from: https://pluralistic.net/2020/06/09/war-crimes/#iot Nutrition labels for IoT A group of CMU researchers just presented "What Should Be on an IoT Privacy and Security Label?" at the IEEE Symposium on Security & Privacy. They present a model for "privacy labels" to clarify the privacy implications of IoT gadgets. https://www.computer.org/csdl/proceedings-article/sp/2020/349700a771/1j2LfTR... I confess that I was skeptical of this, but the labels themselves are *really* good, clear and legible. https://www.wired.com/story/iot-security-privacy-labels/ But...The more I think about this, the more my skepticism returns. We've seen tools like Privacy Badger and Ghostery that tell you how your data is being used by the websites you visit, but these haven't shown much efficacy in changing sites' behaviors. Historically, the best counter to these "antifeatures" in technology has come from a) self-help measures and b) regulation. We didn't kill pop-up ads by notifying users of which sites had pop-up ads so they could choose to go elsewhere. We gave them pop-up blockers. Today, the best way to deal with your alarm about Privacy Badger warnings is to beef up your script-, tracker- and ad-blocking. https://www.eff.org/deeplinks/2019/07/adblocking-how-about-nah And there's a role for regulation here, too, which can take many forms. We can simply prohibit certain conduct, like collecting, retaining or selling data outside of a highly constrained set of circumstances. Or we could establish a federal privacy law with a private right of action, so users could sue companies that leaked their data and collect statutory damages - a measure that would cause every insurer to instantaneously withdraw coverage for every surveillance tech company. Don't get me wrong. I love these labels. But there is a huge danger in documenting bad conduct without providing a means to counter it - the danger that you train people to accept the bad conduct as inevitable.