back to article We get the privacy we deserve from our behavior

Welcome to the latest Register Debate in which writers discuss technology topics, and you the reader choose the winning argument. The format is simple: we propose a motion, the arguments for the motion will run this Monday and Wednesday, and the arguments against on Tuesday and Thursday. During the week you can cast your vote on …

  1. amanfromMars 1 Silver badge

    A.N.Others Relatively Anonymous and Virtually Autonomous

    Who here posting on El Reg doesn’t expect, because of that which is oft regularly discussed in open fora, comments/attitudes/presumed affiliations to be snooped on and/or noted by interested parties and persons of interest?

    And what would you be thinking about the current intelligence use result of such an operation by allied snoopers/similarly aligned forces? AAA+ or BB-[which is akin to Junk] ..... Resounding Pass or Dismal Fail? In other words, how bad do you think parties are at making any great sense from such a colossal task?

  2. Steve Davies 3 Silver badge
    Childcatcher

    Of course we should expect

    our communications to be private. We have put snail mail in envelopes since before 1840 for good reason.

    But... our Gubbermint seems determined not to all us to take relatively simple steps that will do that.

    There is the 'think about the children' argument.

    Fine. go after the kiddie porn by all means but leave the rest of us alone.

    There are more than enough attempts to get our data from 3rd party hackers so we put up defences and keep everyone out and that includes the Spooks.

    To have the Gubbermint opening and inspecting our electronic communications is no different to opening every envelope delivered by Royal Main and scanning the contents. How many ministers in the same government are conducting clandestine affairs using phones, email, IM and even love letters sent in the Post. Do they want them to be exposed?

    Oh silly me. They will add in enough loopholes for them to escape the law but that's for them and not us proles.

  3. sev.monster Silver badge
    Facepalm

    I am appalled by the number of people that voted for on this topic, especially here.

    Do I expect, as in the sense of our current reality and what companies and governments are actually doing, privacy on the Internet? It is unfortunately unlikely, and I personally do not expect it, which is why I take extra steps to ensure I am safe.

    But SHOULD we? Not in what currently is, but in what there is potential for? Thinking in terms of "oh, it's already happening, so we should just accept it", is not only terrifyingly pessimistic, but sets a dangerous precedent that others will follow. The only way we will get our privacy back from vulturistic corporations and overreaching government organizations is by declaring unchallenged that we have a right to our privacy for the information we do not openly disclose, and if we provide that data to a third party in confidence, do not wish to be disclosed by any potential data holders. We SHOULD expect and demand it, and if our reality does not match those expectations, then something needs to change.

    1. KittenHuffer Silver badge

      I'm wondering if people are getting confused by the 'For' and 'Against' options that they're being presented with.

      I wouldn't be surprised if a number of those that voted 'For' thought they were voting 'For' privacy, rather than agreeing with the 'In the digital age, we should not expect our communications to remain private' statement.

      I think better options to select from would have produced a different outcome.

      Or is this really a dark patterns experiment by the Vulturistas, that is designed to show us readers that we can be fooled by simple tricks even when we are aware that these tricks exist and are used on the interwebs?

      1. Vometia has insomnia. Again. Silver badge

        It's an interesting exercise in how most privacy agreements are worded, though; multiple negatives which are obscurely and obtusely worded, and even if you figure out the "correct" answer they'll interpret it as you agreeing to forego your privacy anyway.

        1. Dave559 Silver badge

          And, to make things worse, today's version of the poll is even more confusing:

          "Where do you stand right now? Click For or Against to cast your vote"

          Without a reminder of the original question, and all of its contrary double-negatives, that's an entirely meaningless way to ask the question!

          Seriously, what the "For" and "Against" options actually are needs to be stated clearly and precisely in the poll, every time. Clearly one of the vultures is scouting for a new job in a particularly shady market research company…

          1. Anonymous Coward
            Anonymous Coward

            " today's version of the poll is even more confusing"...

            It's guerrilla, the article is worthless, it's really a study on human behavior. Most here are, go look at older ones.

            At least you hope it's a case of "studying the audience" right? If it's not this "Jen" needs another "cybersecurity and computer forensics degree", because the first one didn't take.

