The Montréal metro system uses RFID cards to pay, but as I understand it, without centrally tracking the buyer. Instead, the card itself records the number and type of fares bought.
This has an inconvenient downside: the only way to recharge the card is at kiosks in the metro. If you want to do it online, you have to buy a USB card reader that the Montréal transport society will sell you, so you can recharge your RFID card online.
I like this, but a lot of people are unhappy about the inconvenience of not being able to recharge the card online. So I think we’re going to be moving into a system where the cards are centrally managed, along with everyone’s purchase history of them.
It’s always so convenient to allow surveillance on ourselves.
The OPUS cards themselves are anonymous, but purchase info could be tracked if you don’t pay with cash. Cards can also be registered with STM at a service centre. This kills the anonymity factor but is useful if you lose it. I’ve gotten a free replacement this way without having to pay for a full fare again.
I found the USB card reader setup the STM came up with to be kinda lame overall. The last time I tried it (admittedly a couple of years ago), it required some deprecated NPAPI plugins that were no longer supported by their vendor and I had to whitelist them in my web browser, following instructions that would probably scare an average end user. The browser plugin mechanism they used has since been removed by the major browsers. The plugin also only worked on Windows and Mac when I tried it. The next time I tried to set it up, there were a lot of dead links on their website.
However, I get around the renewal hassle by signing up online for a yearly subscription. In this case, they send you a new OPUS smart card, which comes with some benefits (like only paying 11 of 12 months each year and getting a decent discount off of the Bixi bike sharing and/or Communauto car sharing programs, one free guest on evenings and weekends, and free rides on RTC in Quebec City after your first year).
This card is auto-renewed and you can access your account online, so you avoid waiting at the kiosk, and it saves you from having to buy the $16.66 USB card reader. Of course, it only works if you’re a frequent enough STM user to justify a yearly subscription. The yearly subscription cards are also automatically registered with the STM. If you want to take advantage of some of the benefits (free rides on RTC), you have to have your picture taken and stored on the back of the card. Before I did this, I would lend my yearly subscription out to my friends to use when I was travelling out of town but now I can’t anymore.
Since OPUS cards have been hacked several times, an artificial life span of 3 years is imposed so they can push out new revisions using different encryption methods.
I bought the USB card reader, anyway, because I like to collect gadgets. It was cheap and I wanted to mess around with OpenSC in Linux. It’s a Watchdata W1981-Plus and I believe it is the same device used by STIB/MIVB (Brussels) and RATP (Paris).
I had originally thought OPUS was a province-wide smartcard system but STO in Gatineau uses a different card, MULTI. To make things even worse, Ottawa’s OC Transpo, which overlaps some services with STO, uses yet another competing card- Presto, which is also used in the Greater Toronto Area. I’m really disappointed that a country with a population the size of Canada can’t get their smart card act together to standardize on one system. In the Netherlands, you use one card for all transit systems and it seemed to work beautifully.
we have a similar system locally which allows recharging on the buses themselves (smaller buses let the driver access it, bigger buses have a vending machine) and in train stations, so you don’t have to go out of your way. It might be more convenient than online payments.
The problem with the Montréal system is that for whatever reason the fares are tied to calendar dates. If you want to buy a monthly pass, it can only start at the first day of the calendar month and ends at the last one. Weekly passes can only be bought from Monday to Sunday. This creates long lines at the start of the month, hence the desire to buy online.
It also makes it easier for people to hack their own cards in their possession to give themselves free rides. There’s possibly a cryptocurrency-like solution to this problem, that would make it possible for the transit system to centrally store the amount of money a given patron has loaded onto their card and used for farepaying, without tracking exactly where they go within the system, but I don’t think it’s a straightforward problem at all. Unfortunately, centralized tracking of where and when people get on and off the system is actually a very natural fit to the problem at hand of letting people pay for use of a public transit system.
Besides, public transit cars generally have security cameras, right? You can get tracked that way too.
It also makes it easier for people to hack their own cards in their possession to give themselves free rides.
At least for the Montréal situation, it’s probably far easier to just jump the turnstiles than to attempt any sophisticated trickery. I see people jumping turnstiles frequently enough.
I think if you have a system that most people will not abuse, it can all work out. No need to make it absolutely draconian and tamper-proof unless it’s an actual problem.
That was the main risk that critics said about the Mondex card from what I read. Too bad since it was one of only high-assurance, security developments in commercial sector.
Japan has a similar cash-card system (Suica, among others) that you can buy using cash and recharge online (although I think online recharging needs it to be tied to a bank account/mobile account, or to own a special, if common, card-reader/writer for your computer). I don’t see why the Montréal system wouldn’t be able to do the same, other than perhaps the slow-moving nature of the STM and the relatively small (compared to Japan) usage.
It is a pretty heavily used cash card though, so perhaps all the vendors (other than just transit) accepting it helps things like that along. Probably not as decentralized as I think it is, either, now that I’ve spent some time puzzling it out.
I would be ok with time limits. There are lots of business cases for tracking people to figure out a snapshot of how they are using your service. Rarely does that analysis really need to be massively historical (especially since the aggregates from a previous periods can be saved and compared).
The rule would be very simple:
0-90 days: allowed
90-180 days: opt-out
180+ days: opt-in
The tricky thing would be distinguishing tracking data from content (e.g. email content vs. click tracking)
Even a lot of retention laws I’ve seen only require a certain number of years. Businesses collect endless piles because they hope they can monetize it. The other reason: they’re usually not responsible for the damage it causes when it leaks. So, we should make one or the other costly enough to reduce the practice or force them to up their security a lot.
I’m sure there’s value in understanding the ideologically best case scenario but without living in the real world, with established, incumbent legacy technological systems and social structures, this perfect case scenario has no possibility to be implemented, or get anywhere close.
For anything like these ideas to be deployed needs huge social change first.
The value of RMS is that he serves as a platinum standard against which to check proposals. What he suggests is usually not possible, but it is almost always right.
RMS really expands the discussion field a lot and without him, we would be making compromises from compromises – seen from a perspective that includes him. And frankly, things are (rather slowly) moving his way.
Like how the market decided to avoid paid offerings in favor of free, surveillance-driven offerings to the tune of a billion users or so with tens to hundreds of billions of dollars going to those companies. Go tell everyone using Facebook, Google, freemail, Twitter, etc that they make money selling them out so they need to quit. They won’t. They value the free services over their own privacy, safety, and freedom at least as far as the surveillance impacts those. That some or most of them don’t fully understand the tradeoff they made doesn’t change the fact that they have most of the money and votes to dictate what going on.
Stallman starts with the premise that we’re for ideological reasons going to ban surveillance-oriented businesses by default. As in, people might give up Facebook, Google, freemail, Twitter etc. They’re not going to. So, his proposal isn’t grounded in reality to begin with. He should start with “Most people want this system, will give billions to those who build such systems in a way that grabs huge numbers of users, and will vote for politicians that protect such systems.” Then, his proposal needs to go from there to get the support of those people. Looks nigh impossible for his position to work if he starts with real-world requirements. Whereas, something like Europe’s data protection laws sounded good to me from the beginning as a starting point on addressing this stuff. At the least, I learned what
Facebook had on me. ;)
If anything, what he’s really proposing is voluntary action that will be taken by niche companies who usually won’t be financially successful enough to fight governments or big companies in Congress or court. Knowing that ahead of time would make even fewer people join such a cause. Better to start with what’s going on in the real world in terms of existing user preferences, regulations, laws, etc. Then, work on improvements from there in a way that they’re marketable to users, customers, and/or voters.
i see what you’re saying but i don’t think any of those obstacles are truly requirements. for some people, constant surveillance of the entire population is a “requirement.” but really these are just forces that need to be overcome. i don’t know how you draw the line and say that some modest amount of change is possible, but RMS’s proposal is not.
A typo made by my oversensitive Samsung keyboard on my phone, which was set to German. “Nur” is German for “only so ultimately, it wasn’t that horrible.
1.
relating to the practice or principle of giving a group priority over each individual in it.
"collectivist cultures had disciplined and cooperative work forces"
Stallman’s basic assertion is that individuals should not profit from the creation of software. They may profit from supporting said software, but in his view, software should always be free. I see this as a fundamentally collectivist philosophy.
Stallman’s basic assertion is that individuals should not profit from the creation of software.
What, no:
Actually, we encourage people who redistribute free software to charge as much as they wish or can.
[…]
Distributing free software is an opportunity to raise funds for development. Don’t waste it!
Setting aside that “the definition” is rarely a good argument in open-ended discussions, like these, Stallman doesn’t say that Individual aren’t allowed to profit from Free Software. It’s explicitly allowed and I remember having have read that Emacs used to be sold this way, before the internet, to fund the FSF. And secondly, it doesn’t matter if the software is sold by one person (an individual) or a company (a collective), the rules the GPL sets up stays the same: share your source while distributing software, recursively, exactly by intelligently twisting copyright law back against itself.
And in the end, the four software freedoms were formulated to protect individuals from harmful sodtware, as well as give them the ability to improve upon it, based on their needs.
This is just another example of how empty of an actual meaning the word “collectivism” actually is in practice.
So you’re saying “I’ll let @Sophistifunk speak for themself” is correct usage in this case?
I’m not a grammar expert, so I’ll defer to your greater knowledge. I like and use Spivak because, as @pushcx said, it’s a polite way to express “I have no idea what the gender of the person I’m referring to is.”
Singular “they” has been used in English for hundreds of years. “Themself” is also ancient but was replaced by “themselves” in the 16th century. However, it has recently made a comeback.
“I’ll let @Sophistifunk speak for themselves” is perfectly correct formal English. “I’ll let @Sophistifunk speak for themself” is also correct by any reasonable standard, but may be considered informal by some readers.
I mean that it’s free of the “narrow-scope-communism” he’s usually on about. I don’t think I’m putting false words in his mouth if I say he firmly believes non-communal ownership of software (in the sense you can restrict what others do with it) is some sort of moral wrong and should be fought on all fronts. But I don’t want to call him a communist in the general sense, because he doesn’t go around saying private property in general is evil, just private property in the form of bits.
Maybe everything to your left looks communist-ish, but I can tell you for sure he’s not a communist. More like a typical left-leaning liberal, but not too much.
When I read that GDPR is not enough (which is probably true) I also remember myself that a tremendous amount of companies are totally panicked about this subject. Some friends are running some basic shops (not even online) some of them are pretty bad at technology.
From their point of view, GDPR is another trick to kill little business in favor of bigger ones that will have no issues at following the directives.
The thing that keeps nagging me about GDPR is that the complexity seems to stem from the optionality of it. What I mean is that it’s harder to respond to selective individuals’ requests for information about data usage or deletion than it would be to just delete everyone after 90 days.
No question, it would be enormous amounts of work to age out PII that quickly. But at least it would be uniform instead of conditional.
Great article, and for Mr. Stallman, very even handed. So much to untangle to realize his proposal though. We need to figure out how to monetize without tracking, and that would seem to be a hard problem.
