I don't think paid-for services are going to solve anything. We pay up and out the ass for television, which obviously has ads, but I'm sure they're tracking as much as possible too.

Unless you've been extremely diligent, there's no way you're going to escape a targeted invasion of privacy when someone, or some group, government or not, wants it bad enough. Trying to stop that would be exhausting and futile.

Right now, we're allowing highly coordinated, highly detailed, nearly invisible, for-profit, stalking to take place legally. There's no doubt that's bad for society. We have anti-stalking laws for good reason. It's worth doing something about the current state of things, even if it doesn't bring the tracking down to nothing. The free market and tech has failed to fix it so far. They don't have forever to keep trying. Laws are the next line of defense. Laws might not stop criminals from crimin' but I'm sure the Tim Cooks of the world aren't going to risk their company profits (or personal freedoms, if the laws are strict enough) to get a little extra info on everyone.

What if there were paid services that promised no ads? Ever? Make it part of their policy?

Originally, this was the promise of cable television. Eventually they figured out they could charge you and deliver ads.

Naive: instead of serving ads directly, the service would just eagerly sell your data to someone else for possibly worse purposes than ads (e.g. denying you health insurance, mortgages, a job, etc.)

Why? Why wouldn't the income from subscriptions be enough?

There is no such thing as "enough" when corporations seek perpetual growth.

Exactly. I'm doing this with the company I've been building [0] and it works. While it's taken a while being completely bootstrapped, we make enough money to grow and focus on our users. No one is obligated to track and stalk everyone online; that's just the prevailing business model (unfortunately).

[0] https://write.as/principles

Yes, and when you cash out to enjoy life in the tropics, whoever you sell to will then use any and all information you may have as they see fit, and load up your service with the usual. I won't even blame you for it, this is just how things work. I believe the sincerity of your statement of principles, just as I believe that Sergei and Larry were sincere when they told Google "Don't Be Evil". Everything ultimately has a price, even your principles, and even if it is very high, there is someone out there that will meet it if they can make a profit on it. The guys like Richard Stallman that are religiously committed to their beliefs is vanishingly small, and the odds that a founder such as yourself is one of those people is correspondingly low.

That doesn't mean I wouldn't use your service (which looks cool). It just means that I would have a plan in place for what I'll do when you sell out ;)

Haha well they certainly don't make the covers of magazines very often, but I don't know that they're as rare as you think. The people behind Basecamp, Balsamiq, and tons of other smaller companies are able to build "old-fashioned" businesses that stick to their principles and only answer to their customers. You need a little fortitude on the founder's part of course, but also the right financial incentives -- a key aspect the GP post missed.

As for Write.as, I spend copious time talking about why I built it [0] and making sure people know me personally, to address your exact point. Personally, I'm a simple dude who relishes putting more value on principles than a number in a bank account. And I'd rather have a tent in the woods than Mai Thais on the beach.

But we do have an open API [1] and one-click export to get your data out, so you can be sure :)

[0] https://write.as/matt/who-is-this

[1] https://developers.write.as/docs/api/

"Bad money pushes out good money." Since you can't prove privacy, customers have to assume no-privacy and vendors must exploit that or else get outcompeted by someone who does. Same for any quality that customers want but can't verify, such as quickly long-life or organic ingredients or treatment of workers and animals.

I wonder if it's possible for a watchdog organization to automate trap street accounts.

It's possible that the prosecutors in a local drug case got Snapchat data by subpoena, but much more likely is that it was given to them by an informant. Here's the real thing. Anything you do online is not private. If you want to keep something private, don't do it online.

Well, if you pay for a service that promises certain privacy protections, then they are legally obligated to fulfill those promises. That’s one mechanism, although obviously you still need watchdogs and a solid legal and court system to protect the promises.

> Here's the thing though, would we ever get privacy? Even if we were to pay?

The issue is that the services have to be funded somehow. If they're funded through data mining, you lose your privacy. So if you want privacy, some other funding source is necessary but not sufficient.

> once your data is on that company's server, how would you even be able to reliably validate what's being done with it?

The answer is for it not to be on their server at all. Have it be on your server. Operating a server should be as simple as operating any other home appliance.

> The issue is that the services have to be funded somehow. If they're funded through data mining, you lose your privacy. So if you want privacy, some other funding source is necessary but not sufficient.

That, and there has to be a legal or technical way to prevent them from datamining you anyway. Because seriously, almost no company is going to voluntarily leave money on the table. Why drop old profit source for the new one, when you can have both?

> The answer is for it not to be on their server at all. Have it be on your server. Operating a server should be as simple as operating any other home appliance.

That's an important part of the solution, I believe. Personally, what I'd love to see is the move towards making service providers stop trying to own data. The way SaaS currently works is: I send my data to the service for processing, they basically own it, and I'm lucky if I can even get the data back out and untangled from the service. The way this should be working is that I own and control the data, and I rent their code to be run on it.

Come to think of it, that's how desktop software works, and that's why the abstraction of a file - the one the cloud is desperately trying to kill - is so awesome.

>The answer is for it not to be on their server at all. Have it be on your server. Operating a server should be as simple as operating any other home appliance.

But... operating non-computerized home appliances is difficult, too. Remember all the jokes about the VCR blinking 12:00? This was because every damn thing had it's own completely non-standard, unique interface.

I mean, we've got fewer and fewer clocks we've gotta set, but back in the day, I remember I was the sort of person who would have to jimmy with a friend's car until their in-dash clock was right... and almost nobody I knew had a clock that was right year round, just 'cause they couldn't be bothered to look up or figure out how to set it.

Now, with connected appliances? (as any of your 'social network' appliances would have to be) if you didn't apply the security updates (and maybe if you did) the data would be even more public than it is now.

> But... operating non-computerized home appliances is difficult, too. Remember all the jokes about the VCR blinking 12:00? This was because every damn thing had it's own completely non-standard, unique interface.

Not really. It was because the device is a VCR (or a car) that happens to contain a clock and people didn't care enough about the clock feature to bother with setting it. Even the people whose clocks weren't set could still play a video tape or drive to work.

What it points to is the need for good defaults. The default shouldn't be to blink 12:00, nobody actually wants that. It should be to get the time from a GPS receiver or NTP server or something like that. It's a problem caused by no external connectivity, which is no longer an issue today.

> Now, with connected appliances? (as any of your 'social network' appliances would have to be) if you didn't apply the security updates (and maybe if you did) the data would be even more public than it is now.

Security is an issue but it's a separate issue. Huge organizations get pwned all the time. Yahoo, Target, Equifax, OPM, it's a very long list. If the thing holding your data gets hacked, you lose. That doesn't really depend on if it's in your home or not.

>Security is an issue but it's a separate issue. Huge organizations get pwned all the time. Yahoo, Target, Equifax, OPM, it's a very long list. If the thing holding your data gets hacked, you lose. That doesn't really depend on if it's in your home or not.

For your thing to not get hacked, someone needs go proactively defend that thing, even if defending that thing just means 'install the dang updates' (of course, there's more to it than that, but for most of us, if installing the updates isn't enough, we are compromised and deal with the consequences)

I'm comparing leaving the clock blinking 12:00 to the phone that hasn't been updated in two years. If your data is on devices you control... you need to control the security of said devices, and that's easier said than done.

My point here is that not paying attention to the security of your home appliances has very different and sometimes not obvious consequences to not paying attention to other aspects of home appliance setup.

It works through preservation orders, which LE can issue to companies and mandate they preserve records of something.