The year is 2019 and I can’t buy a good majority of consumer technology because we lack privacy legislation and consumer protections. Example: it’s absurd that my TV came with spyware that can’t be turned off or avoided; I had to stop it from phoning home at the network level. It also came with an arbitration clause and a clause waiving the right to a class action lawsuit.
i think the problem is not lack of legislation. the tech monopoly of big corps exists because people bought it. they sold their privacy for convenience and trendy blinking lights. furthermore, it is impossible for lawmakers to understand new technologies and to do specific laws for each new tech trap and it is impossible to stop the stupidity from people with the "it is ok, i have nothing to hide" mindset.
We don't expect people to be experts in chemistry and food safety in order for them not to get poisoned by food they buy. This is called food safety standards.
And yet we expect people will become tech and legal experts, reading through endless EULAs and understanding the fine print, and then being able to verify the tech behind it, for them to be able to protect their basic privacy?
I've found this language helpful for thinking about some aspects of some of these problems:
There is some value in having people be the ultimate arbiters of what goods and services they buy.
But, to get reasonably safe and good things, we need the support of experts. And we need those experts to do their work on our behalf.
But it is *not* an independent decision if the person is misinformed or does not have enough information to make an informed decision.
Legislation is needed (among other things) to create a baseline of quality of information about stuff that matches the baseline expectations of people.
I also want to point out that expecting people to 100% advocate for themselves in terms of tech and privacy is a privileged and even ableist position. Not everyone who gives in, does so out of laziness, convenience, or even ignorance. Some genuinely have few options.
@deejoe @hansbauer @retrohacker
@rysiek @erosdiscordia @deejoe @hansbauer I've been planning a post on this for a while... I've been working on taking back my privacy and network security. I'm dozens if not 100s of hours into the project, have several hundred dollars worth of hardware invested, and none of this includes the 10+ years experience I have as a linux sysadmin that made it possible in the first place.
looking forward to read your post about it!
@rysiek @erosdiscordia @deejoe @hansbauer Some folks' threat model is making sure their kids have food. Getting a pi-hole configured to do DNS over HTTPS isn't even on their radar. What does effective privacy look like for these folks? I can't come up with anything other than effective privacy legislation.
@hansbauer Well, the people who choose it for convenience are obviously in it for convenience. The people who don't have alternative choices without a huge pricetag or investment of time (which is money) are secondarily preyed on in that scenario, and they're a good enough rationale for legislation.
i'm in a similar situation as you with shitty phones. i know how to root and everything, use dns blocking etc, and even so is not enough. i guess we have to wait for more phones like the one from purism, with a better price tag. i meanwhile we are somewhat screwed. i have no hopes lawmakers will do anything good even if pressured, but it would be good if they did. i'm not excluding that.
@retrohacker @rysiek @deejoe
It's not just the choice to use Facebook and Google. That is actually irrelevant if you have a cellphone or use an ISP. Your DNS resolution to ISPs servers is being sold. Your location data from cell towers is being sold. Deep packet inspection by your ISP, that metadata is being sold. Simply being connected to the internet with a *stock* consumer device forfeits your right to any sort of privacy.
@hansbauer @rysiek @erosdiscordia @deejoe The last few generations of the private sector have worked to create an ineffective government. This may not have been the intention, but it was definitely the result.
Now the private sector is promoting the idea that you can't trust your government with these problems because it is ineffective. Don't drink that kool-aid, they are the ones who fucked our system of self-regulation up in the first place.
i don't trust it, because big corps are inside it. they have perverted the whole thing. i'm not saying legislation is bad, but that in the actual scenario, it is really bad to ask for more. at the end of the day, if we ask for. more legislation today, we are asking big corps to do it.
@rysiek @erosdiscordia @deejoe
@retrohacker @hansbauer @erosdiscordia @deejoe plus, it's not the choice of using Facebook or using Google. They offer vastly different services. They are not in the same markets. They create their own vertically integrated markets. They are, in a very real sense of this word, monopolists.
There cannot be an efficient market in this situation.
And yes, of course I had a talk about this at CCC once:
@hansbauer @retrohacker @rysiek @erosdiscordia @deejoe Could be they value their social lives. I made the “principled” choice re Facebook, and lost an entire social circle because Facebook is so good at being sticky that people will genuinely forget you exist. Reminded, they feel bad about it, but then forget again. Others have seen the same. Calling it a mere matter of preference fails to reflect the reality.
@erosdiscordia @rysiek @deejoe @hansbauer @retrohacker
This is matter of education: it's totally possible to teach programming, networking and crypto before 13. Why we don't? Because many people don't even understand they are used not users.
I'm totally for regulations, but I'm scared by the incompetence of Politicians, even in Europe.
What I read on #AI looks scary: they totally misunderstand what it is, how it works and can be abused.
In this context there is a huge risk that regulations would be used to create business entry barriers by big players.
This in turn would kill #FreeSoftware.
You just need to impose conditions to who can program to effectively inhibit #freedom 1, 2 and 3.
So we need to be very careful with regulations: we can regulate specific business uses (AI, privacy etc) but not IT as a whole.
Regulating AI seems nonsensical to me. I'm not sure we want to regulate industries or technologies. I'm pretty sure we want to regulate behaviors.
Start with human rights and work out implications. The limits imposed on industry and technologies are derived from the human rights they aren't allowed to infringe on. It's not "you are allowed to use AI in these ways" its "no technology or person can infringe on the right [of/to]"
1. the derivation should be logical
2. you must understand the topic
People and experts talking about "bias" or "non determinism" (of software executed on deterministic machines) show what can omly be either a deep incompetence or a malicious lobbying.
Regulating AI should be simple:
- forbid opaque boxes application to human data
- always held a human accountable
> forbid black boxes
I’m not sure this needs to be a regulation. Folks are free to do what they want with the tech they build, but they are responsible for the actions it takes. It’s risk management. If they aren’t able to comprehend the system they built, they are accepting that they may be found guilty of crimes that system commits. The decision to not use black boxes is easily derived from liability assuming we have balanced legislation.
With black boxes you need an enormous number or similar damages to prove a crime occurred and corporations will brag about industry standards to protect their interests.
Several people already died, killed by #SelfDrivingCars and no #CEO have gone to jail for the murder. OTOH you would need an enormous number of people from a minority discriminated to prove an AI software is wrong.
#Transparency means that each and evert error must be fully detectable, reproducible and easy to debug (aka explain plenty and clearly).
Without both of these principles, the rich will be above the Law by using an autonomous proxy.
"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko