A company recently demoed to me that they have the ability to see the work history, credit report, and bank balance of a visitor that visits a site with some tracking code, in under 500ms. They use this information for a product that qualifies leads for sales teams, so the sales team knows who is a waste of time to go after and who isn't.
Creeps me the fuck out, and the owners seem to have no ethical qualms about buying, selling, and using this data.
None of it is accurate and almost all of it is modeled from sparse, low quality training sets. Banks are not selling PII’ed account balance data to shady aggregators.
To me, the more interesting and outrageous story is how many aggregators are able to sell garbage data so successfully.
> None of it is accurate and almost all of it is modeled from sparse, low quality training sets. Banks are not selling PII’ed account balance data to shady aggregators.
Part of the problem though is that much of this data is persistent, across order-of-human-lifetime.
How often does your employer salary history have to be obtained to be useful? Maybe once every 10 years?
I have zero faith that in jurisdictions without national laws prohibiting it (and laws that prevent usage of extra-national data) that's not happening.
Seems like Plaid would be f’d six ways til Sunday if it got out that they were selling consumer data to 3rd parties, no? A huge part of their business model is based on trust and doing that would completely burn it.
Maybe they are using garbage data, but at least for the credit checks, he was running them on-demand at $0.75 a pop. He also mentioned browser fingerprint databases that he has purchased. Half of his job seemed to be processing and importing different databases that he had purchased.
The first time I saw a session replay of all the mouse movements and input of a user on their own fucking computer that some marketing website-spyware had recorded was the moment I decided the Internet was a mistake.
It was already common then, I gather—the ex-developer-product-owner guy who showed it to me (in the course of doing something else) didn’t seem to think it was remarkable, just an assumed capability. I don’t recall the name of the product, but it’d record all the input and page content for an entire session, you could watch it play back like a video. Exactly like standing over someone’s shoulder while they used their computer. Creepy as fuck, but some genius renamed “spyware” to “telemetry” and that was enough to get every developer on board because we’re super insecure and will jump at the chance to pretend we’re building Mars rovers or something else real while we make yet another “app” the world doesn’t need (I suppose that’s why that label was so successful at changing attitudes, anyway)
Click-mapping came earlier, and there may have been a few places mouse-movement and cross-page-load session tracking some sessions, but I don’t think it was a “just turn it on and leave it on” thing for even most large sites. And a lot of early heat maps came from user studies, which is the right way to do that.
[edit] also, that just happened to be the first time I’d seen a single session represented that way, rather than aggregates. Again, it wasn’t some brand-new thing then, it’d been around long enough to have multiple companies offering it as a service, not just an internal tool at a couple giants.
"A visitor" as in "any visitor"? Or rather "a visitor", i.e. a specific one, about whom they already possess all this data and it's just a look up?
The latter I absolutely believe. The former I'd file under sci-fi marketing tales that anyone with some amount of knowledge about web technologies wouldn't fall for.
Nothing like this exists for data on the general public and it would be illegal anyways. Either one of you is not aware of what that product actually isn't, or are being intentionally deceitful and spreading FUD.
Finally. We all “know” that corporations will always choose profits over literally anything else. Glad to see the come back of the FTC. It seems we only get meaningful progress when there’s strong regulation.
Other notable examples: the EPA. There was a time when people had to wear gas masks out doors in some cities because the pollution was so bad before regulations and enforcement came into place. Similar stories with CFC emissions.
The development of the Internet has been accelerated under mostly conservative leadership which has been walking back regulations. And while much innovation has happened in that time I think a great deal more could have been achieved if it weren’t focused on this kind of profit-at-all-costs environment it’s been simmering in.
Do you have a link for the first one? I don't think that has happened (although it could under Texas law as I understand it)
Is there an actual case where data described in the article was used for anything like what you're suggesting?
The actual cases involve people reporting each other (a man reporting a woman he is dating for example).
Sounds to me like blaming the acid rain on the acid detectors
Many people fear that a corrupt or authoritarian regime might misuse data to cause harm. However, the reality is that such regimes tend to carry out harmful actions regardless of the data they collect. Data can make their efforts more efficient, but the real danger lies in the regime's intent, not necessarily the data itself.
Exactly, historical authoritarian states got by just fine by reading the mail and listening to conversations. You don't need to know which fragrance I bought last week to oppress me, and it wouldn't help anyway
Ads don't do that. Maybe you're thinking of organic posts, which are not ads? Or do you have examples of "extremist" ads?
