[pattusk]

I don't think the problem is with the "lie" that the innocent need not fear surveillance. Most people will agree that mass-surveillance will negatively affect some people that are indispensable to healthily functioning liberal society: journalists, activists, academics, public figures...

The problem is that even if most people don't subscribe to the "nothing to hide" argument in general, they do not care about themselves being the target of surveillance.

Having unsuccessfully tried to make family and acquaintances more aware of privacy issue, I can confidently say that the "nothing to hide" argument is nothing next to the "I don't care" attitude. It's not just being the target of a wrongful accusation, arguments about unintended public shaming, identity theft, negative economic consequences (higher insurance premium or mortgage rates if your bank has more information about you), none of it will work.

I think there is some sort of a Tverskyan study to be done here about expected value and perceived risk. Overall for most people the equation is always: (probability of data being mishandled) * damage < time and effort required to maintain my privacy.

[Santosh83]

Because the 'time and effort required to maintain my privacy' part requires immediate and sustained and rigorous action and sacrifice of various comforts, all for a nebulously perceived, personally theoretical risk.

The ultimate trajectory of liberal democracy is towards anarchism. But humans are anything but evolutionarily suited for that. We are biologically built to function in a hierarchy, even if the top of that hierarchy is tyrannical. This will take a long while to change. And enough efforts to educate are not being made. Not even close.

PS. Also wanted to add that the "maintain my privacy" part is still far too technical for anyone except diehard nerds, and even they confess it takes great effort and thought. The entire system has been taken over at all levels of the stack by commercial and political powers. The average Joe doesn't stand a chance unless he wants to go entirely off-grid.

[jnsie]

^ This

I am going to make a weird, but IMHO apt, comparison to Type 1 Diabetes. T1D is an attritional disease caused by the pancreas's inability to produce enough/any insulin and the list of complications is long and deadly. As someone who has lived with the disease for decades what makes the disease particularly insidious is immediate effort versus delayed impact. The disease affects everything...every single part of every single day. Eating, sleeping, exercising, traveling, finances...everything. And to be on top of everything is extremely effortful. However the impact of not taking enough insulin, of not checking blood sugars frequently enough, or living with high blood sugars, is delayed. Today's transgressions may not be punished for decades. It is no shock to read about poor therapy adherence when the effort is immediate (and constant) and the effect is delayed (and therefore hypothetical). I see the same issue - immediate and constant effort coupled with long term hypothetical effect - with protecting one's privacy. Obviously one should do the right thing. But many won't.

[radarsat1]

This is an incredibly insightful point of view for understanding people around me on this topic. And maybe a useful analogy for talking about it. Thank you.

[lisper]

Climate change is another area where this analogy is apt.

[scottLobster]

The key issue in your analogy being that we know T1D will actually have long-term consequences if left untreated. We don't yet know the cost of "lack of privacy". Part of me wonders if privacy advocates will be on the same level as doomsday preppers in a few decades, at least in the Democratic world. It's not that they were wrong to prepare for nuclear war given the information available during the Cold War, it's just that it never happened so their efforts were largely wasted.

To use myself as an example: I've had a gmail account since it was invite-only. Was on facebook as soon as it was available to high schoolers. So over 15 years now for both (although I'm basically off facebook at this point because it sucks now, I maintain a skeleton account to use the Marketplace). I've had an android phone for 6 years, used a "free" discount brokerage for years, etc, file my taxes with Turbotax, and use any number of services (including credit cards themselves) that likely sell my data in some form.

Any hard privacy-based damages have yet to materialize beyond a couple of stolen credit card numbers that were easily dealt with.

Now what's the "therapy" for all this?

1. Thoroughly examine the terms and conditions of any service/software I sign up for and actively avoid those who state they'll sell my data, and re-review said terms and conditions every time they're updated, canceling services when/if the terms turn malicious.

That point alone could be a career unto itself.

2. Run an adblocker which will inevitably break some sites and have to be periodically turned off

3. Run a Pi-Hole on a local router

4. Run anti-browser-fingerprinting extensions

5. Use a VPN to obfuscate location data

6. Switch from Android to Apple (and even Apple isn't perfect)

7. Avoid all social media

8. ...

There's an endless list of technical partial solutions that may or may not add up to any real difference, but will definitely consume hundreds or thousands of hours of time in set-up and maintenance and reserach, thousands of dollars in fees over the long haul if using paid services. Plus the daily grind of dealing with non-homogeneous and often 2nd-rate alternative tools because there isn't much money in privacy. All to prepare for a threat that may never materialize and hasn't materialized at all in the over 15 years people have been warning me about the issue.

