Privacy in General.     42     Contact me.





Terms section
Why should I care about privacy ? I have nothing to hide. I'm not a criminal. section
Future threats to privacy will be greater section
Some societal nuances to privacy section
Companies section
Defenses section
Miscellaneous section







Terms



Terms:







Why should I care about privacy ? I have nothing to hide. I'm not a criminal.



Privacy matters because there are criminals and corporations out there trying to rip you off.

From HFTI:
Privacy isn't about hiding something. It's about being able to control how we present ourselves to the world. It is the right to keep things to yourself. It's about personal dignity.

From Frederike Kaltheuner's "Privacy is power":
Privacy was once misconstrued as being about hiding and secrecy. Now it's understood to be something much more pressing: power dynamics between the individual, the state and the market.

As recent scandals have illustrated so vividly, privacy is also about the autonomy, dignity, and self-determination of people - and it's a necessary precondition for democracy.

From Keith Axline article:
"Privacy Is Just the First Step, the Goal Is Data Ownership"

"All human beings have three lives: public, private, and secret."
-- Gabriel Garcia Marquez



Suppose you do some searches about cancer, or diabetes, or alcoholism. Do you want that info popping up the next time you apply for health insurance or car insurance or a job ? Even if you don't have cancer, diabetes, or an alcohol problem ? Easiest for the company to just deny you the insurance or the job, rather than investigate or take a risk.
Dilbert

Suppose you're a woman with an abusive ex-husband, or a creepy ex-boyfriend ? Do you want them to be able to track your location in real-time, or track you even if you move to another city ? Or to know where your new job is, or who many of your friends are ?

Suppose some of your friends or family care much more about their privacy than you do about your privacy. Exposing your info to the world could expose some of their info to the world. It even could affect future generations of your family: suppose you post about some genetic disease you have, and years or decades later this affects your descendants ability to get medical insurance ?

Some people do depend on privacy for their profession, or their life. They work in journalism or activism or investigations. Maybe they live under oppressive regimes, or investigate organizations which have a history of retaliation against opponents, or work in the justice system (where criminals might retaliate against them). If the rest of us don't value our privacy, there will be fewer tools to protect them, too.

From noir_lord on reddit:

Some people (including myself) are not comfortable with a faceless corporation knowing Now each of those on its own is somewhat unsettling, but when you combine all that together and then you don't really know how your data is handled now and how it might be handled in the future, then it starts to get really unsettling.

The thing with all this data is that it just accumulates, and over time the companies can really build up an accurate profile of you, and that is just f***ing creepy.

From Daniel J. Solove's "Why Privacy Matters Even if You Have 'Nothing to Hide'":

Some responses to the "I've got nothing to hide; you have something to hide only if you're doing something wrong" argument: ...

... the nothing-to-hide argument stems from a faulty "premise that privacy is about hiding a wrong." Surveillance, for example, can inhibit such lawful activities as free speech, free association, and other First Amendment rights essential for democracy.

...

Another potential problem ... is one I call exclusion. Exclusion occurs when people are prevented from having knowledge about how information about them is being used, and when they are barred from accessing and correcting errors in that data.

...

Yet another problem ... is distortion. Although personal information can reveal quite a lot about people's personalities and activities, it often fails to reflect the whole person. It can paint a distorted picture [and that can have consequences].

...

What if the government mistakenly determines that based on your pattern of activities, you're likely to engage in a criminal act? What if it denies you the right to fly? What if the government thinks your financial transactions look odd - even if you've done nothing wrong - and freezes your accounts? What if the government doesn't protect your information with adequate security, and an identity thief obtains it and uses it to defraud you? Even if you have nothing to hide, the government can cause you a lot of harm.

"'Nothing to hide' only works if the folks in power share the values of you and everyone you know, entirely, and always will."
from Tom Scott's "Why The Government Shouldn't Break WhatsApp"

From /u/162bfizzy on reddit's /r/privacy:

> You could also just ask them for all their logins to their
> accounts and see if they would give it to you, and if they
> say no, well then they obviously have something to hide.

No, it doesn't. It means that it's none of your business.

Actor 1: Are you afraid of dying?

Actor 2: No, not really.

Actor 1: Ok, let me kill you.

Actor 2: No.

Actor 1: See, you're afraid of dying.

Actor 2: No. I said I didn't fear death, not that I wanted to die. Do you understand that those are two entirely separate things?

We all segment privacy in our lives. I share my social security number with my bank. That doesn't mean that I want to share it with you. They have a legitimate need for it. You don't.

Same thing as if you asked me for the keys to my house. Absent an invitation, you have no legitimate reason to be in my house. It has nothing to do with whether or not I have anything to hide inside my house.

OP's friends refusal to give up their passwords to OP, who presumably has no legitimate need for them, doesn't prove anything.

