> I don’t have FB or or WhatsApp but my Insta account (using a separate email address and no personal details) keeps recommending my therapist to me.
So what? What's the harm?
People sure like to write emotionally charged posts arguing for privacy, but they're always suspiciously low on details on what bad things (actually) happened.
Even in this case with phone numbers and other data leaked, so what? What harm do data leaks cause?
Seems like making a fuss about nothing.
> How are we still ok with this shit?
We're ok with a lot of shit. I think if we were to make a list of shit this would rank pretty low.
You've obviously never been a victim of identity fraud, stalking or psychological terror.
As long as the legal justice system hasn't caught up with that (in the sense of efficiency and prevention of financial problems) every data point that's leaked about you is a potential threat.
> fuss about nothing
Ever heard about rape victims? Ever heard about stalkers? Ever heard about psychological threats? Ever heard about someone being forced to do something they don't want? Ever heard about the fappening? How do you think those things have happened in the past and literally ruined people's lives?
> You've obviously never been a victim of identity fraud, stalking or psychological terror.
And that's the point: most people haven't, and many who have probably weren't able to link it to something specific like "Facebook vacuumed up all my data and then lost it". And "most people" are the people who influence and make policy.
> Even in this case with phone numbers and other data leaked, so what? What harm do data leaks cause?
Lets imagine a situation. You've got an officially looking letter, from unknown to you organization, claiming that for example, your lawn is infected by a grass variant of COVID-19 and must be disinfected, and this organization could do it in a jiffy for a mere $1k.
Probably it is a scam, isn't it? How do you judge it? One of the sign of a scam is a lack of personal information in the letter. But if you see that letter contains your name, address, phone number, lawn dimensions, then you probably shouldn't throw letter to a garbage bin, you should find some other kind of test to judge is it a scam. Isn't it?
So when you made your personal information public, scam detection is going to impose bigger costs on you. Even if we assume that you are perfect scam detector and will not let any of scam to pass you undetected, then the lot of people are not perfect in this regard. So the more difficult detection is, the more prey for scammers. It impose costs for a society overall, because society start to give money to scammers, to finance all that activity that is counter productive for an economic growth.
But as for me it is just a nuisance to decipher such letters trying to spend as little time on a scam detection as possible while having no false positives.
> People sure like to write emotionally charged posts arguing for privacy, but they're always suspiciously low on details on what bad things (actually) happened.
Two bad things (random selection, because the comments below already make some really good points):
1. targeted behavioural advertising is proven to increase polarisation, literally turning people against each other.
A single instance of violating someone's privacy doesn't matter as much as your single vote won't shift the result of elections. But a single vote does matter, because is a part of a bigger whole.
2. My family member suffers from PTSD acquired because of living in an abusive relationship for 2 decades. That person started a new life, but ads targeted at her and her partner more than once triggered actual panic attacks. I know this might sound ridiculous without the context. This is because that person didn't understand how clever the tech behind targeting was and assumed that the ads were related to their partner cheating on them. It's irrational, I know, but we're talking about someone who is psychologically vulnerable.
I'd still say that 1. is a more important argument here, 2. just follows the line of thinking presented in your comment. (the main problem behind 2. is that person's mental state and the actions of their abuser, yet the amount of suffering that could've been removed is not negligible.)
> Even in this case with phone numbers and other data leaked, so what? What harm do data leaks cause?
Cambridge Analytica, voter manipulation, bias in behavioural targeting, increased polarisation in media--please Google these queries and educate yourself. There's a tonne of resources on the subject, including peer reviewed academic papers.
> targeted behavioural advertising is proven to increase polarisation, literally turning people against each other.
Can you provide some evidence for this please? Certainly, filter bubbles make it easier for people to radicalise themselves, but I've not seen very much evidence that it's specifically the advertising.
And polarisation in (US) media has been underway since long before Mark Zuckerberg left elementary school.
I guarantee you that the majority of the population does not understand or care about your #1.
And I expect that the majority of the population has not experienced the horror of your #2.
If the majority (in this case, likely vast majority) doesn't care about something, there probably is not going to end up being any public policy protecting against it.
It's a common misconception that the purpose of security is used to provide privacy. I'll deal with that first, then we'll get on to the comment thread.
Information security can be about trust, i.e. I trust that person A sent this message because of X, y, z. I also trust that the message hasn't been tampered with because of X, y, z.
