Can we stay in full control of our personal computers and privacy?

In a world in which computing is increasingly omnipresent, we are running the risk of losing control and privacy. If we like to stay in control, we should resist using App Stores, always-on computers, Apple/Microsoft/Google/Facebook/whatever IDs, two-way authentication using phone numbers, digital signatures, entitlements, notarizations and all the other crap coming under the disguise of “security” today.

Big Brother from 1984 Apple Macintosh Commercial. Ironically Apple is becoming Big Brother today

Looking back at the state of computing 25 years ago and comparing it to today, it is easy to see that not everything has improved.

Extrapolating from the past into the future it is not all that hard to see that things have the potential to go downhill rapidly, and that we have to do something against it.

25 years ago

You installed a piece of software like this:

• Turn on the computer
• The computer does not know who you are. There are no usernames nor accounts
• Insert floppy disk containing the application
• Copy from floppy to hard disk with drag-and-drop — easy! No personal data, no sign-ups, no cookies, no phone home, no spying
• What happens on your computer, stays on your computer
• Switch off at any time
• Secure by default (by not being connected to anything other than power)

You were in full control. Could install older versions of anything at your discretion.

Today

It looks more like this:

• Wake the computer from sleep
• It connects to the Internet before you are even seeing anything
• You give it your fingerprint to unlock
• It phones home to the operating system vendor
• Enter your Apple ID to access the App Store — or else you can’t even download iMovie (which came with every Mac)
• Purchase the application. It is automatically downloaded and installed, making sure the operating system vendor (and who knows who else) exactly knows who downloaded what to which machine
• The computer checks signatures, entitlements, notarizations, and other stuff you don’t understand to make sure that someone (not you) controls what does and doesn’t run on your machine
• Put the computer to sleep

You are no longer in full control. Operating systems and applications are digitally signed, and the signatures have expiry dates. You cannot downgrade at your discretion. Vendors force you on a never-ending upgrade rat race. Who guarantees that you will be able to install today’s software 10 years from now?

In 25 years?

Maybe it will look like this much more quickly, actually:

• The computer is always spying on everything you do
• You allowed the computer to spy on you 24/7 a long time ago, and to use everything collected against you
• You do not get to install an application, nor to decide which version to use
• You just do stuff, and the computer is watching you do it
• You will be billed for the usage the computer has seen
• You own nothing
• Everything can be taken away from you at someone else’s discretion at any time for whatever reason
• The computer knows everything about you because it watches you 24/7
• And shares information about you with whatever entities it deems appropriate
• Everything you do is biometrically tied to you and saved redundantly on the Blockchain so that you cannot delete your traces or rewrite history, which are all more or less public (at least to tech companies, the NSA, and other advanced persistent threats and adversaries)
• Everything is encrypted and pseudo-“secured” by “Trusted Hardware” that you totally can’t understand because it is entirely proprietary and undocumented

You will not even remember how it felt to be in full control. You are at the mercy of “service providers” billing you for every move you do, and spying on every step you do.

Do we want such a future? No!

So resist using App Stores, always-on computers, Apple/Microsoft/Google/Facebook/whatever IDs, two-way authentication using phone numbers, digital signatures, entitlements, notarizations and all the other crap coming under the disguise of “security” today! These things can work against you. They can take away your freedoms and can make you the subject of surveillance.

What can we do?

• Use Open Source
• Build systems that do not require logins nor IDs
• Build systems that let you use a multitude of different, partly temporary pseudonyms
• Never use “supercookies” (such as mobile phone numbers — most people only have very few and don’t change them all too often)
• Do not restrict software by enforcing the use of digital signatures with built-in “time bombs” (=expiry dates)

More ideas?