1984 was overly optimistic about people, government didn't even need to enforce putting spying devices in homes. Instead a huge chunk opted in voluntarily with doorbell cameras, Alexa, and other smart devices
There's absolutely nothing wrong with the technology, and it obviously makes peoples lives better to have it. I think the issue is that there are only a handful of vendors that happily operate like the monopolies they are and provide you with zero differentiation or choice within the market.
The government isn't particularly interested in ending this problem either, I suspect this is due to a combination of industry capture and intelligence agency interest in these products.
> There's absolutely nothing wrong with the technology
Oh, but there is. It's subservient to the manufacturer, not to you.
I'm still annoyed that no country decided to classify "selling" things where the manufacturer keeps complete control and denies you access as fraud. But just because no legal system decided it's a crime, it doesn't mean it's right.
You say there is nothing wrong, but then go on to list things that are in fact wrong.
You think the problems are a mistake or otherwise something to be "fixed" the products are working exactly as both the government and the manufacturers want them to, and it has nothing to do with "intel agencies"
Having your entire life "cloud connected" and them complaining about privacy, is like opening a window then complaining that the house is drafty.
I love home automation, not a single component of my home automation is cloud connected, if more people would accept, learn and support non-cloud systems, services and protocols everyone would be better off
No they ignore the problems with technology ( unencrypted cloud connection / data storage, or lack of zero knowledge systems ) and move the problem to political or other realms.
The problem with the technology is it allows the company, political power, or police to access the data with out user permission, that is a technological problem, belief that just passing the correct laws to resolve this technology problem defy's recorded history and logic
You have confused transport encryption with storage encryption
Google and Nest use transport encryption to ensure only the device and google can see the data, but once it stored google can see everything
Zero knowledge data Encryption would require that ONLY the owner of the device has access to the data, not google
and example of this is say BitWarden Password Manager, even though the data is stored on BitWarden Servers, No one at bitwarden as access to any users password vault, The user holds the key, and only the user can view the passwords.
> I love home automation, not a single component of my home automation is cloud connected, if more people would accept, learn and support non-cloud systems, services and protocols everyone would be better off
• better if you could please provide links to how-to starter guides on how to do this
• I share your concerns, but one obvious huge drawback to a home system that's 100% off-cloud is security camera footage: how do you prevent a violent home invasion or burglary where the first thing they do is at gunpoint force you to show them where your server is so they can disconnect/destroy it? Not having a solution could easily be a $50,000 mistake or worse. Perhaps you just live in an area where violent home invasions are not a regular occurrence. It's not just about porch pirates stealing packages, or thermostats.
>>how do you prevent a violent home invasion or burglary where the first thing they do is at gunpoint force you to show them where your server is so they can disconnect/destroy it?
I would love to see a source of this being a common tactic of thieves, home invasion in general are extremely rare as most thieves are cowards and want to attack soft targets i.e unoccupied homes. Then of the home invasions I am aware of, I know of ZERO where the "first thing they did" was force the homeowner to show them the location of the storage server.
Even if that is a "common occurrence" which I doubt, what stops a home invader from cutting off the internet before the attack? and many of these cloud connected cams are wifi, there are several very easy attack vectors to knock them offline. I think your strawman is weak and easily defeated in a number of ways
>>> better if you could please provide links to how-to starter guides on how to do this
Some of the Technology I use, or sources I visit to look for new things
I clearly said "violent home invasion", not just simple "burglary". "Violent home invasion" means both a) somebody was in the home and b) there was violence involved (whether simple assault, tying up, or (rarely) kidnapping); in some cases it was the occupant retaliating against the criminals. I never said this was a "a common tactic of [all] burglars"; I did imply that violent home invasions is a small but non-negligible subset. [2] and [6] below give examples.
Basic statistics: [1]: The US averages ~1 million burglaries/yr, 3,300/day, or one every 25.7 seconds. (Most burglars are unarmed; most properties are unoccupied when robbed; most burglaries don't involve violence; most burglaries only last <10min;
only 12% of home invasions are planned in advance; 88% of burglars may be robbing to support their drug habit; 85% are not professional burglars)).
See [2] for an up-to-date dataset of individual incidents involving recent deaths or injuries in violent home invasions, listing no. of casulaties and deaths.
See [3],[4] for aggregate US statistics from 2017-2020, citing FBI/DOJ.