The argument itself is a logical fallacy usually the result of the person making it thinking in bumper sticker or meme style debate models.



Reasons someone might want to attack you:




Srikrishna Sekhar's "Why worry about privacy?"
Ruth Coustick-Deal's "Responding to 'Nothing to hide, Nothing to fear'"
Patrick Allan's "Why Your Privacy Matters, Even If You're Not 'Doing Anything Wrong'"
New Yorker cartoon





Another way to look at it: will anyone ever develop a grudge against you, and look for ammunition against you ? Ways to embarrass you, or harass you ? Perhaps you'll get involved in a divorce, get in a dispute with a neighbor, get in a feud with a coworker. Or some idiot on the internet might come after you. How much information do you want to make available to them ?



From someone on reddit 1/2014:

As an employer I run every name and email address I am given by a potential hire through Google and Facebook. I look at everything public to make sure there isn't something completely f**king insane.

Things I don't do: I don't hold what their friends say against them. I don't Friend them or try to look at things that are private. I don't hold it against them if they don't have an account or I can't find it.

I do look at public photos and statuses. I don't care if they go to parties. I do care if they skip work to do so or because of it.

So far I'd say 80% of the applicants are fine. But in that other 20% I have found obvious racists, people who actively hate gays, people who play games every working minute (while at work).

Funniest was someone who had set their account to public and constantly complains about being at work FROM work and asked friends to come by and visit and talk, at a job where that was not appropriate.

For people who apply as interns, I let their school know to have them remind the student to lock down their account. For people who apply for real jobs, I don't say a word.



Some people say: Innocent people have nothing to fear from government spying.

I'd certainly feel uncomfortable and creeped-out if someone followed me around all day, videotaping everything I did, documenting every place I went and everything I did, watching me. Should it be okay for the govt to do this ?

Why was protection from unreasonable search put in the Bill of Rights (4th Amendment) ? It fits this situation exactly: govt is supposed to have a good reason for invading your privacy.

Some huge government investigations have targeted and ruined the lives of innocent people: the McCarthy hearings, the Atlanta Olympics bombing (Richard Jewell was innocent), and the anthrax attacks (Steven Hatfill was innocent) come to mind.

Government powers have been used to target people with unpopular views, or journalists reporting news that politicians didn't want reported: FBI under Hoover, Nixon's enemies list.
Wikipedia's "COINTELPRO"



My response to someone who asked "Why is this NSA scandal such a big deal ? I'm not doing anything illegal.":

Some reasons:

1- NSA scandal is just one symptom of a bigger issue: govt checks and balances have broken down. Intelligence spending and activities are out of control, military spending is out of control, citizens got panicked by 9/11 and let govt take major new powers and now govt is out of our control.

2- NSA is just one point along a spectrum of threats to you. It is the least likely but most powerful threat. It points out that you are vulnerable to scammers, stalkers, eavesdroppers, online criminals, etc. It reveals that our online security and privacy tools and laws are weak.

3- Technology, and the threats from it, will only get more powerful and more invasive in the future. Insurance companies and advertisers and your wacky neighbor will all get more powerful tools to threaten your privacy.

4- Things you do that aren't illegal still may be private. Why do you have curtains on your windows ? Why do you close the door when you go to the bathroom ? Would you mind if someone published your tax returns, your salary and net worth numbers, your credit-card statements, your bank account statements, your medical records ? Why ? You're not doing anything illegal.



Evgeny Morozov's "Your Social Networking Credit Score"
The Economist's "Lenders are turning to social media to assess borrowers"

Jay Stanley's "Plenty to Hide"
John C. Dvorak's "On Privacy: It's Not What I'm Hiding (Or Not Hiding) That Matters"
This Modern World's "Sensible Thinkers Think About Leaks"

Paraphrased from Tijmen Schep on BBC's "Business Daily" program "Facebook, Big Data and You":
The majority of the money is made from selling a "risk profile" about you, rather than from advertising to you.

Data brokers do not deal in anonymized data, they specialize in collecting and creating personal data about you. They may have thousands of data points about you, including things such as an estimate of when they think you will die, what diseases you might have, etc.

There is "your data" and "their data". Your data is your Facebook Likes, your use of apps, location data from your phone, your purchases, etc. Their data is all the profiles and scores they derive from your data. Their data is proprietary to them, owned by them. They may be willing to tell you which of "your data" they possess, but they won't tell you what "their data" says about you.













Future threats to privacy will be greater



From Intelensprotient on reddit:
... you do not need to be registered with Facebook for them to make a profile for you. Once you have visited any page that is affiliated with them, they will create a file about you and collect each and every visit to every site that has a "Like" button or a Facebook plugin. The amount of data collected this way can be tremendous, which few people realize. Google is even more extreme, as they collect data from every place that has AdSense, Analytics and similar services, which basically covers almost everything the average person visits. Those services may not always be as obvious as a "Like" button - for instance, some are implemented by displaying a single transparent pixel image.

