FTC: Vast Surveillance of Users by Social Media and Video Streaming Companies
(ftc.gov)287 points by nabla9 7 hours ago
287 points by nabla9 7 hours ago
I’m completely sympathetic to making companies more liable for data security. However, until data breaches regularly lead to severe outcomes for subjects whose personal data was leaked, and those outcomes can be causally linked to the breaches in an indisputable manner, it seems unlikely for such legislation to be passed.
I forgot where I saw this, but the US govt recently announced that they see mass PII theft as a legitimate national security issue.
It’s not just that you or I will be inconvenienced with a bit more fraud or email spam, but rather that large nation state adversaries having huge volumes of data on the whole population can be a significant strategic advantage
And so far we typically see email+password+ssn be the worst data leaked; I expect attackers will put in more effort to get better data where possible. Images, messages, gps locations, etc
The expansion of KYC and the hegemonic dominance of our global financial intelligence network is a recent infringement on our privacy that would not necessarily pass popular muster if it became well-known.
Most of our population is still living in a headspace where transactions are effectively private and untraceable, from the cash era, and has not considered all the ways that the end of this system makes them potential prey.
The fact is that the market is demanding a way to identify you both publicly and privately, and it will use whatever it needs to, including something fragile like a telephone number 2fa where you have no recourse when something goes wrong. It's already got a covert file on you a mile long, far more detailed than anything the intelligence agencies have bothered putting together. The political manifestation of anti-ID libertarians is wildly off base.
Because they're the mark of the beast or a step towards fascism or something.
I don't think it would take much to convert real IDs into a national ID, they are as close to as they can get without "freaking people out".
> To me, what's missing from that set of recommendations is some method to increase the liability of companies who mishandle user data.
As nice as this is on paper, it will never happen, lobbyist exists. Not to be tinfoil hat but why would any lawmaker slap the hand that feeds them.
Until there is an independent governing body which is permitted to regulate over the tech industry as a whole it wont happen. Consider the FDA, they decide which drugs and ingredients are allowed and that's all fine. There could be a regulating body which could determine the risk to people's mental health for example from 'features' of tech companies etc. But getting that body created will require a tragedy. Like why the FDA was created in the first place. [1]
That's just my 2cents.
1 : https://www.fda.gov/about-fda/fda-history/milestones-us-food....
I agree. Let me tell you about what just happened to me. After a very public burnout and spiral, a friend rescued me and I took a part time gig helping a credit card processing company. About 2 months ago, the owner needed something done while I was out, and got their uber driver to send an email. They emailed the entire customer database, including bank accounts, socials, names, addresses, finance data, to a single customer. When I found out, (was kept hidden from me for 11 days) I said "This is a big deal, here are all the remediations and besides PCI we have 45 days by law to notify affected customers." The owner said "we aren't going to do that", and thus I had to turn in my resignation and am now unemployed again.
So me trying to do the right thing, am now scrambling for work, while the offender pretends nothing happened while potentially violating the entire customer base, and will likely suffer no penalty unless I report it to PCI, which I would get no reward for.
Why is it everywhere I go management is always doing shady stuff. I just want to do linuxy/datacentery things for someone who's honest... /cry
My mega side project isn't close enough to do a premature launch yet. Despite my entire plan being to forgo VC/investors, I'm now considering compromising.
>Why is it everywhere I go management is always doing shady stuff.
Well here's a cynical take on this - management is playing the business game at a higher level than you. "Shady stuff" is the natural outcome of profit motivation. Our society is fundamentally corrupt. It is designed to use the power of coercive force to protect the rights and possessions of the rich against the threat of violence by the poor. The only way to engage with it AND keep your hands clean is to be in a position that lets you blind yourself to the problem. At the end of the day, we are all still complicit in enabling slave labor and are beneficiaries of policies that harm the poor and our environment in order to enrich our lives.
>unless I report it to PCI, which I would get no reward for.
You may be looking at that backwards. Unless you report it to PCI, you are still complicit in the mishandling of the breach, even though you resigned. You might have been better off reporting it over the owner's objections, then claiming whistleblower protections if they tried to terminate you.