            1. deadlockvictim

              Jen

              Did Jen ever figure out what 'I.T.' stood for?

              I've always wanted to know too.

        2. Sub 20 Pilot

          It is the same principle as the shite websites that say: 'do not untick the box if you don't want to be not notified of our special offers'' and ''do not tick the box if you want to not opt out..''on alternate boxes.

          I normally walk away from them and find a less crooked alternative. If there is a 'feedback'' form I leave a scathing message telling them that their underhanded methods will guarantee I never visit their site and spend money there.

      2. MrBanana

        It does seem badly worded, and really the wrong debate question as a whole. My sentiment is - I want my communications to remain private, but sadly, I do not expect it to be so. I don't see a way to express that in the simple yes/no answer to the given question.

      3. jason_derp

        Agreed. I didn't vote because I'm honestly not sure what the hell I'm voting for.

        1. Anonymous Coward
          Anonymous Coward

          It's a dry run for the next election.

          1. Anonymous Coward
            Anonymous Coward

            And by that, you mean they're going in dry.

      4. heyrick Silver badge

        I voted FOR last time, apparently that was wrong because of an asinine double negative, so this time I voted AGAINST.

        It's bullshit anyway. The question should be simply put as: Do you believe your communications should be private? YES, NO.

        Pad it out with a few extra words if you want to make it read better, but no easily missed inversions, and put the question with the poll. I mean, FFS, this isn't "The Referendum" (you know which one) so do it properly!

      5. Jamesit

        "I wouldn't be surprised if a number of those that voted 'For' thought they were voting 'For' privacy, rather than agreeing with the 'In the digital age, we should not expect our communications to remain private' statement."

        I thought I was voting for privacy not against privacy, I would expect my communication to be private. I know it's not, it should be though.

    2. PriorKnowledge
      Black Helicopters

      For: We shunned our own anonymity in exchange for what?

      While it may sound like I'm conflating privacy with anonymity, in this modern digital age, where everything can be instantly recorded and forever preserved (ready to be stolen), anonymity really is our ticket to privacy.

      Our disdain for anonymity is why we get the (lack of) privacy we deserve; as we have abandoned the idea of paying in cash (anonymous commerce), sharing all data freely via P2P and chatting using ephemeral public services in exchange for plastic cards, services as software substitutes, fake friendships and centralised identity management with Google, Apple, Microsoft and Facebook.

      Privacy policies really are meaningless in the event of a security breach because even if the services you use are trustworthy, can you trust the people who've illegally siphoned data from them? Plus, companies can always be manipulated through unwanted legal changes; as most businesses will not hara-kiri on principle the way Lavabit did. Just look at Apple and on-device spying, we now know why they tried to pitch it (EARN IT 2.0 in the US); rather than rallying the public to fight back using their superior marketing, they simply rolled over in the name of easier profits.

      To fix this dire situation, we must stop collecting data on one another unnecessarily and start embracing peer-to-peer technologies to decentralise our free and open access to information once again. Only then will we have a hope of restoring our privacy.

  4. shd

    "...if our choice is to continue to exhibit insecure behavior, we surely cannot have high expectations of privacy" is all very well, but what about those of us who do take security and privacy very seriously (and they are two separate, although linked, areas). Too many websites make it well nigh impossible to use them without requiring cookies and some trackers enabled, and it's not always possible to vote with your feet (I've got one where a pensions website has started using the Google captcha/tracker, which I keep disabled. Their responses have skated round privacy issues, so I think we can take it that the Google thing does reduce privacy. So do I refuse to use the site, which causes all sorts of other complications?)

    1. Vometia has insomnia. Again. Silver badge

      Same story with my GP's website. I've complained that it's a steaming pile of shit for this and other reasons but their response is always "it's popular with other practices so it must be good and therefore your opinions are irrelevant". Er, thanks.

      1. Anonymous Coward
        Anonymous Coward

        "Same story with my GP's website."

        I actually did manage to get my GP's website (partly) changed by complaining about a host of data privacy issues (3rd party content embedded in website such as adverts, Google Analytics, Google Fonts, Google Translate, Font Awesome, etc).

        They did remove Google Analytics and talked about investigating hosting stuff like fonts locally.

        Their website provider was/is Neighbourhood Direct Ltd whose system is called GP Fusion.