In case anyone else doesn’t feel like reading the whole article, here’s what I took to be Stallman’s proposal:
The robust way to do that, the way that can’t be set aside at the whim of a government, is to require systems to be built so as not to collect data about a person. The basic principle is that a system must be designed not to collect certain data, if its basic function can be carried out without that data.
If you surrender your data, then you do not have any right over them. If you upload your photos to facebook, then facebook has them.
For public utility, it is fine to restrict the collection and usage of personal data. But for private corporations, the private individuals should be able to decide for themselves if giving a corporation access to your entire search history for wifi access at the coffee shop is worth it.
More and more we are getting forced to use services that spy on us. Cash is being phased out for credit cards and mobile payments. I can’t even pay for parking at my uni without installing their mobile app. We need laws to protect us from these companies because they are impossible to 100% avoid.
Shouldn’t governments primariy govern? For whatever reason, but usually something along the lines of “the common good” or “to protect (individual) rights”? But sometimes sadly also in the interests of the more powerful in society…
Not anymore… at least here where I live, Government is composed of people and people will have their own agendas which might not include protecting other people or even obeying the laws they’ve passed. I see government as an instrument of power, some will use this power to help society, others to accumulate wealth at the expense of society.
That is true but still, you can probably agree with me that when dealing with the real world, the creators intention has very little bearing in whatever usage people do of something. For example: the web was a way to share scientific hypertext and now we’re doing crazy stuff with it, or, tide pods were supposed to be used for laundry… governments, much like many other human creations happened over time, in different places, with different purposes. Monarchy is government but one can argue that historically it was not meant to protect people, dictatorships also work that way. We can say that the “platonic ideal of a pure and honest government” is to protect people but thats just us reasoning after the fact. There are no “letter of intention” about creation of government which all governments across time and space need to follow. What we perceived as “purpose” has very little meaning to what actually happens.
Personally, I find most interesting when things are not used accordingly to the creators intention, this creative appropriation of stuff by inventive users is at the same time what spurs a lot of cool stuff and what dooms us all, we here in Brazil have a moniker for it “Jeitinho Brasileiro” which could be translated as an affectionate version of “the brazilian way”. Everyone here is basically born in a fractal of stuff whose real world usage does not reflect its ideal purpose to the point that it is IMHO what makes us creative and cunning.
Monarchy is government but one can argue that historically it was not meant to protect people…
Well, monarchy was actually a simple protection racket. It enabled a significant growth of the agricultural society through stabilization of violent power — no raids, just taxes.
We can say that the “platonic ideal of a pure and honest government” is to protect people…
That’s unreasonable. Establishment of a democratic government is just a consensus seeking strategy of it’s electorate. A move from a simple racket to a rule of law that is a compromise of various interests.
In feudalism, people choose other people to follow. In democracy, people chose policies to enact. Both systems are very rough and fail in various ways, but democracy has evolved because it just makes more people a lot less unhappy than an erratic dictator ever can.
… people will have their own agendas which might not include protecting other people or even obeying the laws they’ve passed…
You seem to be alienated from the political process and perceive your government as something that is not actually yours to establish and control. That’s a very dangerous position for you to take, since government has a monopoly on violence. Of course others won’t take you automatically into consideration. That’s what you do every time you do virtually anything — you never take the full situation into account.
But you just can’t quite ditch the government… otherwise your neighbor might try building a nuclear reactor using whatever he got from the Russians, which is something you (and perhaps a few other neighbors) might be against. Then on the other hand, he might convince a few others that the energy will be worth it… so you meet up, decide on some rules that will need to be followed so as to prevent an armed conflict and in the end, some who originally opposed the project might even join it to ensure it’s safety and everyone will benefit from the produced energy.
Friend, lets agree to disagree. What you say do make sense, I am not saying you’re talking bullshit or anything like that, on the contrary, I find your arguments plausible and completely in tune with what I’ve learned at the university buuuuut my own country has been a monarchy, an “empire”, a monarchy again, a republic, a dictatorship, a republic again, an who knows what will happen before 2018 ends.
Our experience, is vastly different than what is explained above. I haven’t said we’re out of the political process, heck, I’ve organized demonstrations, helped parties I was aligned with, entered all the debates I could long ago, I was a manager for a social program, and am married to an investigative journalist. I am no stranger to political processes, but it is a very simplistic approach to say “(…) your government as something that is (…) yours to establish and control”, this sidesteps all the historical process of governments here and how the monopoly of violence is used by the powerful (which might or might not be actual government) with impunity on anyone who tries to pull government into a different path. Couple weeks ago, one of our councilwoman was executed by gunshots to her car (where a friend of mine was as well as she worked for her), killing our rising star politician, and the driver, and forever traumatizing my friend. I have tons of stories about people dying while trying to change things. Talking about the root of feudalism is meaningless to whatever is happening today. Today people die for defending human rights here (and elsewhere).
Academic and philosophical conversations about the nature and contracts of government are awesome but please, don’t think this shit is doable, lots of people here died trying to improve the lifes of others. I don’t know if you’ve ever been to a place like here, those conversations don’t really apply (we still have them though).
I do think it’s important for people to have the power to keep the government accountable. Without checks and balances the government looks after its own interests as opposed to those of its constituents.
@soapdog@yogthos@dz This is an interesting discussion for me (though not appropriate for lobste.rs). Any interest in discussing this together, say over email or something else. I’ve always wanted to discuss this topic of government vs individual corporations but it’s a complex subject and hard to keep devolving into a bar-fight.
Why do you believe that is the purpose of governments? Can you imagine a situation where something recognized as a government doesn’t protect it’s citizens in some cases?
