The (presently) top-rated comment on this thread by nikcub is not only wrong, but fractally wrong in every particular. I'm offering this as a possible counterpoint.<p><a href="https://news.ycombinator.com/item?id=13982966" rel="nofollow">https://news.ycombinator.com/item?id=13982966</a><p>* False dichotomy: that the solution lies in only one sphere. (Lessig, <i>Code</i>). This is lightly moderated, but resurfaces at several later points in the argument.<p>* Personal responsibility. Check. Never mind that the source article states concisely and specifically why this doesn't work or scale.<p>* Hybrid system. Or as I prefer, <i>the worst of both worlds</i>. In the healthcare example, a <i>guarantee of emergency room services</i> is posited as a sufficient mitigation for mandating individual responsibility <i>in all other areas</i>. Disregarding the fact beneficial health outcomes comes from public or preventive measures, not acute (read: late, expensive, heroic measures) interventions:<p>"In all, 86 per cent of the increased life expectancy was due to decreases in infectious diseases. And the bulk of the decline in infectious disease deaths occurred prior to the age of antibiotics. Less than 4 per cent of the total improvement in life expectancy since 1700s can be credited to twentieth-century advances in medical care."<p>― Laurie Garrett, <i>Betrayal of Trust: The Collapse of Global Public Health</i><p>* As with all good Techno-Libertarians, nikcub "personally believe[s] in user responsibility". Despite some 50+ years of experience that <i>user responsibility for security simply does not work or scale</i>.<p>Nikcub continues with specifics:<p>* Universality of policy. Which seems to boil down to "since <i>every</i> jurisdiction cannot offer the same high levels of protection, <i>no</i> jurisdiction should". What ever happened to the concept of a competitive marketplace for ideas, including legal and moral frameworks? Isn't the very idea of liberal democracy that its principles, premises, and protections <i>are so manifestly self evident</i> that <i>all</i> people everywhere would want them? (And hence: why it's such a major pain in the ass of tinpot despots everywhere.)<p>* Some governments are bad ... so <i>no</i> governments can be trusted. Again: a slope so slippery nikcub loses his footing instantly. We can apply the same argument to ... anything. Including his proposed technological solutions: <i>Software is a major party in privacy violations and is conflicted (and buggy), so it cannot be expected to behave in the interest of users.</i> In government as with software, <i>the proper response to buggy implementations is to fix the bugs, not burn the house down and abandon the domain completely.</i><p>* Government trust. Where do I even start (the concept and questions of trust are ... a whole 'nother essay). <i>If liberal democratic government, the agent </i>and agency* of The People, cannot be trusted, then what can?* Private, <i>self-interested</i> business? Which, I'll hasten to add, <i>has landed us in the present kettle of fish</i>? If you're finding that your government (or parts of it) aren't trustworthy, <i>then you have two problems</i>. But the one doesn't invalidate proper approaches to the other, <i>and fixing the problem of government trust gives you an exceptionally powerful tool to apply in remedying privacy and other policy failures</i>. Say, such as single-payer, universal, socialised medicine.<p>* Tech solutions that are universal ... are called <i>policy</i>. And, to add to that, <i>a primary reason for approaching such policies through government is that governments have the clout and scale to make policies stick.</i> Keep in mind that this need not be at national or international scales. Policies at the sub-national scale -- say, Northern Ireland or Scotland within the UK, or California or New York within the United States, could have major impacts. Given the option of adopting <i>multiple and conflicting regulatory standards</i>, or <i>a unified and coordinated</i> standard, companies will often prefer the latter. The case of US EPA and California EPA emissions standards would be an excellent study in same.<p>* Good policy is hard work. Yes, well, hard problems are hard. This doesn't make them not worth pursuing. And remedying the specific problems highlighted would be a key goal of any privacy regulatory overhaul.<p>* Penalties are small. Well, duh: <i>embiggen them.</i> I thought <i>yuuuuge!!!</i> was in now, anyways....<p>* On information disclosure: yes, <i>it's very hard to un-leak data</i>. On the other hand, comprehensive and pervasive regulations <i>against</i> the storing <i>or</i> transmission of personal data, <i>stiff penalties</i> for doing so, and <i>sufficient rewards</i> for reporting on such violations, will tremendously decrease the incentives for doing so. Given that the value of vast troves of personal information to firms such as Facebook is ... roughly $12/year per person, those penalties need not be tremendous, though they do need to be sufficient <i>given scales of detection</i>. This isn't dissimilar to present approaches against counterfeiting of money or goods: the fundamental capability to violate norms exists, but with appropriate penalties, and incentives, against transacting in such money or goods, it can generally be tamped down to an acceptable level. The more so <i>if technology and other means are applied in concert with policy</i>.<p>The argument continues spewing the additional canards of <i>perfect worlds</i> (no policy world is perfect, at best it is <i>sufficient</i>), <i>sole reliance</i>, and of mis-casting the argument as <i>warning people away</i> from VPNs (it doesn't, it merely points out that <i>VPNs alone are grossly insufficient</i>).<p>And for the capper, we have <i>free-market it harder</i>. As if it wasn't free-market interests, and failures, which haven't landed us precisely in the present situation.