Review

An old privacy post of mine recently got a lot of discussion on Hacker News. It seems people took me to be saying something like:

Other people are foolish to be worried about privacy. If there's anything you don't want public it's probably because you're doing something you shouldn't. The decrease in privacy over time will be great for everyone once we adapt to it, and has no downsides.

To be clear, this isn't (and wasn't) my view. There are a lot of situations in which it makes sense for someone to take careful steps to preserve various forms of privacy, there are things people wouldn't want public for very good reasons, and decreasing privacy has real harms.

But I also think it's very risky to rely on privacy. Many ordinary things we do expose more than we probably expect. What could someone infer from the timing of your posts or messages? Background details in pictures? Cell tower logs of your movements?

One of the major effects of increasing technology has been decreasing privacy. Cheap fast computers and storage make many things possible at massive scale that would have been infeasible before. For example, cars have had license plates for a century but it wouldn't have been practical to use them to build up a detailed record of traffic at large. Banknotes have (always?) had serial numbers, but people receiving bills didn't check them, record them, or use them to build up a record of how cash moves around our society. People have (always!) had faces, but looking through the enormous number of published photos to pick out ones with your face wasn't practical.

Another way that technology offers the opportunity for reduced privacy is that more interactions happen via computer, where they can easily be logged and categorized. For example, when I visit a typical web page, many trackers record this visit, and connect it to other pages I've visited. Similarly, most of my communication with others is now via text on computers, which is quite amenable to automated analysis.

I expect this trend to continue: computers are continuing to get smaller, cheaper, and faster. Transformers have turned out to be incredibly capable. People building things that collect and correlate this information are still adapting to the technology of several years ago, let alone what's still coming out.

On the other hand, there are some trends in the other direction. Privacy legislation, really taking off with Europe's 2016 GDPR (effective 2018), has made some forms of data collection and processing require the consent of the people it's about. I haven't found great polling on people's level of privacy concerns over time, but the small amount I have found does show an increase. Technology options that make sacrifices for the sake of user privacy (DDG, Signal, etc) are growing, though from a small base (and Firefox is declining, down to 3% from a peak of 32%).

Where does this leave us? Several thoughts:

  • Despite the changes in sentiment and regulation around privacy, I don't think a private future is something we can count on. I think it's more likely than not that systems that can wring a great deal of meaning out of everything everyone has done publicly are widely deployed during our lifetimes, probably within the next ten years. Hacks, leaks, and blunders that expose information you trusted others to keep private are also going to be a continuing fact of life, accelerated by digitization.

  • Since we can't trust the future to keep things private, my general approach to privacy is still to treat even nominally private things as if they might become public, and act accordingly. Habitually making things public is one way to make this a lower burden, and is one which has some advantages (better feedback from others, sharing information others can benefit from, etc).

  • Efforts to promote a more private future, through technology or regulation, individual choice or professional work, may or may not be worth it depending on how you view the chances of success and the benefits if successful. I think this is very unlikely to beat work on things like 80k's most pressing problems, but I expect some people have high enough estimates on the value of privacy work (ex: risk of stable totalitarianism, suppression of important but unpopular ideas) that they'll disagree.

New Comment
1 comment, sorted by Click to highlight new comments since:
[-]EKP110

I think you are maybe also not thinking of the degrees of privacy people value. 

For example, I used to have a job where it was valuable to be able to present to new professional acquaintances as politically neutral or at least politically agendaless. I have a very Google-able name. And Google really likes Facebook results. Therefore I kept anything publicly available, including on Facebook, fairly neutral - no tags in public contra pictures, for example. My bar was, if someone were to see they were going to meet with me, search my name, and read whatever struck their interest for a few minutes, they wouldn't have significant information on my politics. 

That's a very different goal than keeping my information private from, say, the law.