Andrea Scarpino is a user on You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Andrea Scarpino @ilpianista

What do you reply to your friends when they say "I don't care if Google/Facebook/X knows everything about me as they are the same as meddler neighbours".

How's even possible people are so used to sell their life details? And for free too?

@ilpianista I think it' s a historical issue

people don' t know what data processing is all about

That' s why they believe that Facebook and Google are as evil as their neighbours.

I think some historical accident has to happen in order fo rhumanity to learn what data processing is all about

Like it happened in WW2 or something as big

But maybe I' m wrong. Predicting the future is a known hard business


In the meantime we can do what we can to spread things like Aral Balkan' s stuff and

@ilpianista most of them will draw the line at, “If you don’t need any privacy, then give me your bank account password.” And then one of my friends actually did, ugh 😔

@ilpianista These are not the same as the neighbors, they're more like the government registries, but for sale.
The fact that the data are sold aggregated, doesn't change much: individually or in a group, the effects of the policies, derived from the "statistics", are not much different.

Moreover, all of those companies are under control of, not very loved nowadays, US government.
Although if it wasn't US/UK, it wouldn't change much.

Perhaps, @dredmorbius could come up with yet simpler answer.

@ilpianista There are a few different approaches to this. And yes, I need to write A Thing.

You've also got a few distinct problems even in addressing the issue and making headway with someone on it.

There's ignorance on the issue.

There's /willful/ ignorance.

There's the question of "well, what would change your mind?"

There's the historical context.

There's scale.

There's power, and information's role in power dynamics.



@ilpianista First off, very few people have /any idea/ of how pervasive and widely-shared this information is, /and to what ends/. So you could start by asking "what information do you think Google, or Facebook, or the advertising networks, or the data brokers, skip-tracers or other organisations, have on you?" And the clincher: "Have you ever asked them?"

Because people /have/ requested this information, and the result has been over a thousand pages:


@ilpianista You could ask "/Should/ someone have the right to say "stop collecting data on me?" You'll get one of three answers generally: "yes", "no", or "well, I don't know". You can pursue each of those.

If someone says "yes", then you get to "well, /if/ someone says "don't collect information on me", *do you expect Facebook (or any other data broker) will honour that request?* Because often the rejoinder seems to be "they'll just do it anyway", where we can cut to "is that right?"


@ilpianista And if someone says "no", you might ask "why not". And perhaps suggest some cases in which that surveillance is possibly harmful:

A journalist, working undercover exploring, say, organised crime, or business corruption, or political corruption, in the US or Western Europe. That is, a region with a reasonably good record of law and order.

A journalist working in Russia, or Syria, or Iraq, or Mexico, or the Philippines, or Myanmar, or Egypt, where killings are frequent.


@ilpianista You can look at the Committee to Protect Journalists for where such killings occur, and how often:

You could ask "well, if Facebook has /your/ data, is it OK for them to track those of your contacts?" *Because Facebook does that.*

I can completely opt out of Facebook, but if my email or phone numbers *OR PICTURES* or other data turn up, I'm still in the system.

Is that right?

Google and Gmail have a similar problem.


@ilpianista Benjamin "Mako" Hill noted this four years ago in an essay: "Google Has Most of My Email Because It Has All of Yours". Hill runs his own email server. But a third of his mail comes directly from Google, and 57% of what he /sent/ went through Google's email servers.

*That is, by their very size, these organisations control the majority of commnications on the planet.*


@ilpianista A lot of people just don't want to think about the situation because it's too big / depressing / troubling / whatever. *Or*, as is often the case, *they are bought into the very system that is enabling all of this: marketing, advertising, sales, "branding", etc., etc. It would be questioning their very religion to challenge any of this.

Upton Sinclair: "It is difficult to get a man to understand something, when his salary depends on his not understanding it."


@dredmorbius @ilpianista In my view, people either don't understand the difference between the passports and migration control and the other "traditional" databases, and the more modern and invasive practices; thus see no problem or cannot even imagine an alternative.
Or are simply demoralized.

