At #RealWorldCrypto this year, there was a session on "privacy-enhancing technologies".
-
At #RealWorldCrypto this year, there was a session on "privacy-enhancing technologies".
The first talk in the session was about a new encryption method for Tor.
The next two were painful examples of "a person cannot be convinced of something when their salary depends on them not knowing it".
Advertisers wants to collect signals about populations without being individually identifying. So let's talk about differential privacy techniques to let them do that.
One example was "Meta wants to know what percentage of its teneage users blocked a contact today".
At no point did they address the elephants in the room.
- Why do they want this data in the first place?
- What are they even doing with this signal?
- Have you considered telling them to fuck off and not collect it in the first place?
As tempting as it might be to hand wave it, and say "well yes but their business model depends on it", I say to advertisers, "then perish".
-
At #RealWorldCrypto this year, there was a session on "privacy-enhancing technologies".
The first talk in the session was about a new encryption method for Tor.
The next two were painful examples of "a person cannot be convinced of something when their salary depends on them not knowing it".
Advertisers wants to collect signals about populations without being individually identifying. So let's talk about differential privacy techniques to let them do that.
One example was "Meta wants to know what percentage of its teneage users blocked a contact today".
At no point did they address the elephants in the room.
- Why do they want this data in the first place?
- What are they even doing with this signal?
- Have you considered telling them to fuck off and not collect it in the first place?
As tempting as it might be to hand wave it, and say "well yes but their business model depends on it", I say to advertisers, "then perish".
Here's a privacy-enhancing technology for you to consider:
"No."
You don't need to know. You don't need to measure. The efficacy of advertising campaigns, market segmentation, and relevance targeting should be minimized for the good of humanity.
-
Here's a privacy-enhancing technology for you to consider:
"No."
You don't need to know. You don't need to measure. The efficacy of advertising campaigns, market segmentation, and relevance targeting should be minimized for the good of humanity.
"No" is a better privacy-enhancing technology than the state-of-the-art differential privacy techniques.
It's efficient! Not collecting data requires at most O(1) bandwidth, O(1) storage, and O(1) compute.
"No" is not "Maybe later".
"No" is not "Ask me again in 3 days".
"No" is not "Maybe after a few more beers", since many of the people that need to hear the first part of his message likely also needs the second.
-
"No" is a better privacy-enhancing technology than the state-of-the-art differential privacy techniques.
It's efficient! Not collecting data requires at most O(1) bandwidth, O(1) storage, and O(1) compute.
"No" is not "Maybe later".
"No" is not "Ask me again in 3 days".
"No" is not "Maybe after a few more beers", since many of the people that need to hear the first part of his message likely also needs the second.
I'm not sharing this to shit on anyone at #RWC2026. My favorite people in tech are often found there, and the organizers put a lot of thought, effort, and care into making the vibe good.
I also don't ascribe any malice to the speakers. They probably didn't think to ask these questions, and didn't think to put them in their slide deck. Maybe they've self-selected into an environment that doesn't foster that kind of inquiry. Maybe they considered it but cut it out for time.
But if we're going to talk about this sort of thing,, we need to actually address these questions, even if there isn't a comfortable answer.
-
I'm not sharing this to shit on anyone at #RWC2026. My favorite people in tech are often found there, and the organizers put a lot of thought, effort, and care into making the vibe good.
I also don't ascribe any malice to the speakers. They probably didn't think to ask these questions, and didn't think to put them in their slide deck. Maybe they've self-selected into an environment that doesn't foster that kind of inquiry. Maybe they considered it but cut it out for time.
But if we're going to talk about this sort of thing,, we need to actually address these questions, even if there isn't a comfortable answer.
At an earlier track, one of the invited speakers suggested using Fully Homomorphic Encryption to allow folks to have private conversations with an AI chatbot for therapy.
My mind was instantly filled with news stories of OpenAI and self-harm. Lawsuits from grieving families.
Are they deeply out of touch?
Or was it just "hmm, what do people want privacy for? I'll just throw a bunch of hypothetical examples of things FHE would be good for without interrogating them deeply"?
-
At an earlier track, one of the invited speakers suggested using Fully Homomorphic Encryption to allow folks to have private conversations with an AI chatbot for therapy.
My mind was instantly filled with news stories of OpenAI and self-harm. Lawsuits from grieving families.
Are they deeply out of touch?
Or was it just "hmm, what do people want privacy for? I'll just throw a bunch of hypothetical examples of things FHE would be good for without interrogating them deeply"?
