The difference between data privacy now, and data privacy 10 or 20 years ago has little to do with how many people have access to it, or how secure it is. It mostly has to do with who can analyze it.
An example: where you walk in public is public information, but for most of human history, no one has had the capability to keep a database of that information and query it retroactively. Your location information is therefore less private now than it was before, because that information used to be impossible to reference meaningfully.
The same concept goes for email, calendars, contact graphs, etc. Using providers that don't have, or consciously avoid the capability to aggregate, analyze, and query it improves your privacy. Google is not one of those providers.
Apple's business model doesn't rely on storing personal information, they get their money from devices and apps and services made for those devices sold through their store.
They are the one company that has the ability to really push for user privacy, it's a route Google cannot follow - it would hurt their core business (advertising) too much.
They are the one company that has the ability to really push for user privacy, it's a route Google cannot follow - it would hurt their core business (advertising) too much.
On the other hand, Google needs their users to trust them. If they walk away from Google services, Google loses.
If Apple on the other hand, loses an iCloud customer, their lock-in is reduced, but probably the user will continue to use their Apple devices.
In the end, paid services are probably the best for users who want privacy, etc. Losing trust immediately results in a loss of income. But since the user is paying, they don't have to use and link user data for advertisement or sell the data to third parties.
> On the other hand, Google needs their users to trust them. If they walk away from Google services, Google loses.
Google has dominance in search, webmail, maps, and a very strong mobile presence with Android.
Even if you don't trust Google, it's hard to avoid using their services - they're so good, they have few competitors worthy of note (e.g. Apple Maps or Bing).
Ok, say someone has a complete database of my location sampled at 10 minute intervals over the past few years. What could they do with that information that would be harmful to me?
So you're saying you're ok with me knowing everywhere you've been for the past few years?
I'm going to assume then that you don't visit strip clubs, bars, 'adult book' stores, the house of your drug dealer, the house of your secret lover, a proctologists office, an OBGYN, an abortion clinic, or a million other places. You may not visit these places, but many others do, and having that information publicly available could be devastating to families, careers, entire lives.
On the other end of the spectrum, say you happen to be in the general vicinity of multiple burglaries at the time these crimes are believed to have happened. You're arrested and have to prove your own innocence.
Or maybe someone who wants to do you harm looks at your data for patterns, and goes to the right place at the right time to rob, extort, harass, rape, even murder you.
In general, I think having your location information public is a terrifying prospect.
You don't even have to have been there at all. Once an entity holds all your personal information like that, they can just say "Oh you were here, here, here and here at these times" even if it was not true. Who would doubt them? After all they have all the information right? RIGHT?
If the government has devolved to the point that we have to worry about them framing people unjustly, we have FAR, FAR bigger problems than a database of location information. Hiding the information in that scenario is, at best, a temporary band aid. The appropriate fix is limiting the power of the government and requiring strict and transparent conditions on when and why someone can be arrested.
The government has so devolved -- they're using (most likely illegal) nsa spy tools and stolen data to arrest drug dealers, then lying to everyone involved about how they "stumbled" across the information, or so-called "parallel construction" [1]. While all the tools whine about slippery slope fallacies, the fact of the matter is we're already sliding down.
The undated documents show that federal agents are trained to "recreate" the
investigative trail to effectively cover up where the information
originated, a practice that some experts say violates a defendant's
Constitutional right to a fair trial. If defendants don't know how an
investigation began, they cannot know to ask to review potential sources of
exculpatory evidence - information that could reveal entrapment, mistakes or
biased witnesses. [2]
Although these cases rarely involve national security issues, documents
reviewed by Reuters show that law enforcement agents have been directed to
conceal how such investigations truly begin - not only from defense lawyers
but also sometimes from prosecutors and judges. [3]
One thing that people do is just say "the government" like it is a single entity. It is not one entity. It is made up of hundreds of thousands of individuals.
You know that guy that used to scare your wife/daughter with his stalking? Well he just happens to have a government job and may be in a position to abuse the knowledge that he has access to for personal gains.
I'm sorry, I just don't follow this slippery slope argument. We have lots of examples of the government abusing their use of online information. For the haves, we have the still-minor indignities of the no-fly list and targeting certain political stripes for IRS audits. For the have-nots, it is terrorism fusion data centers, predatory civil forfeiture and, jeez, a lot of the criminal justice system. So that world does exist now.
Many of these excesses have been driven by "limiting the size of government" by defunding local governments and relying on private information brokers (license plate readers, etc), rather than passing better laws.
