Require opt-in by default. In all cases.
All PII data at rest must be encrypted at the field level. Like how passwords should be stored. aka Translucent Database techniques. Not just in transit. Not just encrypting the whole database. But encrypt the actual fields within a database.
Constitutional privacy means personal sovereignty over oneself. (A superset of the folk definition of keeping secrets.) Meaning any and all data about me is owned by me. Any one using my data for any purpose has to pay me. (See opt-in by default above.)
Exactly this. It doesn't matter that google doesn't "share" what they gather if they own so many conversion funnels from top to bottom anyway.
But why would anyone assume that? I think the position of many privacy advocates is that we're long past the point where it's reasonable to assume Google is acting in good faith in the best interests of its users. (Again, to be fair, this is true of more companies than just Google.)
Corporations measure success by one metric and one metric alone: shareholder value. Under our current system, a corporation that doesn't increase shareholder value is considered a bad company. Such a company is punished.
If Google can increase shareholder value by violating user privacy, and the consequences of getting caught won't reduce shareholder value too much, it's a bad company if it doesn't violate user privacy.
Of course there are mechanisms that slow this down, like laws and employees trying to follow laws, employee ethics, old guard culture, etc, but all will be defeated one by one for shareholder value.
You do realize the majority of people are completely oblivious as to why privacy matters as it relates to their data collection.
It's not that they're willing to do anything. It's that they're passive/apathetic when faced with vague prompts telling them about a matter they don't have insight on, after being bombarded by terms of service agreements, cookie pop ups, etc for years and years.
> This is a fair position to take, but assuming good faith all round, one that I think will typically be a minority.
If they were aware of privacy implications / exactly what's being collected on them and how that data is being used, then it's safe to say that they'd be the majority. Can't blame them for not taking the time to read into the matter either, as most outside of tech are wrapped up with a million other hostilities in their daily lives.
Defend it all you want, but it's just one more unethical thing screwing people over.
In fact your opinion is not a fact.
The right spirit is informed consent.
If I'm letting you scrape crash dumps and my browser happens to crash in the request where I send my credit card information to xhamster, that's one thing. Odds are that's never happened to anyone. It's another thing for you to guarantee that you're planning to record that information.
