Hacker News new | ask | show | jobs
by skarayan 5142 days ago
The problem here is that the whole security model is upside down. No one else should see or have access to my data.

I am sure that Congress could eventually interfere and set certain rules around the handling of personal data, but more likely, we will soon start seeing alternate technical solutions which puts each user's data in that specific user's hands.

There will come a time when it will not be ethical for companies to store un-encrypted personal data.
2 comments
josefonseca 5142 days ago
> The problem here is that the whole security model is upside down.

I had to scroll two screens down to find your comment.

At some point Google and Facebook(and everyone else, these two are just the most popular right now) inverted the rules. Years ago it was completely unacceptable for any piece of software to mine any piece of data without your consent. Screens had to be shown explicitly "do you authorize we contact server X in order to send data Y?"

Fast forward a few years and these companies are out there providing Javascript libraries that are essentially urchins on every web page. Every web site which uses Google gadgets for example, like maps or adsense or whatever is giving their visitor's client data to Google - screen resolution, IP address, web browser used, allows them to set tracking cookies, etc.... Same with Facebook javascript gadgets. Since when is this OK?

This would have been completely unacceptable a few years ago but somewhere it got lost. Now it's not only ok for Google and Facebook to track you everywhere, it also seems to be OK to FIGHT over having access to even more data!

The whole privacy thing has been turned upside down. These people are not fighting for our privacy, they are fighting over who gets to access MORE of our personal data.

link
skarayan 5142 days ago
The problem is that showing explicit screens and granting authorization and doing all this stuff manually is not a viable solution. I think it is natural that companies won't do this, specially when they make tons of money from the current model.

Privacy needs to be baked into the internet. This is more central to human needs than a google search or facebook connection. People are doing what is easy and using these services, but once a true privacy service comes up neither Larry/Sergey or Zuch will know how to respond. This will likely be outside of their mental framework and new privacy centric companies will emerge.

link
draggnar 5142 days ago
The problem is the ownership. Do you own the data or does the company you post the data on own the data? This is a decision that needs to be made, and I believe that everyone knows the answer but can't take their eyes off the dollar signs.
link
josefonseca 5142 days ago
> Do you own the data or does the company you post the data on own the data? This is a decision that needs to be made

This decision was made long ago. The remedy is called habeas data and YOU own your personal data and nobody else. Whether other parties(like an employer) can USE your data, is a matter of contract and agreement. But who owns it is already decided.

link
draggnar 5142 days ago
Did not know this. The transparency of control over data needs to be much clearer.

But how about if Google collects its OWN information about me. Does that fall under habeas data?

link
josefonseca 5142 days ago
> But how about if Google collects its OWN information about me. Does that fall under habeas data?

Anyone whom you suspect has data on you can be subpoenaed to give you, and only you, the data they have about you. The government included, even spy agencies - you have the right to request your personal information from any other person, corporation or governmental agency.

link