Online Privacy: An Endangered Species

· Deutsche Version
Online Privacy: An Endangered Species

Last week, cybersecurity expert Bruce Schneier published an interesting blog post in which he (together with co-author Barath Raghavan) argues that online privacy is continuing to decline for the same reason overfishing occurred in the last century – due to the “Shifting Baseline Syndrome.” The presented analogy is a powerful one, but we still feel that it falls flat in some regards, and in reality, online privacy might even be worse off than suggested.

Schneier states that while scientists started to notice a decline in certain fish populations in the mid-20th century, they failed to grasp the actual scale of the problem for quite some time:

One scientist, Daniel Pauly, realized that researchers studying fish populations were making a major error when trying to determine acceptable catch size. It wasn’t that scientists didn’t recognize the declining fish populations. It was just that they didn’t realize how significant the decline was. Pauly noted that each generation of scientists had a different baseline to which they compared the current statistics, and that each generation’s baseline was lower than that of the previous one.

According to Schneier, the decline in privacy is similar to the decline in fish populations along the following lines:

  1. First, there was privacy in computing (= there was an abundance of fish in the sea).
  2. Then, new technologies came along, making it a lot easier to invade people’s privacy (= to catch fish), and companies gradually intensified their practice of exploiting people’s data (= of exploiting the ocean).
  3. Now, each generation only compares the current level of online privacy (= the current fish population size) to the level of the generation’s starting point.

Because we have lost reference to the proper baseline (i.e., to the initial or natural state of affairs), Schneier argues, we don’t see the big picture anymore and are okay with the downgrade in privacy that’s continuously happening.

  1. Why was the historic decline in fish population not passed on from one generation of scientists to the next? This not only amounts to a massive scientific failure but to systematic ignorance. (Besides, it would seem that there’s always some overlap between generations; a clear cut along with the complete loss of reference to the prior baseline seems implausible.)

  2. Even without knowledge of the prior baseline, if scientists learn that some fish population is currently declining at the rate of 80%, why would they assume that this drop has only just started?

  3. If scientists know that a fish population is currently declining at a rate of 80%, they must be able to calculate how long it will take until this population goes extinct, which should be of major concern regardless of the prior baseline.

Where the Analogy Falls Flat

Schneier seems to suggest that the proper baseline for online privacy is the point in time before computers were connected to a global network. This time isn’t so long gone that none of today’s Internet users can remember it. Thus, the spectrum of Internet users’ age should, to some extent, correlate with the spectrum of how problematic they consider the current level of online privacy to be.

In other words, older users (who have experienced a time before the Internet) should perceive the status quo as problematic because they still refer to the proper baseline, whereas younger users (who have only just begun using the Internet) should have practically no issue with the current level of online surveillance because it differs only slightly from their frame of reference.

However, privacy awareness doesn’t seem to be tied to age in such a strict, straightforward fashion. Many other factors possibly also play an important role, and it should be safe to assume that younger people tend to be more tech-savvy, which, in turn, could translate to greater awareness of all the ways in which one’s privacy may be invaded online.

Landscape Amnesia

There is another concept that can both explain the continuing decline in online privacy and account for the existence of older Internet users who don’t (particularly strongly) object to digital surveillance: Landscape Amnesia.

According to Landscape Amnesia, the baseline shift isn’t generational but continuously occurs on the individual level. This would mean that we don’t have a fixed baseline set at some starting point but that we, as individuals, slowly adapt to incremental changes.

If asked whether our neighborhood has changed a lot in the past decade, we may be inclined to say no because we’ve come so accustomed to the many small changes that have occurred over time. Someone who’s been away for ten years, however, might argue that they almost don’t recognize the place because so much has changed in total.

The same could hold true for online privacy. Our situation may be similar to the one the boiling frog finds itself in: even though it would immediately jump out of boiling water, according to the urban legend, it accepts (or neglects) small increases in temperature until the water finally starts boiling and the poor frog is no longer able to jump out.

In the same vein, most of us probably wouldn’t agree to being tracked, monitored, and surveilled in almost any interaction with a digital device if this change happened overnight. But because it has occurred slowly and gradually, we suddenly find ourselves in a situation where it’s perfectly normal to always carry around a mobile device with the capability of monitoring every step we make, literally and figuratively.

New Technology, More Surveillance

There are, however, two other factors that may contribute to our acceptance of the continuing decline in online privacy. For one thing, this decline is often accompanied with positive advancements, such as the introduction of convenient new features or innovative technologies, which detract from the negative impact on privacy.

In cases where everything else stays the same and only privacy takes a hit, the public’s opposition is typically stronger (e.g., when WhatsApp was acquired by Facebook back in 2014 or when it changed its privacy policy in 2021, Threema’s user base saw a considerable increase as a result). A worrying and noteworthy exception, however, are current bills such as the so-called “Chat Control,” which has not yet met significant resistance from the civil society.

The other factor is that online privacy is abstract, intangible, and in some regards hard to grasp. For example, we can’t measure how much online privacy has declined in the same way we can measure how much a fish population has declined. And it’s not like if we don’t act right now, then there will be an irrevocable real-world consequence such as a species going extinct. But this doesn’t mean that the situation isn’t alarming.

The Privacy Paradox

The abstract, virtual nature of online privacy can potentially also account for the Privacy Paradox, according to which people claim to value their privacy on the one hand, but continue to use online services that invade it on the other.

If someone is told that their messaging service collects metadata (i.e., information about who’s communicating with whom, when, where, etc.), a typical reaction may be that while this probably isn’t ideal, it can’t be too bad as long as the actual messages are encrypted. That’s not to say, however, that this person doesn’t value their privacy. It’s simply not immediately apparent how intrusive and revealing metadata can be. And it’s not easy to explain in what way the accumulated data set is more than the sum of its parts or how it speaks volumes about the user.

To illustrate that people wouldn’t share personal information as readily in real life as they’re comfortable doing online, we once offered ice cream free of charge in exchange for personal information. Of course, this wasn’t a scientific experiment but an awareness campaign, and the results are purely anecdotal. However, it could very well be that due to the fact that this scenario was not virtual, almost no participants were willing to share personal information, while in digital space, it’s typically the other way around.


As we have seen, stopping the decline in online privacy doesn’t seem to be as easy as shifting back our baseline to the time when computers weren’t connected to the Internet. Besides the baseline shift that occurs on the individual level, there are (at least) two other factors that may contribute to our acceptance of a continuing decline in online privacy.

For one thing, digital surveillance is often accompanied with exciting new technologies or other positive advancements that detract from the negative impact on privacy. For another thing, online privacy can, due to its abstract nature, be quite hard to grasp. Add to that the fact that we’ve become pretty dependent on the tech that’s spying on us. Like the frog, we’re probably at a point where we can no longer simply jump out of the water.

What we can and should do is try to find convincing ways to highlight the importance of online privacy, make the subject easier to grasp by bringing it down to a less abstract level, and show Internet users what consequences their day-to-day decisions actually have in terms of privacy. – A recent initiative that’s trying to achieve just that is the Privacy Checkup.