Ask HN: So what if my personal information gets stolen?
Are there any real consequences to having your data leaked in a breach? If yes, what?
Assuming not passwords. Things like name, address, passport number, etc. It depends on what you mean by 'etc'. The problem might not be in a single leak, but with enough leaks people can get access to all kinds of PII (personally identifiable information). It's important to me that my physical address not leak, I don't want people or packages showing up that I didn't ask to show up. If your important numbers (in the US that's passport, social security, and driver license) get leaked, it becomes easier and easier for someone to commit identity theft and open credit cards in your name which you will have will have to pay with either money or a lot of time proving it wasn't really you. Or they can get traffic tickets in your name which will become a warrant for you. And if they know enough about you (address, likes and dislikes, etc), it becomes much easier to socially hack (https://en.wikipedia.org/wiki/Social_hacking) you. Any security is only as strong as its weakest link, and social hacking has been used to get access to people's bank account, email address (doesn't sound scary but if someone has access to your email, they likely have access to all of your accounts because they can trigger a password reset, intercept it, set a new password, then lock you out), and a lot of other things. The relation between full name, telephone number, and physical address is not secret at all. Sometimes I feel like I'm the only person who grew up with a phone book. The financial sector abuses some of the more obscure facts about people (SSN, DL/passport number, bank account number, address history, mother's maiden name) as authenticators. They aren't. In the short term, someone can create a lot of bureaucratic hassle for you by knowing these facts. In the long term, institutions will adapt to the reality that knowing them no longer proves anything. The stuff you should really care about, IMO: Contents of private conversations. Interests and opinions expressed online that could harm real-world relationships. Habits and characteristics that could signal insurance, credit, or crime risk. Political activity far from mainstream. Relationships with controversial or high-risk people. Evidence of excessive wealth for your context. The fact that person with your metadata exists and does normal life things like having a home, a job, a cell phone, and a bank account is always going to be well-known. This information is more or less neutral. The real secrets are those which might prompt some actor (friend, lover, ex-spouse, family member, boss, insurance underwriter, lender, police, secret police, conman, vigilante, person who is wrong on the internet, etc) to turn against you, or to do worse damage than they would otherwise. Kind of wish the EFF or some group similar would sue or push to have the law require not using that info as ID with fines for non-compliance. It's inexcusable that someone can pretend to be you, sign up for stuff at various services, and some how that ends up being your responsibility to fix. It should be the various businesses who failed to correctly identify you and they should be financially liable, not you who had ZERO to do with it. We’d need a stronger government-backed identity/authentication scheme to replace it, which civil liberties groups like EFF vehemently oppose. do we need government backed id? is there no other solution? As long as there are property rights, contracts, and taxes, yes. Whatever the courts accept as proof that you own an asset or owe a debt is government backed ID. We only choose the quality and security properties of that system. > It's important to me that my physical address not leak How do you avoid the people-search sites coming up in Google? When I search my name, Google instantly provides several Whitepages-like sites with my full name and address. Some of them (actual Whitepages included) provide options for removal, but there are so many and they all pull from the same source that it's a losing battle. Your address is a matter of public record. Obviously one should be much more worried about SSN, passport numbers, and other government issued UIDs. There are leaks and there are leaks. Something like OSNews having a breach is a case of who cares. If it's important info (SSN, Drivers license, passport #) then any company leaking such info should be hammered with $1m fine per leak for each person. These companies which leak valuable information must suffer intolerably so that they never, ever do it again. That means making examples of those companies early in the cycle by having some go to the wall as that's the consequence of such. I'd also like to see executives be personally liable for the fines too. > It's important to me that my physical address not leak, I don't want people or packages showing up that I didn't ask to show up. What is the likelihood of being a target of this? Are there people out there that you expect might want to mail you an unexpected package or stalk you at your home? I get that there are people who have stalkers and such, but for the average, random person, what is the likelihood a criminal is going to pick their name and address out of some leaked information and...what? Mail them a bomb? Travel from Estonia or wherever the hacker lives to burgle a house in the US? Why? There's no point to doing that. >What is the likelihood of being a target of this? Are there people out there that you expect might want to mail you an unexpected package or stalk you at your home? As we see in the instances of so-called "revenge porn", you don't have to be famous to be the victim of these tactics. It just takes one