Hello! My name is Thomas and I'm a nerd. I like tech and gadgets and speculative fiction, and playing around with programming. It's not my day job, but I'm working on making it a side gig :)
What if instead of you telling me you're buying a parrot, I as the owner of the mall use the security cameras to track the fact that you went into the pet store and came out of there with a parrot?
I also have facial recognition software running so I can identify you.
Is it OK if I sell this information to a third party for ad purposes? Maybe someone pays top dollar to direct market bird seed to you.
Shady? Not shady? Do you feel comfortable or uncomfortable in this scenario?
Is there a difference in "telling" people the fact, I bought a parrot or even showing them the surveillance videos? Or as a middle ground telling other people, that you have first class information and people knowing, that you are able to collect and classify the information, so it would be best, paying you for showing the right ads to the right kind of people; because who knows better than you do?
Who owns the information of the surveillance video? Is it yours as a mall owner? Obviously it is your camera. Not obvious, who owns "the fact"? Is it me, because as an agent, I produced the fact? Is the fact shared between you and me? Or do we own "different" facts?
And philosophical even more interesting:
How much power over people do you gain by knowledge about those people?
Does your knowledge about my recent visit to the pet shop give you any kind of power over me?
Say you could trick me into buying some kind of seeds, because you took advantage from the surveillance. Does the trick still work, if I know how the trick works?
I think, there are more questions at the moment than proper answers.
Hello! My name is Thomas and I'm a nerd. I like tech and gadgets and speculative fiction, and playing around with programming. It's not my day job, but I'm working on making it a side gig :)
I am no longer continuing the parrot analogy because it is starting to fall apart, and I will continue using real world examples and information.
The short answer to your comment is this: No, there aren't more questions than proper answers.
If a user selects the "track everything about me" option when signing up/in to a service or device then all bets are off, obviously, and we aren't talking about those scenarios at all. We are talking about the scenarios where users aren't informed they are being tracked, aren't given the option to opt out, try to opt out but aren't able to, are tracked despite their best efforts not to be, or are misled about the amount of information tracked.
When a user decides to turn off location tracking, you shouldn't keep tracking their location. Providing a false opt-out mechanic is disingenuous at best or evil at worst.
If I sign in to a service I am well aware that my signing in and my login information is stored and tracked for whatever purpose, but I can be tracked simply by visiting the website (this is the analogy I made with the pet store and the mall surveillance camera). At no point in this scenario are you given information about being tracked or a choice to opt out.
There are absolutely ways for an adversary to use this information nefariously. At the end of the day it's not that big of a deal if ads are targeted to me based on my internet habits, but there are people living with death threats hanging over them for which tracking is literally a matter of life and death. The path from Google tracking my location to the wrong person being able to find out where I live is not a long and twisty path.
To add, the GDPR recently made clear that people can expect privacy on the Internet and to be fully informed about the information tracked and stored about them. And the UN Declaration of Human Rights says in Article 12 that:
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
Proper answers exist unless you are a Big Data/Big Internet apologist.
The good thing about artificial examples is, that they are sandboxed and easy to reason about. As I wrote in my first answer: real life is complicated and hard to reason about.
Mentioning #GDPR makes your "real world examples" not easier to reason about.
Proper answers exist unless you are a Big Data/Big Internet apologist.
What is to make of that statement? Does questioning put me automatically on one side or the other? Does thinking the arguments against big data are perhaps inconclusive make me in some way an "apologist"? I think not.
And slippery slopes like
The path from Google tracking my location to the wrong person being able to find out where I live is not a long and twisty path.
do not help.
In principle, your argument goes like this:
There is a law, which says x. Therefore x is right.
This might be the case. But it is not by necessity so.
When we are speaking of "tracking users", why should a user being asked to give consent? What is exactly the good, which is subject of the law, which is protected here?
If we speak of privacy: in what way is visiting a public website private? Or why should it be seen more private than visiting a physical shop instead of a webshop?