Crypto Wars - NHK Documentary 1997

IMO, this two decades old film explains the essence of surveillance perfectly.
(Although it is about strong encryption, not anonymity.)

@ilpianista And I don't really have a fix for that, it's a genuinely difficult psychological problem. People will continue to persist in irrational beliefs where such dissonance exists /for a very long time/.

One tactic I've found that's somewhat useful is to wait for the person to say something that's clearly at odds with their stated stance /in some other context/, and point out the contradiction.

Realise you won't win this argument in a single sitting. It may be months or years.


@ilpianista The "what would change your mind" tactic is one that can sometimes be useful, though I think the weakness there is that you're calling on someone /to be prepared to make that jump/, and often they simply aren't, so they won't come up with anything.

There is some usefulness to the question though.

If the answer is, directly, "nothing", you can at least withdraw to the bulwark of "well, then we're not having a fact-based and rational discussion". This won't win you friends.


@ilpianista If you /are/ fortunate enough to be given some purchase, though, you can use that.

We move on to history. There's a lot of it.

There's the quote I've featured in my G+ profile:

"If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged."
- Cardinal Richelieu (a/k/a Armand Jean du Plessis, Cardinal-Duc de Richelieu et de Fronsac)

OTHERS don't use YOUR information for YOUR benefit, but for THEIRS.


@ilpianista Yonatan Zunger, former chief architect of Google's own social network said this:

"[T]he forced revelation of information makes individual privilege and power more important. When everyone has to play with their cards on the table, so to speak, then people who feel like they can be themselves without consequence do so freely.... People who are more vulnerable to consequences use concealment as a method of protection..."


@ilpianista Keep in mind that this is someone who's proving an exception to Sinclair's dictum: *Yonatan is expressly stating a view that is in direct contrast to those of the system under which he was employed.*

(Yonatan has since left Google. But his comments were made whilst he had three more years to spend with the company.)

The comments were /also/ directed specifically at a proponent of universal openness, David Brin, of "Transparent Society" fame, and directly addresses *power*.


@ilpianista Another case, and the one I've been directly shoving in Google's face since, by sheer coincidence, 9 November 2016, is Kristallnacht and the role of data troves during the Holocaust.

I've been re-posting that bit, with various commentary, since then. The November 25 2016 re-share actually addresses a large part of what you're asking. It starts:

Google, you've got to be asking yourself, "do we even want to be in this business?"


@ilpianista You can also flip this question around and note how vigorously, and violently /those in power/ resist any and all attempts at transparency and accountability. This is something where I really ought have more references on tap, and I don't at the moment, but: the NDA you'll sign if you visit Google's campus (or any large Silicon Valley firm). Government resistance to FOIA requests. The Fascist Traitor Puppet Donald John Trump's attacks on the press and courts themselves. Etc.


@dredmorbius @ilpianista

Organizations should be transparent and people lives should be opaque

It's the other way around

Even the classical human rights standards are deteriorating

So it's not just big tech

@ilpianista There's the point that our protections, /especially/ civil rights and civil liberties protections, /aren't/ some sort of specific opt-in, but are availed to all.

A foundational principle of society is that it /is/ communal. There's the Martin Niemoller quotation, "First they came for":

***If you don't stand up for the rights of others, there will be no one to stand up for your rights.***

If there's a central argument here, this may be it.


@ilpianista A possible counter to these historical arguments /might/ be that if you've reached the point where abuse of surveillance information is such a concern, then you've got bigger problems. I've been giving that view some thought.

But it also seems to me that the two seem to go rather hand-in-hand. That is, it's the regimes (in the general sense of "system", independent of state connotations) that /have/ universal surveillance which /trend/ to totalitarianism.

It's a warning sign.


@ilpianista Francis Bacon famously said that "knowledge is power": Scientium potentia est.

With all due respect, the gentleman was wrong.

Knowledge is a power /multiplier/.

