Tracking and challenging the emerging "Privacy Tech Industry"

From DevSummit
Revision as of 22:40, 25 November 2021 by Gunner (talk | contribs) (Created page with "# Tracking and challenging the emerging "Privacy Tech Industry" Background & History * Started working with Tor and other privacy tech as a young technologist in early aughts...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
  1. Tracking and challenging the emerging "Privacy Tech Industry"

Background & History

  • Started working with Tor and other privacy tech as a young technologist in early aughts.
  • Started questioning corporate flippancy towards privacy
  • Contrast with PGP movement and other privacy advocates starting in the 70s, Phil Zimmerman, et al.
  • Surveillance entertwined with roots / history of capitalism

What is Privacy Tech?

  • Privacy ISNT anonymity — first lesson
  • 3 parts attorney 1 part technical — technology and privacy scene
  • Not about surveillance so much, focus on regulatory issues. Has become more about mitigating responsibilities unfortunately.
  • Deidentification and protecting the contents (differences between?)

Emerging Industry of Privacy Tech

  • Privacy by design — from minister from Ontario, guiding principles of Tor project. Now has become boilerplate speak for for-profits.
    • Not relying on trust for tools/ you build the tool to default for privacy

Perception of "Threat models" differ for corporate world which is about liability, and not safety. Hard consequences

  • I: skeptical about differential privacy tech, not my definition of privacy. Invented by MS, now embraced by all tech companies.
  • M: historical background working with corporation in early days of internet
  • A: would like to reframe privacy discussion, corps are collecting multiple datapoints that can identify you.
    • But reframe to think about design that is consensual, what about tech that doesn't do harm? What is community dev/owned?
    • Can't entangle from privacy discussion.
    • Lot of money to be made from privacy, but can't trust motives in techno-capitalism.
  • P: is the current situation acceptable? GDRPR spearheaded by Google to deal with morass of privacy and economics of privacy coalescing around liability issues. The least competent people are being charged with drafting policy around privacy.
    • Why are we not working around forcing US to adopt a single ethical policy like GDPR
  • T: circling back to A's observation about tech basic design and other issues of equity.
    • Grindr example persecution of users in Egypt due to poor interface/app design
  • G: still need to look at larger issues
    • A: bigger framework to look beyond not what tech does, but people behind it
  • B: How can we direct resources towards players that are developing tech like Mozilla, how to influence? Where we have agency.
  • G: Inside view of Push & Pull inside Mozilla between privacy evangelists/designers and drive for funding.
    • Mozilla was early adopter of encrypting DNS lookups DOH.
    • When Google stopped funding Moz, and Cloudflare adopted they moved DOH to Cloudflare. Moz didn't disable 3rd party cookies

What is the "Cookie Apocalypse"??

  • G: 3rd party cookies being phased out — but what will replace them for advertisers??
    • Eg. Google FLOC Federated Learning from Cohorts
    • New emerging defaults

Why are governments and corps suddenly embracing "privacy"

  • G: contrast anonymity vs privacy. Why are gov/corps embracing "privacy"?
    • Why are Apple other corps embracing privacy?
    • Cynically — they want to limit users access.
    • Reflection of geopolitical struggles — EU wouldn't have adopted GDPR if Google /Fb were EU businesses.
  • P: Why are we accepting opt-out doesn't mean opt-out when accepting product or services from a vendor/platform?
    • B: concept of trust, physical trust has been a key part within movement struggles face-to-face chain of relationships in the past. But no longer feasible.
    • G: Tor best example of privacy & anonomyity by design that exists today. Inherently not relying on policy. But also not perfect, absense of resilience. Bad actors can hack
    • G: If I was adversary, I'd setup a free/cheap VPN network to hoover up activist's data
    • T: there are quasi private/state security entities like NSO group as well
  • I: Brave browser https://en.wikipedia.org/wiki/Brave_(web_browser) pay to opt-out. Same problem who can opt-out are those who can afford to do it.
    • B: counterpoint micropayments through Brave for publishers
    • I: General concept pay to opt-out. Started by a horrible person :(
    • G: Started as an alternative to Tor Browser
  • I: Academic sphere was where these conversations where happening, but now heavily influenced by corporation. Huge culture of bullying according to academics due to funding by corps.

Articles and Additional Info

Example:

  • https://two.compost.digital/support-us/#web-monetization
    • "Web Monetization is an emerging standard for web browsers. At the moment, you need to download a browser extension to make it work. We’ve found that getting a Coil membership is the easiest way to get started with Web Monetization. With a $5 monthly membership, you can also support hundreds of other Web Monetization websites like Cinnamon, Ampled, Erase All Kittens, and Ladyspike Media."

Also: https://ipfs.io/

A sharing article - https://www.radicalecologicaldemocracy.org/we-thought-it-was-fiction/