The things you've mentioned are all generally Bad Things and things that we should be fighting to stop. Fighting to obscure your location information and even protect your privacy in general doesn't stop any of the things you mentioned if you believe the government is acting in bad faith.
I think it is naive to think that a bad actor who intends you harm will be stopped or even slowed down by the fact that there isn't a log of every location you've visited.
A threat to your safety or your freedom needs to be dealt with directly by eliminating it, not hiding from it. If you're envisioning a bad actor with the resources to compile and analyze a comprehensive log of your location, the simple fact that you use service A instead of service B is not going to do a thing to stop them if they're out to get you. You have far bigger problems on your hands.
"Potential threat" is an unbounded set. If you're going to guard against every potential threat you will not be able to spend your time doing anything else.
I asked because I was curious about what sorts of unique threats are presented by, for example, a database of location data. So far I haven't seen any that aren't already present via far simpler means.
If you have a cell phone, it is constantly pinging nearby cell towers. If it has wifi, it is pinging nearby wireless networks. That information is out there, waiting to be collected. If you want to go without the benefits of a cell phone to avoid whatever threat is posed by somebody knowing where you were at some point in time, go for it. I think it's a waste of time.
I think there has been some confusion here. When I said that "The point is not that the world will end if we give away our location data, only that doing so has a non-zero cost" what I meant was that the point is not that the world will end if we give away our location data, only that doing so has a non-zero cost.
Cell phones are like cars, they are very useful but also have their downsides (cell phones reduce privacy, cars kill people). I have a cell phone and a car because I made a decision that the cost was worth the benefit. I did not need to delude myself into thinking there was no cost nor did I need to pretend that the cost was inevitable.
The threat of a comprehensive database of everywhere I've been is extremely minimal. There's not much someone can do with that that they couldn't do without it. If some whackjob want to wait for me to turn the corner so he can hit me with a sock full of nickels or something, he's not going to get a database of everywhere I've been over the past two years and hang around the coffee shop that I have an 84% chance of visiting on the third Thursday of odd numbered months. He's just going to look up my address and wait in the bushes outside.
> We have lots of examples of the government abusing their use of online information.
That isn't what he said. He said that if the government is going to forge information, then the availability of location information is not necessary nor useful for that task.
strip clubs, bars, 'adult book' stores - these are all perfectly legal and innocuous activities. Who cares?
the house of your drug dealer - being in someone's house in circumstantial at best. By your logic they would also have to arrest the drug dealer's mailman, maid, meter reader, etc.
burglaries - again, circumstantial.
Someone who wants to do me harm doesn't need a database full of comprehensive location information. They'd only have to find out where I live and wait for me there.
Without intending to invoke Godwin's Law, I think what happened in WWII is a good lesson in dangers of overexposing your private life. Before WWII, Germany used "tax deductions" to entice people to reveal their religion to the government. Data which was later used to identify Jews during wartime.
Nobody is saying you need to unplug your machine from the internet, but just that because something doesn't impact you today, might not be true tomorrow. If you decide to run for office in 10 years, for example, you can bet your location data will become relevant (and it's not that far-fetched that the other party will try to obtain that data - reference the IRS email scandal).
The point is to minimize the aggregation of your data, to limit the impact it will have on your life once it leaks. After all, you never know who will get a hold of all your data once a company goes out of business (fir example).
The problem in WWII was not that the government had a list of who all the Jews were. The problem was that there was a government that wanted to kill all the Jews. If the latter is true, they'll find out the information they want one way or another. Hiding a list does not solve the problem, which is that you have elected genocidal maniacs to your government.
Your line of thinking hinges on an optimistic view: "As long as X doesn't happen, we're fine". But what will you do when X does happen? You'll be completely unprepared for it.
I prefer to take the "hope for the best, prepare for the worst" approach: if something bad were to happen, I would have a better chance of not being impacted.
No, my line of thinking is more like "If X happens, we're fucked regardless of whether we have privacy or not, so we need to focus on not letting X happen"
If an insane genocidal dictatorship comes to power, you will be impacted, unless you're on the side of the dictators.
I'll bet you top dollar that's not what Jennifer Lawrence is thinking right now. She's not thinking "It was inevitable that someone will get my photos from iCloud". Instead, she's thinking "I should have never put my photos on iCloud in the first place".
Hence the point of this thread: don't expose more information than you need to.
Not having data which would incriminate you to a party which will misuse it is something of a pyrrhic victory, but I still see your point. It would be preferable to have no parties which would misuse this data, but if such a party does exist then you would be better off remaining anonymous. As with all risk analysis, there's no clear answer. Deciding whether or not using a service which tracks such data is a consideration of the convenience gained, sensitivity of the data, propensity of the parties in play to respect the privacy of this data, potential for future incrimination, etc.