*With* knowledge, it's possible to apply power /where it can have the greatest effect/. For good. Or evil.

Knowledge is a /focusing/ or /concentrating/ capacity. It is the difference between a steel rod and a sword. Both deliver energy. The blade slices.


@ilpianista There's the case of two major offensives in WWII: Germany's invasion of France, and the D-Day and subsequent battles of the Allies against Germany.

At the start of WWII, Germany and France were fairly closely matched. *French armour was superior to German on specs.* But German tanks had a secret weapon: Radios. In. Every. Tank.

French tankers had to roll with pre-determined programmes. German panzers could improvise. Improvisation won: slight advantage leveraged.


@ilpianista That is: the Germans, with equivalent force /but a greater capacity to focus it/ smashed the French.

The advantages were turned by D-Day. Germany faced a far superior force (the Allies, with American manufacturing /and petroleum/ might behind it), and equivalent or greater organisation, sensing, and communications capacity. Germany had to be strong /everywhere/ along a multi-thousand km coastline. The Allies had to be overwhelming at one (or a few) points.


@ilpianista Even /if/ Germany had had perfect information, /it could not respond to the situation on the ground fast enough to apply it/.

And Germany /didn't/ have perfect information.

Again: information focuses power. But that only works if the power /can/ be focused, /and/ to effect, /and/ within some reasonable time.

If you have information but /no/ capacity to act, then you can only watch the inevitable rolling toward you.


@ilpianista Then there's the question of information /scale/.

You'll often here that privacy itself is a novel concept, and that it didn't exist historically.


(Sorry. I kind of hate bullshit arguments.)

If privacy is defined as /an opposite of some contrary state/, as in "The state of being in retirement from the company or observation of others;" (1913 Websters), then /without that contrary state there's no need/.


@ilpianista And, historically, surveillance was /expensive/.

You needed eyes, and ears, and boots, /on the ground/. Even early postal and telephonic surveillance required fairly high-cost procedures and protocols, compared to today.

Yonatan Zunger again, on surveillance, and East Germany's Stasi (as well as the fascinating concept of "surveillance play"):

He mentions "The Lives of Others". Watch it if you haven't. Trailer:


@ilpianista And realise that for all the horror and evil and disruption the Stasi caused, it had a miniscule fraction of the data the NSA has today. There's a map showing this:

(You may need to zoom out a bit for the full view.)

"Ah!", you say, "I'm paying attention here, Dred, and I see what you just did: we went from 'Facebook' and 'Google' to 'The NSA'. They're Not The Same Thing."

Unfortunately, they rather more are than aren't.


@ilpianista It's also /vitally/ important to recognise that Google, Facebook, Amazon, Twitter, and others are only the /visible tip/ of a much larger data-broker industry.

Some years ago a friend working at Visa International (the credit card company) mentioned a conversation overheard with a co-worker who happened to be an Army Reserve officer. /He/ had been talking to a friend at CIA about surveillance. "You've got more data than we do" was the response.

Mind: 2nd hand and old info.


@ilpianista But a point to keep in mind all the same.

Another element of financial data is that /it has a very strong validity correction to it/. That is, /it costs money to create financial transaction data/ (among other resources). Which makes producing /spoofed/ data particularly expensive.

(Data collections schemes /without/ mechanisms for rejecting bad data tend to get useless quickly.)

And yes, there's bad data in financial systems, /but far less than might otherwise exist/.


@ilpianista Getting this discussion back to the question of how much data are held by various entities -- Google, Facebook, Twitter, credit-card brokers, mobile telco providers, etc., etc., is another area in which I'd have to do some more research if this were to be a more robust response. But my general understanding is that what Google and Facebook have puts the credit card companies to shame.

How do we know this?

Well, for one thing, /credit brokers want that data/.