Having worked on this stuff, I can tell you that the data relevant to extremist rabbit holes is not what the FTC is talking about. Facebook learns enough from which posts you click on to know which extremist content to suggest (and then they intentionally do not suggest it)
Do you have any examples where the data was obtained from sources that collected it for ads? As I understand it, the sort of data that is collected for behavioral advertising isn't useful for identity theft and has not been used in that way.
For identity theft you need things like names, addresses, SSN, W2 income, etc
that horse left the barn over a decade ago. my attitude has changed to where I used to do security and privacy work to mitigate risk from a coming corporate cyberpunk dystopia, but now I think the idea of governments getting a monopoly on surveillance is the worst possible outcome.
a real solution would be to legally privilege and disqualify classes of personal information from civil and non-violent criminal legal proceedings based on how they were collected, and PII collection sources material to commercial decisions must be disclosed in offers and contracts.
insurers and creditors would actually have to take risk again instead of being rentiers, police are servants and not governors, and the provenance of PII as evidence would have to be proven as from a legal and prescribed source that included explicit consent. there is no stopping the flow of data collection, but we can improve laws to manage it.
> Based on the data collected, the staff report said many companies assert that there are no children on their platforms because their services were not directed to children or did not allow children to create accounts.
Funny how they have advertising cohorts drilled into every niche interest or happening, but they just can't perfect the technology to determine if someone is a child. Very elusive tech they've definitely been working day and night to implement for years.
Almost like they benefit from acting blissfully ignorant.
A lot of people wonder why we study and document things that are already “common knowledge”. This is true of scientific studies as well. What a waste of money, right?
The answer is, until you actually do the work you don’t actually know. Scientists and government officials can’t cite common knowledge. And even if you were right about the conclusion, the details matter. The amount matters. The mechanisms matter.
High-quality studies also lay out a methodology for evaluating, assessing, and ultimately characterizing the issue, so that the impact of policy changes can be properly assessed. Even showing that well-known investigatory methods function adequately for a given problem is of value.
Put another way, "you can't control what you can't measure" (or in this case, characterize more generally).
There are plenty of people who "know" things that are actually wrong. This investigation is an important first step for the government to feel confident they know what's going on before exercising state power, which is, you know, a good thing. Vibes- or rumor-based exercise of state power is ill advised.
The Biden FTC has been quite aggressive against all sorts of anti-consumer practices throughout the economy which tend to follow these types of reports. I suspect action is coming relatively soon.
Nothing because the government wants to do this surveillance itself but can't by law. The availability of corporate surveillance means the government can use it too, so it benefits them.
Under a different administration in the previous 4 years.
Any large institution takes some time to change, senate confirmations for the leads of major agencies don’t occur immediately upon swearing in of a new President - it’s often months later. Then, after that occurs, change from the top down occurs.
Additionally for any sufficiently large group of people it takes a long time to get people to take any sort of collective action, let alone an organization with processes, years long funding and contracts already in place. Then there are sometimes/often legal challenges to the awarding of contracts, the issuing of regulations.
How long do you think this study would’ve taken to execute by itself? Okay now how long do you think it would’ve taken to plan the methodology for what they should do to execute. Before that they have to have a proposal of what they would like to study and then get the money approved / allocated to do the previous work I just mentioned, such as a detailed methodology.
Again, this administration has been in charge of the FTC for only 3 ish years and had to probably rebuild it towards focusing on holding businesses to account.
Not quite sure what else you’re expecting, it takes companies as well many months and even years to change focus, or to deliver a robust product. And that’s generally with an agreed upon a singular focus.
Election year. The assumption is it is simultaneously posturing for current administration, validating its existence and funding to potential new one, and PR for the public.
Before that? I don't remember that much from the past few years, but I think a good chunk of federal agencies were kinda in a weird stalemate ( which is kinda what the US is system is built for anyway ).
> "While not every investigated company committed the same privacy violations, the conclusion is clear: companies prioritized profits over privacy. "
Why wouldn't they? A capitalist shareholder system requires that they do exactly this, to whatever extent it does not impact sales.
It's on citizens to demand regulation, and yet in the US, a probable majority of voting citizens don't like regulation, and think that government is too large or too untrustworthy. Combine that with the control that corporations have over our politicians, and further combine that with low public understanding of the issue, and there is nothing realistic that can be done.
So I consider surveillance capitalism to be permanent in the US. Regardless of the fact that most people don't like being spied on and manipulated constantly. Perhaps some really large, really bad event could galvanize the public, but I doubt it.