person who becomes annoyed enough to use some of these tools and then you're left with an expensive and time consuming mess. Did you have a nasty break-up? Fire someone? Do you have a business rival who would like to see your reputation ruined? Did you leave a comment on a website that just happened to offend the wrong person [1]? The tools to completely ruin your life are becoming easier and cheaper to wield, and the costs of defending against them are only increasing. Even if the likelihood isn't high, the consequences are severe enough that you should take the risk seriously. Objectively, the likelihood of you getting robbed isn't that high either, but you lock your doors and don't leave valuables sitting out in your car either. [1]: https://gizmodo.com/when-a-stranger-decides-to-destroy-your-... EDIT: note that in the link above, the attacker wasn't even using non-public data. Imagine how much more damage someone with the ability to gain access to bank accounts, etc. could have done. > Did you have a nasty break-up? Fire someone? Do you have a business rival who would like to see your reputation ruined? If you were dating someone, worked at the same company, or even in the same industry and know the same people, they do not need a data leak from Marriott to get your address. That has nothing to do with data leaks. Maybe, maybe, you could conceivably piss off some Mr. Robot Darknet-wizard on a forum who would then spend hours combing through leaked data to try to figure out who you are so they could mail you some anthrax, but I'm going to put that at "get hit by an asteroid" level of things to worry about. As far as "take the risk seriously", what is there for an individual to do? I have zero control over the data security practices of Equifax, Marriott, or any other major corporation. I can just avoid their services, but that would basically entail living completely off the grid and being a hermit. If it were something as simple as locking a door, or putting your backpack in the trunk, yeah, people would do it. But all of this "the sky is falling, freak out now!" propaganda, comes with absolutely zero actionable items that the average person can do. I'm not going to waste my life being worried about things I have no control over. Maybe, maybe, you could conceivably piss off some Mr. Robot Darknet-wizard on a forum who would then spend hours combing through leaked data to try to figure out who you are so they could mail you some anthrax, but I'm going to put that at "get hit by an asteroid" level of things to worry about. The entire point of that article I linked was that the person doesn't have to be anywhere near you to cause you real damage. The woman who posted the false allegations to the homebreaker site was thousands of miles away. Heck, if you look at instances of "swatting" [1], it's entirely possible to people in mortal danger from thousands of miles away with little more than a phone. Are the people who are doing the swatting "Mr. Robot darknet wizards"? No, they're bored viewers of Twitch streams who think getting someone potentially shot is a barrel of laughs. I'm not going to waste my life being worried about things I have no control over. And this is why data-breaches will remain depressingly normal for the foreseeable future. Companies know that there are zero consequences, specifically because of this attitude. If data breaches were treated like chemical spills, companies would be much more proactive and careful about what data they collected, who they shared that data with, and how they secured that data. But companies know that consumers don't care, because "It's only data," and as a result they will continue to underfund data security and make us eat the externalities in the form of having to spend time and money getting transactions reversed. [1]: https://mashable.com/2017/12/29/swatting-death-andrew-finch/... The article doesn't say how the swatter got the victim's address. Where they somehow able to cross-reference the streamer's twitch ID with their credit report in the leaked Equifax data? If not, I'm not sure what one has to do with the other. > If data breaches were treated like chemical spills, companies would be much more proactive and careful about what data they collected, who they shared that data with, and how they secured that data. Actually, on a personal level, I am treating data breaches exactly the same as chemical spills. I personally have about as much influence on one as the other, which is to say, none. If a law comes along, I'll support politicians who vote for it, but that's about it. Again, what precise, actionable steps are you proposing for the average person to do? I'm looking for something besides "be scared and angry all the time" because that is as unpleasant as it is ineffective. I worked in a prison facility for three years, where all the inmates knew my first and last name, which is unique (I'm probably the only person with my first/last name in the world). If you google me, you can find my entire immediate family, including home address, home worth, names, occupation, ages. Many of the inmates were able to observe my car make/model/license plate, my arrival and departure time to work, etc. Though I had good rapport with the inmates and believe I did right by them, I still have a nagging fear that a released inmate could track down a family member or show up at our home. These are not dumb people. In fact they are quite creative with plenty of street smarts. I am not a unique/unusual/margin case. Saying "there are some people who have stalkers and such" discounts large swaths of (mostly) women who have been victimized, far more than a non-victim would ever realize. This is a very real concern for more than an insignificant number of people. We are just people who you would not necessarily realize exist. I'm touched that the e-stonia marketing campaign has ended up at the point where people think hackers only come from Estonia. But do not worry, your house is safe - we only burgle jewellery shops in Finland. > It's important to me that my physical address not leak, I don't want people or packages showing up that I didn't ask to show up. Because you think your physical address doesn't otherwise exist? Or are you talking about packages personally addressed to you? House stealing: https://archives.fbi.gov/archives/news/stories/2008/march/ho... Thrown in jail:
