site banner

Culture War Roundup for the week of January 29, 2024

This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.

Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.

We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:

  • Shaming.

  • Attempting to 'build consensus' or enforce ideological conformity.

  • Making sweeping generalizations to vilify a group you dislike.

  • Recruiting for a cause.

  • Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.

In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:

  • Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.

  • Be as precise and charitable as you can. Don't paraphrase unflatteringly.

  • Don't imply that someone said something they did not say, even if you think it follows from what they said.

  • Write like everyone is reading and you want them to be included in the discussion.

On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.

Jump in the discussion.

No email address required.

I'm currently working as a cybersecurity engineer and I'm a former Google SRE. So, I request you do not kneejerk dismiss me as some kind of technical ignoramus if you think that's what my argument hinges on.

Whenever privacy warriors complain about privacy I find myself rolling my eyes and thinking okay boomer. Even though more people than boomers say this and I do believe privacy is important. To be clear I mean privacy in the abstract. "I don't use Facebook because [privacy]". "I am looking to adopt a GrapheneOS based phone with no Google apps because [privacy]".

Privacy is obviously important. I don't want some rando, or worse, some personal enemy to rifle through my all of my digital data looking for ways to harm me. But the abstract privacy concern takes the form of a Motte and Bailey between the two. Google, Facebook and friends mostly act on your private data in the aggregate, but the privacy advocates generate worry that your intimate conversations or pictures are being personally viewed.

I also find privacy warrior claims rather, lets say, Joker-level anarchistic about rule of law. Everyone should have end-to-end encrypted messaging and the government should be locked out of private spaces no matter what. In no other domain do we accept a claim like "this dungeon in my house is off limits even to detectives with a court order because it is my private property" but apparently yes this digital cache of self-produced child pornography or evidence of a ticking time bomb terrorist plot[1] is something we can take to our graves regardless of any legitimate pursuit of justice. The level of hostility towards government here surpasses any of government's responsibility to protect its citizenry.

I'm not arguing against having digital security. It's very important for both organizations and individuals to have basic opsec lined up, especially because of how many automated and directed attacks there are trying to steal money and secrets. But in this battle companies like Google, who privacy advocates possibly fear only less than Facebook, are far closer to friend than foe because they provide a level of sophisticated and free security and direct privacy guarantee that almost nobody can achieve on their own.

The level of fear and worry privacy warriors generate rises to the level of conspiracy-adjacence. The word "qanon" pops into my head. Someone, Out There, is collecting all of your private information and you need to disconnect from the grid right now. Abandon all petty conveniences like being able to share photos with grandma, your life depends on it.

Ironically, the self-hosted Trust No One approach appears to make people even more vulnerable to attack. Even very technically sophisticated friends of mine who have hosted their own email have been hacked and their identities stolen (and used against them for extortion) in ways that would not have happened if they had stuck to GMail and used their FIDO2 two factor key for second factor.

I have another friend who decided to take his family's photos and files out of iCloud and Google Drive. He set up a home RAID array and was cruising along fine but neglected to monitor the drives. One failed and he didn't know, so when the second failed all of his data was gone. He didn't have backups, because why would you if you have RAID and snapshotting. He's not some noob either. He is also a sophisticated technology professional.

My argument against individual actions you can take on privacy are something like: you can do a few basic things to radically improve your personal opsec, and anything else is rapidly diminishing returns at increasingly greater inconvenience and, worse, may be a net increase in your vulnerability to attack or data loss.

My argument against regulatory action on this is, well: Europe leads the way on this. Does anyone think, say, GDPR has made Europeans much safer than Americans? At what regulatory and compliance cost? Mostly GDPR seems like a joke.

The fact that privacy fretting appears to primarily afflict men (with notable exceptions like Naomi Brockwell) suggests that there must be something autistic about it.

(Mostly, I can't shake the strange feeling that inside of all of this is a The Last Psychiatrist style phenomena (made with impeccable erudition that I could never live up to) that privacy worries are a proxy for dealing with some... thing(?) that people would never allow themselves to acknowledge consciously)

In the end, excessively fretting about privacy mostly is costly (in time), increases inconvenience and annoyance, increases the nanny/regulatory state, puts you at greater risk, and just makes the ads being served to you dumber.