This will make optimal global pricing an insane world where everything will cost the maximum you can pay but the overall system will collapse as people will consume way less and be more miserable within it.
Agreed. Out in public yet encrypted is something I've been playing with as https://exfilcloud.com has no protection against access other than encryption.
As true as that is, I think the people should still worry 100x more about government surveillance than about commercial surveillance. Commercial surveillance is only trying to sell you something you don't need. In contrast, government surveillance, with or without cooperation from commercial entities, is trying to lock you up for victimless crimes or on flimsy evidence because they have run out of real terrorists to fight. The government's data collection is vastly larger than of anyone else, all paid for by you with your taxes. Encryption, cybersecurity, and minimizing data retention are the primary ways to fight it.
> Commercial surveillance is only trying to sell you something you don't need.
This simply isn't true. Commercial surveillance is a means and method of inserting itself further into your workflows or lives. Just think of all the health and identity related 'features' being rolled out (and celebrated), and how governments are readily capitulating to them. It isn't far fetched or tinfoil to consider that these commercial entities, at some point in the future, can become the arbiters of decisions that affect you.
This isn't even about commercial vs government surveillance, they are equally dangerous, and of both you should be equally wary; governments are far more careful with actions, even with malicious intent, whereas commercial entities with deep pockets are often abstracted away sufficiently to escape blame or consequences. However, governments that delegate to commercial for decision making means that there is little to no difference in the 'type' of surveillance.
Minimizing your own ecosystem lockin is extremely important.
But it's easy enough to just opt out of all that. I don't use fitness or health wearables. I don't have my DNA or ancestry analyzed. I don't use online/telehealth services. Hell I don't even visit the doctor very often. I don't trust healthcare at all because it's very easy for them to use "scare" marketing to get people to pay for all kinds of stuff that (a) they don't need and (b) has very little real benefit and (c) that in most cases is for conditions that common sense and a little self-discipline can avoid.
You're free to think that doctors and health organizations operate on some higher plane of morality but the truth is they are businesses and need to compete for customers just like any other business does.
Exactly, there is no difference. In fact in some ways it is worse because the government can say with a straight face they aren't collecting your data and monitoring you... they just pay someone else for that service.
Yep, and I keep harping on that one simple point. If that data is collected at all, it will be used. Even with laws protecting it. Look how HiPAA has become something of a joke now between regular breaches and app everything, which skirt as much as they can.
This should be the top rated comment. This [1] is the tactic that is used by government agencies to actively work around protections afforded by the Constitution of the United States.
> Commercial surveillance is only trying to sell you something you don't need.
Besides the maximimization of revenue, the profit motive also dictates the reduction of risk.
Consider any application for insurance, membership, coverage...
>government surveillance, is trying to lock you up because they have run out of real terrorists to fight
"Government is surveilling/fighting you because who else" is easily applicable to $EvilCorp monopolies, because its tautological.
I assume that all data the commercial providers have on you, the government can access too if they would like to. Probably the government is even happy they can "outsource" a lot of data collection.
A company recently demoed to me that they have the ability to see the work history, credit report, and bank balance of a visitor that visits a site with some tracking code, in under 500ms. They use this information for a product that qualifies leads for sales teams, so the sales team knows who is a waste of time to go after and who isn't.
Creeps me the fuck out, and the owners seem to have no ethical qualms about buying, selling, and using this data.
What data broker would even sell this data?
None of it is accurate and almost all of it is modeled from sparse, low quality training sets. Banks are not selling PII’ed account balance data to shady aggregators.
To me, the more interesting and outrageous story is how many aggregators are able to sell garbage data so successfully.
> None of it is accurate and almost all of it is modeled from sparse, low quality training sets. Banks are not selling PII’ed account balance data to shady aggregators.
Part of the problem though is that much of this data is persistent, across order-of-human-lifetime.
How often does your employer salary history have to be obtained to be useful? Maybe once every 10 years?
I have zero faith that in jurisdictions without national laws prohibiting it (and laws that prevent usage of extra-national data) that's not happening.
>Banks are not selling PII’ed account balance data to shady aggregators.
But is Plaid?
And banks do sell account balance data, they also sell credit and debit transaction history
Seems like Plaid would be f’d six ways til Sunday if it got out that they were selling consumer data to 3rd parties, no? A huge part of their business model is based on trust and doing that would completely burn it.
