I keep saying this, and nobody believes me, but I'm just going to keep trying:
These things happen because so often we focus the privacy conversation on corporations, which is exactly where the governments want it to be.
My controversial but strong opinion is that privacy from corporations matters very little, but privacy from governments matters very much.
We need to stop allowing the conversation to get distracted by talking about cookies and ad-tracking and whatnot, and always bring it right back to privacy from governments.
Yes, corporations and the government are often in cahoots here - but even then we should be talking about how wrong it is for governments to be buying/taking/demanding data from corporations - keeping the focus squarely on the government.
The worst thing a corporation is likely to do (other than giving your data to governments) is to sell you something. That's all they want. They collect data so they can make money off you. That's not so scary to me. Governments want to put you in jail (or freeze your bank account, etc) if you get out of line.
Thank you. If governments have more restrictions than corporations, all that will happen is that corporations will immediately spring up to exploit this arbitrage opportunity.
Most users' "threat model" is loss from actually losing things, or doing dumb things to themselves. They expect Apple to fix that.
Apple understands this, and in most markets there's a Genius Bar somewhere near the user, with technology letting Apple help them.
If your model is something else, they also have your back.
> remember that enabling advanced data protection just means they'll get your conversations from the other partys' iCloud backups
Conversations may have a counterparty not using ADP, your data storage probably doesn't.
And yes, who else can see things is very important. People show others "your" messages on their phones all the time, the more unfortunate the message, the more likely they are to overshare. Very much worth remembering they have copies of the same discussion, for this, and for backups.
While ADP won't solve betrayal of trust through analog sharing or digital resharing, Apple DO have a way to ensure your message is only between you and a personally verified counterparty:
On one hand, I get the business reasons for not using E2E by default (it’d make data recovery more difficult for probably the vast majority of their users, which would be a customer service headache). Hell, even some experienced users would be more inconvenienced when something goes wrong. But if they won’t enable it by default, the option to enable it needs to be MUCH more clearly presented to users. The current implementation leads users to believe their data is more private than it is, which imo is just asking for trouble down the line.
That’s not the worst thing a corp can do. The worst things a corp can do is sell your private data to someone else, monopolize a critical function and squeeze you dry, or block you from a monopolized utility that is critical to modern society.
Plus the common privacy threats: stalkers in the company accessing your private information, technical gaffes or breaches or unconcern exposing your private information, both of which could derail your life depending on what sort of marginalized groups you're a part of.
A stalker in LEO is bad, yes, but so is a stalker in your apartment lock managing company or at any other number of non-government companies you're forced to interact with.
Not having Google accounts isn't the end of the world, but given the amount that many (most?) of us rely on their services (I think of all the accounts I have tied to my @gmail email and cringe, but still I'm there), this is fairly disasterous.
I can hold my government accountable via the polling booth
I have no control over Apple or Amazon or Alphabet. I can petition the government through the court system if it tries to put me in jail, the government functions with a massive series of checks and balances.
I can't petition google, they are an unelected uncontrollable unaccountable entity that not even the government has power over
You might think you're safe because you don't carry a phone, never upload a photo, etc. You drove across the country in a car you paid cash for while bemoaning cameras that catch you speeding, in the name of "privacy". Meanwhile meta knows exactly where you are as their face recognition attached it to your shadow profile when someone took a selfie with you in the background, you were seen on a ring doorbell by amazon as you walked down the street
This "individualism" and "I'm alright jack" approach is a fallacy the world can't afford.
My government doesn't have a copy of my family tree or a good idea what my DNA is. Ancestry.com does.
> My government doesn't have a copy of my family tree
They absolutely do, your parents were on your government issued birth certificate, and the government issues marriage certificates and official name change paperwork too. I'd be a bit surprised if they don't some idea of your DNA as well, though I'd agree not to the level of Ancestry.
They all do though. Do you think the government isn't tapping the genetic databases of 23andme and Ancestry? Or the bottomless data out that is Gmail. Or iCloud. Or Gmaps location data.
I'd rather not decide who is the worse privacy offender, companies or governments, and best restrict both to a need-to-know basis.
If you live in California, with a population of 39.43 million, you get the same representation in the Senate as Wyoming with a population of 538,486 residents. Not to mention gerrymandering, the electoral college, etc. Your vote even as part of a collective doesn’t represent the will of the people.
We are seeing right now with President Musk that the President can complete ignore the constitution and the laws with “qualified immunity”. Is what we ste seeing now “accountability”?
Citizens aren't represented in the Senate. Citizens are represented in the House of Representatives. That's why California has 52 representatives and Wyoming has 1. The Senate represents the state itself, which is why each state has 2 senators. This misunderstanding of the difference between the House and the Senate needs to end.
Indeed, California has 52 times the representation but about 80 times the people. That disconnect is why the cap on the size of the House needs to be lifted.
