To commemorate today being Data Privacy day i made a writeup for OpenProducts on how we see the current situation. Since i think this is important stuff i also publish it here.
Users today have practically no control over their personal information. Most often they even have no clue on what information is gathered of them while they go on with their day to day life on the Internet, even less on how it is used. I say that its time that we take back control of our online presence and create a fairer Internet.
This is the first blog post in a series of articles discussing Internet privacy, data collection, and mass surveillance. In this first post we start by talking about the problem how the Internet works today, how most people use the it, and how they most often are being used by big data corporations and what could be done to mitigate these inequalities.
The current state of the Internet
Today most home users use either their local ISP at home connecting to the Internet or by using a smart phone or tablet connected to the Internet via an 3G/4G connection. Their day to day usage is typically centered around a few heavily used sites. Sites such as Facebook, Google with Gmail, Youtube, checking in at Foursquare etc. I would say that there are usually four or five major sites that the average end user visits daily. Long gone are the diverse landscape of Internet of only a few years ago.
Using cloud services such as Google’s personal information management services, Facebook’s social network or Snapchat to keep in touch with friends, can be a pleasant experience. Point your browser to the service sign up page, or download the app to your smart device, register for an account and you are done. No purchase of hardware or software, no installation or configuration, no updates or other maintenance. The best part of it all, it seems completely free of charge.
Most of us are aware that the sole reason the service is for free is that even though we don’t pay for the service in the normal sense, as in picking up our credit card and transfer a sum of money to the company providing the service, we surely still pay for it. I actually have had this conversation with some of my friends, why on earth Facebook and even more so Google can provide all these services without them having to shell up money to use it.
Despite what some might think these companies are not in the Social network business or in the business of providing cloud services, such as email, calendar or storage. They are in the business of advertising. All of them make their earnings by doing advertising and what they sell is you. They sell your attention by serving you targeted ads or simply by providing knowledge about you, or more specifically your profile, to interested parties.
The more these companies can learn about you, the more money you are worth for them. What is your gender, age, location, civil state. How do you make your living? What is your occupation, your salary. What are your hobbies and to what associations you belong?
This is Facebook’s golden treasure chest. It seems people can’t put enough information about themselves onto these social networks. Gladly entering all information about themselves, who they are, what they like, who they interact with and what they do together. It is no wonder that Facebook do whatever they can to tap in to this information well and in the same time trying to block businesses getting a free ride utilizing the viral effects by cheap likes and shares.
The other, perhaps biggest, behemoth on this stage, Google, have a bit different approach to its data collection methods. (Even though they have done there best trying to also enter the social network business) Google provides you with “free” services for your communication and information needs. While doing this they track your every move on the net and in real life. Looking over your shoulder to record what you search for, which sites you visit, who you communicate with (Be it by email, chat or voice) With whom you make plans with and where you are going.
Another aspect of Google that one should be very aware of is their presence in niches not directly apparently connected with the data collection business is their hardware and infrastructure offerings. Google fiber, Android smartphones, Chromecast media players and Chromebook computers, all scoping up information usage then collected by Google.
To limit the scope of this blog post, lets leave out all IOT gadgets tracking your physical existence and all other gadgets in your home. This is material for one of the later posts.
Let us return to why all this information is collected and what makes it so valuable. Currently the main source of revenue, is and have been for quite a while, for these companies are by the means of selling advertisements.
If you want to reach out to people on the Internet today you have a few options. One “easy” ways is to pay someone to get your information through to the intended audience, I.e. advertising. When doing this you of course want to target the right people. People that might actually be interested in what you have to say or sell.
In the infancy of the commercial Internet you would locate possible web sites that might have the audience you wanted to target. You then coughed up a large sum of money to put a banner on the site for a limited time and then hoped for the best. This was a bit like hunting blind folded with a shotgun, a rough aim and then fire.
What Google and Facebook offers today is more like a laser guided missile. You want to target single Latin American males aged 26 to 35 with an interest in Norwegian forest cats, enjoying tacos, expensive red wine and working as a car mechanic? No problem, what would you be willing to pay for such a user clicking on your link?
The more these companies know about you the better they can sell your attention to prospective ad buyers. Thus they will go out of their way to gather as much information possible on what kind of person you are. (Reading your email, connecting the dots between you and your high school sweetheart, map your check in habits on the local diner)
One could argue that this is completely okay, these companies are not breaking any laws. They only play by the book and do their best utilizing the opportunity they have. Doing a good job at it as well. Another common comment is that collecting information is okay when using the service, the user simply does not care and in most cases are not even aware of how the collected information is used. The information provided is just the price you pay for the service. I would however argue that the end user have little to gain in the longer term by using these services.