...

You cannot know what kind of surveillance methods and laws will be implemented in the future. Already, biometric information gathering such as the identification of people from video recordings is becoming more and more successful, even prompting for the EU to begin implementing a system that can link people in public places to their Facebook pages and other photographs. Similar plans are implemented by the US. Other technologies include public voice surveillance, supervision of vehicle movement or behavioral analysis in public spaces. All this data can and will be linked and combined with what is collected about you online.

...

More about the future: new technologies such as Google Glass and face-recognition and license-plate-recognition and CCTV will connect your "real" life and your online life more tightly, and in real-time. Facebook, law enforcement, even big retail stores are starting to do facial recognition. Things you do in public without giving your name, or giving fake data, and using cash, may still be connected back to your personal info. What you do online won't stay only online; what you do offline won't stay only offline.
George Dvorsky's "How Your Body's Unique Biosignatures Are Used for Surveillance"

In the future, CCTV and consumer cameras only will get better and better. In public, or through your window, cameras may be able to read the screen on your phone, hear your conversation from a distance, photograph you in infrared at night. One of the first users of this is the police force that brought us "stop and frisk": Joe Coscarelli's "The NYPD's Domain Awareness System Is Watching You".

And "The Internet Of Things" is coming: your own devices (car, house, refrigerator, toilet, etc) will make more and more data available, and some of that could be used to reveal your activities.

Another hint about where tech may go in the future: scanning your face and posture and movements to diagnose your health. Maybe a good thing in a doctor's office. Maybe a bad thing when a retailer is doing it and selling the data to insurance companies.

Some ideas gleaned mostly from lifehacker's "How You're Unknowingly Embarrassing Yourself Online (and How to Stop)":


Benjamin Herold's "Schools Are Deploying Massive Digital Surveillance Systems"
Cathy O'Neil's "How Big Data Transformed Applying to College"
Cory Doctorow's "Weapons of Math Destruction: invisible, ubiquitous algorithms are ruining millions of lives"
Mark Di Stefano's "7 Real Life Ways Metadata Can Be Used Against You"
Wolfie Christl's "Corporate Surveillance in Everyday Life"
Ralph Nader's "Corporate espionage undermines democracy"
Yasha Levine's "What Surveillance Valley knows about you"
Justin Jouvenal's "The new way police are surveilling you: Calculating your threat 'score'"
Brett Thomas's "Online Porn Could Be The Next Big Privacy Scandal"
David Auerbach's "We Can't Control What Big Data Knows About Us. Big Data Can't Control It Either."
Cindy Cohn and Trevor Timm's "Busting Eight Common Excuses for NSA Mass Surveillance"
Thor Benson's "We Need to Regulate Technology That Can Detect Your Emotions"
Yaniv J Turgeman and Eric Alm and Carlo Ratti's "Smart toilets and sewer sensors are coming"
Brendan I. Koerne's "Your Relative's DNA Could Turn You Into a Suspect"
Rick Falkvinge's "What's Privacy Good For, Anyway?"
See Identity Theft section of my Computer Security and Privacy page



Future threats to security will be greater, too. One scenario to consider: Today's cloud backup may be encrypted so well that no one can crack it. But that encrypted data may still be available somewhere in the cloud 20 years from now, and maybe 20-years-future technology WILL be able to crack today's encryption.













Some societal nuances to privacy









Companies



My response to an article saying "Google and Facebook and Twitter have not created new products that stand alone like a car or a new house; they have created things that invade every other aspect of the economy and our culture. That is a different level of power.":

I think this is overblown. I could stop using Facebook and Google and Twitter tomorrow, with some effects but not big effects on my life. I can give them false info, give them minimal info, use alternatives to them, do without them.

Government and military and police have the potential to have unavoidable, huge effects on my life. They take some of my money (and give me services) without much choice on my part. Sometimes they cause other people to attack our country. They have access to my tax information, credit info, bank account info, phone records, etc.

Some companies have large physical effects on my life and my health. Fossil-fuel power companies, and other companies that put who-knows-what into the air I breathe and the food and drink I consume.

Other companies have pervasive effects throughout our economy and/or culture. TV networks. Phone companies. Walmart. Exxon.

The two political parties control much of what happens in the government and culture and economy.

Super-rich people could destroy me with lawsuits, or buy laws that affect me severely.

No, I think Facebook and Google and Twitter are pretty low on the list of powerful entities to worry about.