Is the government supposed to protect you if you put your hand in a garbage disposal, slip in the shower, or attempt suicide?
They’re definitely there to protect us. However, they’re also their own separate entity. They’re also a group of ambitious, often-lying people with a variety of goals. They can get really off track. That’s why the folks that made the U.S. government warned its people needed to be vigilant about it to keep it in check. Then, its own agents keep the individuals or businesses in check. Each part does its thing with discrepencies corrected by one of the others hopefully quickly. The only part of this equation failing massively is the people who won’t get the scumbags in Congress under control. They keep allowing them to take bribes for laws or work against their own voters. Fixing that would get a lot of rest in line.
We have seen plenty of protection of individuals by laws, regulations, and courts, though. Especially whenever safety is involved. In coding, the segment with highest-quality software on average right now is probably group certifying to DO-178B for use in airplanes since it mandates lots of activities that reduce defects. They do it or they can’t sell it. The private sector’s solution to same problem was almost always to lie about safety while reducing liability with EULA’s or good legal teams. They didn’t produce a single, secure product until regulations showed up in Defense sector. For databases, that wasn’t until the 1990’s with just a few products priced exhorbitantly out of greed. Clearly, we need a mix of private and public action to solve some problems in the marketplace.
Governments shouldn’t impose speed limits, people should just drive at reasonably safe speeds.
Just because a particular behaviour might be most beneficial to a person, does not mean they will do it. Because consumers’ behaviour has not changed (and will not), this type of surveillance has proliferated to the point it’s nearly impossible to escape, even for the most dedicated privacy advocate.
Funny you should mention that…the setting of speed limits to drive revenue irrespective of actual engineering and human factors is pretty well documented at this point.
For public utility, it is fine to restrict the collection and usage of personal data. But for private corporations, the private individuals should be able to decide for themselves if giving a corporation access to your entire search history for wifi access at the coffee shop is worth it.
But that’s precisely what fails when dealing with Facebook et al, isn’t it?
No matter how assiduously you or I might refuse to sign up for Facebook and its ilk, block their tracking scripts, refuse to upload our photos, our text messages, our data – other people sign up for these things, and give these services permission to index their photos and text message logs etc, and Facebook builds a comprehensive shadow profile of you and I anyways.
There is no avoiding or opting out of this short of opting out of all human contact, at this point, and the “simple”-sounding solution of “let every individual decide for themselves!” completely fails to engage with the collective consequences that everyone is losing privacy regardless of what decision they make individually.
When your solution doesn’t engage with reality, it’s not useful.
The technology we use today is too complicated to understand all of it.
The entire field of engineering is predicated on being able to do things without understanding how they work. Ditto beer brewing, baking, cooking, and so forth.
That’s why generally everything needs to be safe by default.
Bathtubs are not safe by default. Kitchen knives are not safe by default. Fire is not safe by default. Even childbirth isn’t safe by default, and you’d think that would’ve been solved generations ago by evolution.
No citizen can foresee the effects of all their actions.
Then why would we trust policies enacted by a handful of citizens deemed able to create laws any more than individual citizens making their own decisions? That’s a far riskier proposition.
~
We can’t make the world safe for people that won’t learn how to be safe, and efforts to do so harm and inhibit everybody else.
The entire field of engineering is predicated on being able to do things without understanding how they work. Ditto beer brewing, baking, cooking, and so forth. … You can’t protect people from their own ignorance, long-term, except by education.
Try buying an oven that will spontaneously catch fire just by being on. It’s going to be complicated, because there are mandatory standards. And it’s a good thing they are this reliable, right? Leaves us time to concentrate on our work.
Then why would we trust policies enacted by a handful of citizens deemed able to create laws any more than individual citizens making their own decisions? That’s a far riskier proposition.
Because a lot of shouting from many sides went into the discussions before the laws were enacted. Much like you discuss your network infrastructure policies with your colleagues instead of just rewiring the DC as you see fit every once in a while.
The entire field of engineering is predicated on being able to do things without understanding how they work. Ditto beer brewing, baking, cooking, and so forth.
No.
Engineering is about finding solutions by using every bit of knowledge available.
Ignorance is an enemy to fight or work around, but for sure it’s not something to embrace!
That’s why generally everything needs to be safe by default.
Bathtubs are not safe by default. Kitchen knives are not safe by default. Fire is not safe by default. Even childbirth isn’t safe by default, and you’d think that would’ve been solved generations ago by evolution.
I agree that we should work to make programming a common knowledge, like reading and writing so that everyone can build his computing environment as she like.
And to those who say it’s impossible I’m used to object that they can read, write and count just because someone else, centuries before, said “no, it’s possible to spread this knowledge and we have the moral duty do spread it”.
But all your example are wrong.
They are ancient technologies and techniques that are way simpler than programming: humans have learnt to master them and teach each generation how to do so.
We have to protect people.
The states and laws can help, but the first shield of the people against the abusive use of technology are hackers.
We must spread our knowledge and ethics, not exploit the ignorance of others for a profit.
The Montréal metro system uses RFID cards to pay, but as I understand it, without centrally tracking the buyer. Instead, the card itself records the number and type of fares bought.
This has an inconvenient downside: the only way to recharge the card is at kiosks in the metro. If you want to do it online, you have to buy a USB card reader that the Montréal transport society will sell you, so you can recharge your RFID card online.
I like this, but a lot of people are unhappy about the inconvenience of not being able to recharge the card online. So I think we’re going to be moving into a system where the cards are centrally managed, along with everyone’s purchase history of them.
It’s always so convenient to allow surveillance on ourselves.
The OPUS cards themselves are anonymous, but purchase info could be tracked if you don’t pay with cash. Cards can also be registered with STM at a service centre. This kills the anonymity factor but is useful if you lose it. I’ve gotten a free replacement this way without having to pay for a full fare again.
I found the USB card reader setup the STM came up with to be kinda lame overall. The last time I tried it (admittedly a couple of years ago), it required some deprecated NPAPI plugins that were no longer supported by their vendor and I had to whitelist them in my web browser, following instructions that would probably scare an average end user. The browser plugin mechanism they used has since been removed by the major browsers. The plugin also only worked on Windows and Mac when I tried it. The next time I tried to set it up, there were a lot of dead links on their website.
However, I get around the renewal hassle by signing up online for a yearly subscription. In this case, they send you a new OPUS smart card, which comes with some benefits (like only paying 11 of 12 months each year and getting a decent discount off of the Bixi bike sharing and/or Communauto car sharing programs, one free guest on evenings and weekends, and free rides on RTC in Quebec City after your first year).
This card is auto-renewed and you can access your account online, so you avoid waiting at the kiosk, and it saves you from having to buy the $16.66 USB card reader. Of course, it only works if you’re a frequent enough STM user to justify a yearly subscription. The yearly subscription cards are also automatically registered with the STM. If you want to take advantage of some of the benefits (free rides on RTC), you have to have your picture taken and stored on the back of the card. Before I did this, I would lend my yearly subscription out to my friends to use when I was travelling out of town but now I can’t anymore.
Since OPUS cards have been hacked several times, an artificial life span of 3 years is imposed so they can push out new revisions using different encryption methods.
I bought the USB card reader, anyway, because I like to collect gadgets. It was cheap and I wanted to mess around with OpenSC in Linux. It’s a Watchdata W1981-Plus and I believe it is the same device used by STIB/MIVB (Brussels) and RATP (Paris).
I had originally thought OPUS was a province-wide smartcard system but STO in Gatineau uses a different card, MULTI. To make things even worse, Ottawa’s OC Transpo, which overlaps some services with STO, uses yet another competing card- Presto, which is also used in the Greater Toronto Area. I’m really disappointed that a country with a population the size of Canada can’t get their smart card act together to standardize on one system. In the Netherlands, you use one card for all transit systems and it seemed to work beautifully.
Did you know “carte OPUS” is a pun on “carte à puce”?
(Not really, but it’s too good of a factoid to not tell it.)
Yep, it’s too close not to be intentional.
we have a similar system locally which allows recharging on the buses themselves (smaller buses let the driver access it, bigger buses have a vending machine) and in train stations, so you don’t have to go out of your way. It might be more convenient than online payments.
The problem with the Montréal system is that for whatever reason the fares are tied to calendar dates. If you want to buy a monthly pass, it can only start at the first day of the calendar month and ends at the last one. Weekly passes can only be bought from Monday to Sunday. This creates long lines at the start of the month, hence the desire to buy online.
It also makes it easier for people to hack their own cards in their possession to give themselves free rides. There’s possibly a cryptocurrency-like solution to this problem, that would make it possible for the transit system to centrally store the amount of money a given patron has loaded onto their card and used for farepaying, without tracking exactly where they go within the system, but I don’t think it’s a straightforward problem at all. Unfortunately, centralized tracking of where and when people get on and off the system is actually a very natural fit to the problem at hand of letting people pay for use of a public transit system.
Besides, public transit cars generally have security cameras, right? You can get tracked that way too.
At least for the Montréal situation, it’s probably far easier to just jump the turnstiles than to attempt any sophisticated trickery. I see people jumping turnstiles frequently enough.
I think if you have a system that most people will not abuse, it can all work out. No need to make it absolutely draconian and tamper-proof unless it’s an actual problem.
That was the main risk that critics said about the Mondex card from what I read. Too bad since it was one of only high-assurance, security developments in commercial sector.
Japan has a similar cash-card system (Suica, among others) that you can buy using cash and recharge online (although I think online recharging needs it to be tied to a bank account/mobile account, or to own a special, if common, card-reader/writer for your computer). I don’t see why the Montréal system wouldn’t be able to do the same, other than perhaps the slow-moving nature of the STM and the relatively small (compared to Japan) usage.
It is a pretty heavily used cash card though, so perhaps all the vendors (other than just transit) accepting it helps things like that along. Probably not as decentralized as I think it is, either, now that I’ve spent some time puzzling it out.
I would be ok with time limits. There are lots of business cases for tracking people to figure out a snapshot of how they are using your service. Rarely does that analysis really need to be massively historical (especially since the aggregates from a previous periods can be saved and compared).
The rule would be very simple:
The tricky thing would be distinguishing tracking data from content (e.g. email content vs. click tracking)
Even a lot of retention laws I’ve seen only require a certain number of years. Businesses collect endless piles because they hope they can monetize it. The other reason: they’re usually not responsible for the damage it causes when it leaks. So, we should make one or the other costly enough to reduce the practice or force them to up their security a lot.
I’m sure there’s value in understanding the ideologically best case scenario but without living in the real world, with established, incumbent legacy technological systems and social structures, this perfect case scenario has no possibility to be implemented, or get anywhere close.
For anything like these ideas to be deployed needs huge social change first.
The value of RMS is that he serves as a platinum standard against which to check proposals. What he suggests is usually not possible, but it is almost always right.
Or left, actually.
EDIT: Sorry, couldn’t help myself.
RMS really expands the discussion field a lot and without him, we would be making compromises from compromises – seen from a perspective that includes him. And frankly, things are (rather slowly) moving his way.