Privacy is a sub/side topic of information security. E.g. keeping all network connection data about an individual obfuscated at all times i.e. All data is kept hidden in a way that cannot be made unhidden.
Privacy is part of information security, and serves to ensure certain systems could be considered secure in certain cases (depends on the threat model/requirements of the system).
Basically, you've got it the wrong way around. Privacy (as a purely technical idea) exists to keep some information secure in certain cases.
Recent Fawkes paper is a good example of privacy as a security consideration.
Now for a case where it doesn't matter...
Whenever you're asked to run an MD5 hash check of a file you've just downloaded, that's an example of authentication/verification.
Doesn't matter if someone has seen that you've downloaded the file, just that the downloaded file is correct (for you).
Good example is Linux OS distribution ISOs.
Privacy doesn't really matter in that case (depending on your threat model), what matters is that the file you've downloaded matches what you wanted to downloaded. No-one intercepted and tampered with the data in transit.
You can trust the data that you've downloaded.
It doesn't matter if Mr FBI saw that I downloaded it, because it's not illegal. So why waste energy and resources on solving a problem that's not a problem?!
Now on to protection of confidential data...
Facebook is actually a good example of this. Most people are not anonymous on there. You can search and find people (depending on settings). Privacy, in that sense, is not provided.
However, they do (or are supposed to) keep our data protected from external malicious adversaries, whilst not making it completely private to everyone.
I can see my friends information, it is not private. It is, however, supposed to be protected and kept safe e.g. a credit card number.
A credit card number can't be completely obfuscated because then it can't be used. Instead, that personal information should be protected.
Now, in relation to the parent of the parent of the.....
The point of the comment, and I agreed with it, is that if personal information is leaked to the public -- that's not privacy, it is improper confidential data access -- really bad things can happen.
I can call that number every 2 minutes to perform a denial of service attack (eventually they'll turn their phone off, no more phone service!).
I could send horrific child porn to that number.
I could do X, y, z with a phone number.
I don't need passwords and encryption keys or zero day access to your hardened Linux box to fuck up your life.
I can do it with a phone number.
And here's the real kicker --- I don't even know who this person is! They're anonymous to me. Their privacy is mostly intact, but I've got access to confidential information which means I can fuck up their life regardless.
So your point of "well, why don't they just give out access to ALL the confidential information" was, actually, kind of on point!
That's exactly the kind of data we definitely do not want out in the wild. That's extremely sensitive data with which I could cause absolute havoc!
Where you fell down was the "leak all of it cos why not". One tiny piece of leaked confidential data can be massively dangerous. That was the point of the comment.
One tiny piece of data and I can ruin your life. I don't need everything, just one thing. One phone number.
Hopefully that was helpful. It's all a shade of grey depending on your threat model tbh.
> People need and want something like that to exist where they have complete control over their assets without any worries about government or institutions.
The government can always just make a law and take whatever it wants from you (or imprison you). Doesn't matter if it's from a bank account or bitcoin cold storage on planet Musk.
> Doesn't matter if it's from a bank account or bitcoin cold storage on planet Musk.
It's a lot easier for the government to pilfer your bank account, than for them to torture you to hand over your seed phrase (that is if they even know your real identity). Decentralization absolutely takes power away from the state. That's not even touching the truly anonymous crypto like zCash.
Yes the fact that Microsoft shares this information is concerning. But Microsoft only provides the information to Canonical (according to the ToS) for technical assistance and product support, but not for Marketing purposes.
Canonical is the one who violates trust here. Because they are using this information for marketing purposes, which they are not allowed to do under the information sharing agreement that they have with Microsoft.
So yes, we could argue whether Microsoft should be providing the installation information in the first place. It should at the very least be opt-out (on by default with the ability to not share), and preferably it should actually be opt-in (off by default, check a box to allow). So there is a violation of trust going on here, but this isn't any different than every other major tech company is guilty of right now (not that it makes it right).
But Canonical is the one that took the information and used it in a way that was never agreed to by either the person sharing the information (Microsoft) or by the user via the ToS (the ToS says that it is strictly for tech support, not for marketing). Canonical is the one that really overreached here.
You're obviously correct in the de jure sense, here. But there is also a matter of relationship expectation.
An unstated assumption of using any "free" product is that it's not actually free. Canonical screwed up, to be sure, but I do think many of us just expect getting harassed by salespeople to be the cost of using a "free" product.