I drink beer, wine and cider on the weekends. Yes I'm well aware that marginally increases my odds of getting cancer/other nastiness over decades. I don't care, I judge the increased risk negligible compared to the worth of enjoyment/socializing. Privacy falls into that same category for now. I tried using GnuCash to track my finances over privacy concerns. It won't connect to my bank for some reason, spent hours troubleshooting the issue, researching obscure bank communication protocols to no end. Maybe I could have figured it out, but Mint.com works with everything down to my power and gas utilities, was completely set up in less than 30 minutes.

I'd like Privacy, but I think people sneer at the word "convenience" more than they should. Convenience means I get time back, the one resource we all definitely have a finite amount of. And maybe there will be some great privacy crisis some day, in the same sense that there may be nuclear war. I'm not building a fallout shelter any time soon, I've got better things to do.

[bentcorner]

> Part of me wonders if privacy advocates will be on the same level as doomsday preppers in a few decades, at least in the Democratic world

Related is the fact that people making waves about privacy now have actually made a difference, and even if we're not in a "100% privacy" world, maybe it's good enough.

Reminds me of Y2K. Consumers at the time heard it was a big deal, and then nothing happened. But industry fixed a ton of things that were broken before Y2K so that nothing major did happen.

[jnsie]

I agree with your points and think "convenience" is an oft misused term in this context. It is "inconvenient" for me to go downstairs to pick up my Uber Eats delivery. It is nothing short of toil to do the multitude of things required to guard privacy/kidneys.

I'll add, with regard to T1D, that I am fortunate enough to have an endocrinologist who is effectively an expert tasked with staying up to date with the science and facilitating the best outcomes for me, the patient. I am not sure if there is a parallel when it comes to privacy. Sure, there are orgs out there that will take your money and provide you with solutions that claim to guard privacy but it's difficult to confirm their intent and capability. My endo works in a regulated environment with statutes to guard against kickbacks and other bad behavior and has little incentive for malevolence.

[FalconSensei]

Also, with T1D we have ways to actually knowing your 'score'. A1C and time in range are good? Urine tests are good? Nice.

With privacy, how do I know my 'privacy score'? It's way more difficulty to do any 'health checkup', compare to how you were 6 months before and plan around known risks for the future

[jnsie]

Excellent point!

[fsflover]

Electronic Frontier Foundation is one such privacy-helping nonprofit one can trust.

[THATthereguy]

Wow, this is a really good analogy. Sad, but true.

[throwaway81523]

> The ultimate trajectory of liberal democracy is towards anarchism.

It's more like towards feudalism, and that's what the surveillance helps achieve. That's why surveillance is dangerous.

[deregulateMed]

>towards anarchy

Yet every democracy seems to tend toward dictatorships according to history.

But I agree the idea behind liberalism is individuals, which anarchy makes sense.

Given I have 3 to 5 government layers, Federal, State, city, HOA, and international law, I'd certainly prefer to get rid of a few of these layers due to corruption.

[roenxi]

> Yet every democracy seems to tend toward dictatorships according to history.

How could a democracy end if not dictatorship? I suppose sinking beneath the waves is an alternative, but that is pretty rare.

If you want to have some fun reading up on Wikipedia's list of Empires [0], take some time to appreciate that the Republic of Venice being the longest-lived Western European empire. And I'm no expert in Venetian history (especially being as they have so much of it), but it seems to have had some solid democratic elements for around 700 years.

Democracies have a messy, difficult to categorise staying power. I hear stories about Kings and Emperors, but nobody talks about the enduring-like-weeds powers that don't have neatly defined figureheads but are hotbeds of prosperity. Look at Switzerland working through the World Wars for example. Really a minor miracle at that time in that place.

And world's largest empire (the British) spawned numerous highly successful democracies.

[0] https://en.wikipedia.org/wiki/List_of_empires

[andrepd]

Venice wasn't a democracy in any meaningful way, either in the style of Greek democracy that preceded it or western liberal democracies that succeeded them. It was an oligarchy with limited democratic elements.

[roenxi]

Well, sure. But the Athenian-style Greek democracies were such an outrageous success that they're still a part of the common political discourse after 2,500 years and we still have things to learn from the stories they left us. I mean, not every democracy is going to achieve that level of success or quite that place in the public imagination.

What Venice had was pretty good compared to dictatorship.