Exactly. Better to invest writeups in stuff that can actually happen since it meets real-world requirements.
“real-world requirements” like what?
Like how the market decided to avoid paid offerings in favor of free, surveillance-driven offerings to the tune of a billion users or so with tens to hundreds of billions of dollars going to those companies. Go tell everyone using Facebook, Google, freemail, Twitter, etc that they make money selling them out so they need to quit. They won’t. They value the free services over their own privacy, safety, and freedom at least as far as the surveillance impacts those. That some or most of them don’t fully understand the tradeoff they made doesn’t change the fact that they have most of the money and votes to dictate what going on.
Stallman starts with the premise that we’re for ideological reasons going to ban surveillance-oriented businesses by default. As in, people might give up Facebook, Google, freemail, Twitter etc. They’re not going to. So, his proposal isn’t grounded in reality to begin with. He should start with “Most people want this system, will give billions to those who build such systems in a way that grabs huge numbers of users, and will vote for politicians that protect such systems.” Then, his proposal needs to go from there to get the support of those people. Looks nigh impossible for his position to work if he starts with real-world requirements. Whereas, something like Europe’s data protection laws sounded good to me from the beginning as a starting point on addressing this stuff. At the least, I learned what Facebook had on me. ;)
If anything, what he’s really proposing is voluntary action that will be taken by niche companies who usually won’t be financially successful enough to fight governments or big companies in Congress or court. Knowing that ahead of time would make even fewer people join such a cause. Better to start with what’s going on in the real world in terms of existing user preferences, regulations, laws, etc. Then, work on improvements from there in a way that they’re marketable to users, customers, and/or voters.
i see what you’re saying but i don’t think any of those obstacles are truly requirements. for some people, constant surveillance of the entire population is a “requirement.” but really these are just forces that need to be overcome. i don’t know how you draw the line and say that some modest amount of change is possible, but RMS’s proposal is not.
That’s the most sensible and collectivism-free piece of RMS’s writing I’ve read in a long time. Bravo.
What does that even mean
I’ll let @Sophistifunk speak for emself, but I read this as referring to Stallman’s fundamental mistrust of proprietary anything.
Ok, now why is that supposed to be “collectivist”?
What the hell is “nur”?
A typo made by my oversensitive Samsung keyboard on my phone, which was set to German. “Nur” is German for “only so ultimately, it wasn’t that horrible.
OK, let’s look at the definition:
col·lec·tiv·ist kəˈlektivəst/ adjective adjective: collectivist
Stallman’s basic assertion is that individuals should not profit from the creation of software. They may profit from supporting said software, but in his view, software should always be free. I see this as a fundamentally collectivist philosophy.
What, no:
https://www.gnu.org/philosophy/selling.html
Setting aside that “the definition” is rarely a good argument in open-ended discussions, like these, Stallman doesn’t say that Individual aren’t allowed to profit from Free Software. It’s explicitly allowed and I remember having have read that Emacs used to be sold this way, before the internet, to fund the FSF. And secondly, it doesn’t matter if the software is sold by one person (an individual) or a company (a collective), the rules the GPL sets up stays the same: share your source while distributing software, recursively, exactly by intelligently twisting copyright law back against itself.
And in the end, the four software freedoms were formulated to protect individuals from harmful sodtware, as well as give them the ability to improve upon it, based on their needs.
This is just another example of how empty of an actual meaning the word “collectivism” actually is in practice.
What the hell is “emself”?
A polite way to refer to someone when you don’t know their gender.
I’ve never seen that before. What’s wrong with “themself”? Does it in some way discriminate against one of the two genders?
“themself” isn’t an established word either so i guess people pick and choose
At the time of writing I had no idea whether @Sophistifunk was a him or a her. https://en.wikipedia.org/wiki/Spivak_pronoun
That’s one of the better singular pronouns I’ve seen. It reads like a shortening of plural “them”.
“they” and “them” are already well established in usage as singular pronouns.
So you’re saying “I’ll let @Sophistifunk speak for themself” is correct usage in this case?
I’m not a grammar expert, so I’ll defer to your greater knowledge. I like and use Spivak because, as @pushcx said, it’s a polite way to express “I have no idea what the gender of the person I’m referring to is.”
Singular “they” has been used in English for hundreds of years. “Themself” is also ancient but was replaced by “themselves” in the 16th century. However, it has recently made a comeback.
“I’ll let @Sophistifunk speak for themselves” is perfectly correct formal English. “I’ll let @Sophistifunk speak for themself” is also correct by any reasonable standard, but may be considered informal by some readers.
The OED has a blog entry about ‘themself’.
I still like Spivak, but thanks for the pointer. That’s good to know :)
Mirriam-Webster has examples of how “they” is used for indefinite gender and number: https://www.merriam-webster.com/dictionary/they
They don’t have an entry for the word “themself” and suggest “themselves” instead: https://www.merriam-webster.com/dictionary/themself
I mean that it’s free of the “narrow-scope-communism” he’s usually on about. I don’t think I’m putting false words in his mouth if I say he firmly believes non-communal ownership of software (in the sense you can restrict what others do with it) is some sort of moral wrong and should be fought on all fronts. But I don’t want to call him a communist in the general sense, because he doesn’t go around saying private property in general is evil, just private property in the form of bits.
Maybe everything to your left looks communist-ish, but I can tell you for sure he’s not a communist. More like a typical left-leaning liberal, but not too much.
Was that somehow unclear?
[Comment removed by author]
I wish I could live in the same world RMS lives in.