That logic suffices as truth to you?
Maybe they are using garbage data, but at least for the credit checks, he was running them on-demand at $0.75 a pop. He also mentioned browser fingerprint databases that he has purchased. Half of his job seemed to be processing and importing different databases that he had purchased.
The first time I saw a session replay of all the mouse movements and input of a user on their own fucking computer that some marketing website-spyware had recorded was the moment I decided the Internet was a mistake.
Pretty much every analytics product does this now. Amplitude, Statsig, Posthog, etc.
Not saying it’s a good thing but assume that most websites are recording your session at this point.
You mean the free product Microsoft Clarity that everyone uses?
Nah, it was some smallish company’s SAAS thingy. This was maybe 2015.
fullstory
It was already common then, I gather—the ex-developer-product-owner guy who showed it to me (in the course of doing something else) didn’t seem to think it was remarkable, just an assumed capability. I don’t recall the name of the product, but it’d record all the input and page content for an entire session, you could watch it play back like a video. Exactly like standing over someone’s shoulder while they used their computer. Creepy as fuck, but some genius renamed “spyware” to “telemetry” and that was enough to get every developer on board because we’re super insecure and will jump at the chance to pretend we’re building Mars rovers or something else real while we make yet another “app” the world doesn’t need (I suppose that’s why that label was so successful at changing attitudes, anyway)
Isn’t this how heatmaps were generated as far back as the late 2000s?
Click-mapping came earlier, and there may have been a few places mouse-movement and cross-page-load session tracking some sessions, but I don’t think it was a “just turn it on and leave it on” thing for even most large sites. And a lot of early heat maps came from user studies, which is the right way to do that.
[edit] also, that just happened to be the first time I’d seen a single session represented that way, rather than aggregates. Again, it wasn’t some brand-new thing then, it’d been around long enough to have multiple companies offering it as a service, not just an internal tool at a couple giants.
Soon to be combined with palantir face recognition tech. No need to chip your citizenry!
"A visitor" as in "any visitor"? Or rather "a visitor", i.e. a specific one, about whom they already possess all this data and it's just a look up?
The latter I absolutely believe. The former I'd file under sci-fi marketing tales that anyone with some amount of knowledge about web technologies wouldn't fall for.
Wait.. physical site like a store or a web site? Not that either would make it that much better than the other, but you got me really curious.
Name the company please.
Just beat them to death.
Jury nullification.
Or vote, or whatever the site rules permit, good luck with that.
Nothing like this exists for data on the general public and it would be illegal anyways. Either one of you is not aware of what that product actually isn't, or are being intentionally deceitful and spreading FUD.
Ever heard of the national public data breach?
https://support.microsoft.com/en-us/topic/national-public-da... does not mention work history, credit reports, or bank balances.
Sounds like vaporware. Might be possible for a negligibly small % of visitors. And even then cold outreach is not very effective.
Finally. We all “know” that corporations will always choose profits over literally anything else. Glad to see the come back of the FTC. It seems we only get meaningful progress when there’s strong regulation.
Other notable examples: the EPA. There was a time when people had to wear gas masks out doors in some cities because the pollution was so bad before regulations and enforcement came into place. Similar stories with CFC emissions.
The development of the Internet has been accelerated under mostly conservative leadership which has been walking back regulations. And while much innovation has happened in that time I think a great deal more could have been achieved if it weren’t focused on this kind of profit-at-all-costs environment it’s been simmering in.
Needing to wear gas masks outside sounds like a pretty bad, tangible harm caused by a lack of pollution regulation.
Do you have any examples of similar tangible harm caused by lack of regulation on data collection?
People in Texas facing murder charges for traveling to other states to get an abortion.
People facing criminal charges for helping people in Texas learn about what options for managing their own reproductive health and bodies.
Do you have a link for the first one? I don't think that has happened (although it could under Texas law as I understand it)
Is there an actual case where data described in the article was used for anything like what you're suggesting? The actual cases involve people reporting each other (a man reporting a woman he is dating for example).
Sounds to me like blaming the acid rain on the acid detectors
Many people fear that a corrupt or authoritarian regime might misuse data to cause harm. However, the reality is that such regimes tend to carry out harmful actions regardless of the data they collect. Data can make their efforts more efficient, but the real danger lies in the regime's intent, not necessarily the data itself.