Without the Senate, the United States of America would have taken a lot longer to congeal than it did. If it ever did.
The popular election of senators fundamentally changed a lot about how American government works - senators elected by state legislators (which was the usual method prior to that) are beholden to a very different pressure group with very different interests than the populace at large.
Now, they did go about the change properly. So points there. But at the time of the amendment, nobody really anticipated the Farm Bill (or, for that matter, Herbert Hoover getting into the positions of power he held prior to his election to the Presidency - where his performance was sufficiently strong to get him elected to the top job).
> I can hold my government accountable via the polling booth
Yes, but elected officials have used private information to disenfranchise groups of people before. Europe's right to privacy is in part a reaction to abuses that occurred in Nazi Germany.
I think this is partially correct but as the center moved rapidly to the right I’d say you need to study early 20th century governments and the arc of the US government as they decline into fascism. This is characterized primarily by privatization (and ofc surveillance and militarization of police.) In practice this means that the corps become a government just one that has zero accountability so people can’t use words like “authoritarian”
> The worst thing a corporation is likely to do (other than giving your data to governments) is to sell you something. That's all they want. They collect data so they can make money off you. That's not so scary to me. Governments want to put you in jail (or freeze your bank account, etc) if you get out of line.
It depends what government and what corporations. If it's a healthy functionally representative government then it's rules and laws can be to a certain extent controlled by the public. It may be harder to influence corporations. If a bank wants to close your account, or Visa stops accepting your payments or airlines don't let you fly, you can't complain, they'll just "well tough luck, it's our bank, our airplanes, our payment system, go create your own if you disagree". So I agree with you that this should be a worrying thing for the U.K. citizens, they should ask their government why the heck does it want all that data and maybe it should stop.
> Yes, corporations and the government are often in cahoots here - but even then we should be talking about how wrong it is for governments to be buying/taking/demanding data from corporations - keeping the focus squarely on the government.
Very much in cahoots. They hide behind each others backs, too. "(Apple): Sorry, government made us do it, our hands are tied". "(Govt): Sorry, _we_ are not spying on you. We just bought some data from Google or Apple".
In a democracy, the government is an outcome of elections, however they represent the majority and you may not be in that majority. This is why you can't talk about democracy without a strong culture focusing on the individual's rights, aka liberalism, otherwise all you have is a tyranny of the majority.
You're also deeply wrong. The fundamental difference between a state and corporations is that the state has a monopoly on violence and anything that a corporation is doing, and that harms individuals, can only happen with the complicity of the state. For example, there is no such thing as a natural monopoly, all monopolies are granted by the state in one way or another.
And the differences should be obvious, given the state can deprive you of freedom, it can starve you, it can inflict physical violence, and can even kill you. Corporations can't do this, unless the state commands it, obviously.
> It may be harder to influence corporations.
Actually, depriving Apple of the money you'd pay for an iPhone has more impact that your democratic vote. And even if you disagree with this, consider that you can vote for politicians promising to regulate Apple. And switching to Android or Windows has a lower cost than switching countries (and yes, that's an oligopoly, but that's because your state granted it via IP laws).
> This is why you can't talk about democracy without a strong culture focusing on the individual's rights, aka liberalism, otherwise all you have is a tyranny of the majority.
That's still all democracy is, though. A tyranny need not be absolute to be a tyranny.
> For example, there is no such thing as a natural monopoly, all monopolies are granted by the state in one way or another.
I don't see that. They could just not care. As I said it depends on what state you mean. Are you thinking a particular one? Because the state could be busy or care about other stuff than handling monopolies. Maybe there is a war going on, political in-fighting, military coup, etc. If a company buys every other competitor and is now the sole electric toaster maker some governments could just care less.
> This is why you can't talk about democracy without a strong culture focusing on the individual's rights, aka liberalism, otherwise all you have is a tyranny of the majority.
Of course. So it depends. Again, are you talking about a particular instance or in general. You can certainly talk about anything you want. The "culture of individual's rights" may not last long if a large majority of the citizens decided to either directly vote against or elect officials who are against it. Can the citizens effectively influence the government to change or can't?
> You're also deeply wrong. The fundamental difference between a state and corporations is that the state has a monopoly on violence and anything that a corporation is doing, and that harms individuals, can only happen with the complicity of the state.
I don't think you've shown the depth of wrongness here. It would take a bit more convincing.
> anything that a corporation is doing, and that harms individuals, can only happen with the complicity of the state
So, there is a way to the citizens to influence the state? And the state then has to influence or control the company, and then company would change its behavior, because it's forced to. Ok, then why the extra level of indirection, and not just influence the government to not harvest private citizens data and stop there?
> Actually, depriving Apple of the money you'd pay for an iPhone has more impact that your democratic vote.