  1. I'm aware this argument is cited derisively by other security professionals, but that doesn't make them correct. Ticking time bomb plots are a real thing.

Mostly, I can't shake the strange feeling that inside of all of this is a The Last Psychiatrist style phenomena (made with impeccable erudition that I could never live up to) that privacy worries are a proxy for dealing with some... thing(?) that people would never allow themselves to acknowledge consciously.

One alternative suggestion that I haven't seen explored (but I'm sure isn't original) is that privacy concerns are often the result of human intuition about our evolved environment rather than about our modern one. Thinking of data collectors as just algorithmic and disinterested in you personally doesn't come intuitively to most people. If they're collecting your information and using your information for something that they profit from, surely they must have some specific interest in you, they must be taking something from you that is yours, and you don't want them to get that which belongs to you. When it comes to physical goods, proprietary knowledge, or genuinely clandestine information in a Dunbar-limited world, these concerns basically make sense. If you had information that you could sell to some other guy to make money, you'd be pretty pissed off that someone was ripping it off! Likewise, if someone collected something you thought was private, it would be quite reasonable to be concerned that they're trying to hurt you, or at least want leverage over you in the future.

privacy concerns are often the result of human intuition about our evolved environment rather than about our modern one. Thinking of data collectors as just algorithmic and disinterested in you personally doesn't come intuitively to most people.

We're looking at more of an intuitive statistical gap in understanding small percentage chances. There is clearly a greater chance that if my private information is stored at police headquarters that some sequence of events will lead to someone at police headquarters using that information against me in some way, than if that information is not stored at police headquarters. Most people aren't capable of actually calculating the expected value of that probability, so they either round it up too high or too low.

Most people don't have the information to even estimate. If your GPS location pattern marks you as being high risk for being a drug courier and you keep getting pulled over for minor and imagined traffic violations as a result, how would you even know that's what's resulting in the harassment?

It's worse. I have to estimate it long before anything goes wrong.

And my modal case is something like coming into contact with a person of interest. Or it's personal, your former coworker with an axe to grind or your ex boyfriend or your new girlfriend's ex boyfriend with a grudge, happens to have access to that kind of thing in some way or another.

That probability is impossible to estimate in advance. When I went skeet shooting in 2017, I could not have known that multiple people I shot with would be indicted in federal court on "insurrection" charges. I've seen friends stalk romantic partners, perspective and current and former, all across the internet including misusing work tools to do so. I have no method of assessing the people I interact with for whether they materially increase that risk.

Oh, actually, people also seem to drastically overvalue what their private data is worth.

Anecdotally: So, I don't have health insurance (I have wealth insurance instead, for catastrophes and it can't call itself insurance). So, I pay the retail rate for drugs. But it turns out there's a whole bizarro world economy where you can go to and get insane discounts off of the list price, like 90% or more and the drug ends up costing less than it would with an insurance copay.

Anyway, I have no idea how this works. I asked the pharmacist once why this free coupon knocked $10 off of this totally mundane drug that millions of people take. Her knee-jerk reaction was "because they sell your data". She really thought the fact that I take this med + my email address is worth $10 to someone. Not just that one time, but every time I refill it.

So, extrapolating "taking something that's yours" and "$10+ per take", I could see a recipe for widespread driving people crazy about privacy.

…what would feel like a good price?

I agree that $10 is way too high for any real value of that data. I could also believe that it’s where companies end up after factoring in all that bizarro-world. Maybe they sell the data for $1, but are also saving for bureaucratic reasons. Maybe it’s one of those loss-leader things where the cheap Xanax keeps people (or insurers?) in the program when they have to buy the long tail of exotic drugs. My personal guess would be that it has something to due with Medicaid pricing, because that derails literally everything.

I think it's probably worth a penny, at most?

Anyway, my research suggests these coupons are actually drug manufacturer rebates to the pharmacy off of their wholesale purchase. The manufacturer is effectively using this channel to quote much lower prices to uninsured poor people who would otherwise be forced to go without.