This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.
Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.
We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:
-
Shaming.
-
Attempting to 'build consensus' or enforce ideological conformity.
-
Making sweeping generalizations to vilify a group you dislike.
-
Recruiting for a cause.
-
Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.
In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:
-
Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.
-
Be as precise and charitable as you can. Don't paraphrase unflatteringly.
-
Don't imply that someone said something they did not say, even if you think it follows from what they said.
-
Write like everyone is reading and you want them to be included in the discussion.
On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.
Jump in the discussion.
No email address required.
Notes -
I'm currently working as a cybersecurity engineer and I'm a former Google SRE. So, I request you do not kneejerk dismiss me as some kind of technical ignoramus if you think that's what my argument hinges on.
Whenever privacy warriors complain about privacy I find myself rolling my eyes and thinking okay boomer. Even though more people than boomers say this and I do believe privacy is important. To be clear I mean privacy in the abstract. "I don't use Facebook because [privacy]". "I am looking to adopt a GrapheneOS based phone with no Google apps because [privacy]".
Privacy is obviously important. I don't want some rando, or worse, some personal enemy to rifle through my all of my digital data looking for ways to harm me. But the abstract privacy concern takes the form of a Motte and Bailey between the two. Google, Facebook and friends mostly act on your private data in the aggregate, but the privacy advocates generate worry that your intimate conversations or pictures are being personally viewed.
I also find privacy warrior claims rather, lets say, Joker-level anarchistic about rule of law. Everyone should have end-to-end encrypted messaging and the government should be locked out of private spaces no matter what. In no other domain do we accept a claim like "this dungeon in my house is off limits even to detectives with a court order because it is my private property" but apparently yes this digital cache of self-produced child pornography or evidence of a ticking time bomb terrorist plot[1] is something we can take to our graves regardless of any legitimate pursuit of justice. The level of hostility towards government here surpasses any of government's responsibility to protect its citizenry.
I'm not arguing against having digital security. It's very important for both organizations and individuals to have basic opsec lined up, especially because of how many automated and directed attacks there are trying to steal money and secrets. But in this battle companies like Google, who privacy advocates possibly fear only less than Facebook, are far closer to friend than foe because they provide a level of sophisticated and free security and direct privacy guarantee that almost nobody can achieve on their own.
The level of fear and worry privacy warriors generate rises to the level of conspiracy-adjacence. The word "qanon" pops into my head. Someone, Out There, is collecting all of your private information and you need to disconnect from the grid right now. Abandon all petty conveniences like being able to share photos with grandma, your life depends on it.
Ironically, the self-hosted Trust No One approach appears to make people even more vulnerable to attack. Even very technically sophisticated friends of mine who have hosted their own email have been hacked and their identities stolen (and used against them for extortion) in ways that would not have happened if they had stuck to GMail and used their FIDO2 two factor key for second factor.
I have another friend who decided to take his family's photos and files out of iCloud and Google Drive. He set up a home RAID array and was cruising along fine but neglected to monitor the drives. One failed and he didn't know, so when the second failed all of his data was gone. He didn't have backups, because why would you if you have RAID and snapshotting. He's not some noob either. He is also a sophisticated technology professional.
My argument against individual actions you can take on privacy are something like: you can do a few basic things to radically improve your personal opsec, and anything else is rapidly diminishing returns at increasingly greater inconvenience and, worse, may be a net increase in your vulnerability to attack or data loss.
My argument against regulatory action on this is, well: Europe leads the way on this. Does anyone think, say, GDPR has made Europeans much safer than Americans? At what regulatory and compliance cost? Mostly GDPR seems like a joke.
The fact that privacy fretting appears to primarily afflict men (with notable exceptions like Naomi Brockwell) suggests that there must be something autistic about it.
(Mostly, I can't shake the strange feeling that inside of all of this is a The Last Psychiatrist style phenomena (made with impeccable erudition that I could never live up to) that privacy worries are a proxy for dealing with some... thing(?) that people would never allow themselves to acknowledge consciously)
In the end, excessively fretting about privacy mostly is costly (in time), increases inconvenience and annoyance, increases the nanny/regulatory state, puts you at greater risk, and just makes the ads being served to you dumber.
In the non digital world there are a lot more checks and balances. Getting a warrant to search a home is one thing, mass surveillance on millions of users is another. What is happening online is more like the police obtaining a search warrant for every building in a city and sending a robot with drug sniffing capacity into every room in the city. The police may follow a specific suspect around, while the state in many countries forces ISPs to keep a record of all visited websites for millions of people. Governments want to snoop mass amounts of data on cloud servers but don't have the right to routinely search hotel rooms or offices spaces. Why should data on the cloud be less protected than a letter laying on a desk in a hotel? Why can't digital services be as private as a taxi service? If I rent an uber the police can't set up a roadblock and search all documents in every car. So why can they do that for email?
As for GDPR it did make a big difference. In my career as a developer I hear the acronym GDPR on a regular basis, and it has forced companies to be far more careful in how they store and handle data. GDPR put a lot of pressure on companies to think before they acted and made the non-tech portion of companies much more interested in data security. Thanks to GDPR I have had non tech boomers with a business background send long emails asking about how we encrypt data, TLS, when data is deleted and other issues that they never thought about 10 years ago.
In the olden days we used to argue that mass surveillance was actually useless because it generated far too much data and even detection systems with very low false positive rates still created an unworkably huge number of events that had to be manually reviewed.
I haven't seen anything that has changed the story on this, except in CSAM which is so radioactive that law enforcers have successfully pushed the burden onto companies to surveil and report them. There's been some criticism of the false positives here https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html but so far this doesn't seem like a huge problem. And again only something like CSAM appears to rise to this standard, for now.
To be clear, I still think police should have warrants to do stuff.
I thought the Snowden leaks, specifically the revelation that the NSA was able to re-construct GMail inboxes without a warrant because they had tapped replication events on private lines between Google's datacenters, compelled an industry-wide effort to take security a lot more seriously, including TLS everywhere by default. Also it timed well with the fact that CPUs were now fast enough that encrypting by default didn't add an unacceptable burden. I'd be curious to see how the GDPR specifically made a difference here since it coincided with these two other events.
An issue that I think will no longer be a concern to the Big Other once AI gets good enough. Sure, ten humans today might not be able to find a dissident in the sea of data with four weeks of searching, but an AI drinking from the gigahertz of an RTX card might with only ten seconds.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link