        1. JassMan

          I don't know if the above are in the UK, but I registered for online access as soon as it became available. I was not given a choice of provider and I rue the day because they blatantly tell you that all your info is shared with their "partners" but don't give you the chance to opt out. As a result I have online access which I never use.

          My partner was recently offered online access with a choice of providers, so I checked out all on the list for her. It seems the only one which promises not to sell off your info is Patally, which I assume is a truncation of "patient ally". My GP claim they don't know how to arrange for me to change provider. Guess I will just have to keep badgering them until they find out and implement it.

        2. ArrZarr Silver badge

          Cool, so now they have no tracking on site. They'll be remembering you fondly if they ever try looking at user flow through the site and realise they have no data to work with or if their SEO results plummet due to some obscure change at Google and they have much more limited avenues to figure out where their traffic loss is coming from.

          And before you get on my case about your PII, especially in a medical context, it's specifically against GA's TOS to track PII through it - https://support.google.com/google-ads/answer/6389382?hl=en.

          But sure. Feel free to hound your GP over the fact that they had the industry standard website tracking and make them remove it.

          1. sev.monster Silver badge

            I am pretty sure anyone that installs uBlock Origin has that garbage blocked by default anyway, so sorry that I and millions of other people am depriving websites of such incredibly useful data... Not.

            Quite simply, I don't want my data ingested by Google/Alphabet if I can help it, and part of the reason why I don't is because it is the "industry standard [for] website tracking". I don't give a hoot about their privacy policies or terms of service because we both know they will be worming and weaseling their way around with their horde of lawyers to extract as much data from you as possible while still having their legalese read good.

            Also, I very much doubt a GP, who probably gets more referrals from other doctors and hospitals as well as insurance network searches than it does Google search results, is particularly worried about vigorously uplifting their SEO and ensuring users click through. If they don't get a new patient I don't think they would care, I shre wouldn't.

            Also they agreed to remove it, that shows to me at least that the analytics data wasn't very useful to them anyway.

  5. jdiebdhidbsusbvwbsidnsoskebid Silver badge

    "Our second contributor arguing FOR the motion this week is Jen, an infosec pro."

    Hang on, didn't Joe Fay argue FOR the motion on Monday?

    1. Throatwarbler Mangrove Silver badge
      Holmes

      There will be two arguments for and two arguments against the motion.

      1. jdiebdhidbsusbvwbsidnsoskebid Silver badge

        Ah, I see. Thanks.

  6. Cederic Silver badge

    confused

    I don't see how this contribution supports the motion. That people are frequently profligate with their information through ignorance or coercion doesn't remove their right to privacy.

    My employer knows less about me in my remote role than they would if I was in the office every day. They absolutely know nothing about my COVID status, vaccinations, test results or otherwise.

    If I sign up for a 10% discount on a site, that doesn't mean that I want or that I'm granting permission to invade my privacy. That in no way allows the site in question to start publishing to all and sundry my private information, or even that I'm interacting with them. I firmly disagree with those that would pretend otherwise.

    1. You aint sin me, roit
      FAIL

      Re: confused

      Also, the first five paragraphs seemed to have very little to do with the subject. A niche example of my employer being careless with data being conflated to me exhibiting insecure behaviour...

      Ok, I'm an employee, my employer knows things about me. How does that affect my right to privacy? How does any of that have any bearing on my personal life when I'm not at work? It's the employer's duty to safeguard the personal information they do have, so how is that relevant to me not getting the privacy I deserve?

      In any case, instead of giving up on privacy because users might be a bit leaky (!), why not expect corporations to provide the basics of security? For instance the reluctance to use multi-factor authentication is not down to the users, it's the fault of the plethora of sites that don't even offer it!

      I'd expect better aspirations from a graduate of cyber security and computer forensics.

      1. Anonymous Coward
        Anonymous Coward

        Re: confused

        Correct. Inevitably my employer, my physician, the government, etc. knows things about me. If I want to be paid, they need my bank account (I work for a very large company, it would be impossible to pay everybody cash - nor I want it). It's OK that if the government provided me vaccines, it records what I was inoculated and when (and there are more vaccines than the COVID one). I pay taxes, so they know how much I earn and what I own - and property records also help to avoid people can take your properties and money away at will.