This supposes that burglars work by picking out a person, then waiting until they're not home to go rob their house. Instead, burglars search through a neighborhood to find houses where nobody is home, then break in and steal things. It's the other way around.
Regardless, if you're an average adult in the US, "weekdays between 9 and 5" is a fairly reasonable assumption of when you won't be home. No giant database needed.
Seriously? Now I know everyone with whom you associate. I know everything you like to do. I know how fast you drive. Because you "associated" with several serious felons (you were in the same bar/diner/club as them several times), I can make a case for conspiracy. I have you in the same area as several serious crimes. Perhaps the data source (phone?) isn't exact all the time (it never is), so I have you as being at some places you weren't at. The scene of crimes? I know everyplace you've been for years, so forget running.
Have you been speeding in the past few years? A lot? Have you done anything private? Seen doctors/specialists about private medical issues? Have you had an abusive spouse or stalker in your life? I bet they'd love the data.
Do you seriously believe that's how conspiracy cases work? "They were in the same restaurant several times, they must be involved in a criminal conspiracy". I guess every waiter, cook, hostess is also indicted for conspiracy as well, if that's all the evidence they need.
Google doesn't issue speeding tickets. If the government were to issue a ticket for every single instance of speeding and even 1% of them contested it, the system would be so clogged with paperwork that it would grind to a complete halt.
Personally, no I haven't been to the doctor. People go to doctors, though. That's not a big secret. Are you personally on the lookout for every single person who visits a doctor so you can...make fun of them, I guess? Do you imagine other people are?
An abusive spouse/stalker already knows where you live. If they're that motivated and want to find you, they'll wait outside your house. Hiding the information is not a solution to that problem, those people need to be arrested and incarcerated.
> Do you seriously believe that's how conspiracy cases work? "They were in the same restaurant several times, they must be involved in a criminal conspiracy". I guess every waiter, cook, hostess is also indicted for conspiracy as well, if that's all the evidence they need.
I think you need to read up on the 'domestic terrorism' cases in the USA and how NSA investigations actually proceed. One fun instance was Clapper giving presentations on a network of possible terrorists all linked together. The link was a pizza place.
And 100% of the evidence was that they met at the same pizza place? There were no other indications? In that case does it flag every single group of high school friends who regularly get pizza after school, or every group of co-workers who hit up the same happy hour a couple times a week?
Sadly, that's not outside the realm of possibility, but that information alone is practically worthless in determining if someone is a terrorist. "Regularly meets with the same people in the same restaurant" describes almost the entire young, single adult population.
> And 100% of the evidence was that they met at the same pizza place? There were no other indications?
It was enough for the guys supposedly in charge of protecting us to waste a lot of time staring at graphs. And the 'threat matrix' is full of even more shit than that; I refer you to "Secret without Reason and Costly without Accomplishment: Questioning the National Security Agency’s Metadata Program", Mueller & Stewart 2014 http://politicalscience.osu.edu/faculty/jmueller/NSAshane3.p... for that and other sorry details of 'the war on terror'. Seeing the sausage made is never pretty.
> In that case does it flag every single group of high school friends who regularly get pizza after school, or every group of co-workers who hit up the same happy hour a couple times a week?
No, I'm sure some racial and religious profiling was part of the special top-secret sauce which selected that particular pizza joint...
I agree that's a problem. I don't think the issue is that this database exists. I think the issue is that there are people conducting a witch hunt in the first place. If they are that bad at finding terrorists, they'll misuse whatever information is available to them. The solution is to not give people the power to conduct secret investigations and trials etc. in the first place.
1) The computer never lies and the false positive rate is 0%. So if you walked past a shop that sells weed grow lights enough times, you'll be on a list and some night at 2am they'll smash open your door, shoot your dog, and throw a grenade into your babies crib. This is "OK" because it usually only happens to poor minorities and the computer never lies and there is no such thing as a false positive. Even just street crime is an issue.
2) Times change. Being on a list as living as a Jew in Germany in 1923 not a huge problem. In 1943 being on that old list is not so good. Walk past a mosque on a daily basis in '90 no big deal, in '10 maybe not so good when they look at the historical records to Keep Us Safe From Terror (tm). Its almost unpredictable who we'll be punishing / torturing in a couple decades. Probably not reasonably well off white men, but everyone else is either nervous or ignorantly not nervous.
Build a very complete profile of you, sell that data to advertisers. Maybe tell insurance companies that you frequently do high risk activities. Sell the information that you were at the beach when you took a sick day. This list could go on and on.