So someone has to already be wealthy enough to buy iPhones to affect some change. Sure, that could work in some countries/corporations it might not work in others. In a healthier environment citizens should aim to influence their government instead. In the model you're proposing citizens try to influence a corporation by boycotting products, that in turn would indirectly influence the government, so it can then again influence the laws, which influence the corporations? That seems like a less healthy and more convoluted dysfunctional scenario. Certainly possible, one may argue that's what's happening in US or Western Europe, but one can image a better a different scenario than that.
I agree with your point that government overreach is more serious.
Which is why I want to emphasize that various government police (like FBI) notoriously buy data that they would need a warrant for otherwise.
I’m aware that you’re saying it, but I think you’re underestimating the extent to which preventing spying from the corps == preventing spying from the govt.
> I keep saying this, and nobody believes me, but I'm just going to keep trying:
You’re the top comment currently and you are repeating the hegemonic American belief for the last half century+. Although focusing narrowly on the government has become less popular lately
> The worst thing a corporation is likely to do (other than giving your data to governments) is to sell you something. That's all they want. They collect data so they can make money off you. That's not so scary to me.
Coca Cola has allegedly murdered trade unionists.[1]
> That's not so scary to me. Governments want to put you in jail (or freeze your bank account, etc) if you get out of line.
Yes. And corporations want to fight against you if you unionize. It’s not like it can sell products in order to fight unionization.
These are just off the top of my head, I'm sure I've missed plenty of ways. We also have personalized pricing to look forward to in the near future.
I've also neglected how they abuse surveillance to squash competition and smaller firms. Consumers rarely care about this, but the private and business spheres are not hermetically separate - when there is only one telecom or supermarket or other company left (or just a handful, and they collude), because they've killed competitors with anti-competitive practices, consumers and employees will feel the consequences. When they won't be able to run their own e-mail, and farmers will see supermarkets take all the profits, and be forbidden from 'unauthorized' tractor repair, and innumerable other abuses.
> The worst thing a corporation is likely to do (other than giving your data to governments) is to sell you something. That's all they want.
That's not all they want.
Just look at some recent scandals, like Cambridge Analytica. Harvesting and analyzing the right data makes it possible to influence democratic elections and referendums.
Selling you stuff is great, but tricking you to vote for lower taxes for their trillion-dollar corporations or tariffs/other negative effects for their competitors is better.
Corporations can also kill you, enslave you, steal your property, start wars, and take over your country. Think of something like Pinkerton, United Fruit, Wagner, or the East India Company.
Governments, corporations, and criminal organizations are not disjoint categories. There is a lot of overlap near the boundaries. You should focus more on what the organization is actually doing than on its nominal classification.
Corporations are legally allowed to collect much more and more varied kinds of data than governments, in general.
Governments are not barred from purchasing data from private corporations, and it's unclear what an actually-enforceable and -effective regulation on that activity would look like.
Governments can do a lot more damage than corporations when they have that kind of data, true. But nothing stops them from acquiring it by issuing money (fiat currency in the US -- practically unlimited!) and employing it for their own ends.
So it seems like focusing on the collection of which kinds of data, irrespective of who is collecting, is the real concern here.
The next step of this is when you realize that these entities are more intertwined than people give then credit for. The line between government, companies, and people gets very fuzzy very fast (especially on the levels below national governments)
Privacy from government === privacy from companies === privacy from anything else. We need not split them into their own distinct groups, we can (and should) create software, policy, etc. to protect from all at once.
>My controversial but strong opinion is that privacy from corporations matters very little, but privacy from governments matters very much.
The majority of people saying this just don't want ads at all in my opinion, since usually the argument comes up on the topic of targeted ads.
When you're right, the only thing you are to google is a number, likely some uuid in a db. To them all other identifying info is just metadata to shove into an algorithm.
Others are addressing your point about governments buying data from corporations also being bad.
But also, you think companies like Twitter, Facebook, etc which are increasingly activist and distorting truth and public discourse aren't also privacy threats?
And there is danger of it getting worse. So, your points have merit, but we cannot dismiss the threat of abusive corporations either.
Corporations can steal your work, etc. and thereby cause enormous problems that do not fit governments.
For me I think they're a much greater danger than at least my government. My government has no reason to care about what's on my computer. A company however, has an incentive to use every scrap.
Wait until you speak out against your government or try to organize a protest.
More realistically, if you are a women trying to get an abortion in Texas and message someone to help you leave the state to get one see how much more you should be worried.
Google can kill your digital identity for completely arbitrary, unknowable reasons. Especially if you are all-in on their system, as many, many people are.
How many people have ran to social media begging for help because every avenue offered for appeals are simply automatically rejected?
When Reddit started acting crazy, I deleted my Reddit account and didn’t look back.
When Facebook, went full MAGA, I deleted my Facebook and Instagram accounts.
I use Gmail. But if it disappeared, there are a million other email providers.