https://www.marketwatch.com/story/how-being-an-id-theft-vict... What's the likelihood of either of these happening? Neither of the links provide any data on incidence of ID theft leading to house stealing or being thrown in jail, which leads me to believe it's probably extremely low. Happy to be shown otherwise though. It's non-zero. Does it matter by how much? Why increase your surface area of attack if it can be prevented? > It's non-zero. Does it matter by how much? Literally everything you do carries a non-zero risk of death, being 100% safe is impossible. Given that every day is a gamble, knowing your risk and reward ratios is important for deciding which activities to do and which to stay away from. In this specific case, if dedicating your whole life to privacy reduces your odds of identity theft from 2% to 1%, I think a lot of people would say "I'll spend my life having fun and accept the higher risk"; if a tiny lifestyle change could reduce the odds from 20% to 1%, the outcome would probably be different. Which is kinda besides the point? The question isn't whether you as an individual should dedicate your life to having privacy for yourself, but whether we as a society should make privacy a norm. If everyone shits in the streets, the question isn't whether you should dedicate your life to avoiding all the shit to reduce your risk of infection, the question is whether society should stop shitting in the streets, because that's actually not much effort, while massively improving the health of everyone. I made my statement about an individual because OP seemed to be asking as an individual, but it still applies perfectly to society; you can pretty much search and replace on the text: "In this specific case, if society making privacy a top priority at the expense of everything else reduces everybody's odds of identity theft from 2% to 1%, I think a lot of people would say "I'd rather society priorotised having fun and accept the higher risk to society"; if a tiny lifestyle change across society could reduce the odds from 20% to 1%, the outcome would probably be different." The point remains the same: you can't make sensible decisions without knowing the odds; avoiding all activities with non-zero risk means avoiding all activities, and that's why it matters how much. Not to nitpick but I think it matters by how much the risk increases if you're trying to compare it to a potential benefit. I'd also say that the risk doesn't begin at zero. E.g., businesses, employers, schools, other orgs, family, partners, friends, colleagues, etc already have a lot of our personal data, and however small the risk is, it's real and worth consideration. We actually consider these risk/benefit scenarios all the time in everyday life. E.g., - We might surrender too much information when presented with the chance to win something in a draw; or give up some non-relevant personal information in a signup form just because the field is mandatory - Amazon, Apple, etc keep our credit card numbers; Monzo, TransferWise, etc our bank account numbers—but we're happy with that because of the convenience (or because there's no other way to do business with them) - You might have personal documentation saved on iCloud, Google Drive, Dropbox, etc because you want easy access to it; similarly with passwords and services like 1Password > Does it matter by how much? That's the only thing that matters. I suspect blackmail is going to see a rise as more information like this gets leaked. It goes like this: "Hi, <insert name here>. I know all about you. For instance, <insert the piece of personal information you have>. Wire me <insert large sum here> or I'll publish your browser history (or credit card statements, or anything else that sounds sufficiently compromising among some segment of the population)." Against any particular target, this may not be effective if they don't care about the leverage you claim to have or call your bluff. However, since you have a data dump you can send this to every single affected individual and you'll get at least some bites. >"Hi, <insert name here>. I know all about you. Did you receive that in an email recently? I've already deleted it, but I got almost that exact email in my spam on my junk mail account the other day. They were clearly working off of the Adobe password leak. They quoted my old password in the email and gave the same ol', 'I will email a list of your perverted pornographic interests to your family and employer' Like you said, they cast a wide net in hopes of catching a few fish. That being said, asking for BTC seems to really narrow the pool to folks who, I assume, would be less likely to fall for this scam. I know someone who got an email just like that as well. Some criminal could commit fraud if they can find a mark stupid enough to fall for their tricks. If said stupid mark is lawered up enough,
they will try to fob their failure to do their due diligence off on anyone they can including you with the imaginary crime of "having your identity stolen" as if such a thing was even possible. Which is more plausible? a) I am not me anymore because my identity is stolen.
