Comment by Forgeties79
1 day ago
> If data about the public is so dangerous that we must disguise the results, then perhaps its data we shouldn’t be collecting in the first place.
By this logic no one should ever collect your address for any reason ever. How do we function as a society if we can’t ever give PII in any context? Anonymization/security is critical and makes a lot of critical functions possible.
How could you receive your mail in a world where we never give out/collect info that is potentially hazardous?
Name, address, and phone number served plenty of critical functions when they were published in the White Pages. Cell phones not being listed there was kind of an accident of history. It was common to call a listed landline and be given or forwarded to a cell number. Only after most people stopped having landlines altogether did a phone number come to be considered sensitive information (unless you were a celebrity or something).
Ironically Facebook is responsible for much of this, as friending someone on Facebook became a lower stakes, less intimate alternative to exchanging phone numbers.
It would entirely be possible to limit the scope of things, by making sure the company that has your address (UPS or USPS, say) never has the other information. Each business would hand off a zero-knowledge identifier to you that you'd give to the others: Amazon would only know that the payment identifier they gave to you was fulfilled at VISA somehow, and then hand the package off to UPS with an identifier that they would never see again.
This is silly.
An argument about whether or not to deploy differential privacy on large statistical databases has no bearing whatsoever on whether or not you give your address to have a package delivered. If you want the package delivered, you have to give your address.
On the other hand, it’s not at all clear that people should have to involuntarily, my force of law, offer up all sorts of personal details about their lives. And questions about whether the use of differential privacy can or should justify the collection of sensitive information are quite valid.
The census is justified by the idea that it will help us plan for the future. But the track record of central planning is poor to disastrous.
A small example: in theory population changes could inform land use decisions. In practice however, the ability of population to increase is softly capped by the amount of housing that exists, or will exist. If you restrict or frustrate housing, you will also restrict people from living where they want to live. Then the planners will point to the census data and tell you that nobody wants to live there and therefore there’s no need for change.
Ironically, if you wanted to measure where people want to live in order to get information for planning purposes, the number is right there and doesn’t require any personal data collection at all - it’s the price. (in this example $ per square foot of floor space). But in my experience people who like central planning don’t believe in prices so they ignore that and they look at their reams of personal data and they conclude that all is well in the world. It is hard for me to be sympathetic if one day folks like that had have less data to look at.
It’s not silly. I’m responding to this:
> If data about the public is so dangerous that we must disguise the results, then perhaps its data we shouldn’t be collecting in the first place.
We agree that doxxing is dangerous online yes? Your point about the white pages is exactly what I’m talking about. A piece of data isn’t inherently dangerous or not dangerous. It’s about context and ease of access by actors with various intentions.
>We agree that doxxing is dangerous online yes?
Potentially. But this is also information that was not historically a deep dark secret absent measures that, to a first approximation, no one took.