[oscardssmith]

It's worth noting that the popular conception of "Greek democracy" tends to ignore the massive caste of slaves that Greek city states had.

[baybal2]

> Democracies have a messy, difficult to categorise staying power. I hear stories about Kings and Emperors, but nobody talks about the enduring-like-weeds powers that don't have neatly defined figureheads but are hotbeds of prosperity.

Don't look around for long.

United States of America — a truly improbable, impossible country. With so much of s**t going on through its history, any other normal country would've crashed, and burned 20 times over.

[labster]

Nah, we are biologically built to function in bands of no more than 300 people. Hierarchies are just the basic level of abstraction allowing bands to collectively form tribes, nations, and empires.

[Jorengarenar]

You are saying it as if "in bands of no more than 300 people" there was no hierarchy. It starts appearing at few dozens, let alone few hundreds.

Proof of it being biological? Look at other primates. They form groups of way less than few hundreds and still maintain (strict) hierarchy.

[js8]

It's nowhere as clear-cut as you try to portray it. First of all, there are differences among primates, how are these hierarchies structured and some of it is also, surprisingly, cultural. (Look for example at work of Robert Sapolsky.)

I for example believe that hierarchies are a cultural artifact of civilization, not a biologically inherent human value. The inherent human value is deference to authority, which is useful to maintain existing order and generational memory (and is the basis for what we typically call "conservative"). In tribes of 300 people or so, the hierarchies are easily challenged. In a civilization of 1000s of people, with incomplete information, this is much more difficult.

(That being said, I think there are individuals who do not share typical human values, and try to subvert those for their personal benefit. So these individuals might subvert the value of deference to authority to create a hierarchy from which then they personally benefit. Just like existence of somebody, who might always take and never give back, doesn't invalidate reciprocity as a typical human value.)

And in fact we increasingly live in a world where everybody is a member of multiple independent social hierarchies, and these apply situationally (and it's not even clear they are always needed). This really strains the claim that humans inherently favor hierarchies (which there should be only one), rather than just simply defer to authorities (which might be multiple or even chosen by each individual independently).

[dnautics]

I don't think deference to authority is inherently human, there are plenty of humans who resist authority to various degrees independent of socialization. It might be a "median" human quality though

[js8]

There is a difference in belief that the authority is good in general and accepting the existing authority; when I talk about deference to authority, I mean the former, but it doesn't always translate to or imply the latter.

I think it is a useful value (and so it evolved in humans), because it forms the basis of parent-child relationship and the transfer of culture. So as young, we reluctantly defer to authority of our parents and other elders, and as we grow older, we begin to believe in the existence of authority as necessary to prevent the cultural collapses due to social experimentation gone wrong (which might result as pursuit of other human values). The fear of such cultural collapse (and the need to prevent them, through authority) is the focal point of conservative values.

Of course, in modern society, this gets pretty muddled, because the rate of change in societies has accelerated and actual authorities (in power) are often younger and change too quickly to really facilitate the transfer of life experience between generations. From this grows various forms of resentment, which is further shaped by ideological propaganda. My point is, I believe that the demand for more authoritarianism comes from people who believe that culture (they grew in) is in peril and want to slow or stop the rate of its change.

It might also be a reason why people believe in God - as Dan Dennett pointed out, it's more like that people believe that belief in God is itself a good thing, rather than necessarily believing in God as an existing being. This is, again, a manifestation of the belief that some authority is required.

[Zachsa999]

Following this claim, a society does not need social order to fulfill the need to defer, it is just more comfortable.

[rini17]

Wolves were thought to make strict hierarchies but it was debunked. In nature they work more like family - a nonstrict hierarchy.

[njarboe]

Wolf packs work like a family because they are families. For some reason people used to believe that packs were groups of wolves from different families, but that is not the case. Maybe because feral dogs will form large packs that are not from the same families and they assumed wolves did the same thing.

[andrepd]

That's a pretty strong claim with little evidence :)

[twirligigue]

Biology or no, there are problems with living in giant hives as we do now. We simply don't know (personally) the people who rule us, so there's no question of rule by consent. We don't even know people who know them.

Dunbar's Number squared seems like the ideal population size. Enough people that some level of privacy/anonymity is possible but not so many that rule by a sociopathic elite can emerge.

[andrepd]

>The ultimate trajectory of liberal democracy is towards anarchism

Interesting you would say that, by all accounts the current trajectory of bourgeois liberal democracy is towards towards concentration of power and neo-feudalism.