This is not legal advice, I am not a lawyer, I am not your lawyer, etc.
I did verify with an attorney that since I wasn't involved and made sure the owner knew what was what, that I had no legal obligations to disclose.
The problem isn't society or profit motivation. It's people. Humanity itself is corrupt. There aren't "good people" and "bad people". There's only "bad people." We're all bad people, just some of us are more comfortable with our corruption being visible to others to a higher degree.
> We're all bad people, just some of us are more comfortable with our corruption being visible to others to a higher degree.
If the GP's story is true (and I have no reason to suspect otherwise), then there are clearly differences in the degree of "badness" between people. GP chose to resign from his job, while his manager chose to be negligent and dishonest.
So, even if we're all bad people, there are less bad and more bad people, so we might as well call the less bad end of the spectrum "good". Thus, there are good and bad people.
The DOJ has just launched a corporate whistleblower program, you should look into it maybe it covers your case:
https://www.justice.gov/criminal/criminal-division-corporate...
>As described in more detail in the program guidance, the information must relate to one of the following areas: (1) certain crimes involving financial institutions, from traditional banks to cryptocurrency businesses; (2) foreign corruption involving misconduct by companies; (3) domestic corruption involving misconduct by companies; or (4) health care fraud schemes involving private insurance plans.
>If the information a whistleblower submits results in a successful prosecution that includes criminal or civil forfeiture, the whistleblower may be eligible to receive an award of a percentage of the forfeited assets, depending on considerations set out in the program guidance. If you have information to report, please fill out the intake form below and submit your information via CorporateWhistleblower@usdoj.gov. Submissions are confidential to the fullest extent of the law.
Because I don't want to be associated with companies that break the law and violate regulations knowingly. I've long had a reputation of integrity, and it's one of the few things I have left having almost nothing else.
Yes. The owner is old, and going blind, but refuses to sell or hand over day to day ops to someone else, and thus must ask for help on almost everything. I even pulled on my network to find a big processor with a good reputation to buy the company, but after constant delays and excuses for not engaging with them, I realized to the owner the business is both their "baby" and their social life, neither of which they want to lose.
Regulation is key, but I don’t see it as likely when our society is poisoned by culture war bs. Once we put that behind us (currently unlikely), we can pass sane laws reigning in huge corporations.
I get a feeling that liability is the missing piece in a lot of these issues. Section 230? Liability. Protection of personal data? Liability. Minors viewing porn? Liability.
Lack of liability is screwing up the incentive structure.
I think I agree, but people will have very different views on where liability should fall, and whether there is a malicious / negligent / no-fault model?
Section 230? Is it the platform or the originating user that's liable?
Protection of personal data? Is there a standard of care beyond which liability lapses (e.g. a nation state supply chain attack exfiltrates encrypted data and keys are broken due to novel quantum attack)?
Minors viewing porn? Is it the parents, the ISP, the distributor, or the creator that's liable?
I'm not here to argue specific answers, just saying that everyone will agree liability would fix this, and few will agree on who should be liable for what.
It's not a solvable problem. Like most tech problems it's political, not technical. There is no way to balance the competing demands of privacy, security, legality, and corporate overreach.
It might be solvable with some kind of ID escrow, where an independent international agency managed ID as a not-for-profit service. Users would have a unique biometrically-tagged ID, ID confirmation would be handled by the agency, ID and user behaviour tracking would be disallowed by default and only allowed under strictly monitored conditions, and law enforcement requests would go through strict vetting.
It's not hard to see why that will never happen in today's world.
>Protection of personal data? Is there a standard of care beyond which liability lapses (e.g. a nation state supply chain attack exfiltrates encrypted data and keys are broken due to novel quantum attack)?
There absolutely should be, especially for personal data collected and stored without the express written consent of those being surveilled. They should have to get people to sign off on the risks of having their personal data collected and stored, be legally prevented from collecting and storing the personal data of people who haven't consented and/or be liable for any leaking or unlawful sharing/selling of this data.
If you aren’t directly harmed yet what liability would they have? I imagine if your identity is stolen and it can be tied to a breach then they would already be liable.