b) Criminals stole from someone else. (likely leveraging their expectation of profit using the information available on absolutely everyone either from 'legitimate' brokers or
shady darkweb stuff; not that I can't tell the difference) There is also a herd immunity effect, if it's easy to compile a large database with everyone's personal data and political beliefs, then it's also easy to launch micro-targeting campaigns where you give political ads with messages that are tailored to the narrow segment of the population that the person viewing the ad is in. Possible target for spear phishing (easier to social engineer when more information about a target is public). Account take-over if the password was used elsewhere (credential stuffing). Become a target for Extortion or Blackmail: https://www.troyhunt.com/the-opportunistic-and-empty-threat-... Edit:
Some companies still use birth dates, security questions or social security numbers for identification. If the information is public, any one can identify as that person via a phone call. https://krebsonsecurity.com/?s=SMS&x=10&y=14 https://krebsonsecurity.com/2018/10/voice-phishing-scams-are... https://krebsonsecurity.com/2018/08/hanging-up-on-mobile-in-... It does not even take a breach. All it takes is the database to exist and a change in administration. And the database does not even have to be in the government's hands for them to use it. https://www.abc.net.au/radionational/programs/rearvision/the... It all depends who gets the information and if they go after you. My parents had a criminal gang compromise their information and open up a savings account in their name. They then initiated ACH transfers from their legit accounts and filed a fraudulent income tax return in their name, to the tune of $50k refund. The only reason they did not get away with it is that the online bank sent a gift to the house and my parents knew people from their careers that could get the attention of law enforcement quickly. Their bank suggested that a relative probably stole their bank credentials and that it was “nothing to worry about”. I'm astonished to see things like blackmail and fear of a break-in near the top of the list.. really? the most likely and damaging outcome is identity theft -- the consequence of which is damaged credit which is difficult to fix What about your tax returns? Your browser history? Mails to your boyfriend/girlfriend? Those agree comments in about your brother or boss sent to someone else? The source code to your side project? Your half-finished novel? Work-related files? Your IM chats? Your full contact list and their numbers? Your purchase history? Photos? The biggest hacks have been by governments. They aren't looking to steal your credit card, they are interested in espionage on a large scale. OPM and Equifax were likelt state-sponsored hacks. My guess is they are looking for government and corporate individuals to target. You probably don't need to worry about the hack affecting you directly, but it is affecting you in ways you probably can't imagine. It is quite interesting that everyone is so alert about privacy now and hates Facebook and Google and just ten years ago people willingly published their address and phone number in a phone book for everyone to see. Also in Germany the cities sell every citizens' personal data and nobody cares. It is quite hipocritical. Most people didn’t understand why privacy mattered. People are slowly learning the value of privacy through personal experience and the stories of others. As long as people will think that privacy is a normal thing to seek, we'll keep using personal information and secrets as authentication methods, and those whose data leaks will suffer the consequences. What we should do is think about the post-privacy world, where all data is available to everyone. We won't be able to keep secrets and passwords anymore, but we won't have to secure them either, as we will have better authentication methods. No more paranoia, encryption, or fear of data leaks. It blows my mind how few people are willing to concede the benefits of transparency, even if they're not willing to fully endorse it. > What we should do is think about the post-privacy world, where all data is available to everyone. Either I don't fully understand what you're suggesting, or you don't fully understand what you're suggesting. ;) Right to privacy is part of the Universal Declaration of Human Rights for good reasons. Violations and abuses of privacy have done a lot of damage to a lot of people throughout history. So what does authentication even mean to you if all data is available to everyone? Why would you still need to authenticate? Do you think it's a good idea for me & everyone else to see your bank balance? Personal emails? Personnel reviews at work? Letters to your girlfriend? Late night browsing habits? Purchase history? All your photos along with the video feed from your phone? I don't see privacy ever not being a normal and reasonable thing to seek, not to mention rather important for developing democracies and as some protection against government abuses. "Privacy, as we understand it, is only about 150 years old."https://medium.com/the-ferenstein-wire/the-birth-and-death-o... Aristotle