Google Photos is just one of many services my photos and videos sync to - iCloud, OneDrive, Amazon Drive (photos only) and my local Mac.
It would be an inconvenience for the few places that I use Gmail for. But I have use Apple’s Hide My Email feature since it’s been a thing and that’s connected to Yahoo address and I could change iCloud to forward to another email address.
It’s a lot easier to remove my dependence on Google than get from under the thumb of the US. I know, I’m seriously thinking about a “Plan B” to get out of the US after retirement with the way that the US is headed under President Musk with the dismantling of the health care system and trying to undermine Medicare and probably the ACA where I won’t be able to retire early and buy insurance on the public market.
Yes, but my government wouldn't care if I organized a protest. It's even likely that if I did, the police wouldn't even show up, and in the end, I have democratic control over it.
Meanwhile, I am in literal competition with basically all other people's companies.
The way the law in the US works, it's much easier for the government to get your data once you've given it to a company first. So it's very much intertwined.
Prior to the Progressive Era of American politics, corporations used to act a lot more like organized crime - the state sans the legitimacy. What we're seeing with governments and corporations working together is a slow return to this era. As the second Trump administration solidifies, we're going to learn the hard way that we're long past the point of corporations just wanting to sell you something.
To be clear, tech companies provide subscriber metadata (e.g., billing address, real name) with a court order or subpoena. They provide actual user data (e.g., voicemail) only with a warrant.
Or has something changed since the last time I requested user data from a tech company by subpoena? Or are you talking about intelligence collection as distinct from law enforcement?
Also worth noting that LE frequently has PC without having a warrant (for example: every time they ask a magistrate for a warrant and secure one, we can infer they had PC first). In fact they perform many searches with only PC (see: exigency, eventual discovery, etc).
It would be more apt to say any subscriber metadata Apple knows, the FBI can know without a warrant.
Outrageous and (obviously) unconfirmed claims. But again, and as an American whose private data should never fall under the purview of FISA or FAA or any other IC intelligence gathering activities, I don't seriously doubt domestic US spying/surveillance capabilities.
That LE has to feign the need for a warrant should the need arise to make lawfully admissible that which they already know and are in possession of is the most likely scenario. Encryption really is the only safeguard.
iMessage e2ee is bullshit because iCloud Backup e2ee is opt-in, and approximately 0% of Apple’s user base has turned it on, making iCloud Backup non-e2ee in practice.
All of the iMessage access data (either the iMessages themselves or the iMessage sync key for “Messages in iCloud”) is stored in the non-e2ee iCloud Backup.
This means that the iMessage service e2ee is meaningless because the iMessages themselves are not e2ee.
Note well that turning on iCloud e2ee is insufficient, as everyone else that you iMessage with will still have it off, and all of your iMessages will still be backed up non-e2ee to Apple in their device backups.
Having iCloud e2ee available is the best of both worlds for Apple: they can say that it’s available for privacy-conscious users to opt into, while still being able to turn over basically 100% of all iMessages to the feds whenever they ask.
Nobody has suggested that anyone, Feds included, has the present technical capability to break any of the security levels that are in widescale E2EE usage today.
If both you and the iMessage counterparty both have e2ee enabled for iCloud Backup, it's unlikely at present that the feds can read the messages without a warrant under FAA702 "foreign" intelligence collection (which as we now know thanks to Snowden is routinely used against even Americans).
With an actual warrant or wiretap order, there is no guarantee that Apple can't or won't insert additional endpoint keys into the conversation.
But, that said, 99.9%+ of users don't have e2ee enabled for iCloud Backup, so the e2ee in iMessage is mostly irrelevant, and it's available in full to the feds at any time, no warrant required.
>Is the government tracking me with cookies, offering cloud services, tracking me with ads, and whatnot?
The ops point is that the 'risk' of the corporation having that data is that the government could get it.
Otherwise the damage to you is what, an embarrassing ad if your sharing your screen? How does an ad on reddit having context of what you googled an hour ago actually hurt you?
Yes it's 'privacy' but there's no human involved here. The companies involve don't actually care what you're viewing (unless again, they're required to report it to the government).
These things happen because so often we focus the privacy conversation on corporations, which is exactly where the governments want it to be.
My controversial but strong opinion is that privacy from corporations matters very little, but privacy from governments matters very much.
We need to stop allowing the conversation to get distracted by talking about cookies and ad-tracking and whatnot, and always bring it right back to privacy from governments.
Yes, corporations and the government are often in cahoots here - but even then we should be talking about how wrong it is for governments to be buying/taking/demanding data from corporations - keeping the focus squarely on the government.
The worst thing a corporation is likely to do (other than giving your data to governments) is to sell you something. That's all they want. They collect data so they can make money off you. That's not so scary to me. Governments want to put you in jail (or freeze your bank account, etc) if you get out of line.