###############################
Sat Oct 16 10:57:40 AM EDT 2021
###############################

Security Industry: Why?

It's a generic question that I revisit from time to time,
approaching from different angles. Yesterday's? Consider how
much time, money, brain power, and CPU cycles are spent
protecting data that should never have been collected in the
first place?

When I posted the generic thought to the fediverse, I had
some response that included strategies to reduce our digital
footprint. And there it is: There's the "security industry"
begining with "Given that this is how it is, here's advice,
technical solutions, where to spend money, etc."

I was asked how a typical customer-vendor transaction might
be different to not require collecting user information, a
good thought exercise. My initial thoughts? Given the state
of current technology:

(1) I should be able to issue a payment that does not
identify me, the source of my funds, or what is purchased.

(2) A shipping contractor could be directed to pick up a
package and take it to a depot without knowing its contents
or destination.

(3) A shipping contractor could be directed to pick up a
package from a depot and deliver it to a location without
knowing its point of origin or its contents.

(4) With authentication and proper authorizations, I should
be able to track the purchase and delivery at each stage.

If you accept that all of that is possible, then you have to
question what information a vendor must collect about you, 
let alone what of that information would require protection.

So, where does it all fall apart? What forces cause things
to deviate from a system of near-zero knowledge and
data collection? Well, that's a thought exercise for another
time. For now, it's enough to raise the reminder: Challenge
assumptions.