wrote about privacy more than 2000 years ago. The ancient Greeks had secret ballots in their elections. Ancient China and ancient India have concepts of privacy written into their laws for thousands of years. The core idea of privacy, as something that is a basic human need, and should be a right, has existed for a long, long time. There's a lot of qualification to hide behind in the clause "as we understand it". This is a blog post about Silicon Valley, by someone making some pretty loose inferences, using specious logic to construct an argument. Many people pointed out glaring, major flaws in that blog post in the comments. But sure, privacy wasn't exactly the same 300 years ago as it is now in Silicon Valley with the internet. But ironically that post contains a lot of evidence of the idea that the idea of privacy has been around for a long time. John Adams wrote about not publishing his bank balance 300 years ago. This blog post does not amount to rigorous historical research or evidence of a lack of privacy before modern times. Right off the top, I don't really buy that houses without walls somehow demonstrates that privacy didn't exist. For one, only poor people lacked walls. Rich people have had them for a long time. Walls also didn't matter as much because people didn't poop in their houses as often as we do now, so lack of walls doesn't prove a lot. I suggest that a right to privacy is a mistake. It shouldn't exist. Unsustainability: It will only become more difficult to keep secrets as technology improves. Imagine cameras that can see through walls and drones the size of a fly. Unenforceability: How do you make people forget information on demand? How do you delete data from the internet? Inefficiency: We waste a lot of resources securing data. We waste a lot of resources requesting data. Allowing data to flow naturally would be more efficient. I think it's a good idea to let "everyone else see [my] bank balance[.] Personal emails[.] Personnel reviews at work[.] Letters to [my] girlfriend[.] Late night browsing habits[.] Purchase history[.] All [my] photos along with the video feed from [my] phone[.]" However, I think it would be unfair to make the life of one person transparent in a society where the social and technical expectation is to keep secrets, although I think it would be better to make everyone's lives transparent in a society where transparency is supported. I think the transition to a transparent society is inevitable. I also think that the later we prepare for the transition the more people will suffer. This is why I bring up the subject and encourage people to think about it. David Brin explains it much better in his book: Bruce Schneier has written an essay on a few key points why privacy is essential: https://www.schneier.com/blog/archives/2018/11/how_surveilla... "If there is no privacy, there will be pressure to change. Some people will recognize that their morality isn't necessarily the morality of everyone -- and that that's okay. But others will start demanding legislative change, or using less legal and more violent means, to force others to match their idea of morality. It's easy to imagine the more conservative (in the small-c sense, not in the sense of the named political party) among us getting enough power to make illegal what they would otherwise be forced to witness. In this way, privacy helps protect the rights of the minority from the tyranny of the majority." How would Martin Luther King survive long enough to lead the civil rights movement in a world without privacy? > I suggest that a right to privacy is a mistake. It shouldn't exist. You need to think more carefully about your position. Your statement makes it seem like you are ignorant of history. People have been imprisoned and killed for their correspondence. It is still happening in the world today. > David Brin explains it "Brin spends an entire chapter exploring how important some degree of privacy is for most human beings, allowing them moments of intimacy, to exchange confidences, and to prepare - in some security - for the competitive world." Brin doesn't agree that it's a good idea for everyone to see your letters, bank balance, and other personal secrets. It seems like you got the wrong idea about his book. > I think the transition to a transparent society is inevitable. You haven't explained or justified this idea at all. The problem with your concept of absolute zero privacy is competition. As long as privacy can be exploited, as long as a lack of privacy can be used against you in any way, the need for privacy will exist. The idea you have that privacy could go away can only happen if all humans are cooperative, and economic systems based on competition are eliminated. We can't have absolute transparency and Capitalism at the same time. We can't have politics or business either. Absolute transparency works for fictional races like the Borg on Star Trek. What you're talking about seems like a theoretical concept that is divorced from reality. Current trends are in the opposite direction, so what makes you think we're on the way? Business is getting more competetive, not less. Societies are getting more political, not less. In some countries, government and human