First off, providing this amount of information on one self to a single service provider simply give these players too much power. What conclusions could be derived from the collected information in the future we still have no knowledge of. Today the main usage of the information is to target ads but there is already a lot of possible uses. A popular reference here is the facebook relationship status predictor which says that Facebook can predict if your relationship is likely to end in the coming 60 days or not. How this information will be used in the coming years is hard to tell. I say that you should not trust any company with too much information about yourself. If you think these companies have your interest at any priority you should think again. They answer solely to their shareholders and ultimately to the laws of the country in which they operate.
Next up. Many of these companies share information with third parties, used internally for other business areas, and of course governments, anonymized or not, that all depends on the EULA you accepted but never read. Information you never intended to disclose is now used for filtering you out for means you never even knew or thought about.
Even if they don’t share this information with third parties you sometimes still are forced to give your profile information up. Say to a presumptive employer, an insurance company, or maybe even a school you would like to attend. Not sharing this information will obviously put you in doubt on what you could possibly want to hide. It should of course be noted that this demand is illegal in some countries.
Not being in control over the service used also means that you don’t have anything to say, or at least it will require a lot of effort, if anyone decides that you no longer are eligible to use the service. It might be the service provider them selves or a third party, i.e. a hacker, locking you out of the service. What do you do while this is being resolved? How do you mitigate any damage induced by malicious use of your account?
A further consequence of the enormous centralization of these Internet services, or more correctly silos, that we have today is that they more or less have an oligopoly on the market. Both in the sense that they hinder other possible actors and more so with regards for end user choice.
It is simply more or less not doable for new actors to compete commercially with these juggernauts. Establishing a competing service is more or less impossible. Just look at Google’s attempts to get a foothold in the social network business with Orkut and now Google+.
The other, possibly worse, consequence of the mass concentration of users of these services is that you most often are required to participate. “We use Google calendar in this association to plan gatherings”or “Let’s discuss this in the private Facebook group ‘John’s Stag party’ I created”. When all your friends are Facebook members but you are not, you sure will miss a lot of planning and informal information exchanges. Simply not participating is a hard choice for which individual users are penalized.
Finally even if you decide not to participate on any of these networks you will still be subjected to the collateral damage done by people using these services, dragging you into them as well while they use them. A mention on a social network, a tag of a photo with your information. An email sent from a GMail address or even worse, you send an email to a person on a custom address that turns out to be hosted on Google. You simply have no way to tell in advance that this email with all its content and addresses will end up indexed and tagged by Google. You simply have no way to opt out.
To sum this up. Even if this was acceptable, I would say users are not compensated enough by a long stretch for the information they disclose to these networks. Sure they get a free service, some free storage and hey, all their friends are there as well. But in the same time they give up control over their information and have no insight in how its used. They are not even guaranteed access to the service to which they supply the information. It is all at the mercy of the service providers latest whim, change of policy or just a new direction of the company.
The solution to these problems is to make absolutely sure that the end user is in possession of their own private information. It should be the end user that have control and decides on how their information should be used not Facebook, not Google, and no other big corporation nor the local government.
If information is for some reason not stored under physical control of the end user it should always be locked down by encryption or other means that hinders unintentional access of the data. Further more the owner of the information should be the one in control of the locking device. Be it encryption keys or physical locks. Information should of course be safeguarded at all time by secure communications channels while in transit making sure that only the sender and the recipient can access the data.
The one solution I advocate is that users should be able to run their own devices and services under their own control. This would mean that we should fight to bring back the structure of the Internet as it was originally designed. Not the crippled distorted version we live with and use today.
This is an Internet where all peers were equal and information flowed effortless between users of the net. An Internet not hampered by filters inspecting traffic, an Internet free of ISP firewalls blocking all or part of the communication, an Internet without asymmetric broadband connections cementing a producer consumer structure leaving end users only consuming data centrally broadcast or requiring them to upload their data to central storage points with better bandwidth.
With such an environment the end user would be free to use the solution they saw fit. Be it running their own services at home, using a service provided by a friend, a relative, or paying a service provider to handle it for them in a way not leaking data.
This would be an environment onto which we could build a fair Internet and users would be able to reclaim their digital lives.
Disclaimer: I am the co-founder of OpenProducts a company which makes products which aims to let end users take back control over their private personal information. We however founded OpenProducts as a consequence of our personal belief that you should be in control over your digital life, and have no interest or intent to gather any personal information from our products.