        But they have a duty to use them only for the reason I am obliged to give that to them, and not collect more than is needed. And they also have to protect them from any kind of illegal access. May data leak occur? Of course - that why GDPR asks to protect them or you can be fined heavily, and report illegal accesses quickly.

        I don't give away my data for stupid reason, thereby I'm far more worried other people give away my data for stupid reasons. My telephone number and email address (and other data) may be in other people records. Data hoarders like Facebook, Google & C. has no right to access those information - bu they do.

        Just before COVID struck I refused to have my ID card recorded to enter a large Christmas fair - they told me it was for "security reason" and I could not enter otherwise - I pointed out that if I was a terrorist the X-Ray scanners and police controls were enough, and I wasn't going to let them have my data, if a policeman was going to check my ID card it was OK, a fair organizer recording my data was not. I preferred to return home.

        Sometimes I don't understand why people are terrorized by government records, and have no problem with the total data hoarding made by commercial companies without any check. People willingly gave their data name, address, place and date of birth, civil status to enter a fair.

        PS: all my answers to account recovery questions are made up, and usually using alternative and creative meanings of the question themselves - and different for each site. Yet you do this only when you truly understand the privacy and security implications of that all. Just like banks, you always have to know those companies work to extract money/data from you, not to be helpful.

        1. heyrick Silver badge

          Re: confused

          "a fair organizer recording my data was not"

          Where do you live (which continent)? Around Europe, I'd have expected the GDPR-hammer to fall upon anybody trying to collect that sort of information for people simply entering a fair. Feel free to ask, there are plenty of dummies quite willing to hand over the info, but to require it? Sounds like a shameless data grab to me.

          If I went to visit a fair, fete, or whatever and they demanded those details from me, I'd make a formal complaint to CNIL (France's version of the ICO).

        2. JassMan
          Happy

          Re: confused

          "PS: all my answers to account recovery questions are made up, and usually using alternative and creative meanings of the question themselves - and different for each site."

          Same here - all my fake details and responses to their spurious questions are stored in pwsafe. Every single website I use has the longest most complex password that pwsafe will generate and still get me into the website.

          1. sev.monster Silver badge
            Boffin

            Re: confused

            I see security questions as as a type of alternate, secondary password, or account recovery tokens. All of mine are procedurally generated unreadable streams of text. I can't wait for the day when a phone technician is forced to sit there while I read out my question's answers.

        3. Ben Tasker

          Re: confused

          > But they have a duty to use them only for the reason I am obliged to give that to them, and not collect more than is needed.

          That, incidentally, was why a lot of people objected to the expansion of questions in the UK census - technically you're obliged to answer all questions, but those questions now cover things that people consider private.

          I don't mind providing information when it's necessary, but where you're legally compelled to it should absolutely be minimised.

  7. Anonymous Coward
    Anonymous Coward

    @Jen

    Quote: "We get the privacy we deserve from our behaviour"

    So......more "blame the victim" logic. Sorry, Jen, YOU JUST DON'T GET IT, do you?

    Please read these two news reports:

    - Link: https://www.theguardian.com/us-news/2019/nov/26/us-senator-investigates-if-foreign-spyware-used-to-target-americans-ron-wyden-whatsapp-lawsuit-nso-group

    - Link: https://www.theregister.com/2022/02/11/cia_illegal_us_citizen_data/

    Both articles describe government sponsored snooping.....ABSOLUTELY NOTHING TO DO WITH "our behaviour".

    And you can find many reports of hacking -- Equifax, ransomware, and so on -- where loss of privacy has NOTHING to do with personal behaviour.

    Please try again....I'd love to read Version 2 of your article in El Reg!!!

  8. ComputerSays_noAbsolutelyNo Silver badge

    Behaviour vs. regulation

    In a non-regulated world, one would be prudent to check the safety of a taxi before getting in.

    In a well-regulated world, one does not need to do this, because an unsafe taxi wouldn't be allowed to operate in the first place. Furthermore, who is really qualified to check whether a taxi is safe to use?

    I am not strictly advocating for more regulation, but for good regulation.

    Another example would be road-traffic.

