Most people who use web services have no idea how privacy works in the digital realm. This is primarily due to the fact that the services and software they use do not support their privacy. This article provides an introduction to some of the basic concepts of privacy and guides you in ways to bring some privacy to your life online.
What does it mean to have privacy?
In the physical realm we have an intuitive notion of what privacy means. Admittedly, this notion derives from our antiquated, comfortable view of the world that does not reflect the reality of the increasing prevalence of surveillance technologies like ubiquitous city cameras, license plate readers, wifi and bluetooth sensors, cell phone triangulation, high-resolution satellite optics, facial recognition systems, and so on. But setting those serious issues aside, we know when conversations are private because we know who could be listening or watching, and this obviously depends on the physical situation.
“In the physical realm we have an intuitive notion of what privacy means.”
If a group of friends enjoys afternoon coffee together at their house and have a discussion, they speak normally and assume no one outside that house can know what they are talking about. If two of them walk to the kitchen together and gossip unkindly about one of their friends in the other room, they whisper quietly and stand close together. And if their group discussion emboldens them to share their ideas with their community, they might share the cost of a full-page advertisement in the local newspaper for their whole town to read. The host for this hypothetical kaffeeklatsch would probably have photos of friends and family hanging on the walls of the room, and they would clearly intend for their guests to see the photos, but of course people not invited into the home would not be able to view them. It is easy for everyone to know who can see and hear what.
“It is easy for everyone to know who can see and hear what.”
All of these examples are boringly obvious until you juxtapose them with the absurdity that is modern electronic communication. When people use machines to communicate online, they typically have no idea how it works. They don’t understand how the electronic device they interact with works, and they don’t have the foggiest idea how their text or photos or videos gets from their device to the recipient’s device. This isn’t a problem per se; I certainly don’t know all the details of how my television screen works but I still enjoy watching shows on it. What is a problem is that this rampant ignorance provides no indication to people about how private things are. When you receive an email from your lover, it certainly feels like only you can see the message because the phone is in your hand and no one else can see the screen. No one ever walks up to you later and says, “Hey I overheard that racy email of yours earlier,” while they obnoxiously grin and bounce their eyebrows up and down.
“What is a problem is that this rampant ignorance provides no indication to people about how private things are.”
The truth is, unfortunately, that none of the common ways people communicate electronically are private. Not even close. Here are some examples of ways people communicate online that are not private:
- Text messaging (SMS)
- Any Facebook service
- Any Google service
You might stop me here and say, “Now wait a minute! I know that my connection to Gmail is encrypted with SSL, so I know it is private. My browser shows a green lock icon and everything!” It is true that this helps protect your messages from being seen by random strangers on the network between you and Google servers; however, it does not protect the email messages from (1) random strangers on the internet who can in general intercept messages en route to other email servers or (2) Google itself (and the unknown and myriad entities with whom it shares your data).
“By passing your messages through an unscrupulous middle-man, you lose your privacy.”
The second point is the most important one here. It applies equally, if not more so, to text messaging. Regardless of the encryption used, by passing your messages through an unscrupulous middle-man, you lose your privacy.
So what can you do?
An important thing to recognize is that privacy is not an all-or-nothing proposition. This is true in the physical realm and it is true online. You can take one step at a time toward establishing some semblance of sanity to your online life without changing everything all at once. The good news is that there are already plenty of options available today to help you reclaim your privacy. The “bad” news is that most of these options are not supported by a profit-driven enterprise, so your experiences may sometimes be a bit bumpier than you might expect compared to the services provided by billion-dollar companies.
“Privacy is not an all-or-nothing proposition.”
Changing some web services are easier to change than others. The easier services to change are the ones you use personally, such as cloud file storage and backup, or synchronizing your contacts and calendars. The more difficult ones to change are the ones that are driven by the network effect. The network effect exists when the utility of a platform increases as more people use it. Once the network effect has taken hold, it is extremely difficult to escape, especially when the platform is closed and proprietary. Facebook is a notorious example. Since virtually everyone has a Facebook account now, people often communicate only on that platform. But since Facebook is a closed platform, if you do not have an account, you may find yourself losing touch with those you care about. This becomes a powerful motivation to join Facebook; but when you do, you only increase its power. Sometimes the network effect can be more analogous to a black hole.
The software and services that support your privacy should have some or all of these characteristics:
- Your data itself should not be used in any way as a means of revenue generation or for analysis of any kind. Your data should be as opaque as technically possible to the service.
- Ideally, the client and server apps should be free and open source software. If they are not, you must place significantly more trust in the company that provides the software or runs the service.
- You should have the ability to host a web service or run an app independently without relying on a centralized service.
Signal and Nextcloud are good examples to illustrate some of the pros and cons to consider. Signal is a messaging service that currently operates on a proprietary, centralized infrastructure similar to the commercial platforms like Whatsapp. The critical difference is that all of the client apps are open source with verifiable end-to-end encryption, so from a privacy perspective, Signal is solid. Nextcloud goes all the way by making the server and the client software completely free and open source, but if you want complete privacy, you must have the resources and capability to run your own server or pay a hosting service you trust to run one for you.
This article cannot describe in detail every possibility without growing far too long. Instead, I present some personally recommended options you might wish to explore:
Text messaging (SMS), Chat, Email
Signal allows you to text, send photos and videos, make audio and video calls, all using verifiable end-to-end encryption. It integrates with your text messaging so that you can send traditional SMS messages with your contacts that do not have it installed, but automatically send encrypted messages to those that do. It is dead simple to install and use, and the service is provided for free by the Signal Foundation. Riot is an exciting new decentralized communication platform based on the Matrix protocol. You can run your own server and seamlessly chat and share files with anyone on the federated network.
Cloud file storage and sharing
Nextcloud is a superb alternative to cloud storage services like Google Drive or Dropbox. Anyone can run their own Nextcloud server, allowing you to access your files through a web browser, sync your files across all your devices using native apps, and share files with others by secret link. Hubzilla provides most of the same functionality except for native sync apps, instead relying on generic WebDAV-compatible clients. The primary advantage of Hubzilla for cloud storage is the integration with Hubzilla’s decentralized access control system for federated sharing across independent servers.
While Hubzilla is much more than a social networking platform, it has all the features you want in a social network.
Data Backup and Sync
SpiderOak is a commercial backup solution that claims “No Knowledge” of data stored on the service. Some, but not all, of its client apps are open source, so you will need to trust that their entire business model is not an elaborate hoax. Syncthing is an amazing free and open source, decentralized, and server-less solution to automatic file synchronization across an arbitrary number of devices. Highly recommended.