Some complicating factors in crime-tracking statistics [5]:"Elusive statistics":
> "The term "home invasion" isn’t standardized across jurisdictions, or universally defined; or necessarily used in crime-tracking data. Some jurisdictions use it and some don’t, but there is no universal definition or dataset. What would be called a home invasion is often reclassified as the eventual crime committed by the suspect — a robbery, a physical attack or so forth."
According to [4]
> 7. Only 7% of home burglaries involve violence.
> A State of the USA report found that 7% of these (on average) resort to violence on a yearly basis; though, only a few (12%) burglars had used a firearm. The most common type of violence present in burglaries is a simple assault, with 36% of cases resulting in only minor injuries and psychological trauma.
I see little point in arguing about how "rare" or "common" this is; personally I know people this happened to.
You could argue that when we subtract cases where the occupants shot the burglars, and exclude that some of the fatalities are homes of drug dealers or people who are known to carry large amounts of cash, that the overall number of injuries law-abiding-occupant home invadees who were threatened, injured or killed is "comparatively low".
For example, [6] reporting from ABC7 on a recent string of violent home invasions in South San Jose, CA; this sort of thing is admittedly rare:
- *"5/31/2022 home invasion in the 600 block of N Capitol Ave: 5-6 suspects bound an elderly couple with belts, brandished a handgun, assaulted the victims and stole valuables.*
- *The suspects, using a stolen vehicle, [then] committed a second home invasion in the 1000 block of Summerdale Dr, where they held a male victim and his 15-month-old child at gunpoint... threatened to shoot the child and kidnapped the victim, forcing him to go to his bank to withdraw money. The suspects also stole various valuables from the home."*
> what stops a home invader from cutting off the internet before the attack?
Nothing (other than speed, preparedness and competence; home invasion crews do not in general act like Ghost Recon). But that's missing the point; the truncated footage will still show when and how the home invasion happened, the number of criminals, their general description, may also show vehicles or weapons.
None of us are interested in debating strawmen; please just tell us your suggested best-practices in home security for self-hosted/non-cloud solutions.
This is not limited to Alexa or seemingly unnecessary tech gadgets.
This includes ALL your data. Gmail, Google, Android.
So unless you're opting for iOs (provided they're not doing the same as Google here) and not using Gmail or Google you're still falling under "Surveilled by the gov via tech company who serves their interests and not yours, even if you pay money for their services".
How accessible is that to your grandmother? Can you walk her through the process? (Are you willing to, given that now you'll be called if anything goes wrong?)
What I was trying to imply is that privacy should be for everyone, not just those who are technically capable enough to install an alternative OS on their phone.
This is why Apple is going to continue to crush it. They can build a subpar equivalent to google services and a large portion of the tech world will adopt it for its privacy benefits. The 'tech world' is a large influencer to the general public, leading to further penetration.
It's a great strategy as Google makes 80%+ of it's revenue from Ads, and their ad model does not work well with a privacy first mindset.
Apple designs with privacy in mind. Google designs with invasiveness.
I find that hard to believe when so many of their devices' functionality depends on you sending data over to them. Unless you go out of your way to make sure you're blocking all your devices from phoning home or sending any data over to Apple, then any supposed privacy benefit becomes a lie.
Either you're the only owner of your data or your data is not, by definition, private to you.
I think this dogmatic take is pretty useless. For the vast majority of people icloud is a QoL increase that is worth not “owning” our data. All Apple does with our data is keep it safe (CSAM not included), but I would love to be proven wrong.
I don't think using the correct terms to avoid ambiguity is "dogma". It would be "pedantic" except the concern regards pretty much the essence of the issue, so that doesn't apply either.
I think your being pedantic. Dogma is fine usage. They argued that Apple isn’t a privacy-focused company because they store our data on their servers, while the bar for companies to protect our data is so low it’s a tripping hazard.
I think the larger problem is that Apple treats privacy as a double standard. They assist China's government in mass-surveillance of their citizens, while simultaneously airing "Privacy is a human right" ads in the United States. Once you factor in the horrific irony of Uighur slave labor building iPhones, I think it's pretty easy to understand how people can call their efforts 'security theater'.
> Abstract — We investigate what data iOS on an iPhone shares with Apple and what data Google Android on a Pixel phone shares with Google. We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins. The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this. When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Users have no opt out from this and currently there are few, if any, realistic options for preventing this data sharing.
Apple is the only one of the "big tech" to actually operate a datacenter in China, whose contents are entirely subjected to the whims of the regime.
