Online Privacy does not Equal Data Ownership

created Apr 3, 2019

Many people, including the group that created or supported Europe's GDPR, incorrectly believe that they own their data when they voluntarily choose to give their content to Facebook and other silos for free.

When people choose to use Facebook or any silo for free, then that old saying applies.

When you use a product for free, then you are not the customer. You are the product being sold.

Maybe Facebook should charge users a $100 a year or $250 a year to use their infrastructure. Facebook built the software and hardware configurations to handle a ton of user activity at scale. That ain't cheap work. But users get to use that amazing computer architecture for free.

And then for some strange reason, some people believe that they still own the data that's stored on the system built and owned by Facebook. Sigh.

If people want to own their data, then they should host their data on their own websites that use their own unique domain names. Their online identities should be their own websites. They should also keep copies of their data on some kind of backup medium.

The IndieWeb is all about users owning their data.

The IndieWeb is a community of individual personal websites, connected by simple standards, based on the principles of owning your domain, using it as your primary identity, to publish on your own site (optionally syndicate elsewhere), and own your data.

own your data is an IndieWeb principle with two key parts: 1) your data lives primarily on your own domain, and 2) you maintain usable access to it over time.

First, using your own domain gives you control over where people find and interact with you online. When you migrate to a new hosting provider or CMS, if your site stays on the same domain, everyone will still find you, regardless of whether they follow your site in a reader, land directly on your permalinks from other sites or search engines, or even type your domain directly into a browser.

Commit to owning your data by using your site, instead of a silo, for each silo you currently use.

Each silo you stop directly using (POSSE is ok), and use your own site instead, is a step forward in owning your data.

A more incremental but still significant step is stop posting a particular type of post to a particular silo, and always use your own site to publish that type of post instead of that silo.

The above IndieWeb concepts make sense. The following article and some of the Hacker News comments seem silly to me.

"Privacy Is Just the First Step, the Goal Is Data Ownership"

If I give a desk table to someone, I no longer own that table. I cannot dictate to the new owner how to maintain that table. If the new owner decides to sell the table, that's the new owner's right, and I have no say. I don't deserve a portion of the sale. I gave the table away.

I don't understand the thinking of people who CHOOSE to give their content to silos, which means those users no longer own their content. The silos own it, and the silos can do whatever they desire with the content, which is how the silos earn revenue.

If users want to earn something from their content, then the users need to monetize their own websites or figure out how to monetize their silo accounts. People make money from their YouTube accounts.

Once users give their content to the silos, then the users should never have a say in what happens with their content because it's not their content anymore.

In addition to surrendering their content, the silo users promote consolidation and centralization of the web, and the silo users are harming the open web, unless they also post their content to their own websites.

Top comment in that HN thread:

It's been a while since I disagreed this much with a privacy-related article. It's a good reminder to me that the privacy community is reasonably diverse, and that different people can advocate for the same policies for very different reasons.

I advocate for privacy a lot, but my end goal definitely isn't data ownership. If anything, I'd like to see IP protections start to go in the opposite direction. I'm not against the idea of copyright as a purely practical invention, but I certainly don't believe anyone has an intrinsic moral right to a monopoly on creative or factual information.

So I take some issue with the idea that privacy is just a gateway to something else. To me, privacy and anonymity are the end goal. There's not a secondary, deeper issue behind that. I'm not mad that Facebook is making money off of my information, I'm mad that they were able to get it in the first place.

I don't understand that last sentence. Did Facebook steal the user's data by using a nefarious native mobile app? Or did the user give his data to Facebook? If the latter, then sorry, the user has no logical reason to be mad.

HN comment:

Wow everyone on here defending tech giants owning their personal data. Is this Facebook trolls working their propaganda?

What exactly do we stand to lose if Facebook can't aggregate data on a level akin to a hyper advanced dystopiam government? Are we worried out advertisements will become less funny? Are we worries well be less manipulable on a mass scale? Are we worried well have options on our tech overlords instead of being stuck with 4?

Its my data and I should own it.

WRONG. You don't own your data when you give it to Facebook or to any other silo.

Just like I can't login to Facebooks servers and take their data. The only thing that separates Facebook from having privacy and the user is Facebook has billions of dollars of leverage. But hey if yall like billionaires owning you then let's keep it up - let's not say we own what's ours. Make the billionaires even stronger.

Over 100 comments exist in that thread. I have not read every comment yet. I'll wait until the thread activity dies down, and then I'll read everything. But it's possible that this reply comment below to the above nonsense will be the best comment.

Its my data and I should own it.

Then don't give it to them.

Is this Facebook trolls

I personally don't use facebook, and don't advocate for others to use facebook. If you do use facebook, then you are accepting the deal they have offered you.

What exactly do we stand to lose if Facebook can't aggregate data on a level akin to a hyper advanced dystopiam government?

This is how facebook makes money, and stronger how they survive as a platform. If they couldn't do this, then more then likely we would lose facebook. I personally don't see this as such a huge loss, but apparently you do.