The fact that my data can be stolen in the first place is already outrageous, because I neither consented to allowing these companies to have my data, nor benefit from them having my data.
It's like if you go to an AirBNB and the owner sneaks in at night and takes photos of you sleeping naked and keeps those photos in a folder on his bookshelf. Would you be okay with that? If you're not directly harmed, what liability would they have?
Personal data should be radioactive. Any company retaining it better have a damn good reason, and if not then their company should be burned to the ground and the owners clapped in irons. And before anyone asks, "personalized advertisements" is not a good reason.
I don't think thats a proper parallel.
I think a better example would be You (AirBnB Host) rent a house to Person and Person loses the house key. Later on (perhaps many years later), You are robbed. Does Person have liability for the robbery?
Of course it also gets really muddy because you'll have renting the house out for those years and during that time many people will have lost keys. So does liability get divided? Is it the most recent lost key?
Personally, I think it should just be some statutory damages of probably a very small amount per piece of data.
> before anyone asks, "personalized advertisements" is not a good reason
The good reason is growth. Our AI sector is based on, in large part, the fruits of these data. Maybe it's all baloney, I don't know. But those are jobs, investment and taxes that e.g. Europe has skipped out on that America and China are capitalising on.
My point, by the way, isn't pro surveillance. I enjoy my privacy. But blanket labelling personal data as radioactive doesn't seem to have any benefit to it outside emotional comfort. Instead, we need to do a better job of specifying which data are harmful to accumulate and why. SSNs are obviously not an issue. Data that can be used to target e.g. election misinformation are.
I mean it's pretty clear that you are directly harmed if someone takes naked photos of you without your knowledge or consent and then keeps them. It's not a good analogy so if we want to convince people like the GP of the points you're making, you need to make a good case because that is not how the law is currently structured. "I don't like ads" is not a good reason, and comments like this that are seething with rage and hyperbole don't convince anyone of anything.
>I neither consented to allowing these companies to have my data, nor benefit from them having my data.
I think both of those are debatable.
This is the traditional way of thinking, and a good question, but it is not the only way.
An able bodied person can fully make complaints against any business that fails their Americans with Disabilities Act obligation. In fact these complaints by able bodied well-doers is the de facto enforcement mechanism even though these people can never suffer damage from that failure.
The answer is simply to legislate the liability into existence.
That's the whole problem with "liability", isn't it? If the harms you do are diffuse enough then nobody can sue you!
The same way you can get ticketed for speeding in your car despite not actually hitting anyone or anything.
This is exactly why thinking of it in terms of individual cases of actual harm, as Americans have been conditioned to do by default, is precisely the wrong way to think about it. We're all familiar with the phrase "an ounce of prevention is worth a pound of cure", right?
It's better to to think of it in terms of prevention. This fits into a category of things where we know they create a disproportionate risk of harm, and we therefore decide that the behavior just shouldn't be allowed in the first place. This is why there are building codes that don't allow certain ways of doing the plumbing that tend to lead to increased risk of raw sewage flowing into living spaces. The point isn't to punish people for getting poop water all over someone's nice clean carpet; the point is to keep the poop water from soaking the carpet in the first place.
Safety rules are written in blood. After a disaster there’s a push to regulate. After enough years we only see the costs of the rules and not the prevented injuries and damage. The safety regulations are then considered annoying and burdensome to businesses. Rules are repealed or left unenforced. There is another disaster…
Tangentially, there was an internet kerfuffle about someone getting in trouble for having flower planters hanging out the window of their Manhattan high rise apartment a while back, and people's responses really struck me.
People from less dense areas generally saw this as draconian nanny state absurdity. People who had spent time living in dense urban areas with high rise residential buildings, on the other hand, were more likely to think, "Yeah, duh, this rule makes perfect sense."
Similarly, I've noticed that my fellow data scientists are MUCH less likely to have social media accounts. I'd like to think it's because we are more likely to understand the kinds of harm that are possible with this kind of data collection, and just how irreparable that harm can be.
