In response to my comments on Revealed by Mobile:
@rrix Instead of just hoping and waiting for change, nerds can continue to embrace and evangelize FOSS and continue to use and develop anti-tracking technologies.
Everyone can vote with their wallets - immediately start finding alternatives to products that do not respect privacy.
The real problem is that when push comes to shove, most people simply do not care about their data or security or digital privacy.
I believe that we are not able to vote with our wallet, and quite the opposite if you believe that software is simply a marketplace which Free Software can compete in. I don't believe this is possible because our wallet is being tugged at by near-invisible market actors operating in an ecosystem designed to be unseen. I am not advocating for "hoping and waiting", this is not "thoughts and prayers" but a call to arms, do not misunderstand me. A decade and a half of using, developing, and advocating for Linux and FOSS has got us nowhere because FOSS still hasn't found a way to feed its creators, and it certainly can't do so more effectively than the marketing panopticon 1. FOSS and libre tech alone have proven, repeatedly, to be inadequate. Free Software which costs users zero wallet-dollar is almost universally inferior compared to proprietary software which costs users zero wallet-dollars. To people who don't care about malleability and source code, the benefits of free software are essentially nil compared to a system which is silently funded through heavily obfuscated and disingenuous data brokerage.
Privacy can and should be a feature, but if you want it to be "the" feature, I have bad news for developers who want to make rent. Reportedly, the largest implementation of Signal's end to end encryption technology is done on license by Facebook's WhatsApp. Even here, the most successful privacy focused and UX-polished application developers pay rent and eat from advertising revenue collected from an unconsenting audience. A large portion of the technology ecosystem is built on an adtech house of cards that I would like to see knocked down. I have been watching strike forces of FOSS warriors throw their bodies at this problem and break for a generation and we have not learned how to fight more effectively, only how to comprimise our morals and quietly fund our safety through the very systems we aim to tear down, the very system making us unsafe. But I've got mine, a pile of hobbyist-grade small-team python projects that my parents find too janky to use day-to-day, let alone to talk to me with. And they certainly haven't been able to combat the network effects of these vast empires.
And even if it's not surveillance capitalists doing the data collection, even Free Software developers often use analytics software, and increasingly use bug-tracking SDKs in mobile applications and websites which necessarily and silently ship user-data to a third party to enable bug triage, or to enable "modern product driven development practices" and blind implementations of Agile. 2
Meanwhile, there is a growing body of evidence directly contradicting the statement that "most people simply do not care about their data or security or digital privacy". The article I posted is evidence that flies in the face of the idea that people simply do not care. pewresearch.org's Americans and Privacy survey found that most Americans feel that it is simply impossible to live in society without their data being collected by private actors and the state and this makes them uncomfortable. Four in ten adults read and understand privacy policies according to the survey, yet what has that got us? A bunch of "informed" users which cannot act on information and instead choose to ignore it, a fnord.
Confronted with the reality of a monitored world, people make the rational decision to make the best of it.
That is not consent.
(Idle Words – The New Wilderness)
Individual action against unhealthy marketplaces and bad actors is ineffective on its own, and so is simply hoping and praying. To that end, I am advocating for privacy laws which:
- bring much stronger controls around transparent revokable consent, regulating flow of data based on discrete purpose of use rather than obscured processing categories and list of business which "may" buy user data.
- provides for citizens' right of action, or dedicated privacy enforcement agencies along the same lines as the Consumer Finance Protection Board and the Consumer Product Safety Commision in the US, rather than relying on state or federal AGs for prosecution.
- provides users the ability to deny data brokerage, and does not allow punishment for doing so.
- provide real, effective data portability and data ownership rights that allow users to break network effects which the surveillance economy uses to constrict us. This goes against the common line which large companies are trying to establish, having realized that privacy laws can be melded in to walled gardens3
- put restrictions on the government quite similar to the restrictions placed on private companies by requiring that government acquisition of private data, and public/private contracts should be transparent and scrutinized4.
Vertical integration of surveillance and adtech has created a fundamentally unfair marketplace where any brand of citizen-enabling software must compete with a zero-cost ecosystem designed by psychologists and psychopaths to disable our ability to advocate for our own interests.