rights abuses have been regressing. The need for privacy is going up, not down. > I think it's a good idea to let everyone else see my bank balance ... You didn't explain why. Why is it a good idea? Do you want to post all that information here and now? Why aren't you publishing it already if it's a good idea? Your purchase history is just one of many examples of something that is being used against you. There are insurance companies buying personal data like purchase history in order to gather evidence for denials on claims. What do you think about things we can't easily keep secret (skin color, gender, religious garment), and failure to keep secrets (leaks)? Do these people deserve to be the focus of all discrimination? It seems to me that privacy is necessarily misleading and unfair. How do you suggest we fix that? You didn’t answer any of my questions or respond to a single point I made. Do you understand why the right to privacy currently exists? How about I make some suggestions when you justify losing privacy? The fact that there are problems with privacy doesn’t mean it makes any sense whatsoever to just get rid of privacy. Should we get rid of water because some people have drowned? Should we eliminate math because it’s hard and people sometimes make mistakes? When privacy leaks and abuses cause people suffering or damage, the answer isn’t less privacy, it’s more. Plug the leak, don’t open the floodgate. > You need to think more carefully about your position. Your statement makes it seem like you are ignorant of history. People have been imprisoned and killed for their correspondence. It is still happening in the world today. I am aware that people have been imprisoned and killed for their correspondence. I think we should blame the perpetrators, not the free flow of information. > Brin doesn't agree that it's a good idea for everyone to see your letters, bank balance, and other personal secrets. It seems like you got the wrong idea about his book. That's possible. I didn't read the book. > The problem with your concept of absolute zero privacy is competition. As long as privacy can be exploited, as long as a lack of privacy can be used against you in any way, the need for privacy will exist. All knowledge can be exploited. All knowledge can be used against people. I don't think that's a problem, and I don't think that can be changed. > The idea you have that privacy could go away can only happen if all humans are cooperative, and economic systems based on competition are eliminated. We can't have absolute transparency and Capitalism at the same time. We can't have politics or business either. Absolute transparency works for fictional races like the Borg on Star Trek. What you're talking about seems like a theoretical concept that is divorced from reality. I don't claim that we could switch to full transparency tomorrow. I suggest that we accept the limitations of privacy, and work toward a society that's compatible with more transparency. I think less competition and politics would be welcome. > Current trends are in the opposite direction, so what makes you think we're on the way? Business is getting more competetive, not less. Societies are getting more political, not less. In some countries, government and human rights abuses have been regressing. The need for privacy is going up, not down. The world is getting worse in some ways, and I think that privacy enables that. Privacy is a self fulfilling need. The more we expect and rely on it, the more dangerous it becomes, the more we need. That's not good. > You didn't explain why. Why is it a good idea? Do you want to post all that information here and now? Why aren't you publishing it already if it's a good idea? Again, society is not ready yet. It won't be ready until we all put a lot of work into changing things. The first step is to convince idealists that total transparency is more desirable than total privacy. > Your purchase history is just one of many examples of something that is being used against you. There are insurance companies buying personal data like purchase history in order to gather evidence for denials on claims. If your purchase history is evidence that you violated the terms of the contract, I think it's fair. Likewise, if it makes it possible to give discounts to people who take care of whatever is insured, that's great. > Do you understand why the right to privacy currently exists? Yes, I understand why it exists. > The fact that there are problems with privacy doesn’t mean it makes any sense whatsoever to just get rid of privacy. Should we get rid of water because some people have drowned? Should we eliminate math because it’s hard and people sometimes make mistakes? "The fact that there are problems with [transparency] doesn’t mean it makes any sense whatsoever to just get rid of [transparency]." > When privacy leaks and abuses cause people suffering or damage, the answer isn’t less privacy, it’s more. Plug the leak, don’t open the floodgate. It's like increasing the dosage of medication as your body gets used to it. I'd rather not have to take medication if possible. I want people to change their diet to prevent or reverse diabetes. You want to create more artificial insulin. I don't think