[Comment from banned user removed]
Be the
diff
you wish to apply to the future source of the world.Nice
When I read that GDPR is not enough (which is probably true) I also remember myself that a tremendous amount of companies are totally panicked about this subject. Some friends are running some basic shops (not even online) some of them are pretty bad at technology. From their point of view, GDPR is another trick to kill little business in favor of bigger ones that will have no issues at following the directives.
The thing that keeps nagging me about GDPR is that the complexity seems to stem from the optionality of it. What I mean is that it’s harder to respond to selective individuals’ requests for information about data usage or deletion than it would be to just delete everyone after 90 days.
No question, it would be enormous amounts of work to age out PII that quickly. But at least it would be uniform instead of conditional.
Great article, and for Mr. Stallman, very even handed. So much to untangle to realize his proposal though. We need to figure out how to monetize without tracking, and that would seem to be a hard problem.
There are way too many ads in that article for me to take it seriously
In case anyone else doesn’t feel like reading the whole article, here’s what I took to be Stallman’s proposal:
I disagree with Stallman here.
If you surrender your data, then you do not have any right over them. If you upload your photos to facebook, then facebook has them.
For public utility, it is fine to restrict the collection and usage of personal data. But for private corporations, the private individuals should be able to decide for themselves if giving a corporation access to your entire search history for wifi access at the coffee shop is worth it.
More and more we are getting forced to use services that spy on us. Cash is being phased out for credit cards and mobile payments. I can’t even pay for parking at my uni without installing their mobile app. We need laws to protect us from these companies because they are impossible to 100% avoid.
[Comment from banned user removed]
That is literally what governments are for.
Shouldn’t governments primariy govern? For whatever reason, but usually something along the lines of “the common good” or “to protect (individual) rights”? But sometimes sadly also in the interests of the more powerful in society…
Not anymore… at least here where I live, Government is composed of people and people will have their own agendas which might not include protecting other people or even obeying the laws they’ve passed. I see government as an instrument of power, some will use this power to help society, others to accumulate wealth at the expense of society.
What your particular government does and what the purpose of the government is are two separate topics.
That is true but still, you can probably agree with me that when dealing with the real world, the creators intention has very little bearing in whatever usage people do of something. For example: the web was a way to share scientific hypertext and now we’re doing crazy stuff with it, or, tide pods were supposed to be used for laundry… governments, much like many other human creations happened over time, in different places, with different purposes. Monarchy is government but one can argue that historically it was not meant to protect people, dictatorships also work that way. We can say that the “platonic ideal of a pure and honest government” is to protect people but thats just us reasoning after the fact. There are no “letter of intention” about creation of government which all governments across time and space need to follow. What we perceived as “purpose” has very little meaning to what actually happens.
Personally, I find most interesting when things are not used accordingly to the creators intention, this creative appropriation of stuff by inventive users is at the same time what spurs a lot of cool stuff and what dooms us all, we here in Brazil have a moniker for it “Jeitinho Brasileiro” which could be translated as an affectionate version of “the brazilian way”. Everyone here is basically born in a fractal of stuff whose real world usage does not reflect its ideal purpose to the point that it is IMHO what makes us creative and cunning.
Well, monarchy was actually a simple protection racket. It enabled a significant growth of the agricultural society through stabilization of violent power — no raids, just taxes.
That’s unreasonable. Establishment of a democratic government is just a consensus seeking strategy of it’s electorate. A move from a simple racket to a rule of law that is a compromise of various interests.
In feudalism, people choose other people to follow. In democracy, people chose policies to enact. Both systems are very rough and fail in various ways, but democracy has evolved because it just makes more people a lot less unhappy than an erratic dictator ever can.
You seem to be alienated from the political process and perceive your government as something that is not actually yours to establish and control. That’s a very dangerous position for you to take, since government has a monopoly on violence. Of course others won’t take you automatically into consideration. That’s what you do every time you do virtually anything — you never take the full situation into account.
But you just can’t quite ditch the government… otherwise your neighbor might try building a nuclear reactor using whatever he got from the Russians, which is something you (and perhaps a few other neighbors) might be against. Then on the other hand, he might convince a few others that the energy will be worth it… so you meet up, decide on some rules that will need to be followed so as to prevent an armed conflict and in the end, some who originally opposed the project might even join it to ensure it’s safety and everyone will benefit from the produced energy.
Friend, lets agree to disagree. What you say do make sense, I am not saying you’re talking bullshit or anything like that, on the contrary, I find your arguments plausible and completely in tune with what I’ve learned at the university buuuuut my own country has been a monarchy, an “empire”, a monarchy again, a republic, a dictatorship, a republic again, an who knows what will happen before 2018 ends.
Our experience, is vastly different than what is explained above. I haven’t said we’re out of the political process, heck, I’ve organized demonstrations, helped parties I was aligned with, entered all the debates I could long ago, I was a manager for a social program, and am married to an investigative journalist. I am no stranger to political processes, but it is a very simplistic approach to say “(…) your government as something that is (…) yours to establish and control”, this sidesteps all the historical process of governments here and how the monopoly of violence is used by the powerful (which might or might not be actual government) with impunity on anyone who tries to pull government into a different path. Couple weeks ago, one of our councilwoman was executed by gunshots to her car (where a friend of mine was as well as she worked for her), killing our rising star politician, and the driver, and forever traumatizing my friend. I have tons of stories about people dying while trying to change things. Talking about the root of feudalism is meaningless to whatever is happening today. Today people die for defending human rights here (and elsewhere).
