"The pervasive nature of modern technology makes surveillance easier than ever before, while each successive generation of the public is accustomed to the privacy status quo of their youth."

The key, as Bruce Schneier argues here, is not to compare with our own baselines, but to take a step back and consider what a healthy ecosystem would look like in its own right.

The underlying story here is that Microsoft caught state-backed hackers using its generative AI tools to help with their attacks, and people were less worried about the attacks themselves than about how Microsoft found out about them. It's a reasonable worry, and I thought the same thing: if Microsoft found this, then they're likely more aware of the contextual uses of their platform than we might assume.

This is certainly less private than computing was twenty or thirty years ago. But it's not a major iteration on where we were five years ago, and without intervention we're likely to see more erosion of user privacy over the next five years.

So what should our standards for privacy be overall? How should we expect a company like Microsoft to treat our potentially sensitive data? Should we pay more for more security, or should it just be a blanket expectation? These are all valid questions - although I also have ready, opinionated answers.

Perhaps the more important question is: who has the right to come to a conclusion about these questions, and how will they be enforced? As of now, it's still open.

#Technology

[Link]