Perhaps Americans are less likely to support Europe-style privacy rules than Europeans are because Americans are less likely than Europeans to know people who saw first-hand some of what was happening in Europe in the 20th century.
> The report found that the companies collected and could indefinitely retain troves of data, including information from data brokers, and about both users and non-users of their platforms.
As a non-user of many social media platforms, is there anything I can do to prevent companies from collecting data about me? It feels wrong that companies you do not sign up for are still finding and processing data about you.
Behind the ball by 15 years to start taking this seriously and beginning to think about pushing back, but better late than never.
Next please reign in the CRAs.
I think Snowden was bang on when in 2013 he warned us of a last chance to fight for some basic digital privacy rights. I think there was a cultural window there which has now closed.
Snowden pointed and everyone looked at his finger. It was a huge shame, but a cultural sign that the US is descending into a surveillance hell hole and people are ok with that. As someone who was (and still is) vehemently against PRISM and NSLs and all that, it was hard to come to terms with. I'm going to keep building things that circumvent the "empire" and hope people start caring eventually.
> and people are ok with that
I've seen no evidence of this. People mostly either don't understand it for feel powerless against it.
>and people are ok with that.
All the propagandists said he was a Russian asset, as if even if that were true, it somehow negated the fact that we were now living under a surveillance state.
>Snowden pointed and everyone looked at his finger.
This is a great way of putting it.
Over ten years ago I wrote about the root of the problem: https://magarshak.com/blog/?p=169
And here is a libertarian solution: https://qbix.com/blog/2019/03/08/how-qbix-platform-can-chang...
It makes me irrationally angry that I suddenly started getting spam emails from Experian. Like motherfucker I never consented for you to have my data, then you leak it all, now you're sending me unsolicited junk email? It's just such bullshit that I'm literally forced to have a relationship with these companies to freeze my credit or else I'm at the mercy of whoever they decide to release my information to without my authorization.
Yep. It sucks. Zero consequences of any import for those companies as far as I'm aware too. Tiny fines end up being "cost of doing business". Then they get to externalize their failures onto us by using terms like "Identity Theft", which indicates something was stolen from ME and is now MY problem.
In actuality some not-well-maintained systems owned by <corp> were hacked or exposed or someone perpetrated fraud on a financial institution and happened to use information that identifies me. It's really backwards.
PSA: If you haven't already, go freeze your credit at Experian, TransUnion, Equifax and Innovis. It will make the perpetration of this type of fraud much more difficult for adversaries.
PSA pro tip: they will try to steer you toward “locking” your account. Don’t fall for it. Freeze your account.
My pet solution has been to make the credit reporters liable for transmitting false information to the CRAs.
Chase tells Experian I opened a new line of credit with them, but it later is demonstrated that it was a scammer with my SSN? Congratulations, $5,000 fine.
Of course this all gets priced in to the cost and availability of consumer credit. Good! Now the lenders have an incentive to drive those costs down (cheaper, better identity verification) to compete.
The solution is much simpler. Put all of the consequences of being defrauded by a borrower onto the lender.
If a lender wants to be repaid, then they need to show the borrower all the evidence they have for proof that the borrower entered into the contract.
If all a lender has is the fact that a 9 digit number, date of birth, name, and address were entered online, then the borrower simply has to say “I did not enter that information”, and the lender can go pound sand.
Guarantee all the lenders will tighten up their operations very quickly, and consequently, so will the loans that appear on one’s credit report.
For a while they were sending emails about my account that I was actually unable to unsubscribe from[1]. I knew it was illegal at the time, and when I finally noticed an unsubscribe button it was because the FTC finally intervened[2].
https://www.reddit.com/r/assholedesign/comments/udy8rz/exper...
https://www.ftc.gov/news-events/news/press-releases/2023/08/...
I think this effort is positive, but a bit misdirected. Think data breach liability. Facebook and YouTube are willing and capable defenders of sensitive customer data. Watch the AshleyMadison documentary. Arrogant disregard for customer privacy and almost no culpability. These smaller, irresponsible players are where consumers are most vulnerable.
