In the context of VPNs for example. Some VPNs store and provide information about what sites you go to third parties. Third parties analyze it and figure out what adds to show you. Hmm… then let them show me those adds they want to show me. I do hate adds as a whole and use an add blocker, thus. But I couldn’t care less what particular type of adds they show me, they are still adds.

Someone knows what sites I go, what then. If someone curiously inquired me on this type of information I’d tell them without giving a second thought. Incomparably larger amount of data I put out just by making comments and posts.

  • You are thinking way too small about what can be done with that amount of data on you. I’ll give you an example. I once did some programming work for a website. The website got ‘hacked’ (An administrative admin had their password guessed because they weren’t using good password habits). This website had poor security and with the admins password the ‘hacker’ was able to get a DB dump. Bad stuff. So me and another guy set out trying to identify who had done it. Via server logs we were pretty sure we had correctly tied the ‘hacker’ to a user of the site. By looking at their activity on the site, and what referral links they had followed to get to the site previous, we learned where they approximately lived and their first name. But we knew we needed more info than that, so we looked at his hobbies and figured out he liked pokemon quite a lot. We then created a ‘what pokemon are you’ quiz, asking mostly unimportant questions, but throwing in a couple we needed in order to be able to report him to his local authorities (IE their last name and some other info I can’t remember off the top of my head). We then had this quiz get posted by an account not associated with the running of the site. the ‘hacker’ filled it out, and we reported him for breaking the law with our evidence to his local authorities.

    So to reiterate, 2 idiots with no background in data science and like 16 hour between us, were able to manipulate an arbitrary guy into doing what we wanted because of a relatively small amount of data. Now Imagine what people dedicating their lives to this stuff can do to you.

    • I probably should care about what big companies are doing with my data, but honestly I feel I’ll just be one more person in a group of a million. Companies won’t care.

      What I’m scared of is stuff like the example above. A dedicated person trying to connect my online identity to my real-life one.

      • Although they were the target, they were far from the only person to fill it out. Context can make people drop their guards. But yes, not some criminal mastermind. Of course, again, I’m some idiot programmer not a genius forensic computer detective.

    • Maybe I lack foreseeing ability but they can… guess what university I study in, what meds I take, the government could know much more if they commit themselves.

      Some guy mentioned insurance, that would probably make a point, but I live in a country we don’t have it

      • Although my anecdote ended with additional data collection, the scary part is the manipulation of action. You might think that, as an example, they see you browsing a pokemon website and therefore show you more pokemon ads, something that coule be mutually beneficial. What you should be worried about, is something like based on your browsing behaviour they figure out how to manipulate your political action, or figure out your state of mental well-being and manipulate it. There is especially horror cases here when this is algorithm driven instead of being pushed by humans. One could imagine ,and I want to preface this by saying I’m not aware of this ever having happened, a machine learning algorithm relating signs of some mental illnesses with an uptick in firearm sales, and then increasing advertising of firearms to those people. You could imagine this driving things like an increased suicide rate.

        • There are many more other outlets for propaganda. Their effectiveness are hard to measure as well as the effectiveness of ads. Figuring out how to manipulate is philosophically impossible. How would you train an AI if you don’t know if your actions led to success or not. Mental conditions are themselves poorly understood and defined. And we only have superficial web browsing data at our disposal.

  • You’d tell them because the law might not consider your activities illegal at this time. But what about trans kids? What about people who have abortions? Unfortunately, we can’t trust any state or legal system to continue to have our best interests in mind.

    Better that we normalize a free and private internet now while we still have the privilege of saying “I’d tell them…” And if you’d tell them, then great! But that should be your choice, your agency. It shouldn’t be data that we expect to have collated about us just by visiting a site online.

    • I’m cool with telling people in real life almost anything about me sans my SSN and passwords. I don’t consider any of it personal and have probably too much trust in random strangers.

      I still recognize others might not be like me, and don’t shame them for their choice to not share details they consider personal. Even if it’s something like what their favorite food is. A little weird in my opinion, but I’m still not entitled to that information.