[dspillett]

>* Because the 'time and effort required to maintain my privacy' part requires immediate and sustained and rigorous action and sacrifice of various comforts, all for a nebulously perceived, personally theoretical risk.*

“Maintain” and “sustained” are the key words there. The effort is constant and must be. You only have to get it wrong once, those wanting to slurp up all the data they can about you and pass it on can keep trying and trying and tying, and the effort is much less expensive to them (portioned out over the number of subjects they are tracking or attempting to track) than the counter-effort is to the individual.

[ccn0p]

> sacrifice of various comforts

Yes and I would take this even further -- Google, Facebook, and our phones, have become such an integral part of our daily (hourly) lives that to ask the average person to give up even a portion of these things or to change their habits is akin to social ostracization or educational handicapping.

[hoseja]

It's the culture since the agricultural revolution that's evolved to be inherently tyrannical.

[pessimizer]

> The problem is that even if most people don't subscribe to the "nothing to hide" argument in general, they do not care about themselves being the target of surveillance.

They do care, but they don't have a choice. Investing the time and effort it takes to avoid constant surveillance is far more costly than being under constant surveillance.

If asked, they would all prefer a functional government, rather than the ones we have now that not only refuse to regulate, but take advantage of lax laws for private date collection to get around slightly tighter laws for government data collection.

[vnorilo]

I think there are a couple of levels to this. I try to avoid adtech-driven stuff because I prefer other kinds of products which come out of different business incentives. On a practical level, that's what drives my online privacy habits.

On a more sinister level, even though a malicious state seems very distant (Nordics here), given how many such there are in the world, it is definitely not impossible. We must avoid being frog-boiled to accept surveillance. Even if I don't have anything to hide, we must present "herd anonymity" to shield those who really need it when shit hits the fan. This is the much more abstract part of my privacy philosophy.

[Santosh83]

The crux of the Tor project was all about herd anonymity. Your traffic blends in with millions of other Tor users. Unfortunately global passive surveillance, flooding the network with malicious nodes and targetted exploits of the browser and OS mean that very strong anonymity is still not possible, even with a relatively 'extreme' solution like Tor.

[h0p3]

Forgive me for being late in replying to you (sometimes I sit on things for a while). Are you suggesting that we must find a way to democratically federate the problem of trusting particular mixnet servers? What solutions would you suggest? This seems a silly exercise, so feel free to ignore it: if you were to redesign the internet from the ground up, what would it look like, particularly with respect to this problem?

[sneak]

"I don't care" is frequently a stand-in for "I feel powerless in the face of precisely zero meaningful steps available for me to take to fight the surveillance state/big tech that don't sort of ruin my life".

[RandomLensman]

For me the issue is again the conflation of risks from state actors vs from private companies.

In the case here it is state actors doing the surveillance. The biggest con was that people are concerned about privacy vs private companies when the focus should be on state actors. The ability to get people worked up about privacy and data sharing in a messenger app when at the same time governments are trying to remove anonymity in the web is nothing but astonishing.

[ipster_io]

I have similar experience. Many people choose not to care (or they are not aware of the consequences).

If someone is aware and choose something, it's absolutely fine. The problem is the hidden agendas in all shapes and forms.

Didn't know about 'Tverskyan study', thanks for referring

[Hokusai]

> about expected value and perceived risk. Overall for most people the equation is always: (probability of data being mishandled) * damage < time and effort required to maintain my privacy.

That is the main reason. To keep privacy is too costly on purpose. In Europe, thanks to the GDPR you can get quite good privacy. But companies give you a 1-click option to be tracked, And then company that build products usually 1-click or 2-click to not be tracked. But ad-based companies will ask you 3,4 or sometimes even dozens of clicks to not be tracked. That extra effort is on purpose and should be regulated. When you get a pop-up "Do you want to be tracked (Yes/no)" most people chooses no.

[Nextgrid]

> companies give you a 1-click option to be tracked, And then company that build products usually 1-click or 2-click to not be tracked. But ad-based companies will ask you 3,4 or sometimes even dozens of clicks to not be tracked

The GDPR explicitly forbids that. If you're going to do that you may as well not ask to begin with because you'll be in breach either way.

The problem is that GDPR enforcement is delegated to incompetent idiots and very little of it is being enforced, so these breaches go unpunished. At this point it raises the question of whether the regulators actually benefit from it not being enforced.