It would be wonderful if the staff report recommendations were taken seriously by our legislators. I think I'll send a copy of this to my reps and say hi.
A little hypocritical when it comes from various government organizations all over the western world. Surveillance companies are essential for police to be able to easily gather data when needed fast. It is a happy accident that surveillance is so lucrative for advertising and also so effective for policing.
Different parts of government might disagree on the best course of action but I wouldn’t call that disagreement hypocrisy per se.
It’s also not true that it’s an irresolvable conflict. Yes the cops can and do buy your phone location data, but even if we said that was fine and should continue, that doesn’t also mean that any schmuck should be able to buy real-time Supreme Court justice location data from a broker.
2016 Schneier on Security "Data is a Toxic Asset": https://www.schneier.com/blog/archives/2016/03/data_is_a_tox...
See also: "How advertisers became NSA's best friend"[1].
[1]https://www.theverge.com/2013/12/12/5204196/how-advertisers-...
Surveillance is cancerous. It keeps on growing, feeding on justification for every data point "just because", and then eventually it kills you.
Simple questions:
Should ad prices be lower or higher?
Should YouTube be free for everyone, or should it cost money?
Having ads does not require mass surveillance --- that's really just something that social media companies have normalized because that's the particular business model and practices they have adopted and which makes them the most amount of money possible.
Well put. Targeting and more specifically retargeting is the problem.
Most companies can't afford to not do this when their competitors are. Hence the need for regulation.
Those are useful questions but I don’t think they’re the only ones that matter. Here’s another one for consideration:
What is the minimum level of privacy that a person should be entitled to, no matter their economic status?
If we just let the free market decide these questions for us, the results won’t be great. There are a lot of things which shouldn’t be for sale.
> What is the minimum level of privacy that a person should be entitled to, no matter their economic status?
This is an interesting question: maybe the truth is, very little.
I don't think that user-identified app telemetry is below that minimum level of privacy. Knowing what I know about ad tracking in Facebook before Apple removed app identifiers, I don't think any of that was below the minimum level.
This is a complex question for sort of historical reasons, like how privacy is meant to be a limit on government power as opposed to something like, what would be the impact if this piece of data were more widely known about me? We're talking about the latter but I think people feel very strongly about the former.
Anyway, I answered your questions. It's interesting that no one really wants to engage with the basic premise, do you want these services to be free or no? Is it easy to conceive that people never choose the paid version of the service? What proof do you need that normal people (1) understand the distinction between privacy as a barrier to government enforcement versus privacy as a notion of sensitive personal data (2) will almost always view themselves as safe from the government, probably rightly so, so they will almost always choose the free+ads version of any service, and just like they have been coming out ahead for the last 30 years, they are likely to keep coming out ahead, in this country?
I didn’t mean to evade your questions, but my opinion is as follows:
Yes I want YouTube to be free, but not if that requires intrusive surveillance.
People who pay for YouTube aren’t opted out of surveillance as far as I can tell. So I reject the premise of your question, that people are choosing free because they don’t value privacy. They haven’t been given the choice in most cases.
On a tangential note, you previously asked if ads should be more expensive. It’s possible that ads should be less expensive, since they may be less effective than ad spend would suggest: https://freakonomics.com/podcast/does-advertising-actually-w...
The issue to me is that these companies have operated and continue to operate by obfuscating the nature of their surveillance to users. This isn’t a system of informed consent to surveillance in exchange for free services; it’s a system of duping ordinary people into giving up sensitive personal information by drawing them in with a free service. I’m almost certain this model could still exist without the surveillance. They could still run ads; the ads would be less targeted.
We really need e2ee social media that's designed to protect, not addict people.
Sure it is: https://peergos.org/posts/decentralized-social-media
It is social media where only the end users' devices can decrypt the posts and comments. Then surveillance is not possible. Targeted ads are not possible.
the full report[0] is a good read don't just read the summary..
>>> But these findings should not be viewed in isolation. They stem from a business model that varies little across these nine firms – harvesting data for targeted advertising, algorithm design, and sales to third parties. With few meaningful guardrails, companies are incentivized to develop ever-more invasive methods of collection. >>>
[0]: https://www.ftc.gov/system/files/ftc_gov/pdf/Social-Media-6b...
