This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.
Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.
We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:
-
Shaming.
-
Attempting to 'build consensus' or enforce ideological conformity.
-
Making sweeping generalizations to vilify a group you dislike.
-
Recruiting for a cause.
-
Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.
In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:
-
Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.
-
Be as precise and charitable as you can. Don't paraphrase unflatteringly.
-
Don't imply that someone said something they did not say, even if you think it follows from what they said.
-
Write like everyone is reading and you want them to be included in the discussion.
On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.
Jump in the discussion.
No email address required.
Notes -
I'm currently working as a cybersecurity engineer and I'm a former Google SRE. So, I request you do not kneejerk dismiss me as some kind of technical ignoramus if you think that's what my argument hinges on.
Whenever privacy warriors complain about privacy I find myself rolling my eyes and thinking okay boomer. Even though more people than boomers say this and I do believe privacy is important. To be clear I mean privacy in the abstract. "I don't use Facebook because [privacy]". "I am looking to adopt a GrapheneOS based phone with no Google apps because [privacy]".
Privacy is obviously important. I don't want some rando, or worse, some personal enemy to rifle through my all of my digital data looking for ways to harm me. But the abstract privacy concern takes the form of a Motte and Bailey between the two. Google, Facebook and friends mostly act on your private data in the aggregate, but the privacy advocates generate worry that your intimate conversations or pictures are being personally viewed.
I also find privacy warrior claims rather, lets say, Joker-level anarchistic about rule of law. Everyone should have end-to-end encrypted messaging and the government should be locked out of private spaces no matter what. In no other domain do we accept a claim like "this dungeon in my house is off limits even to detectives with a court order because it is my private property" but apparently yes this digital cache of self-produced child pornography or evidence of a ticking time bomb terrorist plot[1] is something we can take to our graves regardless of any legitimate pursuit of justice. The level of hostility towards government here surpasses any of government's responsibility to protect its citizenry.
I'm not arguing against having digital security. It's very important for both organizations and individuals to have basic opsec lined up, especially because of how many automated and directed attacks there are trying to steal money and secrets. But in this battle companies like Google, who privacy advocates possibly fear only less than Facebook, are far closer to friend than foe because they provide a level of sophisticated and free security and direct privacy guarantee that almost nobody can achieve on their own.
The level of fear and worry privacy warriors generate rises to the level of conspiracy-adjacence. The word "qanon" pops into my head. Someone, Out There, is collecting all of your private information and you need to disconnect from the grid right now. Abandon all petty conveniences like being able to share photos with grandma, your life depends on it.
Ironically, the self-hosted Trust No One approach appears to make people even more vulnerable to attack. Even very technically sophisticated friends of mine who have hosted their own email have been hacked and their identities stolen (and used against them for extortion) in ways that would not have happened if they had stuck to GMail and used their FIDO2 two factor key for second factor.
I have another friend who decided to take his family's photos and files out of iCloud and Google Drive. He set up a home RAID array and was cruising along fine but neglected to monitor the drives. One failed and he didn't know, so when the second failed all of his data was gone. He didn't have backups, because why would you if you have RAID and snapshotting. He's not some noob either. He is also a sophisticated technology professional.
My argument against individual actions you can take on privacy are something like: you can do a few basic things to radically improve your personal opsec, and anything else is rapidly diminishing returns at increasingly greater inconvenience and, worse, may be a net increase in your vulnerability to attack or data loss.
My argument against regulatory action on this is, well: Europe leads the way on this. Does anyone think, say, GDPR has made Europeans much safer than Americans? At what regulatory and compliance cost? Mostly GDPR seems like a joke.
The fact that privacy fretting appears to primarily afflict men (with notable exceptions like Naomi Brockwell) suggests that there must be something autistic about it.
(Mostly, I can't shake the strange feeling that inside of all of this is a The Last Psychiatrist style phenomena (made with impeccable erudition that I could never live up to) that privacy worries are a proxy for dealing with some... thing(?) that people would never allow themselves to acknowledge consciously)
In the end, excessively fretting about privacy mostly is costly (in time), increases inconvenience and annoyance, increases the nanny/regulatory state, puts you at greater risk, and just makes the ads being served to you dumber.
There are a lot of half arguments here.
Like, you scoff at impenetrable end to end encryption. But the realities of the internet are that any back-door or security flaw that allows end to end encryption to be penetrated exposes literally everything to literally everyone. There is no limiting principle as is the case of say, a door to a kiddy porn dungeon. Presumably there would be a warrant. Or maybe in the case of your valuables being in the sort of safe The Lockpicking Lawyer could open in under 1 second with a toothpick, some hopefully limited number of criminals will ever actually get a crack at it. Not so with anything on the internet. Either it's impenetrable, even to legitimate law enforcement (but especially illegitimate law enforcement), or virtually every criminal on Earth already has access to it. There is very little in between.
Then you decide to stan for cloud computers. Because a friend of yours is an idiot and didn't fix his NAS when it had a problem. But the fact of the matter is, the cloud is still only someone else's computer. And they can revoke access to your data just as capriciously as a RAID array might fail.
And then to smear everyone concerned as QAnon, as though fears of data collection and spying haven't been validated time and time and time again. Did Snowden happen before you were born? Has it been that long?
[...]
This is grandiose. On Facebook without E2E encryption (but with TLS), your messages are only exposed to Facebook and whoever hacks them, which is a very remote possibility. Adding E2E encrypted messaging with a law enforcement decryption key that can only be used with a warrant does not increase the risk further than the non-E2E case, even if that key is ultimately compromised.
Somehow it never occurs to people making this argument that it's trivial to make off-site backups from cloud providers, if you're that worried about them revoking access.
You obviously haven't heard of the third party doctrine.
If Facebook has your messages, and you haven't encrypted them E2E, the government can look at them any time they want without a warrant. Your statement that they can only be seen by Facebook and by hackers is false; the current legal environment makes them open to the government, no warrant needed.
You're also ignoring that for the government to look in your basement takes some effort. Looking at millions of people's data is trivial.
I responded to this third party doctrine concern you raised on a different comment here: https://www.themotte.org/post/851/culture-war-roundup-for-the-week/183485?context=8#context
But to recap
This isn't exactly true. Things that neatly fall into the category of "communication" are protected, like 1:1 messages. Metadata and other content (like documents) are not.
A different commenter also raised this. Addressed here: https://www.themotte.org/post/851/culture-war-roundup-for-the-week/183482?context=8#context
Wholesale surveillance has been criticized as fairly useless to law enforcement by security experts for a long time.
It might be useless for legitimate law enforcement purposes but fine and dandy for not-so-legitimate ones.
I would argue that machine learning classifiers have made wholesale surveillance quite a bit more useful, by making it a lot easier. You want to find crimetalk, train a classifier with crimetalk and run everything through it; no need for humans to do all that work.
Fair enough. Eliot Spitzer got brought down because his bank transfers to a brothel were red flagged, they investigated, and they just happened to nail the governor of NY. Obviously what really happened is they brought up all of Eliot Spitzer's records, went over it with a magnifying glass, pieced together the brothel thing, and also noticed it had been red flagged (like a billion other transactions that are never looked at), and worked backwards from there to construct a story where they had cause.
So that's an extreme case. How often does this happen in practice though? Also, even in my extreme case, it doesn't seem actually wrong for this information to have come out about Eliot Spitzer?
The magic of parallel construction -- where law enforcement obtains information from an illegitimate source, fabricates a chain of evidence back to a legitimate source, and then presents the fabricated chain to the court -- says we'll never know.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link