I hope it’s ok if I post this here, but I think if people are using Fedora then there’s a good chance they are interested in digital privacy. Fedora users in particular seem to be fans of security (SELinux) and privacy and security naturally go together.
I’m doing a digital privacy survey for my Masters thesis, and would be very happy if Fedora users would take part. It’s online and should only take 4-5 minutes.
Every available privacy option (stop and delete data at any time, etc.) is enabled.
It’s a delicate balance to find… short enough that people will complete it, but long enough to get useful insights.
I decided to ‘err on the side of caution’ and make my survey shorter, to give myself the best chance of getting enough participants. But it depends on how long you have to collect responses.
“Companies should not use personal information for any purpose unless it has been authorized by the individuals who provided the information.”
Are you familiar with the requirements for GDPR? If you have this as a blanket “no use unless express permission granted” then no company can do any fraud prevention, apply sanctions, prevent money laundering or a hundred other things that they are required to do by law. Double edged sword in that your PII should not be misused but at the same time, I quite like the onus on companies to protect their clients and users.
Yes, I’m familiar with GDPR. I worked in banking before, so I have some familiarity with counter-fraud, anti-money-laundering and so on. In the banking case, it’s part of the terms and conditions when someone opens an account that the bank can process their information in this way… checking against databases like OFAC and many others.
As the customer is giving approval to these kinds of checks from the start, what I meant by that statement was that companies shouldn’t use the information for any new or unrelated purpose which the customer didn’t already agree to.
But of course a bank or any other kind of company can’t control what new laws might be passed, requiring them to use existing customer information in a new way, or forcing them to collect additional information from the customer. I’ve seen that happen too.
The statement in the survey was in the ‘Attitude to Online Privacy’ section because it was more about getting a sense for peoples attitudes and not about designing rules.
Thanks for the feedback. It’s useful to see another perspective.
I think this thread misses the other half of the problem that is why collecting data is important, why personal data is valuable.
The answer is data is used to create a “profile” and to match some marketing strategy with that profile in order to achieve some form of thought and behavior control.
In short, when the personal data is related to my “online identity” I can be closed in the “bubble” and presented a selection of contents, in a proper way, so I go voting somebody or I go buying some stuff.
So the war is on three fronts.
One is to avoid data collection.
Two is to avoid collected data can be related to an “identity”.
Three is to avoid to be closed in the bubble.
It is both the big and the small things.
For example, who ever was told that it may be a good idea to wipe the browser cache (or “history”) as often as possible? Who ever was told that the “password manager” is convenient and allows using complicated passphrases but a breach in that “manager” means all the passwords are stolen? Who ever was told that any “app” from the “appstore” must be code-inspected otherwise it can be (probably) some sort of malware? And so on.
Then one may wonder why the Government signs a contract to host all the citizens health care data on some Microsoft or Google “cloud” service (for example). But then, again, all the politicians and the top managera use “off the shelf” smartphones. While they are full aware the Police prosecutes criminals via installing trojans on their phones. Using “off the shelf” trojans. Guess what the CIA can do.
Last thing. I see people paying for anything via “app” on the phone. This is funny for two reasons. Not only the smartphone can be compromised but it doesn’t sound like a good idea to have it “connected” to anything like the car media thing or the train station “totem”. I am really surprised there wasn’t any global security breach and my guess is there are many small ones. Some time ago I read a lady took her phone to the repairs, it got cloned somehow and then the repair guys made some money transactions in the same bank I am a client of. I asked the bank I they told me something like “you are responsibile of the safety of your phone”. Which is not what people are told, they are told the phone is safe.
I will write about some of the things you talked about in the thesis. As the focus will be on businesses (and focus is a requirement for a good thesis), I won’t try to cover government issues. But I’ll certainly include banks and tech companies in it.
I agree that it’s a major problem the way companies are trying to build profiles on people, and how people don’t receive good education on digital security or privacy. Health privacy is a whole field unto itself, somebody could do a PhD thesis just on that alone, so I won’t be able to cover it. But I’m sure I will get across my criticisms of corporate behavior and disregard for peoples personal information security.
My point is: it is not about “privacy”, it is about behavior control.
The most obvious example is the “wearable devices” and the “augmented reality”.
When you wear a device wherever you go and whatever you do, which is the poor man version of the device being implanted in your own body, you are followed and everything is recorded.
Then you look at “reality” and the device super-imposes “information” over your perceived “reality”. At the end, your behavior is being influenced and then controlled, like you are a drone.
At any given time the “system” knows where you are and what you are doing, in the same time the “system” provides “information” about what you see and hear (in theory any perception).
You know the Borgs in the Star Trek franchise, people being colonized by nanobots and connected to a network named “collective”. Their own will comes after the will of the “collective”.
On a more practical level, think of politics.
It is not like advertising that aims to make you buy a car because you “feel like” that car makes you look better (your friends envy you, women love you etc).
It is like propaganda that makes you hate some people to the point of wanting them dead. I am sure you can think of some user case from history.