Imagine the respect the government has for your intelligence publishing this while purchasing said surveilled user data.
There is no single "the government".
Instead "The Government" is like a huge community. They are all supposed to adhere to the same code, but like any community there are those members that look for a way to bypass the law, without quite going over it.
That's what said purchases are. And even parts of the community in the same branch of a government department, may do what other parts are not even really aware of. Or agree with.
Although you have a valid point, I object to your calling it a community because communities don't have constitutions and cannot throw people in jail if they break the community's rules. Also, a community has much less control over who becomes a member of the community than a government has over who it employs.
Facebook Employees Explain Struggling To Care About Company's Unethical Practices When Gig So Cushy https://www.youtube.com/watch?v=-DiBc1vkTig
I love the cognitive dissonance on display within the federal government.
One arm: "everyone is a criminal; spy on everyone"
Other arm: "hey you shouldn't really harvest all of that data"
The cognitive dissonance is in the voters and users.
Even right here on HN, where most people understand the issue, you'll see conversations and arguments in favor of letting companies vacuum up as much data and user info as they want (without consent or opt-in), while also saying it should be illegal for the government to collect the same data without a warrant.
In practice, the corporations and government have found the best of both worlds: https://www.wired.com/story/fbi-purchase-location-data-wray-... Profit for the corporation, legal user data for the government.
HN is filled with folks that wrote the code in question, or want to create similar products. And they hate to have it pointed out that these tools may cause harm so they thrash around and make excuses and point fingers. A tale as old as this site.
I often have to remind myself who hosts this board and that I am hanging out on a site for successful and aspiring techno-robber-barons.
>The cognitive dissonance is in the voters and users.
People really need to learn to say “NO” even if that means an inconvenience “Your personal information might be shared with our business partners for metrics and a customer tailored experience” no thanks, “what is your phone number? so I can give you 10% discount” no thanks, “cash or credit?” Cash, thanks, “login with google/ apple/ blood sample” no thanks
There isn’t a single intellectually honest harm associated with the majority of app telemetry and for almost all ad data collection. Like go ahead and name one.
Once you say some vague demographic and bodily autonomy stuff: you know, if you’re going to invoke “voters,” I’ve got bad news for you. Some kinds of hate are popular. So you can’t pick and choose what popular stuff is good or what popular stuff is bad. It has to be by some objective criteria.
Anyway, I disagree with your assessment of the popular position anyway. I don’t think there is really that much cognitive dissonance among voters at all. People are sort of right to not care. The FTC’s position is really unpopular, when framed in the intellectually honest way as it is in the EU, “here is the price of the web service if you opt out of ads and targeting.”
You also have to decide if ad prices should go up or down, and think deeply: do you want a world where ad inventory is expensive? It is an escape valve for very powerful networks. Your favorite political causes like reducing fossil fuel use and bodily autonomy benefit from paid traffic all the same as selling junk. The young beloved members of Congress innovate in paid Meta campaign traffic. And maybe you run a startup or work for one, and you want to compete against the vast portfolio of products the network owners now sell. There’s a little bit of a chance with paid traffic but none if you expect to play by organic content creation rules: it’s the same thing, but you are transferring money via meaningless labor of making viral content instead of focusing on your cause or business. And anyway, TikTok could always choose to not show your video for any reason.
The intellectual framework against ad telemetry is really, really weak. The FTC saying it doesn’t change that.
The intelligence agencies literally use ad data to do "targeted killing" what are you even talking about?
Ex-NSA Chief: 'We Kill People Based on Metadata'...
Anti-disclaimer: I'm not one of those folks.
However, that's not at all a cognitive dissonance. Fundamentally, there's a difference between governments and private companies, and it is fairly basic to have different rules for them. The government cannot impinge on free speech, but almost all companies do. The government cannot restrict religion, but to some extent, companies can. Etc.
Of course, in this case, it's understandable to argue that neither side should have that much data without consent. But it's also totally understandable to allow only the private company to do so.
