I think there are three different problems here, each of which calls for different solutions.
Problem 1 is data floating around that is intrinsically harmful for strangers to have—your credit card number, for example. Sometimes you put that number online, and you would really rather it not be widely distributed. This problem can probably be solved by straightforward cryptography; if your CC# is never sent in the clear and changes every few weeks, and you don’t buy from an untrustworthy vendor more than once every few weeks, you’ll mostly be fine.
Problem 2 is data floating around that can be assembled to draw generalizations about your personal life—e.g., you’re gay. Perhaps I’m speaking from a position of excess privilege, but one good medicine for that sort of thing is sunshine—if you find a job and a support network that you don’t have to keep secrets from, you can’t be blackmailed and won’t need that sort of privacy as much. I’m skeptical that online data-mining will reveal much more of this kind of personal info about anyone than casual observation would in the near future; if you’re constantly listening to Justin Timberlake, someone will eventually figure out that you like Justin Timberlake even if you never go online.
Problem 3 is people predicting your next move from your previous history. That’s kind of spooky and could be dangerous if you have enemies, but the solution is straightforward: vary your routine! If you add a bit of spontaneity to your life, the men in the black suits will have to use a satellite to find you; maybe you’ll get lucky and their budget will get cut.
It’s 2 that I’m worried about; or, rather, not specifically worried for myself, but think is an interesting problem.
If information is really supposed to be private (credit card number) then you’re right, straightforward cryptography is the answer. But a lot of the time, we make information public, with the understanding that the viewer is a person, not a bot, and a person who has some reason to look (most people viewing my LW posts are people who read LW.) We want it to be public, sure, but we don’t plan it to quite as public as “all instantly assemblable and connectable to my real name.” In practice there are degrees of publicness.
As a personal issue, yeah, I’d like my job and support network to be the kind that wouldn’t be shocked by what they find about me.
Hm. OK, just brainstorming here; not sure if this idea is valuable.
Suppose you found a way to -detect- when someone was assembling your data? Like if all your public posts had little electronic watchdogs on them that reported in when they were viewed, and if a sufficiently high percentage of the watchdogs report in on the same minute, or if a sufficiently broad cross-section of the watchdogs report in on the same minute, then you know you’re being scanned, and the watchdogs try to trace the entity doing the scanning?
And then if all the people who didn’t like being bot-scanned cooperated and shared their information about who the scanners were so as to trace them more effectively and confirm the scanners’ real identities? You could maybe force them to stop via legal action, or, if the gov’t won’t cooperate, just fight back by exposing the private info of the owners/employees of the bots?
I think there are three different problems here, each of which calls for different solutions.
Problem 1 is data floating around that is intrinsically harmful for strangers to have—your credit card number, for example. Sometimes you put that number online, and you would really rather it not be widely distributed. This problem can probably be solved by straightforward cryptography; if your CC# is never sent in the clear and changes every few weeks, and you don’t buy from an untrustworthy vendor more than once every few weeks, you’ll mostly be fine.
Problem 2 is data floating around that can be assembled to draw generalizations about your personal life—e.g., you’re gay. Perhaps I’m speaking from a position of excess privilege, but one good medicine for that sort of thing is sunshine—if you find a job and a support network that you don’t have to keep secrets from, you can’t be blackmailed and won’t need that sort of privacy as much. I’m skeptical that online data-mining will reveal much more of this kind of personal info about anyone than casual observation would in the near future; if you’re constantly listening to Justin Timberlake, someone will eventually figure out that you like Justin Timberlake even if you never go online.
Problem 3 is people predicting your next move from your previous history. That’s kind of spooky and could be dangerous if you have enemies, but the solution is straightforward: vary your routine! If you add a bit of spontaneity to your life, the men in the black suits will have to use a satellite to find you; maybe you’ll get lucky and their budget will get cut.
It’s 2 that I’m worried about; or, rather, not specifically worried for myself, but think is an interesting problem.
If information is really supposed to be private (credit card number) then you’re right, straightforward cryptography is the answer. But a lot of the time, we make information public, with the understanding that the viewer is a person, not a bot, and a person who has some reason to look (most people viewing my LW posts are people who read LW.) We want it to be public, sure, but we don’t plan it to quite as public as “all instantly assemblable and connectable to my real name.” In practice there are degrees of publicness.
As a personal issue, yeah, I’d like my job and support network to be the kind that wouldn’t be shocked by what they find about me.
Hm. OK, just brainstorming here; not sure if this idea is valuable.
Suppose you found a way to -detect- when someone was assembling your data? Like if all your public posts had little electronic watchdogs on them that reported in when they were viewed, and if a sufficiently high percentage of the watchdogs report in on the same minute, or if a sufficiently broad cross-section of the watchdogs report in on the same minute, then you know you’re being scanned, and the watchdogs try to trace the entity doing the scanning?
And then if all the people who didn’t like being bot-scanned cooperated and shared their information about who the scanners were so as to trace them more effectively and confirm the scanners’ real identities? You could maybe force them to stop via legal action, or, if the gov’t won’t cooperate, just fight back by exposing the private info of the owners/employees of the bots?
If you found such a way, then a lot of interesting consequences would follow.
Of course, there is no such way for the same reason that the history of DRM is a history of failure.