> I long for a return to common sense. Maybe AI will do the trick, but I doubt it. Plenty of people are happy with behavioral prediction if it means convenience without caring about the implications.

The general population isn't going to care about "privacy" in the abstract, that kind of thinking reserved for an activist fringe. IMHO, the only way any progress will every be made on such abstract things is activists influencing government to force the changes.

The general population will respond to realistic fear and danger, though (e.g. witness all the rituals people do to avoid identity theft). Maybe the best way forward is to cultivate fear in people of losing their livelihood to AI, and present these privacy invasions as an attack on that front.

> The general population isn't going to care about "privacy" in the abstract,

Totally agree. It's better to frame it in terms of "Nvidia tracks every porn site you visit and what you do there" or "company x knows everything you buy online and sells it to anyone who can pay".

Well, be careful how you word it. At the core of the problem, nobody has control over their devices. If you beat a drum complaining about Nvidia having DMA access then you have to go after Apple and Microsoft next, which would probably lead to most people getting confused. If they found out about PRISM or XKeyscore, they would probably feel hopeless and give up.

Treating privacy in the abstract is how you help people meaningfully resist it. In the literal sense, we can do very little to ensure our privacy on consumer hardware.

> how you help people meaningfully resist it.

Poison the data wells to such an extent that data becomes unuseful. For hardware drivers, submitting plausible or random info may be a good start. For handset apps which send geolocation, developer mode which spoofs a city circle tour may be a good start.

Reminds me of what AdNauseum was doing. I like this tactic.

I agree.

That said, there's a huge difference between voluntarily offering up personal data in a public forum and having personal data extracted without your consent.

Maybe this is a bit of a hardline stance, but at this point I'd argue that not running extensions like Ublock origin and umatrix is implicit consent to have all that data collected. Not a strongly-held opinion, but boy does it seem like a properly-informed person would use protection to interact online with how diseased the internet has become.

Mind, neither of those are perfect, but they're Pretty Damn Good and everyone should be running something similar at this point.

> is implicit consent

I fully acknowledge that I'm a hardliner on this issue, but I don't believe that there is any such thing as "implicit consent".

Consent must be intentional, uncoerced, and fully-informed. Otherwise, it's not consent at all.

Oh, we're on the same page there. It is unjust and amoral that "implicit consent" is assumed when collecting data, but that appears to be how things operate.

We're in the Faustian era of the internet, though. The only winning move is not to play.

Another aspect--even if the disclosure is voluntary--involves channels which go through our evolved human social filters (like expectations of how that data will spread) and channels that bypass or subvert them.

For example, if I express a controversial opinion to a friend, some part of my mind is running a safety calculation on that, as well as considering who that person might tell and whether that would make next Thanksgiving with relatives awkward.

In contrast, I'm not thinking (even subconsciously) that some grammar checking software running on the other person's computer is going to pick up on the same keywords and then somehow ding my credit score.

The company or code isn't even a person present anywhere near the conversation. I have a reasonable expectation of privacy, and no amount of flim-flam in a ToS is changing that unless the code pops up like Clippy to signal its presence.