I don't see how a regulated entity is better in any way than an individual.
We repeatedly see attacks on freedom and privacy by the people who are supposed to protect them, those so-called "regulators": chatcontrol, recent UK backdoor wishes, repeated French proposals to enforce DRM even on opensource. And I wouldn't even google Russia, China, or other less democratic states.
Regulated is probably worse than some anarchistic who-knows-by-whom software, but FOSS and auditable these days, tbh. Especially as everyone's audit capabilities grow day by day with AI. It's kind of good at grinding tons of code.
A heavily regulated entity with all licenses in the world might be more hostile toward users than some niche project.
> I don't see how regulated entity is better in any way than individual.
I feel you. Regulatory bodies have definitely fallen short in many cases, and we've seen concerning proposals from governments that threaten digital privacy and freedom. "Who watches the watchmen" seems incredibly apt nowadays.
However, I feel there's a fundamental difference between imperfect accountability and no accountability at all. With a legal entity governed by stated policies, users have:
1. Transparency about who makes decisions and how
2. Clear terms that create binding commitments
3. Legal mechanisms for recourse if those commitments are violated
4. A persistent entity that can't simply disappear overnight
Perfect? Not really. The ICO in the UK, for example, hasn't been amazing at enforcing data protection. But the existence of these frameworks means that accountability is at least possible - there are levers that can be pulled if someone can be bothered to.
In contrast, with software maintained by anonymous or loosely affiliated individuals, there's no structural accountability whatsoever. If privacy promises are broken, users have no recourse beyond abandoning the software.
FOSS and auditability are valuable safeguards, sure, but they primarily protect against unintentional privacy violations that might be discovered in code reviews. They don't address the human element of intentional policy changes or decisions about data collection.
> I feel you. Regulatory bodies have definitely fallen short in many cases, and we've seen concerning proposals from governments that threaten digital privacy and freedom. "Who watches the watchmen" seems incredibly apt nowadays.
Many regulatory bodies seem to constantly fall short of what they are supposed to do and then demand more money and powers to continue to fail at what they are supposed to do.
At what point would you accept that they maybe not fit for purpose and other solutions should be considered?
It maybe better to put resources into educating people on how to protect themselves from privacy breaches or minimise the impact.
The only thing I've ever seen from the ICO is a letter saying that if I have customer data I have to pay them a fee or pay a fine. Then I have to go through the inconvenience of telling them I don't have any, so I don't have to pay this fee.
I never see regulatory bodies demand money or powers. That's private companies and law enforcement, respectively. Regulators seem to be staffed by skeleton crews allowing them to take on one case a year, and the Google-tier customer support that entails.
> I never see regulatory bodies demand money or powers.
It happens quite often after a big failure. I've worked in government myself as a contractor and seen huge amounts of waste while completely failing what they were supposed to be doing. I left after a few months (I was asked to stay) because I was utterly disgusted by it.
> That's private companies and law enforcement, respectively.
Law Enforcement most certainly, but private companies that just isn't true.
Maybe if you are at some large corporation, however generally waste at large corporations I've seen is due to having to cancel projects because of situations changes e.g. I was working on a large project to that was to integrate the platform with Russia, that got cancelled for geopolitical reasons.
Most private companies aren't large corporations though and most work is done by a few super stars in the company.
We repeatedly see attacks on freedom and privacy by the people who are supposed to protect them, those so-called "regulators": chatcontrol, recent UK backdoor wishes, repeated French proposals to enforce DRM even on opensource. And I wouldn't even google Russia, China, or other less democratic states.
Regulated is probably worse than some anarchistic who-knows-by-whom software, but FOSS and auditable these days, tbh. Especially as everyone's audit capabilities grow day by day with AI. It's kind of good at grinding tons of code.
A heavily regulated entity with all licenses in the world might be more hostile toward users than some niche project.