Another thing: Imagine someone would get HD video of your room while you slept in it. I can't imagine what use it would be but I absolutely would not like to be filmed like that.
> Build a very complete profile of you, sell that data to advertisers.
Why would advertisters spend money for a profile of you? Answer: they don't. This market just doesn't exist. It's fabricated. It's a fantasy to pretend your trivial existence is worth big bucks. It isn't.
Advertisers do not want your information. They want your money. Google uses your information to try and match you up with relevant advertisers. This is how ad networks work, a form of online dating basically. Your information does not go to the advertiser. Your information on its own is not worth anything.
> Maybe tell insurance companies that you frequently do high risk activities. Sell the information that you were at the beach when you took a sick day. This list could go on and on.
Who would spend money on this and how the hell would that market ever come into existence, much less in secret, such that everyone does freak the hell out?
Do you think Google sends employees out to secret hotel rooms with members of random stores to swap dirty secrets about you or something? Remember, advertisers are places you go to buy things. Not evil supervillans.
Call me paranoid, but my biggest concern is that things I do that are acceptable today may become illegal or persecution-worthy in the future. I recently read a story about a mother who was executed for her religious beliefs. The attackers knew she had been visiting a country with a different majority faith and used that information to single her out.
That kind of thing could never happen in the West... right? I hate to bring in Nazi Germany, but imagine how much more effective they could have been at rounding up people if they had access to Google's tracking data.
Full Disclosure: I am not actively avoiding any tracking, but I think about possible abuses a lot.
> What could they do with that information that would be harmful to me?
Harmful to someone, and it's different for different people at different times. Also, a piece of information that may be benign today could be harmful tomorrow with a change in the political environment.
Maybe you visited a specialist, or were on the same floor as a specialist, and got extra attention from your health insurance as a result.
Maybe you were standing near someone being investigated, making you a person of interest and therefor subject to prosecutorial bullying.
Maybe you're trying to overthrow a government and would like to do it in safety for as long as possible.
If you visited the specialist, your health insurance would already know because they'd be paying the bill. Now, I'm not an expert on medical billing, but I can't imagine how "being on the same floor" as a specialist could result in any sort of invoice. I'm not sure what you mean by "extra attention". Why would the insurance company use that information? Surely any given specialist is around hundreds of people every day he or she isn't treating, so that particular data point has no use in predicting who is going to receive care from that specialist.
Standing near someone - same argument as above.
In the rare case that you are actively involved in overthrowing a corrupt government, then yes, it is important to keep yourself hidden from that government. But privacy in general does nothing to prevent the corrupt government from coming to power in the first place. If anything we need less privacy - for the government.
People don't "just like" things for no reason. I think it's worth examining why we like privacy and what needs it fulfills, and what other ways we might be able to fulfill those needs. It seems to me that digital information is just too easy to distribute for us to have any hope of containing it. We are better off assuming any available information is going to be made public and finding the best way to proceed from there.
Interesting thought. If McCarthy could have subpoena'd Google, he'd have been able to prove that they were all commies and then people wouldn't be unfairly smearing his name today.
It's a bad argument for banning things but it is a perfectly correct argument for pointing out the the real cost of something. Cars kill people. We should not pretend that cars are safe, we should make a rational decision and come to the conclusion that the cost is worth the freedom of transportation.
You'r argument would be a valid analogy if I were suggesting that we make it illegal to tell anyone your location (or any other "private" information). I am only pointing out that privacy is valuable and we should count the cost if and when we give it up.
You are asking your question from a position of luck (that you, in particular, can afford to be an open book) and mostly at the wrong level. It's not about how it will affect you, it's about how it will affect him/her, and us.
Improving your privacy helps people who have legitimate things to hide avoid unwarranted suspicion, and it also makes our society better.
Secrets are sometimes bad, but are far more often good -- allowing us to have functional foreign relations, strong individual rights, and the ability to communicate freely about ideas central to our republic. No good will ever come of the ability to Google: "people unlikely to toe the line".
I phrased the question in terms of me, but you have no idea who I am or what I might have to hide, so please imagine it in the general sense of what any given person might have to fear from a database of their location information.
An example: where you walk in public is public information, but for most of human history, no one has had the capability to keep a database of that information and query it retroactively. Your location information is therefore less private now than it was before, because that information used to be impossible to reference meaningfully.
The same concept goes for email, calendars, contact graphs, etc. Using providers that don't have, or consciously avoid the capability to aggregate, analyze, and query it improves your privacy. Google is not one of those providers.