      I’m also aware of how people can use information against you. I trust you not to go trying to commit identity theft with my birthday and SSN and real name, but a bad actor scraping the web for SSNs totally will. So I have to hide some things. I’m definitely not ashamed I was born on DD-MM-YYYY with the name Firstname Lastname and assigned the SSN 000-00-0000, but I also know people will use this combination of information in order to harm me. Is their intent to hurt me specifically? Probably not, they just want to spend money that is not theirs. Will I get hurt anyways? Yes. And if I’m not careful about it, a lot of other information about me (like my hobbies, the way I type, etc.) can be used to link my online identities together and eventually find one of them that tells you I am Firstname Lastname, and a different online identity that tells you I was born DD-MM-YYYY (I should probably go scrub my birthday off everything). This, even without the SSN, is enough to get you trusted as being me for a lot of things, like when you call into a pharmacy. And I ask the customer service person to pass on my complaint about that about 10% of the times I call into such places where the security should probably be tighter. My SSN might be harder to find because I don’t talk about what it is, but I hear they get bought and sold online pretty often. Some website that did need my SSN gets hacked, and now that’d be ripe for the taking too.

      • There’s definitely some information that I’ve shared that is probably not in my best interest, so I understand being the type of person who tells people almost anything. I’m pretty much an open book with close friends and family. It’s one reason I like to avoid sites like Facebook and use sites that emphasize anonymity more. Sometimes I have to keep myself safe from myself lol

  •  mtset   ( @mtset@beehaw.org ) 
    link
    fedilink
    English
    121 year ago

    If someone curiously inquired me on this type of information I’d tell them without giving a second thought.

    This is the difference between you and people who care about their privacy, then. I would happily talk about that to someone I trusted, but not a random person on the street, and certainly not someone whose interests I know don’t align with mine, which is mostly true of every company on Earth. Not to mention that any of these companies could be subpoenaed for this information at any time, which would be an issue if the law changed to make something I do illegal.

  • (edit: God I’m sorry about this big ass wall. I ranged and rambled. It’s too early to write this much lol. Tl;Dr 1: law enforcement. Police don’t need a warrant to buy your info. In the US, we have warrants for a reason. Constitution outlines restrictions on "unreasonable search and seizure. 2: Consent. Like, I should have the right to just say no. It’s my data, let me be part of the conversation. 3/4: Safety and equity. It’s still illegal to be gay in some parts of the world. An insurance company or an employer could check your race online if they wanted, whether or not you’ve made that available. )

    The problem extends across a few metrics.

    First, probably the most tangible. The police can and do use data purchased from civilian companies to bypass regulations. For example, you don’t need a warrant to check phone contacts if you can buy it. You might be saying you don’t do anything illegal to worry about. Have you ever been to a protest? Have your friends? If climate change bothers you, could you see yourself going to one?

    Protests are frequently targeted by law enforcement. Even if you think that would only happen if the protest becomes a riot, you don’t control the crowd. If you’re there but not rioting, your phone location can be used as proof of participation. There is precedent, too. They used location data to arrest capitol rioters. IMO those were good arrests, but how many BLM protestors were arrested based on phone data?

    Second, consent. Even if I change nothing else in your mind here, consider that we might simply value our personal data differently. I should have a right to be part of the conversation about me. Let me pay $20 to use a product without observation. Products should be up front about what is collected too (GDPR has helped lots with website tracking). Facebook is known to collect “shadow profiles”, where data is compiled on you even if you aren’t on the platform. I should be allowed to say no to that, for any reason, simply by virtue of it being my information.

    Third and fourth go together some. Safety and equity. People are still killed for being gay. Legally. And the collection of data on people enables that. Just buy data off of Pornhub to identify who is browsing their gay section. And if someone is found in a country where it is illegal to be queer, all you need is a list of their contacts to find more. Maybe Apple refuses to unlock their phone for you, but that’s okay. Just buy their contacts off Meta.

    https://en.m.wikipedia.org/wiki/LGBT_rights_by_country_or_territory

    But that’s the straightforward issue of equity. Consider someone who has gone to jail. They’ve done their time, they’ve reformed, and now they want to rejoin society. The judge even goes so far as to expunge their records. Well, a background checking company can buy that info still. And that’s just talking about criminal acts that should be reformed. Maybe you don’t care about that. What about crimes that just target BIPOC? In the US, weed is legalizing, slowly. People were still arrested for it, and that history is indelible, regardless of the official record. If even the US Justice System wants to wipe the slate, than the slate should be wiped.

    https://en.m.wikipedia.org/wiki/Race_in_the_United_States_criminal_justice_system