@ilpianista And the data flow in the other direction as well, from credit-card companies to advertisers:

And, of course, the NSA wants the data, and will tap directly into it:

If the government cannot do that, it will instead individually analyse mobile electronics for social media details at border crossings -- of US citizens and noncitizens alike:


@ilpianista Reading the specific text of DHS's statment is chilling:

"Passcodes or other means of entry may be requested and retained as needed to facilitate the examination of an electronic device or information contained on an electronic device, including information on the device that is accessible through software applications present on the device."

Mind: *your off-device data, if accessible through software ON the device, must be presented.*


@ilpianista There's a whole 'nother set of lines of argument about metadata, scale, and data as toxic waste. This is getting long, and others have argued this far more eloquently than I.

There's using metadata to find Paul Revere:

There's the fact that the /useful/ part of most surveillance and stakeouts /is/ metadata: who is talking to (or seeing, or receiving materials from) whom, and when:

Bruce Schneier: Metadata = Surveillance:


@dredmorbius @ilpianista Here's one interesting point, by the way: *everybody* should route everybody else's traffic as much as possible (in a network like or , for example), not just for better decentralization and anonymity, but also to to make it more difficult to tell *when* a message has been sent/received and *how big* it was.

And that requires rather cheap and fast Internet connection… Unsurprisingly the laws are intended to make it quite the opposite!

@amiloradovsky @ilpianista How do you deal with bandwidth, reciprocity, and/or abuse, under such a scenario?

@dredmorbius @ilpianista Ideally, the download/upload speed should be fixed, bandwidth throttled, if needed, or fluctuate randomly.
If we assume the traffic to be e2e encrypted, there's no way to tell what is in there. So we can just hope our node is used for good…
I don't know how to avoid the free rider problem now.

is actively researching all these questions at much deeper level than I can do here.
And, according to Zak Rogoff, there is some incompatibility of the desired properties.

@amiloradovsky @ilpianista It's possible to throttle or QoS shared bandwidth, yes, but there's no protection on keeping a single source (or worse, a distributed source: DDoS) from saturating bandwidth.

There might be some means of setting up reciprocal arrangements or budgets, but those seem to get complicated fairly quickly.

@dredmorbius @ilpianista I'd say, such a networks are still mostly at the "active research" phase (as was the in the 70's), which is done on intersection of computer science and economics (both equally important).

I'm not sure if the principles of are applicable here.
And, yes, and censorship through overwhelming are some of the issues, if I remember correctly.

@amiloradovsky @ilpianista A key challenge is that if you're /both/ distributing /and/ encrypting traffic, you've got virtually no management left.

There are some systems that attempt to work around this. I've looked up these in the past, one is FAUST, and another is a fair, anonymous, queue management (I think) system. Let's see if I can track these down....

@ilpianista Cory Doctorow and Bruce Scheier have both compared data to toxic or radioactive waste:

The real kicker is that #DataAreLiability. That is: holding data /over time/ creates a /risk/, and a potential for /real harm/, that simply /cannot/ be fully understood or appreciated at the outset.

Your friends who fail to understand this /are demonstrating this very problem/.


@ilpianista Oh, and another good (but long) bit on metdata, by Jane Mayer:

“The public doesn’t understand,” [Sun engineer Susan Landau] told me, speaking about so-called metadata. “It’s much more intrusive than content.” She explained that the government can learn immense amounts of proprietary information by studying “who you call, and who they call. If you can track that, you know exactly what is happening—you don’t need the content.”


@ilpianista On the "Data are Liability" point, I could quote a whole bunch of security experts, but I'd rather give citations from the banking and advertising world themselves -- again, speaking counter to Sinclair's dictum.

Ad Age: "Why Data Can Be More of a Liability Than an Asset"

American Banker: "Customer Data is a Liability":


@ilpianista From the AdAge bit:

"Here's a hard truth: Regardless of the boilerplate in your privacy policy, none of your customers have given informed consent to being tracked in this way. Your customers have not carefully weighed the pros and cons of sharing data with you. Nor should they have to, because the burden is on you to make sure that your data collection will only result in positive outcomes for your customers and your business. Is that a guarantee you can give?"


