Tracking evasion is close to the concept we in Germany call "Datensparsamkeit" or data scarcity — the idea that only the data that needs to be collected for a certain purpose should be collected.<p>The idea is: Data that just isn't there cannot be lost, abused or stolen. Or phrased differently: Data is also a liability for you and your users and you should balance this liability with the use it has for you.<p>The idea comes from Germany's Nazi past, when the Nazis invaded the Netherlands where religion was a field in the official documents, which lead to an very efficient genocide.
One thing I never really understood is the incongruity between online tracking and real-world tracking, the latter of which we would call stalking.<p>If you followed around the owner or employee of a tracking...err "advertising analytics"...company, and recorded everywhere they went, and everyone they met and interacted with, including writing down all of the purchases they made when they go to a store, and then you sold the notebook you kept of all this, would you be in any legal trouble? What if you followed around their spouses and children too? Would the employees of the advertising company be creeped out by this? And yet they do it virtually to millions of others.
Rohan makes a valiant and useful attempt to expand the over-simplified
notion of digital privacy. Anything that throws more light on this
area is welcome. However I feel that some of the distinctions are
incomplete or need highlighting more strongly.<p>The word 'tracking' shouldn't be used to stand-in for "absence of
privacy". For example, I may <i>want</i> to be tracked in every detail and
might buy a GPS tracker. However it should remain under my exclusive
control. If I find it's defective because it's treacherously uploading
my data somewhere I didn't ask it to, that's a breach of privacy.<p>The suggestion that techniques for web browsing might be generalisable
to wider privacy doesn't hold up well. The main focus is mitigations
(evasion and reduction) against cross-site identity leakage. Active
obfuscation, avoidance, spoofing, dazzle, camouflage and decoying
isn't covered, nor are threat actors or actor position. For example my
ISP or device vendor may be a greater threat than a website (doubly so
when the device and site are owned by the same entity eg. Google.)<p>It is oft said that privacy means different things to different
people, but this is not the same as saying people have different use
cases and needs, and is rarely unpacked by socio/psychological
analysis (different expectations and ethical judgements may exist
within the same use-cases and needs).<p>Also, someone "being okay" with a violation of privacy is not a
sufficient indicator. Objective harms exist and they don't go away
because the user is ignorant or convinced, or coerced to make
"acceptable trade-offs".
Reading the title, I assumed that the article would talk about what people mean by privacy. However, it really is about how people try to achieve privacy (by reducing the mount of collected data, or by reducing the amount of collectible data). The thing is how you do it depends on what you are trying to achieve. When discussing privacy, I find it useful to distinguish three types: a) privacy from government, which is fondamentally not a technical problem but a political one, b) privacy from big corporations, and c) privacy from criminals (i.e. "hackers"). In my experience, people are really mostly interested in c) and so-called privacy conscious people are mostly interested in b). As for how to achieve b), I (perhaps naively) assume that corporate data collection obeys a law of diminishing returns, so the best strategy is simply to do more than the masses who do not care.
I disagree with this basic premise. Privacy is not a baseline philosophical module that gives way to two separate concepts; privacy is simply a thing that can be achieved upon exercising one's property rights.<p>We want privacy because we desire control over the dissemination of our secrets. We desire this because our secrets are derived from activities to which you do not want the public privy. The reason one does not want their activity public is because it ultimately threatens the foundation upon which our lives are built. We use our right to property to protect ourselves against this outcome. We buy homes to say "this land is mine, please do not come onto it." We buy cars to say "this is my wheel machine, please do not use it." We buy computers to say, "these are my thoughts and productive activities - not yours."<p>We do not mind when our privacy is violated when it is perceived to have no material impact on us for that information to be out there.<p>This article is not really about privacy, but rather different ways by which to go about privacy _protections_. It is an insightful article when tuned to this context, and without doing that, it can be a little misleading.
IMVHO there is a deep fallacy in the article: privacy is not about individuals as single human being but about society, witch means that privacy is not about standing out because of tracking avoidance vs appear as "common generic human" as possible, it's about the power of aggregated data.<p>The war here is already lost but the point is that we do mandate by laws privacy because there are no issue if anyone know anything about anyone else or anyone do not know anything about any others. The issue happen when very few knows very much on anyone else and anyone else know next to nothing about them.<p>The two kind of privacy depicted are just a single emergent aspect, like a flame pinnacle, who stand out, but the real issue is at the base of the flames.
I always thought that since I opted for DO NOT TRACK I am not being tracked, now that it is a fingerprinting vector, it feels like being duped, and BTW if WebKit removed it then why not Firefox, I mean is there any good reason to have it anymore?.
Would love to hear HN's opinion on tracking. I was of the camp that all tracking is bad and should be banned. But one day I re-realized, website owner, having access to the server (e.g. nginx), can always track their visitor if they wish to. So maybe the problem is <i>third party tracking</i> instead of tracking? What do you feel if a website doesn't use any 3rd party tracking, but analyse visitor usage pattern using nginx/cloudwatch/any sort of logging provided by the tools essential in running the services?
Author mentions Tor, yet Tor can make you stand out just by mere use of it, unless you use pluggable transports/ bridges to hide the fact you’re using Tor.<p>Also you could hide in plain sight by using Safari on iOS with a generic mobile Internet IP. Generic useragent and generic IP. What’s wrong with that? Bonus points for browsing in a private session to stop cookie tracking.
Roe vs Wade educated me on the fact that the US Constitution never mentions a right to privacy.<p>Normally the response would be "so just add it" but that's America for you I guess.