Karl Bode's "If You're Pissed About Facebook's Privacy Abuses, You Should Be Four Times As Angry At The Broadband Industry"
Privacy.net's "What does the US government know about you?" (about more than just the government)



Companies that could have large access to your activities:



How do companies justify selling your information ?




Some ways technology is stretching old notions of privacy:
Technology makes possible:



How could your information be used ?

[From most likely to least likely:]
From someone on reddit:
Never post on social media about your physical condition in the aftermath of a traffic accident, this can be used by insurance companies to prove your injuries weren't as severe as claimed. Seemingly innocent statements like "I'm okay!" will be misconstrued, especially by insurance companies.




Product labeling we need (for IoT, Internet of Things):








Defenses



Privacy when applying for jobs:
Evil Recruiter's "Maintaining a semblance of privacy while looking for a job"

From reddit:
> If I ever want to get a job, how do I cope with the data
> collection? When using job portals you need to put a whole
> lot of information online just to have more companies look
> at you and decide whether you're the right person for them
> to hire. You may include your birthday (and / or age maybe),
> your address, your education, where you worked, what other
> activities / diplomas you've got, even a picture of you and
> so on. It is actually more data that you'd ever put on
> Facebook and maybe more data than Google would know about
> you based on your years of search (or maybe more important
> in any case), and it's public, like, anyone can create a
> business account and collect all of this data. You may
> even get them your data if you want to be employed.
>
> So I am curious to know: How do you protect (or did you
> protect) your data while looking for jobs? What is the
> data you might regard as less sensible that can be
> available for any "business" (account, of course) and
> what is not? Did you manage to protect all this data
> and get hired? Or maybe tips on how to get a job while
> keeping the data private at the same time.

The only advice I've heard applies more to printed resumes, may not work on web forms: leave some data marked as "available upon request" or "available upon hiring". Phone number, birthdate, Social Security number, address. And maybe use a new temporary email address while applying.




Privacy from your employer:



Key data you might want to keep private:
Note that there are two kinds of data: things you can change, and things you can't. If someone steals your credit-card info, you can cancel the card, change the number, etc. If someone steals your medical history, you can't change that.

Some of the data most valuable to companies are your "social graphs": how you connect to other people, things, places, companies, jobs, etc. For example:



Disinformation:
In places where it's not illegal to lie, such as stores requiring you to give data, and wrong data would not hurt you, you might want to:



The law (in USA):

[Mostly from Daniel Zwerdling's "Your Digital Trail: Does The Fourth Amendment Protect Us?"]

Two legal ways the govt or others can get your data: Fourth amendment of the Constitution protects against search and seizure.

But location of your data matters:
But there are other standards. For example, once NSA collects masses of phone-metadata, it isn't supposed to search within it and use pieces of it without a "reasonable, articulable suspicion" (RAS) that it is related to terrorism. [from Ryan Lizza's "State of Deception"]

And your cell-phone data may get swept up with that of criminals, with each phone company applying its own rules about what data is given to police. [from David Kravets's "Cops and Feds Routinely 'Dump' Cell Towers to Track Everyone Nearby"]

There are special legal protections for some kinds of data. HIPAA protects health status and medical records of individuals.

Of course, legal protection doesn't mean much if your data is collected and then the database is stolen. See for example Wikipedia's "Office of Personnel Management data breach" and Dan Munro's "Data Breaches In Healthcare Totaled Over 112 Million Records In 2015". But if you don't let them collect it in the first place, it can't be stolen.
Daniel Solove's "Why I Love the GDPR: 10 Reasons"



Kashmir Hill's "10 Incredibly Simple Things You Should Be Doing To Protect Your Privacy"
Dave Greenbaum's "New Tax Fraud Scam Reminds Us: Protect Your Social Security Number"
Wired How-To Wiki's "Protect Your Data During U.S. Border Searches"
EFF's "Digital Privacy at the U.S. Border: Protecting the Data On Your Devices and In the Cloud"
Sarah Kessler's "Think You Can Live Offline Without Being Tracked? Here's What It Takes"







Miscellaneous



The Hard truths of Cybersecurity
from The Binary Blogger
(modified to apply to home users instead of businesses):




Really about anonymity: Wladimir Palant's "How much privacy do you have left on the web?"

Eva Blum-Dumontet's "Winning the debate on encryption - a 101 guide for politicians"

Evan Dashevsky's "Admit It, You Don't Care About Digital Privacy"

Heard on a podcast: some car-repair places (especially big national changes) will grab the registration and insurance documents out of your glove-box and copy the data into their computer, so they can sell it.

Don't use privacy/security techniques to break the law, especially for tax evasion. Governments will spend anything necessary to catch tax cheats. From Justin on The Complete Privacy & Security Podcast episode 073: "There ain't no privacy in prison."





My "Computer Security and Privacy" page



This page updated: October 2018

Home     Site Map

Privacy policy