On Tue, 3 Apr 2018, at 10:21 AM, marc.garrett via NetBehaviour wrote: > I propose a law to stop systems from collecting personal data.
A long digression: :-) RMS is very good at making clear what they mean by "personal data" here: > Data about who travels where is particularly sensitive, because it is > an ideal basis for repressing any chosen target. We can take the > London trains and buses as a case for study. One of the problems with using Facebook as the paradigm for "personal data" is that there are two kinds of things that Facebook collects. The first is the text and images that people upload to it. This is what makes Facebook look like work in a way that, say, phoning someone on a landline doesn't. In the wonderful world of copyright, these are resources that people have rights to, and so it is "ours" in a meaningful way. This isn't the kind of data RMS is talking about, I think. The second kind of thing, and the one that I think RMS is talking about, is the telemetry and metrics that Facebook generates to describe our actions, both using their systems and across the web. That ain't our data. It's data about us. Confusing click counts with cat pictures is something we should avoid. Both when talking about privacy and waxing workerist about how much money Facebook makes from "our data". So, yay RMS here. > However, convenient digital payment systems can also protect > passengers’ anonymity and privacy. We have already developed one: GNU > Taler. It is designed to be anonymous for the payer, but payees are > always identified. We designed it that way so as not to facilitate tax > dodging. All digital payment systems should be required to defend > anonymity using this or a similar method. On the less yay front, I'm very disappointed that Taler has become a GNU project. It's as if GNU Privacy Guard was a re-implementation of the Clipper Chip, or GNU Emacs sent your documents to the NSA (but only when you save them...). Cryptocurrency exchanges already allow you to export spreadsheets of your trades, and cryptocurrency wallets already allow you to export spreadsheets of your transactions. Compliance with tax regimes, where the relevant agencies give clear guidelines, is easy. Pretending that there is something inherently dishonest about not having every payment transaction spied on by the state is part of the War on Cash, and represents a supra-Soviet degree of surveillance at least as much as tracking your taxi rides does. The argument that payees give up their right to privacy by being paid for something bakes in social and economic inequality, and makes receiving money a safety risk that will of course fall the hardest on the most vulnerable. Baking surveillance and social inequality into software goes against everything that GNU stands for. GNU should not be producing spyware, making software that targets people's safety, or furthering state surveillance rhetoric. > The EU’s GDPR regulations are well-meaning, but do not go very far. It > will not deliver much privacy, because its rules are too lax. They > permit collecting any data if it is somehow useful to the system, and > it is easy to come up with a way to make any particular data useful > for something. They are however a nightmare to comply with if you are not a company the size of Facebook. We should be wary of producing regulation that locks in rather than fixes the underlying problem of too-big-not-to-exploit data gatherers. - Rob.
_______________________________________________ NetBehaviour mailing list NetBehaviour@lists.netbehaviour.org https://lists.netbehaviour.org/mailman/listinfo/netbehaviour
