Over the past few weeks, the story of Cambridge Analytica, and Facebook’s data collection policies, have been dominating a certain part of the news cycle. I read Hacker News, and so I get exposed to a certain kind of perspective on those kinds of issues. I wanted to put together some of my thoughts on the subject, both as a result of reading news articles, and from personal conversations.

The latest iteration of the debate that I’ve read, in this Hacker News thread, gets at a lot of the aspects of the conversation that I’ve been engaging with. This sort of relates to the last post that I made about Slack dropping their support for IRC. I feel almost like there’s a difference of temperament, because I always feel like I fall on a different side from a lot of the comments I read on various tech websites.

In particular, a lot of comments act like the only thing between them and tyranny is their ad blocker.

As an aside I was on EdX earlier and even they are using connect.facebook.net too. Absolutely disgusting.

And then, faced with the inevitable “retaliation is possible,” their community is obviously too large to be worth fighting.

It would be absolutely incredible if Facebook et al “took their ball and went home” throwing away 500 million customers.

More concretely, I fail to see the horrible outcome from Facebook et al’s personal data collection. I haven’t yet lost my job, or my property, or friends, or really faced any damages directly due to their data collection, and as best I know, nobody else really has either (at least, to any scale). The best argument I’ve heard about the downsides rely on counter-factuals, about how Facebook might maybe do something wrong at some point.

Otherwise, I’ve seen various data breaches in the past shown as examples, but those are a different kind of category. Unless the suggestion is that no personal data should be collected at all, how do data privacy laws prevent data breaches? A higher standard of security, maybe? Equifax was dealing with financial data, which already has those kinds of rules in place, and yet still leaked data. Maybe privacy regulations would limit the severity of the breach? The problem is that the only real damage that data breaches cause usually come from password or financial information being stolen, and both of those are generally well-guarded already.

If personal data shouldn’t be collected at all, presumably that means a strong intent requirement with regard to collection (otherwise, no more Facebook or Instagram or online banking). What is data tracking used for then, mainly, that would fall under the axe in this case? All I can figure is user analytics, visible to users in the form of curated content and ads. Should those kinds of things be banned? People definitely find them useful, given the fact that non-curated, non ad-based content has existed for longer and yet is less popular today.

At this point, I think I should plug a Gary Bernhardt talk, specifically the one about ideology. In that talk, Gary makes a very important point that we all carry with us beliefs that structure our understanding of the world, and we usually don’t even know we’re carrying them. To that end, I can only really guess at what the underlying belief is in this case. I want to extend Gary’s point a bit, to notice that often people don’t know what’s meaningful about what they do.

The case in point of this is the free software movement. A lot of people thought, and certainly a lot of people still think that the important part was giving users control over their machines. The reality in projects like LLVM and Rust is that what really mattered was creating a robust public domain of software. Many companies and projects start out using free software, which allows them to grow enough to move onto better proprietary solutions. The value in free software is to make it easier for people to express themselves, and not necessarily to give users greater control over their machines. In fact, a lot of recent developments in software and hardware have moved in exactly the opposite direction, decreasing control given to users in exchange for security.

This probably has something to do with why founders so often end up being ousted as the company they founded grows. Hacker News may think the end game of privacy regulation is to destroy ad tech entirely, but I doubt that’s where the chips will fall. In fact, ad tech works the way it does, and to a degree these kinds of debates rage on precisely because people don’t know what they themselves are up to.