh.