← Back to context

Comment by drink_machine

5 days ago

Shouldn't you have spent some time to think through basic things like this before trying to write an opinion piece on anonymity? Certainly it shows a lack of depth of understanding.

39 comments

drink_machine

Reply
everdrive  4 days ago

The privacy crowd seems to be incapable of grey areas. Are all these the same thing? Are they all the same severity of problem?

  - A web site logs traffic in a sort of defacto way, but no one actually reviews the traffic, and it's not sent to 3rd parties.

  - A government website uses a standard framework and that framework loads a google subdomain. In principle, Google could use this to track you but there's no evidence that this actually happens.

  - A website tracks user sessions so they can improve UI but don't sell that data to 3rd parties.

  - A website has many 3rd party domains, many of which are tracking domains.

  - Facebook knows exactly who you are and sells your information to real-time-bidding ad services.

  - Your cell phone's 3G connection must in principle triangulate you for the cell phone to function, but the resolution here is fuzzy.

  - You use Android and even when your GPS is turned "off" Google is still getting extremely high resolution of your location at all times and absolutely using that information to target you.

A LOT of the privacy folks would put all those examples in the same category, and it absolutely drives me up a wall. It's purity-seeking at the expense of any meaningful distinction, or any meaningful investigation that actually allows uses to make informed decisions about their privacy.

  • johnnyanmac  4 days ago

    The issue isn't about the present but the future. You don't just assume Google one day won't try to compromise government data.

    Even if they don't, it opens up more attack vectors for malicious 3rd parties who want that data. That's why you can't be careless.

    • TeMPOraL  4 days ago

      That is paranoia.

      At any time any company could turn evil, and any free(ish) government could become totalitarian overnight. This is a fact, but also pretty useless one.

      The real questions to ask are, how likely it is to happen, and if that happens, how much did all these privacy measures accomplish.

      The answer to those are, "not very", and "not much".

      Down here on Earth, there are more real and immediate issues to consider, and balance to be found between preventing current and future misuse of data by public and private parties of all sides, while sharing enough data to be able to have a functioning technological civilization.

      Useful conversations and realistic solutions are all about those grey areas.

      4 replies →

  • roncesvalles  4 days ago

    >A web site logs traffic in a sort of defacto way, but no one actually reviews the traffic, and it's not sent to 3rd parties.

    If data exists, it can be subpoenaed by the government.

    Personally, I don't understand people's mindless anathema about being profiled by ad companies, as if the worst thing ever in the world is... being served more relevant ads? In fact I love targeted ads, I often get recommended useful things that genuinely improve my life and save me hours in shopping research.

    It's the government getting that data that's the problem. Because one day you might do something that pisses off someone in the government, and someone goes on a power trip and decides to ruin your life by misusing the absolute power of the state.

    • subscribed  1 day ago

      Adtech sells that to creeps, goverments, police, insurance, banks, creeps, criminals, lawyers, data brokers. There absolutely IS a case for defending vehemently against the ads and tracking.

      And that's even before malvertising comes into picture.

    • ahartmetz  4 days ago

      The private sector - banks, insurances, your e-mail provider, cloud storage provider... - can mess with you pretty well, too.

    • hdgvhicv  3 days ago

      If a correlation has the data it will sell it to anyone, including the government

      If a government has the data there’s a chance it will stay in the government at least

      You either

      1) don’t want it stored

      2) are happy for government to have it but not companies

      3) are happy for everyone to have it

    • everdrive  3 days ago

      The government would need to know what to subpoena, and what to prioritize as well. In principle could the government subpoena my ISP, learn I'd used a VPN, subpoena the VPN, learned I visited Wikipedia, then subpoena Wikipedia to finally learn what articles I'd written. Yes, but in practice this will never happen. There's no interest in doing so, and it's unclear a judge would be convinced that useful information could be obtained from such a path.

      On the other hand, if I'm making death threats on Facebook, there's a much more realistic path: view the threats from a public source --> subpoena Facebook for private data.

      Treating the two risks as similar is madness.

      1 reply →

  • dylan604  4 days ago

    > - A web site logs traffic in a sort of defacto way, but no one actually reviews the traffic, and it's not sent to 3rd parties.

    Even if this sounds innocent, these must be turned over if you are provided a warrant or subpoena (which ever would be appropriate, IANAL).

  • Rygian  4 days ago

    They belong in the same category: the end user has zero agency over how their privacy is impacted, and is at the whim of the wishes/agency of whoever is serving content to them.

    Whether the one serving the content is exploiting data at the present moment has very little relevance. Because the end user has no means to assert whether it is happening or not.

amarant  4 days ago

We all mess up and miss things, op has shown maturity enough to admit to their mistakes and improve from them.

My takeaway from this thread is an increased amount of trust in OP. Not because they made a mistake, but because of how they handled it. Well done OP!

ybceo  5 days ago

I disagree. Like I said earlier :

Web server logs were not tied to user credentials in any way, they were used for debugging purposes and could not have been used to identify users.

  • procaryote  5 days ago

    From your faq: "We maintain zero logs of your activities. We don't track IP addresses, …"

    Front page says "zero logs"

    Some logs, including specifically datapoints you have promised not to log, but you mean well (?) is pretty different from zero logs

    • ffsm8  4 days ago

      Fwiw, zero logs in that context is usually in the relation to requests through the VPN, whereas this discussion is about requests on their homepage? Or did I misunderstand something here?

  • pear01  4 days ago

    You disagree and yet you agreed 100% and made the change. I thought the point the preceding parent comment is making is that you should have thought of that beforehand. Yet you seemed to already come to a judgement about it yet then quickly agreed to reverse yourself.

    Sounds like a clear "lack of a depth of understanding" to me.

  • organsnyder  4 days ago

    I have a static IP address; and most connections tend to have long-lived leases anyways. It can easily be used to identify me, even if you don't explicitly tie it to my account.

  • drink_machine  5 days ago

    [flagged]

    • ybceo  5 days ago

      I went ahead and took action on the criticism as soon as I saw the parent comment. All apache access logs are piped to /dev/null now.

      I'm not here to debate, the reason I posted here is to hear what people thought and see how I could improve my platform based on the criticism.

      9 replies →

lisbbb  4 days ago

Privacy was a joke--every time I gave someone my data that data got breached, including the US government.