What is the net worth of Facebook's infrastructure, including the humans who support it? Users can use this infrastructure for free if they surrender ownership of their content, which they do as soon as they post it to Facebook. That's business. If people don't like it, then they should not use Facebook nor any other silo. This is an easy concept to grasp.

Excerpts from the article:

The real issue here is data ownership. A news story from The New York Times is freely accessible to anyone, and if someone takes that story and tries to make money off of it, we all acknowledge this is stealing.

Ditto for my personal website here and anyone else's personal website, unless they list a license that states differently. Of course, I would have to be made aware that such stealing and monetizing of my content by someone else has occurred. But if I learned about such behavior, then I have a right to take legal action.

My website hosted at a unique domain name that I lease equals my data. In my opinion.

Even though I host this site on a server at Digital Ocean, DO does not own my data. I routinely backup my data to a server in our home. I can move my data to AWS or Dreamhost or wherever. Digital Ocean does not get to keep my data. DO cannot monetize my data for their own benefit.

More from the article:

Yet if Facebook takes your words, location, and preferences and sells them, this is not (yet) considered theft. Why not?

Takes? What does the author mean by "takes?" Does he mean Facebook steals my data, whatever that is, even though I do not have a Facebook account?

It's not taking data when users GIVE Facebook their data. The new owner of my desk table did not take it from me. I gave the table to the person. If the person broke into our home and stole the table, then that's a crime.

Facebook is not breaking into our computers and stealing photos of babies and meals and posts about going to concerts. People create that info on Facebook's platform, which means the users gave Facebook their data.

Man, that article is confusing. Now I don't know what the subject is.

Is this about silos stealing data, or is this about users freely giving their data to silos that monetize it? If the latter, then the article is irrelevant.

The author's rambling metaphor about an apple orchard is also confusing. In my opinion, a better metaphor would be an apple orchard owner giving away apples to friends or to whomever. And the recipients of those free apples decide to make apple pie and apple sauce and sell those items at the farmers market.

What can the apple orchard owner do? Nothing. The apple orchard owner does not deserve a cut of the revenue, earned by the people selling the apple pies.

The apple orchard owner should not give away apples for free. The orchard owner should charge people a fee to visit the orchard and to collect the apples. I have paid fees to apple and strawberry farms to pick their fruit.

If Facebook is breaking into my personal email account that is hosted at Fastmail and stealing my data, then obviously, that should be illegal.

But I don't think that's what the article and the HN thread are about. To me, the article and thread are about users freely surrendering their content to Facebook, and then for some strange reason, still expecting to be owners of that data.

From the article:

We can't own our data if we're giving it away for free and without consent.

Huh? I don't understand that sentence. If users gave away their data for free, then that implies consent, in my opinion. The users agreed to the silo's terms of service.

The users chose to create accounts at Facebook. Facebook did not force users to create accounts. The users agreed to Facebook's terms of service without reading the document. They logged into their Facebook accounts. The users choose to post their content to Facebook. How is this without consent?

Facebook is a for-profit business. That's not a revelation. Facebook stores all user interactions that occur within the service. That's also not a revelation. It helps feed their algorithm for displaying content. Facebook repackages all of this data to sell targeted advertising. That's business. Facebook has been doing this for years. Again, nothing new here.

I'm guessing that most users do not care about the above paragraph because they get some kind of value from using Facebook.

A Possible Solution

What we need is a digital locker that encrypts all our data and stores it for us. Then, if an app or company would like access to it, they would have to ask us directly. For that we would need a marketplace where potential customers for our data could browse our inventory and purchase what they need.

A better solution is don't use the silos if you disagree with their business practices. Find other means to stay in contact with people and to create and share data. It's possible to do this without Facebook and other silos, but it seems that some people are too lazy to seek alternatives.

The best solution, however, is not to use the internet. [eye roll]

HN comment:

The solution, as I imagine it, is the following:

  1. data for web apps should be stored separate from the servers as the code.

  2. this separate data store should be owned by the user (not the provider of the web app).

  3. user should be able to point the web app to another datastore if needed.

so, for example, if you user basecamp for project management. basecamp should be designed so that all data writes happen to a separate database or datafile. the data that i enter in web app (basecamp) should never be stored on basecamp servers. at setup i should be asked for a data store location (that I pay for and manage).

ofcourse, for non-privacy consicous customers, the existing status quo option can also be provided.


Basecamp charges a fee to use their service. If I'm satisfied with Basecamp, then I'll gladly pay them the fee, which will help Basecamp maintain and improve the service. That's business.

If I want Basecamp to function like the user above suggests, then I should CHOOSE to use something else, or I can CHOOSE to build the program myself.

If enough people desire the service to run like the user above suggests, then someone will build the service and compete against Basecamp.

Another HN comment:

The article presents an economic model of privacy. While I think that is important (and part of the argument for the indieweb - ) there are more arguments to be made about privacy ...

The HN thread contains 113 comments thus far, and that's the only comment that mentioned the IndieWeb. At least it was mentioned once.

I guess that I live in my own filter bubble too (what a shock) because it's surprising how many HN users are seemingly unaware of the IndieWeb concepts.

indieweb has all the things