Tech companies frame privacy as an issue for individual users to figure out. For example, Strava’s response has been to point people to the site's privacy controls and opt-outs. But of course that doesn’t solve the problem, because everyone’s behavior affects everyone else.
-
Show this thread
-
Arvind Narayanan Retweeted zeynep tufekci
Zeynep Tufekci argues powerfully that privacy is better thought of as a public good like air quality or safe drinking water. The framing of privacy in terms of individual negotiation breaks down here (and in many, many other cases).https://twitter.com/zeynep/status/958325186310307840 …
Arvind Narayanan added,
zeynep tufekciVerified account @zeynepMy latest for the@nytimes. The Strava debacle shows that individualized "informed consent" is not sufficient for data privacy. Given the complexity, companies cannot fully inform us, and thus we cannot fully consent. Data privacy is more a public good. https://www.nytimes.com/2018/01/30/opinion/strava-privacy.html … pic.twitter.com/vcSeRIw1G5Show this thread3 replies 127 retweets 221 likesShow this thread -
Besides, Strava’s privacy controls can be confusing. For example, "Privacy Zones" allow you to hide your activities that lie in a circle around your house. But if I grey out a circle around my house, isn’t my house just the center of that circle?! So haven’t I revealed it anyway?
1 reply 10 retweets 52 likesShow this thread -
Maybe not, but the point is, I couldn’t figure it out. And I’m supposed to be a privacy expert. The typical user, who might be a runner excited about sharing their routes fellow athletes, isn’t invested in mastering these privacy features and their implications.
1 reply 3 retweets 34 likesShow this thread -
Many Strava users use fake names. Can they be de-anonymized by cross-referencing their location traces with profiles on other social media platforms? This kind of question is the topic of research papers. It just isn’t reasonable to expect users to figure it out.
2 replies 10 retweets 40 likesShow this thread -
Strava first released the heatmap in 2014. In Nov 2017 they released an updated, more detailed version. But it was a chance finding by
@Nrg8000 a week ago that made this a major story. That makes me wonder: how many other such privacy fails have we never heard about?2 replies 11 retweets 41 likesShow this thread -
On the other hand, wouldn’t it be great if there were organizations with the resources and the incentives to systematically analyze products for privacy impact, and alert the public when there is a screw-up?
4 replies 10 retweets 43 likesShow this thread -
Arvind Narayanan Retweeted Arvind Narayanan
In a previous thread I discussed why this isn’t happening in the context of third-party online tracking. But it's a broad problem. We need more tech-focused public interest organizations.https://twitter.com/random_walker/status/946889870114467841 …
Arvind Narayanan added,
2 replies 10 retweets 33 likesShow this thread -
The wrong lesson here is that companies shouldn’t release products like the Strava heatmap because of the potential PR backlash. The right lesson is that privacy should be integrated into every stage of the product design, and involves a lot more than anonymity and opt-out.
5 replies 49 retweets 112 likesShow this thread -
2 replies 1 retweet 18 likesShow this thread
And all your work on re-identification!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.