I'm afraid your conviction in Apple is the product of a well-crafted fantasy by their marketing department, instead of based on some deep rooted philosophical belief regarding the rights and privacy of their users.
The ad revenue is mostly on App Store searches, where the intent is provided during the request.
That Ads devision can operate in a privacy first mindset while still seeing huge growth YoY. Where-as if Google operated in a don't be evil/privacy first mindset, they'd loose substantial revenue and likely no longer be profitable.
Apple would "crush it" if they would combine their privacy focus with a commitment to individual ownership instead of Apple Ownership of the product they "sell"
i.e Right to repair, Side Load Apps, no draconian app store policy, etc etc etc
Embrace both privacy and user freedom. that would be great
Google's ToS is 16 pages with what appears to be about 50+ hyperlinks, including several hyperlinks to "additional service-specific terms" which itself has ~50 links to other terms which are all multiple pages.
Perhaps instead of pinning all of the blame on users, we could have the companies producing labyrinthian ToS contracts written by top-grade lawyers and full of legalese (that no layperson should be expected to understand) shoulder at least some of the blame?
This doesn't even touch on the fact that many topics (as related to data aggregation and privacy) are highly technical and require at least a few years of post-secondary to even begin wrapping your head around (e.g. de-anonymization via large sparse datasets is not something I can reasonably teach my 85-year old parent, nor to my child, both of which use Google services in some capacity).
But, yes... Let's blame it on Average Joe, who just wants to watch their dog for a few minutes while at work and saw an ad on TV about a convenient way to do so. Shame on them for not being both a lawyer and a CS graduate.
I don’t understand why aren’t there any standard terms of service which are generally applicable and companies can make minor adjustments to them if they can justify it
More like "If you're not part of the solution, there's money to be made in prolonging the problem." (I don't know who said it, but I'm paraphrasing from something I've seen on a demotivational poster re: consulting)
A solution to this is for courts to limit what is applicable in a ToS to a certain number of words, and have overly broad statements always favor the entity who has to agree.
This, in effect, nullifies all but the most important components of a Tos.
Due diligence is expected among a mature population. But you're right it's not entirely on individuals. There should be ways to disseminate information about the threats these products pose to personal liberty, especially in a nation that uses the word "liberty" so freely in its foundational documents.
>Due diligence is expected among a mature population.
I wholly agree.
But we're quickly approaching (and in some cases, past) the point where proper due diligence requires a 4-year post-secondary education in a related CS field, if not more.
We're talking about products that take multiple domain experts several years of collaboration to create. How is it reasonable to expect my mechanic, accountant, etc. to do their due diligence on how that product processes their data, especially when it's processed in a black-box created by several other domain experts, and their only source of information is purposefully opaque terms written by lawyers?
> proper due diligence requires a 4-year post-secondary education
I don't think that's the case here or indeed very commonly. You don't necessarily have to understand implementation details if some core tenet of popular ethics is being violated. One key feature of the domain -- namely that you don't own "your data" and so you don't get to decide what happens with it -- is pretty clearly in violation of principles that the vast majority of Westerners would at least profess to hold. Beyond the motivating principle that third parties should be required to receive explicit whitelist access to use privately-owned data, "implementation details" refers mostly to policy and enforcement, not really technologies.
Eh, it's exactly what you expect from America though. Ie the embodiment of short term thinking. Economy, environment, politics, etc - not that America is entirely unique here, just that the population seems to embrace this as a foundation in my experience.
Privacy to tech like this is very hypothetical till it happens, and it'll rarely happen. If it's not in our faces we won't vote against it.
>Eh, it's exactly what you expect from America though. Ie the embodiment of short term thinking.
I think this is the entirely wrong framing. My other comment covers some of it, but specifically in regards to your comment: it's a lack of education, not the embodiment of short-term thinking.
And really, we can't expect every person that uses Google (or whatever other large tech company) to thoroughly understand all of the bits and pieces of technology that could be used to fuck them. Or how things that we've been told are anonymous/private become non-anonymous/non-private when combined with other sparse data. These are complex topics that even many technologists don't understand (or are outside of their field of expertise).
These companies hire top lawyers to write complex ToS, use as many dark-patterns as legally possible, do illegal things until they get caught doing so, evolve their terms frequently, etc. Yet somehow they've convinced everyone to blame the layperson. It's remarkable, really.
What would be really swell is if we could, you know, not have companies spend millions of dollars on how-to-fuck-your-user initiatives.