There is fundamentally a difference between corporations and the government, but it's still a cognitive dissonance. These aren't the laws of physics - we chose to have different rules for the government and corporations in this case.
There are plenty of cases where the same rules apply to both the government and corporations.
It isn’t cognitive dissonance, the state does lots of things we’re not supposed to do. Like we’re not supposed to kill people, but they have whole departments built around the task.
Should the state do surveillance? Maybe some? Probably less? But the hypocrisy isn’t the problem, the overreach is.
The FTC is under the president's authority. This is election pandering, same as Zuckerberg's backpedaling on government censorship.
This is for getting votes from the undecided.
Everything will be back to normal (surveillance, data collection and censorship) after the election.
Begs the question of agency authority which is manifestly not resolved. You will find that the elections’ results will effect the eventual resolution of the question of the unitary executive quite dramatically.
I don't know if you've been watching but the FTC has actually been extremely proactive during this cycle. Lina Khan is an excellent steward and has pushed for a lot of policy improvements that have been sorely needed - including the ban (currently suspended by a few judges) on non-competes.
It is disingenuous to accuse the FTC of election pandering when they've been doing stuff like this for the past four years consistently.
It seems entirely reasonable/consistent that we would allow some capabilities among publicly sanctioned, democratically legitimate actors while prohibiting private actors from doing the same.
In fact, many such things fall into that category.
The problem seems deeply fundamental to what it means to be a human.
On one hand, there's a lack of clear leadership, unifying the societal approach, on top of inherently different value systems held by those individuals.
It seems like increasingly, it's up to technologists, like ones who author our anti-surveillance tools, to create a free way forward.
this view presupposes the state as “just another actor” as opposed to a privileged one that can take actions that private actors can’t
In the matter of corporations vs governments, if you tally up number of people shot it's clear which of the two is more dangerous. You would think Europe of all regions would be quick to recognize this.
I don't like corporations spying on me, but it doesn't scare me nearly as much as the government doing it. In fact the principle risk from corporations keeping databases is giving the government something to snatch.
"According to one estimate, some Teens may see as many as 1,260 ads per day.200 Children and Teens may be lured through these ads into making purchases or handing over personal information and other data via dark patterns"
There is a long trail of blood behind google and facebook, amazon... Etc...
Even with ad blockers, we still see tons of ads. Corporate news like CNN constantly has front page stories that are just paid promotion for some product or service wrapped in a thin veil of psuedo journalism. Product placement is everywhere too. Tons of reddit front page content is bot-upvoted content that is actually just a marketing campaign disguised as some TIL or meme or sappy story.
> People criticize the clunky attempts by the EU to reign this in, and yes I agree the execution leaves much to be desired. It's still vastly better than the complete laissez-faire approach of the US authorities.
This is kind of weird as a response to a report by a US regulatory agency that is making specific policy requests for legislation to address this.
Apologies I was unclear: I'm not criticizing this report, I'm criticizing the lack of action over the past decade or so.
"these surveillance practices can endanger people’s privacy, threaten their freedoms, and expose them to a host of harms, from identify theft to stalking."
Is there any evidence that any of these things have ever happened as a result of this sort of data collection? I'm not talking about data posted to social media, I'm talking about the specific data collection described in this FTC press release.
I have been stalked and harassed by an Apple employee using data they were able to glean from their access at Apple.
The impossible part is proving the abuse. All of these companies keep their database, access controls, and everything they possible can about these data lakes secret. The simple fact of the matter is that you will never have any evidence someone looked you up in a database.
It is really easy to walk the line, but be obvious enough to intimidate.
They absolutely do, in fact they even tried to encrypt user data to not be as invasive as other companies but the FBI sued them and said no you can't do that, you need to keep that data so we can subpoena you.
They mentioned practices that corporations do. I think any corporation that collects data on you counts here. I don't think its worth it to only talk about the examples provided in the article.
Not only is there evidence of harms, there are is a whole industry focused on fixing the problem for those wealthy enough or incentivized enough to care.
Do a bit of googling, but ADINT and RTB tracking will get you there for search terms.
Or, continue being confidently dismissive of something serious people are taking very seriously. I am sorry if this FTC report targeted the source of your RSUs or otherwise motivated set of incentives, but there’s no free lunch. The consequences are finally landing of your viewpoint, done collectively, over the last decade.
> targeted the source of your RSUs or otherwise motivated
I don't currently have any financial interest in any of these companies
> but ADINT and RTB tracking will get you there for search terms.
These are good things, do you have any examples of harm that has been caused by ADINT or RTB? Prosecuting criminals doesn't count for me
Your comment is really coming across as "well, nothing bad has happened yet so who cares?" If that's not the case, please let me know how you meant it. If it is the case, surely you can imagine a world in which dragnet surveillance of people who have an expectation of privacy can be abused by corporations, institutions, or private individuals. It really doesn't take a lot of imagination to picture this world.
It's been ubiquitous for around 20 years now (Google started doing mass surveillance for display ads in the early 2000s) and nothing bad has happened, so yes that's my point.
If nothing bad happens for decades, and that is inconsistent with your model of danger, then the model is probably wrong
Your argument boils down to "yes, someone has had a gun pointed at my head for quite some time now, but they haven't pulled the trigger yet so I don't see the problem."
If you don't think anything bad happens from personal data being accessed without one's consent, please reply to this comment and share:
1. Your full name
2. Your home address
3. Your social security number (if you're American)
4. Your mother's maiden name
If you're right, then you have nothing to worry about.
> nothing bad has happened
ummm, WTF?
10x increase in teen suicide doesn't qualify as "bad"?
or repeated DOJ lawsuits against Facebook because their advertising practices result in highly effective racial discrimination?
> Profound Threats to Users Can Occur When Targeting Occurs Based on Sensitive Categories
> Targeted ads based on knowledge about protected categories can be especially distressing. One example is when someone has not disclosed their sexual orientation publicly, but an ad assumes their sexual orientation. Another example is when a retailer identifies someone as pregnant and targets ads for baby products before others, including family, even know about the pregnancy. These types of assumptions and inferences upon which targeted advertising is based can in some instances result in emotional distress, lead to individuals being misidentified or misclassified, and cause other harms.
If this is one of the biggest harms the FTC can come up with, then honestly as a consumer I don't really care. Having free youtube is worth getting a few mistargeted ads, or I CAN JUST TURN TARGETED ADS OFF. Advertising isn't someone harassing you, its an ad that I can close or just report as not being accurate. I'd really be interested to hear from someone who thinks getting a mistargeted ad is in top 10 most stressful things in their life.
What I would really be interested in is the raw responses from the companies, not this report.
> I CAN JUST TURN TARGETED ADS OFF
The only reason you have the option to do this is because of groups pushing back against advertising companies. Ad companies have no incentive to offer the option to disable targeting.
If you like having this option available, then you should like this FTC report and the position they are taking.
> If you like having this option available, then you should like this FTC report and the position they are taking.
I can like other positions and actions the FTC has done, like requiring the ability to turn off targeted ads, and not like others, like this one. This is among the biggest problems in politics right now. Supporting a political party doesn't mean you need to 100% back all their opinions and policies, thats how change is effected in successful democratic systems.
> I can like other positions and actions the FTC has done, like requiring the ability to turn off targeted ads, and not like others, like this one
They weren't saying that was the case I think you're misunderstanding them here. But they are 100% correct, you are benefiting from other people fighting against this mass surveillance and yet speaking against it. I think you should do some research on why privacy is important and challenge yourself and your potentially entrenched beliefs.
Read my first comment. I definitely agree privacy is important. All I'm saying is that this is not one of the harms we should be worrying about when saying targeted advertising is a problem, and I don't understand why this is an important issue that we should care about when targeted advertising can be turned off:
"Profound Threats to Users Can Occur When Targeting Occurs Based on Sensitive Categories"
To me, what's missing from that set of recommendations is some method to increase the liability of companies who mishandle user data.
It is insane to me that I can be notified via physical mail of months old data breaches, some of which contained my Social Security number, and that my only recourse is to set credit freezes from multiple credit bureaus.