artificial insulin is bad, as it clearly helps a lot of people today (and more people every year), but I don't think the discussion should only be about creating more artificial insulin and making sure everyone can have some. We should think about fixing the root cause, and lessen our reliance on artificial insulin. I totally get your point. Do you get mine? > I totally get your point. Do you get mine? I think I do, yes. I think it’s a lovely theoretical idea that simply isn’t realistic or possible or ever will be. We can lose privacy the day there’s no exploitation, no profit motive, and no war. FWIW, I’m not hearing any evidence that it’s a good idea, just statements of opinion. I will admit that I'm more idealist than pragmatic. Understanding that I'm painting a long-term vision, rather than prescribing a short-term solution, should reduce confusion. I believe I provided 3 compelling arguments against our reliance on privacy in my first post. It's also possible that we use different moral frameworks. I'm not a consequentialist, and I oppose to most restrictions on freedom (drug control, gun control, copyrights, patents, privacy, GDPR, net neutrality). > I believe I provided 3 compelling arguments against our reliance on privacy in my first post. I see your 3 keywords argument above. Is that what you're referring to? ("Unsustainability", "Unenforceability", and "Inefficiency".) I didn't see any evidence, these appear to be claims predicting the future with no support to back them up, in other words, pure opinion. In my opinion they are not compelling. Unsustainability: Yes you can imagine small drones with cameras, but where's the actual evidence that secrets are becoming unsustainable? You can imagine all kinds of things that may or may not happen. I disagree with you. I claim that our ability to keep secrets is getting more sustainable over time, not less. Encryption and security are getting better, not worse. Unenforceability: This is irrelevant. Yes, you can't take back secrets once leaked. That has always been true, and has nothing to do with technology or the internet. This does not amount to a reason to never try. What percent of all secrets have ever leaked? Unenforceability is only a reason to not try if all secrets inevitably leak, and only if they all leak immediately, otherwise this is a reason to try harder to keep secrets. I know for a fact that many secrets are never leaked, and many secrets that are leaked are only leaked after it no longer matters, many secrets only need to be secret temporarily, so this unenforceability point tends to undermine your argument. Inefficiency: This argument doesn't make any sense to me. Every single thing we do would be "more efficient" if we didn't do it. It would be more efficient to not travel. It would be more efficient to not work. It would be more efficient to not eat. Efficiency is a metric that you use to measure two ways to achieve the same outcome, not something you can compare to nothing. You're completely ignoring the costs of compromised secrets in your "efficiency" calculation. When people's compromised secrets cause them to lose money or possessions or their lives, that cost is many orders of magnitude higher than the cost of keeping a secret. You're also not accounting for the efficiency of passing around public information compared to keeping information private. It's entirely possible that not keeping secrets - the costs of hosting & publishing all the previously secret information - would waste a lot more resources than the world with privacy, so it seems to me like you're just making stuff up. So to answer your earlier question about discrimination: 1- Many people do try to keep their gender / race / religious preferences secret when online in public forums, and initially when applying to jobs. 2- Discrimination is largely a separate topic. It's a cultural problem, not a privacy issue, that people are trying to fix in various ways including affirmative action and education. Nobody is suggesting that eliminating privacy will help with discrimination, because it won't. The existence of social prejudices does not in any way imply that my private financial situation or private correspondence or private photos should all be publicly available. How can humanity plausibly, realistically reach a place where it's not possible to exploit any information for private gain? Because we are individuals and not a collective consciousness, I don't see how that is possible. In many countries name, address, social security number etc are all public information so really depends on where you live. "Would you be happy to have your tax return displayed for everyone to see? In Norway, no one can disguise their earnings, as every citizen's is made available for everyone else in the country to inspect. Workers can see what their colleagues earn and neighbours can snoop on how much the people next door make — all legally and online. On a date every year in October, just after midnight, Norwegian citizens' annual tax returns are posted online — and the country's Norwegian newspapers leap to produce top ten lists of the country's highest earners, the incomes and taxes paid by the political and cultural elites, celebrities and sportspeople.
