I spend an inordinate amount of time thinking about this very issue, and I must go back and forth weekly. My first reaction is to want to defend the ignorant, to try to educate them and work to protect them from being taken advantage of.

But when you talk to people about it, _their_ apathy and indifference is what leads me to stop caring. I've tried for years to educate friends, family, and coworkers on digital privacy. The number of people who have even installed and used a password manager is 0. If it's a struggle to even get someone to try out, let alone USE DAILY a password manager, what hope does anyone have to elicit a privacy-aware mentality from the general population? Why work to help people who do not even want to be helped?

Hell, look at this very thread on HN. There are people further upthread essentially saying, "Whatever, I like it because it's convenient."

I have adopted a passive stance on privacy and security: I stay up-to-date on news in this area, I choose for myself products and systems that minimally increase my risk, and I will answer questions from clients or other people. But, I won't evangelize it. Most people really just don't care all that much.

> Hell, look at this very thread on HN. There are people further upthread essentially saying, "Whatever, I like it because it's convenient."

Is that so ridiculous a concept? People routinely trade privacy for convenience.

Sending my location to Google through their maps is ridiculously convenient. Getting around using public transportation, especially in a city I'm unfamiliar with, would be a pretty awful experience without it.

While it's a small convenience, Gmail parsing my airline confirmation emails into an easy-to-read format is pretty cool, and I like that it's done. To do this (and have a spam filter), they must be parsing my private email in some capacity.

I've personally never been a fan of digital personal assistants. I've only used Google Now and found it more annoying than effective. But I can certainly understand why getting up-to-date traffic information when you're about to drive home from work would be a really useful thing to have. To do that, it has to learn your daily habits.

Convenience and privacy are almost always at odds with each other. It's a give and take, so ideally I should be getting more convenience for whatever privacy I'm giving up. That may not be the case here, and I'm not saying where your personal line should be, but don't assume people are ignorant just because they're choosing convenience over privacy. (Not saying you are personally, but others in this thread are.)

Yeah, I don't really think of people with different priorities as "ignorant". I get that there are tradeoffs, it's the same deal with network security.

I'm a little ... frustrated, disappointed, bothered? ... though at the number of people that don't seem to consider at all the consequences of where information systems are headed. It's one thing to look at the benefits and the consequences and say, "OK, I'm willing to trade information on my position in exchange for realtime updated traffic flows and generally perfect maps and directions and nearby points of interest." I totally get that. It's not a choice I've made -- I remember getting around before GPS was everywhere -- but I can shrug and empathize and understand the decision.

But, "meh, I don't really care about this news, I just want more convenience" ... that bothers me a bit.

Unfortunately, I really can't think of any way to convince anyone else they should be bothered. I could cite historical cases where that hasn't worked out so well, I could dream up fictional scenarios where it might not work out so well, I could point to more recent events where things like identity theft are costing some people years of their life to sort out. But, none of that really makes much of an impact. I don't think anybody who isn't bothered now will become bothered up until it affects them directly.

>>Is that so ridiculous a concept? People routinely trade privacy for convenience. Sending my location to Google through their maps is ridiculously convenient.

If you cannot tell the difference between you sending your location to Google when you need to and half the people in the world sending ALL their information to Microsoft ALL the time BY DEFAULT, I don't know what to tell you.

Did you stop reading after those three sentences? Because I talked about digital assistants and Google Now, which is basically sending all your information to Google all the time.

Why does convenience and privacy have to contradict each other?

Parsing airline confirmations should be possible to do offline. Preferably by some standard data format like iCal but even if airlines can't agree on such a format it shouldn't be difficult to compile a scraper that can be run offline, with an updater that contains all the various formats.

Sending your location should not be required to display a dot on a map of where you are. Even navigation can be done offline to a certain extent, OsmAnd does it and that's what tomtom and cars have been doing for years.

While I understand this frustration (I've asked the same question myself many times), I feel that we who understand these topics have a duty to try to explain an assist those for whom the computer is still a "sufficiently-advanced" magic box. I'm sure most of the people in the medical profession are regularly frustrated having to explain for the Nth time why we should all eat better.

