[dcow]

Yeah this is the issue with the approach of trying to control what companies can and can’t do with the inferences they make from essentially public data they collect about you. Recent privacy policy is like going to an entity and saying “you can’t remember that customer 357 showed up in a BMW and wore a red jacket and told you their name is Jeff Geoffrey when they visited your store”. It’s not that I disagree with the desire to legislate this stuff in defense of privacy, but rather I don’t feel like the approach of treating the symptoms is correct. If we want to enhance privacy then legislate browsers and platforms, not a company’s eyeballs. Make sure browsers provide all the knobs people need to control the size of their data wake.

[em-bee]

both is needed. if every individual is solely responsible for not putting out data that can be used to infer information about them then the end result is that we all will have to live like hermits and stop communicating in public.

as an individual i don't even have the capacity to be aware of all the possible implications and of what can be inferred from what i share.

i could not participate here on hacker news if i was alone responsible to protect my privacy.

we have to legislate what other people and companies do with the data they can find in public.

we can't prevent data being produced, and we can't prevent data collection tools being created, therefore we must legislate how the data is used.

i made this realization some time ago and since then i have been thinking about possible ways to address this problem. the only thing i was able to come up with is that to prevent abuse we have to make the punishment so severe that violating someones privacy is simply not worth it.

i would love to see alternatives, but so far i come up empty.

we can't expect people to stop sharing.

we can't prevent tools to collect data to be created because there are many legitimate uses for that.

we can't stop the creation of inference tools either.

so what is really left besides punishing abuse?

[em-bee]

there is one more thing that i just thought of that could be changed:

change our society in such a way that having and being able to infer private information is no longer anything that anyone can benefit from.

for example if we get rid of money and measuring profits then the profit motive would disappear.

if we educate everyone to be respectful and tolerant then it would no longer be possible to embarrass or blackmail people. in other words, a society where privacy is not needed.

a world where everyones needs are taken care of and that has an abundance of resources would eliminate a lot of crime.

you can see where this is going. but those are long term goals, and they are not things that are easy to do, if they can or even should be done at all. i don't think we'll ever be able to eliminate the need for privacy or prevent all crime.

so legal protection of private data and punishment of abuse will remain necessary.

[pixl97]

And if my grandma had wheels she'd be a bicycle....

>for example if we get rid of money and measuring profits then the profit motive would disappear.

Money is just one particular measure, but it's also a measure of 'something'. If I wasn't collecting money, it would be gold bars, or chunks of land, or widgets. At the end of the day people will find a means of measuring profit. Greed and jealousy will not be removed from humanity any time soon, and possibly ever.

>so legal protection of private data and punishment of abuse will remain necessary.

With that I agree.

[em-bee]

At the end of the day people will find a means of measuring profit

which is why i specifically mentioned both. it's not just getting rid of money but the concept and need for profit as a whole. i am not suggesting that this should be done, or that it even can be done, but that it would be necessary if we want to remove any motive of people profiting from collecting and analyzing private data.

and therefore legal protection and punishment, severe punishment, are the only means that at this point can be practically implemented.

[dcow]

IF we need to regulate companies then it should be the bare minimum needed to limit the actual problem, which is: allowing a 3rd party cross-site aggregator to follow users from site to site, and sale of data without consent to 3rd party aggregators. The whole you can’t drop a language preference cookie in my jar without a consent banner so that the site displays properly is complete nonsense.