Exactly, historical authoritarian states got by just fine by reading the mail and listening to conversations. You don't need to know which fragrance I bought last week to oppress me, and it wouldn't help anyway
Targeted advertising dragging people down rabbit holes into extremism
Ads don't do that. Maybe you're thinking of organic posts, which are not ads? Or do you have examples of "extremist" ads?
Having worked on this stuff, I can tell you that the data relevant to extremist rabbit holes is not what the FTC is talking about. Facebook learns enough from which posts you click on to know which extremist content to suggest (and then they intentionally do not suggest it)
Identity theft
Do you have any examples where the data was obtained from sources that collected it for ads? As I understand it, the sort of data that is collected for behavioral advertising isn't useful for identity theft and has not been used in that way.
For identity theft you need things like names, addresses, SSN, W2 income, etc
that horse left the barn over a decade ago. my attitude has changed to where I used to do security and privacy work to mitigate risk from a coming corporate cyberpunk dystopia, but now I think the idea of governments getting a monopoly on surveillance is the worst possible outcome.
a real solution would be to legally privilege and disqualify classes of personal information from civil and non-violent criminal legal proceedings based on how they were collected, and PII collection sources material to commercial decisions must be disclosed in offers and contracts.
insurers and creditors would actually have to take risk again instead of being rentiers, police are servants and not governors, and the provenance of PII as evidence would have to be proven as from a legal and prescribed source that included explicit consent. there is no stopping the flow of data collection, but we can improve laws to manage it.
Report link at beginning of article:
https://www.ftc.gov/news-events/news/press-releases/2024/09/...
https://www.ftc.gov/system/files/ftc_gov/pdf/Social-Media-6b...
Edit: added link to pdf
> Based on the data collected, the staff report said many companies assert that there are no children on their platforms because their services were not directed to children or did not allow children to create accounts.
Funny how they have advertising cohorts drilled into every niche interest or happening, but they just can't perfect the technology to determine if someone is a child. Very elusive tech they've definitely been working day and night to implement for years.
Almost like they benefit from acting blissfully ignorant.
A four year investigation to tell us what we already know. The real question is: What is the federal government (or anyone else) going to do about it?
A lot of people wonder why we study and document things that are already “common knowledge”. This is true of scientific studies as well. What a waste of money, right?
The answer is, until you actually do the work you don’t actually know. Scientists and government officials can’t cite common knowledge. And even if you were right about the conclusion, the details matter. The amount matters. The mechanisms matter.
High-quality studies also lay out a methodology for evaluating, assessing, and ultimately characterizing the issue, so that the impact of policy changes can be properly assessed. Even showing that well-known investigatory methods function adequately for a given problem is of value.
Put another way, "you can't control what you can't measure" (or in this case, characterize more generally).
> government officials can’t cite common knowledge
Government officials can cite whatever they want, including stuff they pulled out of their ass, as long as they have the votes.
There are plenty of people who "know" things that are actually wrong. This investigation is an important first step for the government to feel confident they know what's going on before exercising state power, which is, you know, a good thing. Vibes- or rumor-based exercise of state power is ill advised.
The Biden FTC has been quite aggressive against all sorts of anti-consumer practices throughout the economy which tend to follow these types of reports. I suspect action is coming relatively soon.
Nothing because the government wants to do this surveillance itself but can't by law. The availability of corporate surveillance means the government can use it too, so it benefits them.
This report gives us a framework for legislation. In no way does it "tell us what we already know".
And what was the FTC doing all these years?
Under a different administration in the previous 4 years.
Any large institution takes some time to change, senate confirmations for the leads of major agencies don’t occur immediately upon swearing in of a new President - it’s often months later. Then, after that occurs, change from the top down occurs.
Additionally for any sufficiently large group of people it takes a long time to get people to take any sort of collective action, let alone an organization with processes, years long funding and contracts already in place. Then there are sometimes/often legal challenges to the awarding of contracts, the issuing of regulations.
How long do you think this study would’ve taken to execute by itself? Okay now how long do you think it would’ve taken to plan the methodology for what they should do to execute. Before that they have to have a proposal of what they would like to study and then get the money approved / allocated to do the previous work I just mentioned, such as a detailed methodology.
Again, this administration has been in charge of the FTC for only 3 ish years and had to probably rebuild it towards focusing on holding businesses to account.
Not quite sure what else you’re expecting, it takes companies as well many months and even years to change focus, or to deliver a robust product. And that’s generally with an agreed upon a singular focus.
Election year. The assumption is it is simultaneously posturing for current administration, validating its existence and funding to potential new one, and PR for the public.