The scientist who discovers new laws of nature and the engineer that assembles simple pieces into complex and useful tools have only finished half of the process. The other half is explaining these news ideas to everybody else, so they can actually be utilized (and maybe inspire other discoveries and innovations). This was one of Feynman's greatest talents - taking the time to explain the important parts of a topic, in a way that was a lot more accessible.

I generally feel that if an audience is not understanding something (and assuming there were no trivial issues such as lack of time), the fault lies largely with the teacher. While have also met with limited success in explaining these issues, I keep trying in new ways. Pedagogy is a hard problem, but I personally have learned a bit by studying those that seem to have successful methods (such as Feynman, Sagan, Burke[1], Vi Hart[2]).

As for this specific problem of businesses collecting massive amounts of personal data (and the associated "free (as in beer)" culture), I suggest showing people the talk by Aral Balkan that I linked at the top of my previous post. He has given variations of the talk before, but this recent version is particularly good at explaining the entire picture, from simple gmail/facebook doublespeak, to the "free" culture that has taken over the tech industry, the internet.org style imperialism masquerading as "helping the poor", and more. This talk has been more successful than of the explanation, essays, cartoon, or videos that I've used in the past. YMMV, unfortunately.

[1] http://www.dailymotion.com/video/x2hdg0b

[2] https://www.youtube.com/watch?v=4gZ5rsAHMl4

There is no hope. Simple as that.

There's a surprising connection between the reasons for people's ignorance of privacy and the complete and utter inability of an untrained person's mind to spend even just 15 minutes with itself.

Think about that.

I'm increasingly believing that for privacy to live, a necessary (but not sufficient) condition is for free to die.

By free I mean free as in beer, not free as in freedom. The problem is that if everything has to be free, there can never be any money in the actual maintenance and development of the product. User-centric and privacy-respecting business models are impossible if the product is free.

It's necessary but not sufficient because Windows isn't free (well 10 is quasi-free for some people), but it still does these things. So being non-free is no guarantee. But I believe it's a necessary condition since without some revenue stream independent from surveillance and other "indirect monetization" streams there is absolutely no hope of delivering a professional consumer-grade experience that could compete in the general market.

There's an even bigger elephant in the room: software is a non-scarce, non-rivalrous (possibly even anti-rivalrous in that utility increases with usage) good. Per-unit software sales and most standard proprietary software business models are deadweight losses that rely on unsustainably preserving artificial scarcity.

The technical community has mostly accepted that file sharing is a reality that requires rethinking business models, and that DRM is an act of desperation to put old strategies on life support by restricting playback device manufacturers.

But for proprietary versus free software, many remain outright hostile.

Business models for privacy-respecting user-centric free software are possible: https://en.wikipedia.org/wiki/Business_models_for_open-sourc...

They might not be amazingly profitable. However, the reality is, the programmer is heading the way of the musician and the artist.

Programming is a trade, similar to plumbing.

Just like the typical plumber or electrician, most programming is not "new products". Even today, most programming is probably Java (formerly Cobol) internal to a business or other large organization.

There will always be a need for programmers, for much the same reason we will always need plumbers: even with standardized parts and methods, you still need someone to actually customize it to the specific task and implement it locally.

This is where Free Software comes in: we need a commons from which those implementations can be built from. Unfortunately, we still have a lot of sociopathic businesses in the market that think it would be really profitable if they make the threads on all their pipe fittings in the reverse direction at non-standard sizes with the hope of cornering the entire pipe market. In practice, of course, all they've accomplished is forcing every plumber to keep a huge set of adapters in their toolkit and waste a lot of time matching them on every job.

Of course this argument falls apart with the many truly free OS's that would work perfectly well in the general market (as long as you didn't tell consumers they were using GNU/Linux and made it look the same as their Windows box).

I agree with you that "free" as a business model needs to go in one direction or the other. Truly free, as in my Fedora install (ignoring some binaries) or pay for privacy.

The problem with pay lies in the search for more revenue. Cable television used to be ad free. There wasn't a need to advertise since they were already getting subscription money - now look at it. The temptation to add easy profit is too great for many businesses (which is why we now have targeted ads within an OS we already quasi-paid for).

Meanwhile Red Hat isn't doing too bad with their blend of paid and free.

None of what I'm saying is particularly well written or fleshed out after a long day, but this is also something I think about a lot.

> User-centric and privacy-respecting business models are impossible if the product is free.

What about non targeted advertisement?