Microsoft, on the other hand, charges me by the hour for using Azure. They've taken their pound of flesh, so my business expectation is that I'm going to be left the hell alone for anything other than billing matters. Them sharing the data in the first place, for something I've paid money for, FEELS like the bigger violation to me.
For a linux distro, my expectations are that it's "free" but support will cost you money. My expectation is not that it's "free" and the OS will spy on you and report back to HQ so sales can make more sales.
If I don't give personal information on installation my expectation is the product is not harvesting or forwarding that information (For example, I expect that with Facebook, I don't expect that with GIMP).
Both are certainly wrong IMO. MS for giving personal info to a 3rd party and Canonical for bundling spyware with their OS. Both are super icky.
Well, in the case it's not from the OS, but purely from Azure.
And you're selling the information in order to get tech support from Canonical, otherwise you can get it without selling your info (but won't really receive tech support).
As an aside, "pound of flesh" doesn't mean "payment", it means "something that is one's legal right but is an unreasonable demand (esp in the phrase to have one's pound of flesh)", both in Shakespeare and in current usage.
Unless you feel Microsoft's price is unreasonable and you have no other option, "pound of flesh" isn't the right expression.
Something like "they've taken their cut" is more accurate.
Its an example of a risk with cloud providers that isn't talked about often or is ignored. For example, why doesn't WalMart use AWS?
Companies now leak alot of metadata about what they are doing. If a teeny company like Canonical is mining stuff like this, consider what Microsoft knows about how you use their products, and I'm sure your EA negotiation as a big company is at some level driven by what they know.
And Canonical decided to take that data, search him on Linkedin and contact him. Seems reasonable to see that as a reason to loose respect for Canonical over.
Don't get me wrong, what Canonical has done here also isn't good. But what they've done shouldn't have been possible because Microsoft shouldn't have given Canonical the information in the first place.
The question I have is what's in it for Microsoft, why did they even bother to do this in the first place? I can't believe there would be that big of a cash incentive.
If this were Windows, I would expect Microsoft to pass it to an internal department that sells higher service contracts and then off to 3rd parties that provide the same for up to a week after you find the "don't share my data" checkbox.
That (enterprise support) is a very important side business. Whether they got cash from other OSes or just set it up the same to fight an eventual Anti-Trust Case is anyone's guess.
Well, what should we be more angry about? That Canonicals sales rep is using data in their CMS, or that Microsoft is selling data to third parties. The root cause seems to be Microsoft, not Canonical and (at least in my eye) the conclusion is not "don't trust Ubuntu", but "don't trust Azure".
Someone giving you a gun doesn't absolve you of the crime of shooting someone with it or of keeping the gun.
edit: The data doesn't just magically show up in Canonical's CRM. They spent time and effort establish an integration with Microsoft and then building processes on top of that data.
As stated above, MS isn't selling this information. They are providing it for customer support purposes.
In the business world, having data marked "customer support only" is pretty common. There are quite a few laws acknowledging the difference. Importantly, the data is supposed to be kept separate and it sounds like Canonical screwed up here.
It’s like if you tell a friend that there's a key to your back door under the mat but to keep it a secret and instead of keeping the secret they tell a mutual friend about it and that mutual friend robs you since they know where the key is.
You shouldn’t trust the friend that told the your mutual friend where the key was and you shouldn’t trust the mutual friend who robbed you.
The friend who told your mutual friend may have done so for what they thought were useful reasons, like letting the mutual friend know so they could fix something for you while you’re out, but they still violated your trust non matter what their intent was.
> Dogs, regardless of size are safe to coexist with humans provided they are treated appropriately from a sustenance and behavior/training perspective.
Debatable...
"In 1994, the most recent year for which published data are available, an estimated 4.7 million dog bites occurred in the United States, and approximately 799,700 persons required medical care (1). Of an estimated 333,700 patients treated for dog bites in emergency departments (EDs) in 1994 (2), approximately 6,000 (1.8%) were hospitalized (3)."
As I said, there are pain points. If you need application X to do Y and it doesn't work in wayland that might be a dealbreaker for you.
I'm having no issues with screen recording and screenshots. Haven't attempted nor need remote desktop but know people that do it. Obviously don't have the same breadth of alternatives such as X.
https://eandt.theiet.org/content/articles/2017/02/science-fi...