Member's article review: There's no such thing as anonymous data

data
personal-data
security
article-review

#1

Lately I’ve been thinking about anonymized data, and how companies (not only tech companies, but car manufacturers too) use this as excuse but not communicate us the long tail of dangers that come with that. There’s no such thing as anonymous data, even yet, we still buy what they sell to us.

I’ve put my thoughts on this article (and podcast episode). I’d love to hear your thoughts on this. Do you agree? Am I missing something? Please let’s start a conversation around this. I believe it’s important…


#2

You are right, of course. But there are ways to be anonymous or near-anonymous to the parties you want to reach, by putting parties in the middle. You only have to place your trust differently.

For instance there is an open-source, self-hostable Meta Search engine - namely Searx (which I’ll add to awesome-humane-tech) - that strips a lot (most) of identiable data from your web searches before sending them to any actual search engine.

If I use Tor (or another browser and plugin that obfuscates my browser fingerprint) and a trusted VPN, then I could approach a platform anonymously. But I will have placed some amount of trust with the VPN provider (or the browser plugin author).

When you take really good care, you can make it really hard to be identified (except for government agencies and dedicated hackers, if they decide to target you directly).


#3

Thanks @aschrijver.

I think I screwed it up with the title of the article, because it’s led to a different point. It’s not about anonymous data, it’s about trust, and how promising one big benefit allows them to take advantage of a long tail of problems for us.

I posted this on reddit and people went wild. There were trolls all over the place. It’s taken me to be “Top writer in Privacy” in Medium! (In the wrong way maybe?)

So, whether there’s anonymous data or not, what do you guys think about the core of the article?

I’d love to hear your thoughts. So I can improve these articles. Sometimes it’s just complicated with forums like Reddit. But I believe this forum has great thinkers.


#4

I will give it a good read in that light, as soon as I have the time, Borja. I’d be interested in the Reddit discussion, and how that went to trolling.

Another heads-up: You’ll probably be interested in our Web of Trust discussion in Investigating privacy-respecting online identity, data ownership & control solutions


#5

Here it is.

Some people wrote me privately and agreed with the main point of my article. But most people didn’t agree with it. I still wholeheartedly believe in what I wrote. Maybe people interpreted it the wrong way, or maybe I’m not right. Yet, if it helps to start a conversation, that’s a success for me.

I’m going to check that discussion, thanks!


#6

Some feedback and additions about the article:

“It’s not about anonymous data, it’s all about the communication process. It’s about trust. And in order to get trust and people to buy whatever you sell, is to communicate your message properly.”

Your friend says that once you give away your data there is no control. And he is very right in that. Trust alone doesn’t cut it too. What is needed is verifiable trust, i.e. assurances and guarantees.

Big tech companies, especially Facebook, have lost lots of trust with all the scandals and information on their data collection practices coming to light. While FB is blatantly violating trust, Google is making an effort to be seen as trustworthy. They have elaborate privacy policies and tools to manage privacy settings and such.

But if you read the Hacker News discussion of people (developers) who are in the know, Google looks to be not much better than FB, but only better in creating the perception they can be trusted. Where FB has megabytes of personal data on you, Google has literally gigabytes. They put themselves anywhere where data can be extracted. Also they file scary patents to get at more data (like determining exactly what you are doing based on recorded microphone sounds, etc.).

The image of trust then is no more than a facade. The effort to be seen as trustworthy is no more than ‘greenwashing’ (similar in concept to how this applies to ecological issues), marketing. It goes skin-deep only.

“If this is the benefit you’d get, and they don’t tell you anything about the data that’s being collected, I bet you’d still sign up for this. No one wants to know that.”

The last bit is confusing. I like the drill + hole (the method and the solution) analogy. Do you mean they don’t tell you about other purposes for which they also use the collected data? I would like to know about that…

“At this point, unless you’re a radical defender of privacy, you automatically think: okay, this is worth it”

No need to be a radical defender. I’d rather say: Unless you are already privacy aware, you directly think 'Let’s do this!", instead of first carefully considering the further implications.

The following paragraph can be more like this: Once you’ve taken the bite, as a healthcare service provider I know I have got you. You are now handing over your data, and I have your implicit (but legal) consent to use it for my own purposes without your knowledge.

I understand what you mean, but some of the power of your arguments in the healthcare example gets lost in how you build the sentences. Some proofreading and rewriting may be in order (maybe @patm can help you with this).

Don’t trust me yet?

You mean to say: Didn’t I convince you yet?

“But they’re just getting into the data business. That’s how they’re going to make money.”

They are adding business services: But [car manufacturers] are also getting into the lucrative data collection business. That’s where they are trying to find additional revenue streams to boost their profits.

“The upside is clear, and we should seek it.”

Unclear, after the context you just provided above. With some edting:

Car manufactures are in big trouble. So they need to find ways to substitute the loss of sales with new incomes —and selling your data is a low-hanging fruit.
Autonomous vehicles can bring great benefits to us, and we should further develop this technology. But alongside this development we should not lose sight of our privacy protections. We must have both realities at the same time: Safer roads and better privacy.

“Let’s pick again the healthcare example I talked about at the beginning of this article. Being honest, almost everybody would sign up for something like that.”

As a general tip, you can try to be more concise. You could formulate the above with 33% reduction and more clarity, as e.g.:

Let’s go back to the healtcare example, and the obvious reason you’d want to sign up for cancer monitoring.

“Leaving the porn thing aside for a second, it is true that most people don’t care about privacy. But that doesn’t mean we shouldn’t have the right to have privacy. In the same way, most people don’t care about politics, but that doesn’t mean they don’t have the right to get trustworthy people in power.”

Do not hyperlink the porn thing, as it is off-topic anyway. (Note: you should consider using footnotes, instead of direct hyperlinks, as otherwise you’ll lose readers that navigate away)

I wouldn’t put it like this. People also don’t give a rat’s ass on the right to privacy, because they do not know what this means. They don’t know the implications of a complete loss of privacy. People don’t want to have their privacy violated and suffer negative effects from that.

Similarly trustworthy people in power also is not a right. It is a moral obligation, implicitly expected, that if you are a politician, you are trustworthy, and acting in the interest of your constituency.

I really like Elon Musk, and I believe in the change he’s trying to make. But I don’t agree with his views on privacy.

Put this sentence directly after his quote (which I also disagree strongly about).


I reviewed up to Snowden’s remark. Did not read Reddit yet, so as not to influence my view. May continue reviewing later.

My overall review comment is:

I completely understand all the points you are making, and so far I am agreeing with all your point. But I am an informed, careful reader, and aware of all privacy implications. A hasty visitor, though, who quickly skims the article (most readers are like this) may easily jump to wrong conclusions and either stop reading, or troll you about things you are not implying in the article.

The overall structure can be improved, and the way individual sentences are built. If I write similar documents (and I am not a blogger yet) it takes me considerable time, and I reread many times, from the perspective of someone unfamiliar to the subject matter, to see where they can be placed on the wrong footing or lose track. Then I am continuously restructuring and reformulating sentence to increase power of words.

You put a lot of care in the article. I can see that. I hope you found my feedback so far constructive and helpful.

Note that when we get the Blog and other content sections of the community webstie in place, we will be preparing content in this forum and have a lot of members who can together chisel and prepare an article like it is a masonry’s piece of art.

(Note also that I have my faults too, like writing overly long response posts. Sorry for that :wink: )


#7

PS. a very nice set of blogging tips is at this moment trending on Hacker News.


#8

Don’t be sorry for the long response, it’s what we need @aschrijver. Thanks for taking the time, I really appreciate it.

I’m going to carefully review your points and learn from them.

Answering your questions…:

What I mean here is that, if they do communicate you the long tail of problems that come with this “big benefit”–such as having access to the best healthcare in the world–most people would still sign up for this benefit.

Here I have to disagree. Most people who are privacy aware still use product with really bad privacy. When the time comes, and your health is at stake, I seriously doubt that they even consider not having that benefit.

Isn’t this a matter of style?

I don’t think it is a real off-topic. It’s Edward Snowden saying how the NSA spied on people and violated their privacy.

Personally I prefer links. The footnotes are better for ebooks. On medium I can just open a new tab and keep reading.

I agree with your other points :wink:

Then this article is for you, it’s not for them. I’ve just decided that I’m not going to write for the general public–otherwise I’ll never get to the change I try to make.

I think there’s an important point here. A point that I’ve struggled with for a long time: Perfection is the enemy of good. If you wait for something to be perfect, you’ll never ship anything. But if you make something good enough, that allows you to jump to the next one, and apply whatever you learn with the previous one. I believe it’s a great trade-off: 10 good articles beats the heck out of 1.

Good enough means: good, enough. That’s why I almost work with deadlines.

PS this posts are fun. This is why I think this forum is great… Let’s keep it going :slight_smile: