(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]
essay – dropsafe
2021-11
How to become a Super #Privacy Activist, pt 1:
Find a small coding issue that you can be very angry about; pick on an imperfect user-experience bug or missed opportunity & frame it as intentionally being in breach of a vague aspect of some critical legislation. Launch a crusade.
How to become a Super #Privacy Activist, pt 2:
Adherence to your Rules™ is more important than outcome; petty concerns like "international jurisdiction" pale in comparison to "foreigners should obey the intent of our laws rather than cutting us off"
How to become a Super #Privacy Activist, pt 3:
The purpose of the Internet is not for people to communicate. The purpose of the internet is to be a framework which can be regulated by you. Ideally in dramatic courtroom showdowns.
I heard @maxschrems say [this] at #32C3 and it left me deeply worried regards the pursuit of control by local states over "big data": pic.twitter.com/SxuwI2skEn — Alec Muffett (@AlecMuffett) February 17, 2017
How to become a Super #Privacy Activist, pt 3 (corollary):
* try forcing companies to host each person's data in the same regulatory regime as where they live, as it maximises potential state leverage over their data.
* remember, this is not "enabling state censorship". Nope.
How to become a Super #Privacy Activist, pt 4:
The solution to "tracking cookies", etc, is not to "fix browsers to drop cookies" as that would reduce opportunities for lawsuits, clicks & money.
Instead: assume malice and attack anything that looks even *remotely* like a tracker
How to become a Super #Privacy Activist, pt 5:
It is essential that the privacy of children is protected so that little or no data is collected or retained about them.
To do this, platforms must demand strong identification of ALL users up-front, and manage tracking cookies.
How to become a Super #Privacy Activist, pt 6:
1/ Normal people can't understand "privacy settings" for apps, therefore you should regulate the platforms to simplify these
2/ Normal people need "security controls" for apps to help them to manage their childrens' network access
How to become a Super #Privacy Activist, pt 7:
Quiz: FB's pursuit of end-to-end encryption is:
1/ a ploy to avoid regulatory breakup
2/ a ploy to sidestep child protection
3/ a ploy to disavow user content
4/ improving the privacy of 2bn people
5/ all of these
6/ none of these
How to become a Super #Privacy Activist, pt 8:
Data privacy regulation never has unintended or negative consequences; any failures of regulation are mere minor edge cases which can be addressed with more and better regulation, and/or "exceptional access" for Governments.
How to become a Super #Privacy Activist, pt 9:
"Anonymity Loves Company™" – therefore the best route towards greater global privacy is to trash attempts by the big platforms to deliver the same, eschewing them in favour of small federated platforms hosted by noble volunteers.
How to become a Super #Privacy Activist, pt 10:
Talk about "Privacy by Design". Don't acknowledge anyone who asks "what does that mean?" or "How can you presume a threat model?" – they are merely technicians.
"Privacy by Design" means "Privacy by Design", and the law knows this
How to become a Super #Privacy Activist, pt 11:
1/ Machine Learning is a great way to empower people with end-to-end encrypted privacy whilst identifying abusive content & behaviour
2/ Machine Learning enables dehumanising abstractions that prejudice against minority interests.
How to become a Super #Privacy Activist, pt 12:
If a platform launches a video streaming service with filters & controls, it's chilling free speech and censorship.
If a platform launches a video streaming service without filters & controls, it's derelict in its duty of care.
How to become a Super #Privacy Activist, pt 13:
It's ok for judges to take as long as they like to decide whether an act of speech is legal. The same doesn't apply to platforms.
How long should platforms spend deciding if users' online expression is illegal? Lawmakers keep coming up with answers like "24 hours" or "7 days." Meanwhile, courts spend hundreds of days on the same questions. Here is some great data from @JMchangama
https://t.co/btMcjEiN4S. pic.twitter.com/x7jNbVAiwH — Daphne Keller (@daphnehk) January 26, 2021
How to become a Super #Privacy Activist, pt 14:
Pictures of someone breastfeeding are obviously OK to display anywhere in the civilized world.
Pictures of child nudity, equally, are never OK. Unless they are OK.
https://www.bbc.com/news/technology-37318031
How to become a Super #Privacy Activist, pt 15:
Observe your peers and learn to divide the world into WrongPlatforms™ and RightPlatforms™
WrongPlatforms™ are easily identified by being both "American" and "Profitable".
RightPlatforms™ are generally neither.
How to become a Super #Privacy Activist, pt 16:
It is disappointing that @signalapp is both a RightPlatform™ and American. It can be this because it is not profitable.
@signalapp must never become profitable, else it will become a WrongPlatform™ and the EU will have to sue it
How to become a Super #Privacy Activist, pt 17:
Encourage friends – even, or especially those who are somehow dissidents – to abandon WrongPlatforms™ because "metadata".
If they are Russian, suggest they use @telegram because they will understand it.
https://www.wired.co.uk/article/telegram-encryption-end-to-end-features
How to become a Super #Privacy Activist, pt 18:
If your friends are Turkish democracy activists, encourage them to leave the evil-whatsapp-data-octopus to experiment with Bip, which is new and uses end-to-end-encrypted HTTPS to talk to Turkish servers!
https://www.businesswire.com/news/home/20210111005897/en/4.6-Million-New-Users-Joined-BiP-in-the-Past-3-Days
How to become a Super #Privacy Activist, pt 19:
Make sure to note how both Turkey and Russia are both working hard to pass legislation, just like the EU and China, for data of their citizens to remain within the borders of Government control, where state laws can protect it!