But we can't live in a world where the responsibility isn't on the individual, can we?
Ie if we expect corporations to not fuck you over, who is there to enforce that? Who has the power to keep them in check? Okay, maybe Government should hold that role - but who then keeps the government in check? Who ensures that the spying or privacy from the Government is kept in check? etc
Ultimately the buck always stops at the individual. And we have to be hyper aware of long term implications, because money, greed and power has deep, deep pockets (as you also mentioned) and the fight will be never ending.
We, as a community, have de-propritized education, health care, public safety, privacy, etc. Sure, powerful forces have been pushing for that exact thing, but we can't expect them to "just be nice" or w/e.
I'm very pro "Big Government". However my ideas behind big government will not work without individual responsibility. Until then citizens are purposefully and willfully giving their power away with every tiny step. The blame is on us, and our current state is inevitable. My 2c.
My last sentence was more wishful thinking than a proposed solution. I am obviously aware the world isn't as utopic as the sentence would require.
The main point I wanted to get across is that it's baffling that companies aren't blamed in these conversations. It's always the user who is blamed ("well you read the ToS didn't you!"). And that's dumb, because the vast majority of users aren't lawyers and don't have CS degrees -- both of which are becoming increasingly required to provide informed consent to a ToS. (edit: in every other contract I sign, a lack of informed consent is grounds to void the contract, exception being tech-company ToS contracts)
If you still want to blame my 85-year old parent for not understanding what Google is doing with his data, go for it, I guess. Just seems stupid to do so, because he barely can open up a web browser but is somehow expected to understand the complexities of data aggregation and what impact it will have on him. And as time marches on, it's equally ridiculous to suggest that he just never use a computer to avoid the issue.
>And we have to be hyper aware of long term implications,
Without post-secondary education in niche fields, this is becoming impossible. Especially across multiple services with changing terms, in countries with changing laws, in a world where technology evolution outpaces curriculum changes.
> Without post-secondary education in niche fields, this is becoming impossible. Especially across multiple services with changing terms, in countries with changing laws, in a world where technology evolution outpaces curriculum changes.
I agree, but again i go back to, "but how else can it work"?
Of course i don't expect everyone to be knowledgeable on all low level systems. However, to the point of your 85 year old grandma, she is a tiny demographic in a much larger, much more reasonably informed demographic who also completely ignore the implications.
Name a demographic that isn't wildly ignorant of things that are reasonable to know?
But again, i repeatedly fallback to "But who else can do this?". This is why i'm pro Government, but not until people start pushing for responsibility on this front. It may not be reasonable for your grandma to be responsible for Google Data stuff, but she _(and the rest of us)_ have sat around for dozens of years watching authority figures have little to no accountability or oversight.
The issue isn't about Google. The issue is about us, and our inability to build a government and authority system that is in-line with our views. We hand our power over with no thought or oversight and then we're shocked when it all comes back against us. This has nothing to do with Google or CS, imo.
My argument is that the "reasonably informed demographic" is incredibly small. I can only say the same thing so many times, though, so I'm not sure how to explain it in a different way.
To restate my example, even very smart CS graduates may not realize that anonymized data joined with other anonymized data can result in de-anonymized data, because the linking and de-anonymization of sparse datasets is a niche subfield that has only recently begun being explored.
Many people may think they are reasonably informed (they look into the ToS, see that data is anonymized, and decide that they are okay with that) without knowing that the data may later by de-anonymized through advanced statistical analysis they've never been exposed to in all their schooling. So while they thought they were informed, they weren't. This repeats across several domains.
>But again, i repeatedly fallback to "But who else can do this?".
Why is that when a problem is identified, people demand a solution be provided at the same time? I don't have a solution, sorry. But that shouldn't preclude me from identifying a problem.
I honestly did not expect saying basically "Let's put some of the blame on Google, because they're the ones with the dark patterns and lawyers and experts, rather than solely blaming the layperson" would be met with much pushback.
> My argument is that the "reasonably informed demographic" is incredibly small. I can only say the same thing so many times, though, so I'm not sure how to explain it in a different way.
I think we're in agreement here. To be clear, i'm mostly talking about intent, an attempt to stay informed and a willingness to act - to push for centralized leadership who is informed.
Ie as i said before, your grandma is not expected to know this. She is expected to fight for a government that will be, and that will also be able to be held accountable.
We have neither the oversight on government current, nor the willingness to act. Your grandma built the same world we are building today. One of inaction and obfuscation.