    One can just build roads, and blame all accidents on the drivers' behaviour,

    or one could design safe roads, which to some degree account for human behaviour.

    So, when signing up for a site to get the 10% discount, the site shouldn't accept unsafe passwords in the first place.

  9. Anonymous Coward
    Anonymous Coward

    The lowest common denominator wins again?

    The headline "We get the privacy we deserve from our behaviour" is insulting to the vast majority of El Reg's readers. The implication being that because far too many Internet users are too stupid to understand the dangers of providing big data with enough personal information to allow their identities to be misused, we should all suffer because of them.

    Anyway, as many other commentards have already eloquently noted, the question posed is fundamentally flawed from the start.

  10. Filippo Silver badge

    Failing to properly defend your right to privacy can and often does mean that you lose your privacy - but it doesn't mean that you lose the right itself. It just means that you're an easy victim. But you're still the victim. The ultimate moral responsibility remains with those who abuse your privacy, regardless of how easy you're making it for them.

  11. Will Godfrey Silver badge
    Unhappy

    No.

    I'm getting the privacy dictated by other people - that includes my family who are either on facebook or twitter much of the time.

    1. oiseau
      Facepalm

      Re: No.

      I'm getting the privacy dictated by other people ...

      Quite so ...

      Which is why, having long ago realised that although free they are indeed very costly, I do not use any of the social whatever applications out there and use a paid email service (with the obvious caveats) for personal/important matters.

      I don't know how long I will be able to hold out on using a smartphone, but I'll keep my Blackberry 6320 as long as I can and absolutely refuse to do banking on-line unless I'm using my PC/netbook with a Linux installation in it.

      O.

  12. FlamingDeath Silver badge

    BBC "tehnology" article said something

    along the lines of:

    "why won't instagram remove my naked photos"

    Sums it up

  13. martinusher Silver badge

    Neither for nor against

    I have no expectation of privacy on the Internet. We grew up with private communications because people were prohibited from intercepting our mail and telephone calls but even a casual glance at history would show that 'the powers that be' will intercept whatever they want to intercept whenever they want to, the primary limitation for their activities being resources. Privacy is thus a "gentleman's agreement", not a right.

    We have the same level of privacy on the Internet. We can actually ensure confidential communications between two or more parties but we would have to work to achieve it (and maintain it). For most people -- and the vast majority of communications -- this level of security isn't needed and is too much trouble so we just work with ready made applications and protocols. Its naive to think these won't be intercepted at will -- if nothing else, your communications will not be 'cracked' but they'll certainly provide raw data for traffic analysis which more often than not is all an interested party wants to know.

  14. Anonymous Coward
    Anonymous Coward

    Subversive tactics!

    I hear the really smart kids are putting notes in sealed envelopes and sending them to each other.

    The Government will even facilitate this, for a relatively small fee.

    Madness.

  15. Charlie Clark Silver badge

    Why regulation is required

    While I understand the thrust of the argument – if people are careless with their data, they should live with the consequences or learn the hard way – this can be applied to all kinds of areas where we have regulation because people either can't be trusted or don't understand. For example, in most places we have speed limits for cars because driving at high speed increases the chances of accidents and injury; we also restrict access to certain chemicals or medicines because too many people have been poisoned in the past, etc.

    Add to this the devious or at times malicious practices of the data merchants with claims like "if you've nothing to hide, you've nothing to fear" and the case for regulation is even stronger. The economic argument that advertising allows services to be free to use is also fallacious because it ellides the fact that they are paid for by data. You could argue for this, if user's were able to set the price for their privacy after they have been shown market rates. This would be a useful excercise but would also destroy the market.

    But even the best regulation can, and probably should not even purport to, prevent all abuse. GDPR has some great principles such as "privacy by design" and "privacy by default" which attempt to instill correct behaviour in developers and service providers, but will almost always been chasing developments. So, we as users and consumers must also play our part and learn to be a little less promiscuous.

  16. Carlie J. Coats, Jr.

    A Copyright-Maximalist position

    Following the Berne Copyright Convention treaties, my position is this:

    My life is a work of performance art before God. Any unauthorized recording of that life subsequently used for profit is copyright violation -- felony copyright violation in some countries. And should be treated as such.

    FWIW

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like