Monetization of data seems like a great tradeoff to me, really. The users get free content for nothing essentially. I don't see why anyone cares. It's like we've struck gold mines of new utility for society and everyone is up in arms over it.
The collection of so much personal data makes possible all sorts of abuses that are otherwise infeasible. The difference between corporations collecting & keeping massive amounts of data on the population of a state, and the same state's government doing exactly the same, is minor, when the government can buy access to much of that data or compel production of any of it by court order. It'd bother me if the government were running this kind of dragnet surveillance, so it bothers me that companies are, for this if for no other reason.
Why do you think the information is valuable? It's clearly more valuable to companies like google than the cost of providing services like search and youtube.
It's like saying that TV adverts give something for nothing, where the truth is they are a massive drain on society.
I am not trying to be antagonistic, but how is anyone (particularly the assumed tech-savvy users of HN) forced into the ‘spying.’ When you use these services the cost is the monetization of your data. FAANG isn’t even attempting to hide it anymore, and again, you are posting on HN and clearly know how these companies operate. If you use their service you are engaging in a transaction with them. No one is forced to use Google, use DDG. No one is forced to use Facebook, talk to people in person. I understand the effect of numbers on the practicality of avoiding these companies, it is limiting in many ways, but if you feel that strongly about it just avoid using the services.
> When you use these services the cost is the monetization of your data.
True. And if not using the services meant that those companies wouldn't spy on me, then I would have no complaint -- I already don't use their services. But it doesn't.
I’m genuinely uncertain as to how your data is being collected if you are not using these services, and again I’m not trying to argue or disagree with the underlying thesis that tracking/spying is a net negative, but I do want to understand the assertion that your personal data is being collected by companies you have no interaction with.
Just for example, Facebook tracks you even if you don't have a Facebook account.[0]
More generally, I think we need to approach discussions about data collection from the perspective that data being about a person doesn't mean that the person owns that data. Here's what I mean: The sort of data we're talking about is personal (read: "individual") merely in the sense that it is about persons. However, it's social (rather than personal) in its origin. For example, the list of my commercial transactions isn't originally (fundamentally?) data about my person. Rather, it's data about a social fabric of which I happen to be a part. So, personal data is not originally personal.
What's the significance of personal data being fundamentally social (by way of its origin)? Well, I would contend that it means personal/individual means of managing personal privacy are ultimately insufficient; your data (while it is about you) doesn't naturally belong to you. Therefore, my takeaway is this: If we want to make personal data (i.e. data about persons) practically personal (i.e. give persons control over their own data), then we need social mechanisms to protect it. My aforementioned point, about the insufficiency of personally-undertaken measures, is corollary to this.
For better or worse, it seems like most people these days equate "social mechanisms" with "regulation". However, there are in principle other social bodies (both formal (e.g. unions or guilds), or informal (e.g. various social movements)) that could be sufficient to make personal data truly personal. However, I'm unfortunately skeptical of the efficacy any non-governmental body could be when dealing with this problem. But that's beside the point.
If some guy sat outside with binoculars and wrote down things about people in public in a notepad, I'm not sure it'd be in anyone's reasonable rights to make him stop.
> If it can technically be done and it is valuable in any way, it WILL be done.
Until society determines that the practice is unacceptable and outlaws it. Outlawing it won't completely eliminate the practice, of course, but it would dramatically curtail it, and provide people with an actual means of rectifying the situation when someone is breaking the law.
My point is that if something is being monetized, what makes it monetizable is the agreement between the user and the service provider.
All sorts of data is collected every day that is not monetized, but could be.
Consumers are allowing their data to be monetized by agreeing to sign up for "free" services which take an asset from the user which they do not know how to monetize themselves.
In a way the dynamic is similar to the early 20th century BP oil fields in Iran; the Persians had oil under their feet for centuries but outsiders came in and started to pump it out of the ground, making themselves rich but the general public of Iran - not so much. They didn't even know what to do with oil at first.
Once the Iranian people saw what was going on and realized that they were being exploited, they elected a leader who sought to nationalize the oil fields, since they finally began to understand what asset they had and how and why they could monetize it themselves.
The internet needs its own Mohammad Mosaddegh, so to speak. Not to commit property crimes and break contracts like Mosaddegh did - but to show the masses what is going on in a way that encourages them to change their behaviors in a fundamental way.
You don't need to make IP logging illegal to make collecting user info that's not absolutely necessary to a transaction illegal, and to make selling or using any necessarily-collected data for anything other than e.g. auditing or further service to the transaction (returns, say) also illegal. I don't know how this became about Apache logs or whatever.
[EDIT] my point is there's a ton of info being collected that goes way beyond web server logging, so I don't know how this became about why all this is impossible because server logs are a thing.
"absolutely necessary" does not mean anything. For example, tracking in banking systems has very good justifications such as fraud detection. That alone means banks have a blank check to connect tons of features about their users, and not for nefarious purposes.
[EDIT] to your EDIT point: even with server logs you could start building user tracking and if your net is large enough you can derive a massive amount of data just from that. Pattern analysis, sites/services users connect to, geolocation, etc... even without the most sophisticated tracking systems this is already good enough to build business value.
Cool. Can't sell it, can't leverage it against users (e.g. use it to select which products to try to sell them). If you're doing that on any significant scale it's gonna leave a hell of a trail and enough people will be involved that it'll be found out.
"waaaah but we need to share it with 'partners'" hahaha OK whatever, but bet you don't though. Illegal. Figure it out. Bet you can.
You forgot another vector of how companies monetize user data: using it to train ML models.
You don't need to keep the data long-term (though it would be more profitable if you could). You can still get a lot of value using the data to train an ML model, then use that model to build valuable decision-making systems, which few other companies could produce.
Oh, yeah, definitely that should also be illegal. If you want to train an ML model you should have to pay directly for that data, not in connection with any other service or product. The current system means every successful monopolist is also a de facto nigh-unassailable leader in ML, which clearly sucks. "Create or buy a massive spying service" shouldn't be a necessary step 1 to realistically competing in consumer- and human-focused ML.
I disagree, many times the very reason I gave the company my data was to leverage their ML capabilities. For example, the only reason I gave LinkedIn my data was so they could find me better jobs. No one would have bothered if it were just a glossier version of Craigslist.
Plus, banks training models for fraud detection has an obvious benefit to everyone.
If this data is useful to cross reference, let the user opt in and use it. Give the user control and insight into the data collection.
The data can be useful without tricking users and making money off their private use activities.