If society cannot be informed and active on what is essential to build that world (whatever that may be), then we are doomed. Currently, the population at large is not. At least, not from what i can see in action.
I agree, but again i go back to, "but how else can it work"?...
Name a demographic that isn't wildly ignorant of things that are reasonable to know?
Who defines "reasonable"?
When you get delayed on a flight due to a maintenance issue, are you equipped to determine if that delay was reasonable? Most likely not, although many mechanically inclined people may be in a position to make that call. Those same people may not be in a position to arbiter the reasonableness of Google's ToS (side-stepping the whole obfuscation of details that was previously covered).
When society gets reasonably complex, we out-source those decisions. In the example of the aircraft, we have a regulatory body who makes the rules about what is reasonable. It wasn't always like that, of course, but the need grew out of the growing complexity and risk profile. So to your question and an earlier point, there may be room for regulatory bodies as an alternative for "how else can it work?".
Reasonable is defined by what it takes to outsource.
If you cannot determine factors by which outsourcing is successful or not, by which it is accountable or not, democracy fails, and you can no longer outsource it.
Agreed, and we do nothing to fight that. We're all complacent with it. Hell, not only did we not fight it, ie we didn't push for government control and oversight, but we signed up. We let them in and laid out welcome platters.
This isn't about being informed on obscure topics. As i said this has nothing to do with Google. It's about our willingness to fight for a government that can handle this, and fight to control said government.
This is absolutely by design and part of a larger pattern of propaganda that keeps Americans scared of the government and in love with the idea of becoming billionaire CEOs themselves because it's "moral". That holy "free market" has rewarded those rich people for being some damn smart and efficient--they deserve it, not the damn communist free loader leftists who hate America.
That's an odd take, I honestly don't find anything about this article, or the broader topic of privacy and overreach by companies and law enforcement, amusing in any way.
Fahrenheit 451 has a part where they get the entire city to go to their doors to try and spot a fugitive, this action is coordinated by the radios that everyone wears.
With these cameras and recognition algorithms, you don't even need people to go to the doors. Just pull the feeds.
I think Larry Brin's "The Transparent Society" is the best read on the topic. Not predictive of all outcomes, but many aspects of modern surveillance he did see coming.
This is confused. The Transparent Society is by David Brin[0]. Two of the founders of Google are Larry Page and Sergey Brin. The confusion is understandable given the name collision.
TikTok could be a spyware (lol) that requires your SSN and people would STILL download it and defend it just because it brings them mindless 10 second videos. I remember reading 1984 as a kid and thought it was so far fetched, that nobody would willingly let society get to that point... but it just only made more sense as I got older... people really just don't care...
For me, the difference is that the phone (with voice assist turned OFF) is not supposed to be listening all the time, while a device like Alexa is supposed to be listening. I don't want devices listening so I turn that feature off when I can and avoid the device when I can't.
Is the phone listening anyway? Maybe, but that violates a privacy expectation, and there may be recourse if someone discovers it's doing that.
I work on Alexa and for whatever it’s worth, I can confirm that Amazon is telling the truth about how Alexa listens and about what is done with your data.
This is all publicly available info, and perhaps there’s no reason why you should trust me any more than you trust Amazon as a company, but as one privacy-conscious engineer to another, I promise that your ambient conversations are not being stored or sent to Amazon and that any data you delete in the app (either by specifying an auto-delete period or manually deleting it) is actually, really, truly deleted.
A process running locally on your Alexa device listens for the “wake word”.[0] This audio is only processed locally within a constantly-overwritten memory buffer, it is neither stored nor transmitted. Only once the wake word is detected does Alexa begin to transmit an utterance to the cloud for processing. I’ve worked with the device stack and it really isn’t transmitting your ambient conversations.
Within the Alexa app[1], you can see and hear all of your stored data and can delete any of it. You can also control the duration after which it is auto-deleted. From working with ASR datasets, I can confirm that deleted audio (and the associated text transcript) is really deleted, not just hidden from your view.
I never owned an Alexa or other smart home device before I worked on it, and I’m not sure I’d buy another company’s device where I lack the same ability to “trust but verify”, so I’m not sure how much weight my word should carry. But I can give my word that Alexa is not transmitting your ambient conversations or just setting “deleted=true” in a database when you tell it to delete your data.
I definitely understand your point, but I think the greater issue is why should this have to serve as a rationalization in the first place? Why can't we expect our phones to serve us rather than the other way around?