[1vuio0pswjnm7]

"Having unsuccessfully tried to make family and acquaintances more aware of privacy issue, I can confidently sat that "nothing to hide" argument is nothing next to the "I don't care" attitude."

You can express as much "confidence" as you like in saying that but as it stands, this is nothing more than another personal anecdote.

If you were sure about your anecdotally-based conclusion, then what would be the purpose of a Tverskyan study.

People are not being given a meaningful choice. No one is "choosing" to sacrafice privacy in exchange for using the internet.

Rather, others are choosing to violate previously established notions of privacy in order to make money. Why. 1. Because whatever these others have in the way of computer skills they lack in moral character 2. Because they can; it's technically easier with the internet and generally there are no legal protections against it.

What happened when Apple asked iPhone users if they want to be tracked by Facebook. What did users choose.

[1vuio0pswjnm7]

    s/sacrafice/sacrifice/

[DicIfTEx]

> I think there is some sort of a Tverskyan study to be done here about expected value and perceived risk. Overall for most people the equation is always: (probability of data being mishandled) * damage < time and effort required to maintain my privacy.

It's about security advice more broadly rather than specifically privacy, but you might find the paper “So Log, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users” by Cormac Herley interesting: https://www.microsoft.com/en-us/research/wp-content/uploads/...

[flareback]

I think part of it is an "I don't care" attitude but another part is that people think that the government won't bother them. Another part of it is that there is nothing they can do even if they did care.

[soheil]

The "nothing to hide" argument is flawed because it only looks at the past and not the future. It's basically saying the opportunity cost for not giving up my privacy is zero. It's to hedge against being wrongly accused of something or a myriad of other unforeseen events happening to you, none of which your fault (e.g., identity theft) that if you had privacy would be easier to avoid even if you're a perfectly law abiding citizen.

It's like believing put options in stock market should be worth $0 because you will never need to exercise them.

[gingerlime]

yes, exactly. My mum, sister, brother and sister-in-law were all listed on the latest facebook leak (with ~500mil others). Yet none of them could be bothered to switch their phone number or get off facebook or whatsapp (even though they got signal and communicate with me on it once I moved away from whatsapp)…

I feel pretty helpless to help them understand the risks. Or they just don’t calculate the risk vs hussle the same way I would??

[PeterisP]

In your opinion, what are the practical risks to them? What actual interference in their daily lives has the FB leak caused or is likely to cause, which would justify e.g. the effort and inconvenience of switching their phone number? Has anyone abused the data leak against them in some way? If not, how likely is that someone would actually do so?

[gingerlime]

I guess identity theft is the most likely risk? but who knows? and humans are pretty bad at calculating such risks. Changing your phone number is a pretty concrete hassle though, and I guess none of them estimated it worth the hassle… It’s just some anecdata to support the parent’s point.

[PeterisP]

If your threat model is mostly about identity theft, then switching your phone number and going off whatsapp won't help at all; going off facebook might limit it a bit but not really, as data in FB leaks isn't that relevant to identity theft, that's usually done based on leaks of your data from e.g. Experian which you can't prevent. There are a bunch of somewhat reasonable precautions against identity theft (credit freezes, filing taxes early to prevent tax refund fraud, etc), but those don't include switching your phone number and abandoning FB/Whatsapp.

So from looking at that risk it seems quite clear that no, it's not worth the hassle, because the hassle is real but the benefits are not. It may be different for other risks, of course - e.g. if OP was worried about a specific abusive ex stalking one of their family, that would be a very different story.

[Zachsa999]

> It's just some anecdata to support the parents point.

[pasabagi]

Acquaintances of mine had the personal data used to give a believable aura to automated blackmail attempts ('we know what porn you're watching', etc). Which didn't work, but still, it's quite threatening having some random python script from Macedonia knowing a bunch of details about your private life.

[PeterisP]

One thing that works is the scams where if someone is traveling (more common pre-Covid..) and their friends/relatives get a message from them saying that they're in trouble (for example, with corrupt local cops) and need some money right now. But that mostly feeds off not leaks, but generally available social media data, as that's always fresh.

[tootie]

This case isn't even about mass surveillance. It's still very targeted. The question is who is being targeted and by whom? The implication of what we know so far is that the surveillance is allowing bad actors to target political enemies.

And not that this isn't terrible but just throw it on the pile. Did they sell the Saudis access to Khashoggi's wife's phone? Maybe but we definitely sold them a fleet of fighter jets too. Trump campaigned on it and got huge applause from crowds. So I wouldn't expect a lot of outrage over this.