@ilpianista And from American Banker, again: *speaking for the organisations that want this data* AND *whose entire business is predicated on risk management*:

"I don't think people have seen yet what the implications can be for a bank of a massive data theft," said Andrew Waxman, an associate partner in the financial markets risk and compliance practice at IBM's global business services unit. "People have been lucky so far."

*Banks hate unmeasurable risk.*


@ilpianista This whole risk and liability thing is actually central to the problem, and gets us to another point, one which relates to the problem /I am creating right here/, which is: discussions of this shit run way too fucking long.


*Because it is inherently complicated.*

Risk, /especially/ unforeseen risk, is hard to deal with /because it is hard to anticipate/. And once /one/ person realises it, it's hard to communicate to others. And to diagnose, address, etc.


@ilpianista Complex risk attacks the most fundamental principle of problem resolution: *Realising you have a problem.*

I previously Wrote a Thing on this:

So again, you can tell your friends who Don't Get This that they are not only /part/ of the problem, but /they're highlighting the very problem dynamic itself/.


@ilpianista One more point about scale: Google, and Facebook, and governments, and mafia organisations, are /huge/.

Facebook bought WhatsApp in 2014, for $19 billion /in cash/.

The typical U.S. household cannot raise $400 on short term. Facebook a California company, has the purchasing power of 40 million typical households -- the population of the entire state.

These are Large Entities. Very Large Entities.


@ilpianista Facebook, with your data, is the equivalent of /the entire state of California knowing your every online interaction/.

Including the interactions you don't make deliberately, but those which simply emerge out of your other activities: where you are, who you're with, your language choices, and more.

Ask your friends how they'd feel if *the entire state* understood as much about them as Facebook. Or even just you.

Because that's a Massive False Equivalence.


@ilpianista The other side to this data is the /density/ and /richness/ of it.

Facebook knows what you've said. Who you've said it to. What you're listening to (in the background). Whose faces appear in your photos. Where you are. At up to ten-second and four-in resolution. Facebook can tell when you've walked across the room. It knows where you live, work, eat, sleep, shop, play, fuck, and go to the doctor. It knows who sells you drugs -- legally or otherwise.


@ilpianista Do you remember your phone number from 1988?

(Did you /have/ a phone number in 1998?)

AT&T does.

And it knows who you (or anyone alive at the time) called. 1.92 *trillion* phone calls. Dating to the 1980s.

And it provides that information, on request, to governments.

I don't know how much more 1984 you can get than having phone-call-record data dating back to 1984, which is 34 years ago.

There is NO business reason for having that data.


@ilpianista Another final part to this argument is that /the regimes under which data collections schemes begins may well not be the ones under which they end./

That was a major problem for European Jews under Nazi occupation. Data gathered by the pre-occupation government, /often with the understanding and encouragement of those profiled/ was used against them.

Dutch census data and religious encoding during the Holocaust, for example:


@ilpianista Corporate management changes. Ownership changes. National governments change. Borders change.

Ukraine, for example, published files collected by the KGB under its USSR occupation:

Google may not always be Google.
Facebook may not always be Facebook.

Sourceforge, for those who remember it, is no longer Sourceforge:

That's a project that began with best intentions.

Intentions are not good enough. Results matter.


@ilpianista Google, and Facebook, now operate under a regime that is pro-racist, pro-fascist, pro-Nazi, and seems to be under the bidding of Russia.

Facebook itself has massive Russian investment through Yuri Milner, closely linked to the Russian Kremlin:

*There is no control over this by anyone within the organisation. Least of all front-line employees. Assurances are the emptiest of empty sets.*


@ilpianista Since I've pointed out that the length of arguments is a major part of the problem in addressing this, let's see if I can't wrap this up in a tidier bundle.

1. The problem is complex, involves unapparent long-tail risks, and has significant elements outside anyone's control, including your friends, you, or Facebook / Google / whatever data broker themselves.

2. "It's the same as my neighbors" is absolutely false equivalence.