The launch of Threads, Meta’s alternative to Twitter, has reinvigorated discussions about privacy and data ownership. A number of smaller Mastodon instances have preemptively defederated Threads, people have concerns about Meta launching yet another social app and getting even more data, etc.

Personally, I believe that we’re in the midst of a moral panic our grandkids will be laughing about.

A moral panic is a widespread fear, most often an irrational one, that someone or something is a threat to the values, safety, and interests of a community or society at large.

I often see people confusing different privacy-related things and using weaponized language to convince you something is bad. Just look at the terms thrown around. You need to protect your privacy and fight the surveillance as if these people are living under Stasi or trying to fight the statewide network of spies—the words we choose matter. By framing the problem in the right context, you can position yourself as the winner without even making a move.

‘Facebook sells your data’ sounds bad. ‘Surveillance’ sounds bad. But it doesn’t sell your data, and it’s not surveillance. If you can only articulate why you dislike sometime with rhetoric that isn’t actually true, that tells us something in itself. Benedict Evans

Meta isn’t selling your data. Meta is selling an ability to show precisely-targeted ads to relevant audiences. Some companies want to sell you their product. This list includes everyone from Unilever to a local car shop that needs people who drive Chevrolet and live nearby.

Show Me The Harm

Most of the time, privacy proponents cannot provide evidence of harm experienced by anybody involved. You could come up with some examples. After several US states made abortions nearly illegal, people realized the government could demand Google to share its search and location data to prosecute women using those clinics. It’s true that if Google, Meta, and others didn’t keep this data, this “attack vector” wouldn’t exist. While this situation is extremely unfortunate, we must agree that the actual bad actors here are state governments, not Google. It’s very reasonable for services to keep the history of your searches and location data to provide better recommendations (even if this allows them to target ads better), and they have to follow the local laws (even if they’re barbaric). The reason people blame Google is twofold. Some dislike them, while others trust Google more than their government, which is why they put pressure on the former.

Other than this, all you can likely find is the old anecdote about a parent learning their daughter is pregnant because of targeted ads. This story doesn’t seem to have any solid foundation, though.

Finally, there was Cambridge Analytica. In 2018 everyone was raving about the dataset scientists gathered from Facebook and shared with third parties that basically “allowed either Trump or Russia to change the outcome of the US elections”. Except it didn’t. Because the U.K. Information Commissioner’s Office released a lengthy report that found Cambridge Analytica’s work didn’t affect either of the elections. Marketers can promise you a lot, doesn’t necessarily makes it true. Cambridge Analytica used the fact Facebook had a more open API at the time and couldn’t enforce what users would do with the data. Yet when they closed it down, a lot of people were unhappy.

Instagram Isn’t Listening To You

Some have even been convinced Meta’s apps are listening to everything you say via your smartphone’s microphone! How else would they know to show me an ad for a thing I discussed with my friends but never searched for?!

They don’t listen to you, because:

• It’s technically-challenging
• It’d be trivial to detect
• They don’t need to

Because if you talked to your friend offline, you likely were at the same place, which allowed Meta or Google to put you in the same lookalike audience and try showing you the same ad. This is why you might see something your partner is looking for online – because you spent a lot of time at the same location (be careful with your gift research). The modern adtech stack is simultaneously complex and much simpler than you imagine.

Some could say even this concept is creepy. I get that. There’s a difference between an intelligence officer watching my every move and a soulless black-box algorithm that doesn’t care about me and is only trying to optimize ROI for a certain creative. What makes me worried is exactly the governments collecting data they have no legitimate use for from their citizens.

You Aren’t the Product, You Use The Product

You’re not just losing privacy because you sinned. In return, you get access to enormous free services. I’ve long advocated for advertising-funded services because of how egalitarian they are. It’s easy for a middle-aged person born in the US to claim they’d rather pay for everything than watch ads. The only reason I got into tech is that as long as my parents paid for the Internet access (dial-up at first), I had access to all the content out there.

There’s value in targeted advertising. It’s one of the best vehicles for businesses to reach their customers. There’s a reason Apple uses two very different warnings for ATT and its own advertising engine. They try to make it sound like what they’re doing is fundamentally different, but it’s not. Apple believes that anything you do on your iOS device is their “first-party” for them but “third-party” data for Facebook.

It’s “Personalized Ads” for Apple, but scary “Tracking” for everyone else, and Apple turns their option on by default.

Sometimes I myself prefer the ad-free experience. I pay for the ad-free tier on Netflix. But there are services, like social networks, that only truly work if everyone can use them for free at all times. And you likely underestimate how much services like Instagram or Gmail would cost you in their ad-free version. In 2022, Facebook’s (the “Blue App”) ARPU worldwide was around $39.65 (per annum), but in the US & Canada, some of the most profitable regions for them, it was $206.44. Are you ready to pay $17 per month for Facebook?

But if they make so much money on us, they should pay us!

I’ve seen countless attempts to build startups aiming to do this, both for the conventional web and in crypto. All have failed. Your information doesn’t cost that much by itself (if you don’t believe me, try finding a buyer). It becomes valuable when ingested into black-box algorithms at Google and Meta that operate petabytes of data and know how to extract value from it. Oil isn’t the best metaphor for this, the closer one would be sand when it’s turned into advanced microprocessors by TSMC.

Confusing Private Things and Behavioral Data

To make things even more confusing, people conflate some very different concepts under the same umbrella. Personally, I’m OK with targeted advertising, and I understand what it requires. I’ve bought many things off Instagram ads and specifically permitted it to track my activity.

There are cases where I care much more about the security of my data. I wouldn’t want my home address to be shared with strangers. I don’t want my medical or financial records to be publicly available. Sometimes I get notifications from 1Password about yet another hack of some services that potentially includes basic details on me, such as my name, email, and my password. These rarely include credit card details because not every website keeps them, and the ones that do have to care much more about this due to reason and regulation.

I don’t like such events because they could very easily lead to harm. It’s not about algorithms reviewing my “data” to generate revenue, it’s about humans using it against me to their advantage. Nobody can just bribe Facebook to get your data out. All big platforms care a lot about their data, this is one of the things that actually improved since Google and Facebook started dominating the online advertising market.

Some things are almost borderline. They usually happen because of incidents or miscommunication. In 2010, Google admitted that the cars used by Google Street View projects collected 600Gbs of data from open WiFi networks in Germany. The cars were fitted with antennas that look for WiFi networks and use the data for their location services. I doubt they could have used that payload data, but they should have been more careful.

Another thing that comes to mind is tech companies storing voice command recordings to assess and improve the quality of speech recognition. I’d expect something like this to happen, but they should warn about it in advance and give you an opt-out if you want it.

***

I’m not against privacy, and I understand why people might not want someone to track web pages or apps they use. But it’s important to remember that there’s a trade-off and be prepared for the outcome. While I don’t like most of the GDPR applications, which just make many reasonable things illegal and solidify the monopoly of the largest tech advertising companies, allowing users to export their data or demand their account to be deleted is a good development. Creating a framework that incentivizes companies to safeguard users’ data and punishes them for leaks is also important, although I think we should be reasonable. In their desire to punish the American tech companies, the EU is too trigger-happy to issue fines exceeding what oil companies paid for the largest spills.