Before that? I don't remember that much from the past few years, but I think a good chunk of federal agencies were kinda in a weird stalemate ( which is kinda what the US is system is built for anyway ).
> Election year.
This FTC has been extremely active and assertive since 2021, for which I'm thankful. People only pay attention in election years.
> "While not every investigated company committed the same privacy violations, the conclusion is clear: companies prioritized profits over privacy. "
Why wouldn't they? A capitalist shareholder system requires that they do exactly this, to whatever extent it does not impact sales.
It's on citizens to demand regulation, and yet in the US, a probable majority of voting citizens don't like regulation, and think that government is too large or too untrustworthy. Combine that with the control that corporations have over our politicians, and further combine that with low public understanding of the issue, and there is nothing realistic that can be done.
So I consider surveillance capitalism to be permanent in the US. Regardless of the fact that most people don't like being spied on and manipulated constantly. Perhaps some really large, really bad event could galvanize the public, but I doubt it.
This will make optimal global pricing an insane world where everything will cost the maximum you can pay but the overall system will collapse as people will consume way less and be more miserable within it.
Damn...
Agreed. Out in public yet encrypted is something I've been playing with as https://exfilcloud.com has no protection against access other than encryption.
This looks kinda sus. Why would or should anyone use this, @exfildotcloud?
Good question. All encryption happens in the browser. I may release the code but it's really just Go Age WASM with a KV backend.
What's suspicious?
As true as that is, I think the people should still worry 100x more about government surveillance than about commercial surveillance. Commercial surveillance is only trying to sell you something you don't need. In contrast, government surveillance, with or without cooperation from commercial entities, is trying to lock you up for victimless crimes or on flimsy evidence because they have run out of real terrorists to fight. The government's data collection is vastly larger than of anyone else, all paid for by you with your taxes. Encryption, cybersecurity, and minimizing data retention are the primary ways to fight it.
> Commercial surveillance is only trying to sell you something you don't need.
This simply isn't true. Commercial surveillance is a means and method of inserting itself further into your workflows or lives. Just think of all the health and identity related 'features' being rolled out (and celebrated), and how governments are readily capitulating to them. It isn't far fetched or tinfoil to consider that these commercial entities, at some point in the future, can become the arbiters of decisions that affect you.
This isn't even about commercial vs government surveillance, they are equally dangerous, and of both you should be equally wary; governments are far more careful with actions, even with malicious intent, whereas commercial entities with deep pockets are often abstracted away sufficiently to escape blame or consequences. However, governments that delegate to commercial for decision making means that there is little to no difference in the 'type' of surveillance.
Minimizing your own ecosystem lockin is extremely important.
> health and identity related 'features'
But it's easy enough to just opt out of all that. I don't use fitness or health wearables. I don't have my DNA or ancestry analyzed. I don't use online/telehealth services. Hell I don't even visit the doctor very often. I don't trust healthcare at all because it's very easy for them to use "scare" marketing to get people to pay for all kinds of stuff that (a) they don't need and (b) has very little real benefit and (c) that in most cases is for conditions that common sense and a little self-discipline can avoid.
You're free to think that doctors and health organizations operate on some higher plane of morality but the truth is they are businesses and need to compete for customers just like any other business does.
When the government is allowed to buy information which would otherwise require a warrant, private surveillance becomes government surveillance.
Exactly, there is no difference. In fact in some ways it is worse because the government can say with a straight face they aren't collecting your data and monitoring you... they just pay someone else for that service.
Yep, and I keep harping on that one simple point. If that data is collected at all, it will be used. Even with laws protecting it. Look how HiPAA has become something of a joke now between regular breaches and app everything, which skirt as much as they can.
They lean on social media companies to violate your 1st amendment rights and then buy from them to violate your 4th.
This should be the top rated comment. This [1] is the tactic that is used by government agencies to actively work around protections afforded by the Constitution of the United States.
[1] https://www.washingtonpost.com/outlook/2021/04/26/constituti...
> Commercial surveillance is only trying to sell you something you don't need.
Besides the maximimization of revenue, the profit motive also dictates the reduction of risk. Consider any application for insurance, membership, coverage...
>government surveillance, is trying to lock you up because they have run out of real terrorists to fight
"Government is surveilling/fighting you because who else" is easily applicable to $EvilCorp monopolies, because its tautological.
I assume that all data the commercial providers have on you, the government can access too if they would like to. Probably the government is even happy they can "outsource" a lot of data collection.