This latest reddit on internet privacy seems to circle around the same wagons- the main one being unknown culpability- where you unwittingly commit a crime that is then exposed for anyone (including your enemies and law enforcement) to discover.

 And while this seems like a good argument, where does the line pragmatically get drawn? It's easy to argue from the extremes- few would agree with complete anonymity in internet transactions, because that would guarantee malicious behavior doesn't get exposed for who's committing it. Full disclosure, on the other hand, leads us to today's article highlighted on Reddit. So what's in the middle?

 It's near impossible to give a correct answer because there's a factor that will always get in the way- companies can't guarantee any level of privacy regarding randomly collected personal data, not without giving away corporate secrets and security design. Not only from a legal standpoint is it impossible to guarantee client privacy, but from a bottom-line revenue standpoint, companies in this sensitive position risk giving away secrets of the trade. Search/Ad/Marketing companies are a prime example- exposing exactly how one's information is secured in an organization reveals a bit too much about how that information is stored and used. That might not seem like a big deal, but when you consider that one of Google's keys to profit is exactly the manner in which it stores and uses it's data, suddenly it becomes a really big deal. To use a financial metaphor (and this is dangerous for me because I risk getting this wrong out of ignorance), "search" companies are like hedge funds- disclosing the "how" exposes the value secret. It's the information that is even more valuable than the information it collects and protects.

 Disclosing storage and security measures to any discernible degree also gives the malicious a window on their target that will aid in their next attack. The recent Chinese hack of Google proves this- knowing how government backdoors were installed on their systems is exactly what provided the perpetrators their entry point. This is why companies like Google and Microsoft can't really disclose how they protect customer data, and instead there's a "trust us" marketing campaign instead of full disclosure.

 From my perspective, this makes internet security truly interesting, because the payment card industry (PCI) goes to great lengths to ensure proper security measures and information resource controls. This seems obvious by itself, but are search engine companies' information not just as valuable (if not, more so) than credit card companies' data? And yet while a mom+pop online store needs to be careful about it's credit card practices (to the point of paying money for 3rd party compliance guarantees), Google presents what to the public to prove it's security? Tangibly nothing.