If you take the analogy of the post secret: the reason behind that is, that confidential information is exchanged betwen a sender and a recipient. If you send me a secret, it is not a violation of postal law.
In which way is telling advertisers your interaction on my site against your "privacy"? Why should you treat that confidential?
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
What if instead of you telling me you're buying a parrot, I as the owner of the mall use the security cameras to track the fact that you went into the pet store and came out of there with a parrot?
I also have facial recognition software running so I can identify you.
Is it OK if I sell this information to a third party for ad purposes? Maybe someone pays top dollar to direct market bird seed to you.
Shady? Not shady? Do you feel comfortable or uncomfortable in this scenario?
Yes. Indeed a good question.
Is there a difference in "telling" people the fact, I bought a parrot or even showing them the surveillance videos? Or as a middle ground telling other people, that you have first class information and people knowing, that you are able to collect and classify the information, so it would be best, paying you for showing the right ads to the right kind of people; because who knows better than you do?
Who owns the information of the surveillance video? Is it yours as a mall owner? Obviously it is your camera. Not obvious, who owns "the fact"? Is it me, because as an agent, I produced the fact? Is the fact shared between you and me? Or do we own "different" facts?
And philosophical even more interesting:
How much power over people do you gain by knowledge about those people?
Does your knowledge about my recent visit to the pet shop give you any kind of power over me?
Say you could trick me into buying some kind of seeds, because you took advantage from the surveillance. Does the trick still work, if I know how the trick works?
I think, there are more questions at the moment than proper answers.
I am no longer continuing the parrot analogy because it is starting to fall apart, and I will continue using real world examples and information.
The short answer to your comment is this: No, there aren't more questions than proper answers.
If a user selects the "track everything about me" option when signing up/in to a service or device then all bets are off, obviously, and we aren't talking about those scenarios at all. We are talking about the scenarios where users aren't informed they are being tracked, aren't given the option to opt out, try to opt out but aren't able to, are tracked despite their best efforts not to be, or are misled about the amount of information tracked.
When a user decides to turn off location tracking, you shouldn't keep tracking their location. Providing a false opt-out mechanic is disingenuous at best or evil at worst.
If I sign in to a service I am well aware that my signing in and my login information is stored and tracked for whatever purpose, but I can be tracked simply by visiting the website (this is the analogy I made with the pet store and the mall surveillance camera). At no point in this scenario are you given information about being tracked or a choice to opt out.
There are absolutely ways for an adversary to use this information nefariously. At the end of the day it's not that big of a deal if ads are targeted to me based on my internet habits, but there are people living with death threats hanging over them for which tracking is literally a matter of life and death. The path from Google tracking my location to the wrong person being able to find out where I live is not a long and twisty path.
To add, the GDPR recently made clear that people can expect privacy on the Internet and to be fully informed about the information tracked and stored about them. And the UN Declaration of Human Rights says in Article 12 that:
Proper answers exist unless you are a Big Data/Big Internet apologist.
The good thing about artificial examples is, that they are sandboxed and easy to reason about. As I wrote in my first answer: real life is complicated and hard to reason about.
Mentioning #GDPR makes your "real world examples" not easier to reason about.
What is to make of that statement? Does questioning put me automatically on one side or the other? Does thinking the arguments against big data are perhaps inconclusive make me in some way an "apologist"? I think not.
And slippery slopes like
do not help.
In principle, your argument goes like this:
There is a law, which says x. Therefore x is right.
This might be the case. But it is not by necessity so.
When we are speaking of "tracking users", why should a user being asked to give consent? What is exactly the good, which is subject of the law, which is protected here?
If we speak of privacy: in what way is visiting a public website private? Or why should it be seen more private than visiting a physical shop instead of a webshop?
If you take the analogy of the post secret: the reason behind that is, that confidential information is exchanged betwen a sender and a recipient. If you send me a secret, it is not a violation of postal law.
In which way is telling advertisers your interaction on my site against your "privacy"? Why should you treat that confidential?