Academic and philosophical conversations about the nature and contracts of government are awesome but please, don’t think this shit is doable, lots of people here died trying to improve the lifes of others. I don’t know if you’ve ever been to a place like here, those conversations don’t really apply (we still have them though).
I do think it’s important for people to have the power to keep the government accountable. Without checks and balances the government looks after its own interests as opposed to those of its constituents.
I clicked at your profile with absolute certain that you’d be from Brazil. Now I’m kinda depressed I was right.
Can spot a Brazilian from miles away right? Don’t know if I laugh or cry that we’re so easy to recognize through our shared problems.
I can feel your pain (and I admire your courage for talking in a public space about the issues you see in your government).
But @Yogthos is right: we should not be afraid of our governments, at least not of democratic ones.
In democracy the government literally exists to serve people. If it doesn’t, it’s not a democracy anymore.
@soapdog @yogthos @dz This is an interesting discussion for me (though not appropriate for lobste.rs). Any interest in discussing this together, say over email or something else. I’ve always wanted to discuss this topic of government vs individual corporations but it’s a complex subject and hard to keep devolving into a bar-fight.
[Comment from banned user removed]
Change the name then, not the definition of what it is.
Why do you believe that is the purpose of governments? Can you imagine a situation where something recognized as a government doesn’t protect it’s citizens in some cases?
Is the government supposed to protect you if you put your hand in a garbage disposal, slip in the shower, or attempt suicide?
[Comment from banned user removed]
They’re definitely there to protect us. However, they’re also their own separate entity. They’re also a group of ambitious, often-lying people with a variety of goals. They can get really off track. That’s why the folks that made the U.S. government warned its people needed to be vigilant about it to keep it in check. Then, its own agents keep the individuals or businesses in check. Each part does its thing with discrepencies corrected by one of the others hopefully quickly. The only part of this equation failing massively is the people who won’t get the scumbags in Congress under control. They keep allowing them to take bribes for laws or work against their own voters. Fixing that would get a lot of rest in line.
We have seen plenty of protection of individuals by laws, regulations, and courts, though. Especially whenever safety is involved. In coding, the segment with highest-quality software on average right now is probably group certifying to DO-178B for use in airplanes since it mandates lots of activities that reduce defects. They do it or they can’t sell it. The private sector’s solution to same problem was almost always to lie about safety while reducing liability with EULA’s or good legal teams. They didn’t produce a single, secure product until regulations showed up in Defense sector. For databases, that wasn’t until the 1990’s with just a few products priced exhorbitantly out of greed. Clearly, we need a mix of private and public action to solve some problems in the marketplace.
Governments shouldn’t impose speed limits, people should just drive at reasonably safe speeds.
Just because a particular behaviour might be most beneficial to a person, does not mean they will do it. Because consumers’ behaviour has not changed (and will not), this type of surveillance has proliferated to the point it’s nearly impossible to escape, even for the most dedicated privacy advocate.
Funny you should mention that…the setting of speed limits to drive revenue irrespective of actual engineering and human factors is pretty well documented at this point.
But that’s precisely what fails when dealing with Facebook et al, isn’t it?
No matter how assiduously you or I might refuse to sign up for Facebook and its ilk, block their tracking scripts, refuse to upload our photos, our text messages, our data – other people sign up for these things, and give these services permission to index their photos and text message logs etc, and Facebook builds a comprehensive shadow profile of you and I anyways.
There is no avoiding or opting out of this short of opting out of all human contact, at this point, and the “simple”-sounding solution of “let every individual decide for themselves!” completely fails to engage with the collective consequences that everyone is losing privacy regardless of what decision they make individually.
When your solution doesn’t engage with reality, it’s not useful.
This will be true when everybody will be able to program and administrate a networking system.
That’s the only way people can understand what they are giving and for what.
Till then, you must protect them from people who use their ignorance against them.
You can’t protect people from their own ignorance, long-term, except by education.
You have to. No citizen can foresee the effects of all their actions. The technology we use today is too complicated to understand all of it.
That’s why generally everything needs to be safe by default.
The entire field of engineering is predicated on being able to do things without understanding how they work. Ditto beer brewing, baking, cooking, and so forth.
Bathtubs are not safe by default. Kitchen knives are not safe by default. Fire is not safe by default. Even childbirth isn’t safe by default, and you’d think that would’ve been solved generations ago by evolution.
Then why would we trust policies enacted by a handful of citizens deemed able to create laws any more than individual citizens making their own decisions? That’s a far riskier proposition.
~
We can’t make the world safe for people that won’t learn how to be safe, and efforts to do so harm and inhibit everybody else.
Try buying an oven that will spontaneously catch fire just by being on. It’s going to be complicated, because there are mandatory standards. And it’s a good thing they are this reliable, right? Leaves us time to concentrate on our work.
Because a lot of shouting from many sides went into the discussions before the laws were enacted. Much like you discuss your network infrastructure policies with your colleagues instead of just rewiring the DC as you see fit every once in a while.
No.
Engineering is about finding solutions by using every bit of knowledge available.
Ignorance is an enemy to fight or work around, but for sure it’s not something to embrace!
I agree that we should work to make programming a common knowledge, like reading and writing so that everyone can build his computing environment as she like.
And to those who say it’s impossible I’m used to object that they can read, write and count just because someone else, centuries before, said “no, it’s possible to spread this knowledge and we have the moral duty do spread it”.
But all your example are wrong.
They are ancient technologies and techniques that are way simpler than programming: humans have learnt to master them and teach each generation how to do so.
We have to protect people.
The states and laws can help, but the first shield of the people against the abusive use of technology are hackers.
We must spread our knowledge and ethics, not exploit the ignorance of others for a profit.