@soatok my first read of this was “Homophobic Encryption” and I was like, what the hell is that… I don’t know what Homomorphic Encryption is either though
-
R relay@relay.infosec.exchange shared this topic
-
At an earlier track, one of the invited speakers suggested using Fully Homomorphic Encryption to allow folks to have private conversations with an AI chatbot for therapy.
My mind was instantly filled with news stories of OpenAI and self-harm. Lawsuits from grieving families.
Are they deeply out of touch?
Or was it just "hmm, what do people want privacy for? I'll just throw a bunch of hypothetical examples of things FHE would be good for without interrogating them deeply"?
During the coffee breaks and dinner conversations, everyone I talked to about these things echoed my frustrations.
In 2024, a speaker from Intuit spoke about their distributed key generation protocol. It involved multiplying a number by a hash. They did not elaborate on whether that's just a bigint operation or an elliptic curve group operation. @sophieschmieg was like, "Why would they do that? What if they set it to zero?" and the backchatter was full of "Why are the tax people rolling their own crypto?"
So, like, I'm not super worried about adtech rotting the RWC community.
-
During the coffee breaks and dinner conversations, everyone I talked to about these things echoed my frustrations.
In 2024, a speaker from Intuit spoke about their distributed key generation protocol. It involved multiplying a number by a hash. They did not elaborate on whether that's just a bigint operation or an elliptic curve group operation. @sophieschmieg was like, "Why would they do that? What if they set it to zero?" and the backchatter was full of "Why are the tax people rolling their own crypto?"
So, like, I'm not super worried about adtech rotting the RWC community.
Last thing: When I said "No" is a Privacy-Enhancing Technology, I didn't just mean an opt-out.
I mean the engineers growing a fucking spine and telling their boss, "No, we shouldn't collect this data in the first place."
-
Last thing: When I said "No" is a Privacy-Enhancing Technology, I didn't just mean an opt-out.
I mean the engineers growing a fucking spine and telling their boss, "No, we shouldn't collect this data in the first place."
@soatok and you can even pronounce that “no” like “the ROI on collecting that data is negative” because it is for basically everyone. The suits often need you to speak with an accent that way so they can hear you clearly.
-
@soatok and you can even pronounce that “no” like “the ROI on collecting that data is negative” because it is for basically everyone. The suits often need you to speak with an accent that way so they can hear you clearly.
@wordshaper @soatok but it isn't negative ROI otherwise business would treat privacy invading tech like the toxic waste it should be. But with a bit of work that dream could become reality.
-
@wordshaper @soatok but it isn't negative ROI otherwise business would treat privacy invading tech like the toxic waste it should be. But with a bit of work that dream could become reality.
@kusuriya @soatok oh, it absolutely is a negative ROI, it’s just that often businesses don’t properly account for the costs so don’t realize. There’s the cost to develop the data gathering, the network bandwidth to transmit the data, the storage and backup costs, the maintenance costs, the costs to do data analysis, the compliance costs, and the costs associated with responding to subpoenas.
The return is the impression of better targeting, which when analyzed for most businesses is… very small
-
@kusuriya @soatok oh, it absolutely is a negative ROI, it’s just that often businesses don’t properly account for the costs so don’t realize. There’s the cost to develop the data gathering, the network bandwidth to transmit the data, the storage and backup costs, the maintenance costs, the costs to do data analysis, the compliance costs, and the costs associated with responding to subpoenas.
The return is the impression of better targeting, which when analyzed for most businesses is… very small
@kusuriya @soatok it’s common knowledge that you get better returns from better targeting, and like for many things that are common knowledge it turns out to be wrong — the return on better targeting of ads is very often zero.
Then there’s the opportunity cost, because you could have had all those people and resources dedicated to actually doing what your business does, which is rarely actually data gathering.
-
@kusuriya @soatok it’s common knowledge that you get better returns from better targeting, and like for many things that are common knowledge it turns out to be wrong — the return on better targeting of ads is very often zero.
Then there’s the opportunity cost, because you could have had all those people and resources dedicated to actually doing what your business does, which is rarely actually data gathering.
@wordshaper There is also the issue of a fairly small but often *very* vocal and knowledgeable minority who won't hesitate to raise *hell* about companies collecting more data than necessary. **Especially** if that data collection is also undisclosed.
-
R relay@relay.mycrowd.ca shared this topic
-
Last thing: When I said "No" is a Privacy-Enhancing Technology, I didn't just mean an opt-out.
I mean the engineers growing a fucking spine and telling their boss, "No, we shouldn't collect this data in the first place."
@soatok When your only tool is a KPI, everything looks like a metric.
-
@soatok When your only tool is a KPI, everything looks like a metric.