    Special mention to Google btw. Good and bad. They do a lot to tell you what and how they collect data, and how they anonymize it. Purportedly don’t sell your data, since they also own the ad network. Like you say, I’m not really worried about the ads, and a lot of their products really are good enough that I don’t mind making that trade. However, I do take umbrage with the idea that it’s fine still. A company does have analytics on their ad campaigns. John Oliver did a funny bit where they put an ad targeted towards Congress. He got a couple of hits too, with their location and had the power to fingerprint their browsers if he wanted. Once you click an ad, you’re in the care of whatever site put that ad out. That means they collect whatever they want on you. Additionally, theyll know what ad brought you in. So if you put an ad out targeting “pregnant people in Texas looking to make a trip”, you’ll have a list of people that Google thinks match.

    This whole post misses a lot of nuance and context. It’s a social media post, ultimately. I’m not sure I have enough mental capacity right now to hunt down more links, and I’m about to start my work day. I don’t have any trouble with folks who don’t care – frankly I’m jealous. I’m annoyed that I can’t just use products like most people and not care. It’s just everywhere. Walking down the street I’m on someone’s TikTok, meaning Facebook, YT, Bytedance could get my location without me even interacting with them (shadow profiles from earlier). When I got a covid test recently, I had to download their stupid app to fill out a form. That app has the power to collect endless data points about my phone. Buying concert tickets means signing over my information to your favorite ticket vendor. It’s just endless and exhausting for me.

  • Online privacy is not something that anyone should take lightly. It is a matter of protecting personal data and one’s human rights. Personal data can include anything that identifies you or reveals something about you (e.g. your health records, browsing history, etc.). This data can be - and is - collected, stored, analyzed, and often sold by third parties without your consent or knowledge. This in turn can lead to serious consequences for you.

    To name just two examples. Advertisers can use your personal data to target you with ads that manipulate your behavior or preferences. Governments can use your personal data to monitor your activities or censor your opinions. The very fact that you post this question under an alias and not your real name makes the point that you value your online privacy.

    In line with that, online privacy allows you to express yourself freely and access information without censorship or surveillance. Online privacy is a human right that we should respect and defend. It is essential for social justice and human dignity. Without online privacy, we cannot enjoy the benefits of the internet as a platform for open communication, education and sometimes innovation. We cannot participate freely in online communities, share our ideas, learn new things, or explore new possibilities. We cannot challenge the status quo, expose corruption, or demand accountability. Many might not be able to be themselves, without fear or shame.

    In my opinion, we should use encryption tools, trustworthy VPNs, secure browsers, and other methods to safeguard our personal data from prying eyes. We should also support and listen to organizations that advocate for privacy rights and fight against online privacy violations.

    It matters, because it is our right and - frankly - our responsibility.

    Forgive the rant… this topic is important to me.

    TL;DR Online privacy is important, because it protects our personal data and our human rights from misuse by third parties. It also enables us to express ourselves and access information freely on the internet.


    Edit: added last sentence of second paragraph

    Edit 2: fixed some grammar

  • The VPN thing really depends on which VPN you are getting. A lot of them prey people’s misconceptions like being able to access Netflix content from different regions or being an all in one solution for privacy. A VPN can come in handy if you are connecting to restricted or monitored networks. If you are at work and don’t want your boss knowing you spend a quarter of your day watching Twitch streams for example.

    My big concern and why I’m so privacy focused is because of what people could do with my data and not having any control over it. There were some third party websites for Reddit where you could enter a username and it would spit out metrics based off of what you’ve said. One thing it could do was tell you where someone lived. I know someone could go through all my comments and posts manually for any times I slipped up but the ease and automation of it are things I didn’t care for. I want to add an extra hurdle.

    Data leaks are another big concern because then your information is just out there without even a facade of privacy for anyone to utilize

  •  ulkesh   ( @ulkesh@beehaw.org ) 
    link
    fedilink
    English
    51 year ago

    I mean the “P” in VPN stands for “private”. One would hope that carries some actual meaning.

    If you’re so willing to give up your privacy then that’s your call. Some of us cherish our privacy and our freedom and don’t want corporations or the government being able to easily know anything about us without our explicit consent, if at all possible.

  • Selling bad products to customers is about finding just the right amount of inconvenience for the customer. You never know what information about you can be used by an AI model to pinpoint your threshold. I would like not to be used in a borderline consumer herding.