How to become a Super #Privacy Activist, pt 20:
For advancement in your career as a Super Privacy Activist, if you are European you should foster a relationship with a Partner-MEP. In the USA, a Partner-Senator is the best option.
How to become a Super #Privacy Activist, pt 21:
The best Partner-MEP is passionately committed to liberal values and the rule of law, but also wants American companies to be punished so that European ones can "fill the technology gap".
The best Partner-Senator is old.
How to become a Super #Privacy Activist, pt 22:
Care and feeding of your Partner-MEP or Partner-Senator is very easy: just tell them everything that you know and they will select the perspectives which best fit their political agenda of the week.
You can help by retweeting it.
How to become a Super #Privacy Activist, pt 22: (ERRATUM)
Twitter is, of course, a WrongPlatform™. You should of course be mirroring the Tweets of your Partner-MEP or Partner-Senator, onto your federated Mastodon server.
Unless it's the Gab one, in which case you are Bad™.
How to become a Super #Privacy Activist, pt 23:
Anonymity™: is a fine and essential quality that enables free speech, whistleblowing, reporting abuse, and speaking truth to power.
The most important thing about Anonymity™ is that someone Official™ should know who you are.
How to become a Super #Privacy Activist, pt 24:
Data Ownership: the goal of "data ownership" is for people to own, review, and delete, any data that is _about_ them.
You cannot delete your tax records because "Government Exceptional Access" or "Socialism" (delete as applicable)
How to become a Super #Privacy Activist, pt 24 (corollary):
Avoid confusing "data ownership" with "data sovereignty" – the former is Right™, whereas the latter is gun-toting libertarian techno-utopianism and is therefore Wrong™, and probably also involves Linux or Blockchain
How to become a Super #Privacy Activist, pt 24 (corollary, pt 2):
As above, if you encounter someone who asks non-policy-related or non-law-related questions relating to "implementations" or "threat models", they are technicians and do not Understand™ and may be safely ignored.
How to become a Super #Privacy Activist, pt 25:
The goal of Data Ownership is to provide a means for Super Privacy Activists to annoy companies at which they are angry.
Reasons for anger at the company may include:
– being American
– being Profitable
– being "In The News"
How to become a Super #Privacy Activist, pt 26:
The best way to use Data Ownership to annoy a company is to tell them to:
1/ tell you what they know about you
2/ delete all the data that they have about you
3/ tell you what they still know about you
Then: publish everything.
How to become a Super #Privacy Activist, pt 27:
This buffs your Super Privacy Activist credentials by tying-up junior legal clerks for entire _evenings_ trying to justify how they knew what you had previously asked them to do for you.
To the right audience, this is very sexy.
How to become a Super #Privacy Activist, pt 27: (ERRATUM)
The goal of being a Super Privacy Activist is not to be "sexy" – SPAs may express their passion through statement dyed hair, designer glasses, TED talks and guitar solos.
However: being an SPA is all about "the user".
How to become a Super #Privacy Activist, pt 28:
The User™ is everything to a Super Privacy Activist.
Literally.
A User™ cannot negotiate Facebook security settings, yet can attend PGP key-signing parties. They see the value of being warned about Cookies™ 400 times per day.
How to become a Super #Privacy Activist, pt 29:
A User™ will pursue every possible avenue to stop WrongPlatforms™ from tracking them… apart from installing and using TorBrowser which would do most of the work for them.
SPAs care for Users™, because the SPA once was one.
How to become a Super #Privacy Activist, pt 30:
The overwhelming empathy which the SPA shows for the User™* means that an SPA innately understands the User™ threat model.
The SPA is qualified to tell the User™ what to fear.
The greatest User™ fear is: Advertising.
How to become a Super #Privacy Activist, pt 31:
Advertising™ is the worst thing which can happen to any User™ – worse than oppression, surveillance, prison, capitalism, or democracy.
And the worst form of Advertising™ is "Relevant" advertising, or as SPAs call it: Targeted™
How to become a Super #Privacy Activist, pt 32:
Aside: it is essential for all Platforms™ to reflect and celebrate the diversity of their Users™.
In achieving this they must not Target™, and ideally should know nothing about, their Users™.
https://www.theatlantic.com/health/archive/2013/06/the-story-of-the-black-band-aid/276542/
Quiz Answer:
The correct answer is "6/ none of these" because the correct answer is:
"Facebook is American and Profitable and therefore a WrongPlatform™ and therefore we hate it and should get the EU to sue it because it exists."
How to become a Super #Privacy Activist, pt 7:
Quiz: FB's pursuit of end-to-end encryption is:
1/ a ploy to avoid regulatory breakup
2/ a ploy to sidestep child protection
3/ a ploy to disavow user content
4/ improving the privacy of 2bn people
5/ all of these
6/ none of these — Alec Muffett (@AlecMuffett) January 27, 2021
Props to Daniel Myles for getting closest:
The correct answer is:
1. Don't use Facebook
2. Especially in Australia
https://t.co/1ZTvWXsPpr — Daniel Myles (@deejayqf) January 29, 2021
Originally tweeted by Alec Muffett (@AlecMuffett) on 2021/01/27.
[END]
[1] URL:
https://alecmuffett.com/article/tag/essay
[2] URL:
https://creativecommons.org/licenses/by-sa/3.0/
BoingBoing via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/