https://www.theguardian.com/money/blog/2016/apr/11/when-it-c... Identity theft. How prevalent is it? Any examples when a breach has had a real, significantly damaging impact on an average person? I’ve known someone who actually went to jail after her identity was stolen and someone was writing bad checks in her name. She was already going through all of the legal process to get everything cleared up but she had warrants against her that she didn’t know about. Now she doesn’t leave home without police reports and documentation that she has been the victim of identity theft. These guys are saying something like 17M thefts in 2017, which to me is a bit concerning and almost incredible, even if they’re off by a factor of 2. I mean, it’s not the end of the world if someone assumes my identity but it certainly seems like a monumental hassle to deal with and almost certainly bound to cost several thousand dollars. https://www.javelinstrategy.com/press-release/identity-fraud... I think that depends on how you define "significant damaging impact". Surely, somewhere some victim of identity theft has suffered vast financial losses without recoup. Surely, many victims of identity theft have a harder time getting approved for loans, leases, or even government clearances and background checks. These things are explainable, but isn't the fact that a person has to deal with this for the rest of their life (or at least 10-15 years following an identity theft event) enough of a problem that you would say it has caused a person "significant, damaging impact"? Extremely prevalent. Identity theft is one of the biggest forms of theft in the US. Things like fake income tax refunds is one of the fastest growing financial crimes in the last few years. I don’t have any recent examples at hand right now but there absolutely have been cases of identity theft in the UK and the US (particularly given the importance attributed to social security numbers there). I get scam calls a couple times a month. They know my name number and profession. It’s really annoying. Yes, criminals do not have your best interest in mind. when and where the info comes from is important. someone could, over time assemble a dynamic probability schedule of your physical location, this is not good if you are physically meek, extremely rich or integral to government or industry, AKA kidknapping or worse Unless you are in the 0.1% it is very unlikely that the effort required to do that and kidnap you is going to be worthwhile. oh im sorry what i was suggesting is hard to do?
how about pervs and thier motivations. It's not only hard, it's completely unnecessary. Most people are assaulted by someone they know in real life. You don't need gigabytes of data and a "dynamic probability schedule" to figure out that someone is at work during the day and at home in the evening, and they probably take one of 2 or 3 convenient routes to move between the two. If they actually know their target, they might even know something more like "they have a yoga class on Wednesday evening". For a second, pretend you're one of these "pervs" you're worried about. Are you going to randomly pick a name out of a data dump from Marriott's database, and try to correlate that with other leaked data to figure out the likelihood of this person you've never seen standing on a particular corner at 5:37pm on November 3rd? Or are you going to say "Sharon from accounting smells nice, I'm going to follow her home after work"? I think the latter is something more reasonable to worry about. cyber stalking is very real, very prevalent, and made even easier than it intrinsically is, by irresponsible PII use and meta analysis, stalkers did this in thier head, or spent time pouring over phonebooks and dumpster documents.
just ask any women that care to be here about thier experiences and a different world will be known to you ...go ahead keep voting me down, im immortal I've never heard of identity theft. If anyone wants to claim this I'd want evidence, not hand waving. But - Like Ashley Madison? Medical records? Tax records. These have all had real life consequences for people. North Korean defectors had their details stolen the other day. Like a email address to a site you comment on, so now it publically ties your comments to the real you? Go on? If your question is around identity theft which I think it really is, then I'd need to see proof, else the fear the NPCs have is actually what does the damage. (Also never heard of a domestic incident from a mass breach of addresses, I'd need proof to believe it, but it is enough to legitimately have to move house, so consequences) (Passwords / unsalted/salted password hashes is of course the real killer, this has screwed a lot of people, but you've excluded this.) If you're that curious, go ahead and post all of your PII in this thread and find out what happens. Something tells me you won't. The reason you won't, is the answer to your question. Not a very useful answer; presumably OP doesn't know the reason. Well, there is only one way to know if he/she will guess the reason :)