The Secret War For Your Data
Digital Citizens Unite
In the organism that is our small household, which consists of two human digital citizens and two non-digital dogs, I am the gizmologist. There are many reasons for this. For one, my wife gets frustrated by too many steps, while I get off on tinkering. I like figuring out how things are built by taking them apart and well, breaking them, so I can fix them. It’s probably pretty annoying.
But just as much as my inherent love of breaking things I care about being a responsible digital citizen. As a wannabe nerd who tends to make a living in tech, I am very aware that there’s a war going on in the internet. That the friendly devices that connect us to the world and deliver pretty much anything we want at the click of a button, are battlegrounds for phishers, hackers, identity frauders, malware installers, and every other kind of evil shit you can imagine. And because the best defense is typically offense, I believe in being armed — well, digitally. Ads are just the start of what I try to avoid. Every single online transaction exposes us all kinds of shenanigans, starting with the DNS queries that go out to an assortment of unknown destinations.
So at the house I deployed something called Pi-hole — which is a DNS server originally designed to run on a Raspberry Pi (thus the name); a tiny, highly customizable computer that tinkerers love to mess with. Today you can run Pi-hole on all kinds of things: including the two Ubuntu VMs I have it loaded on.
What is neat about Pi-hole is that it nullifies all the local DNS queries to servers that are known for being involved in uncool activity. By stopping our browsers from accessing any one of a number of sites stored on blacklists, we’re protected a little more than if we weren’t using Pi-hole. And this is great. Except when it’s not.
Let me set the scene: It’s Saturday morning, and the homelab is all dialed in. ISP hasn’t had any issues in a while. All our cameras are working well, wireless signals are strong throughout the grounds. Unifi (go, Ubiquiti!) is giving a sweet “96% great” rating! Keeping this entire monstrosity takes up a ridiculous amount of time, by the way. Tony Stark would be proud. Today, at least, the smart home is, well, smart. Fortified.
Except my wife is talking to herself, which means something has gone wrong. Three green teas in, I get to work. It turns out Pi-hole has blocked her from placing an order on Instacart, which is a delivery service we’ve both come to rely on.
But why is Pi-hole, the program I’ve spent hours customizing to ensure convenience and smooth ease of use, all of a sudden be stopping us from something so basic as ordering groceries?
I’m pretty sure I know why.
Trying to impress her with my pretend hacker skills, I start by opening developer tools in Chrome, and immediately the problem becomes clear: While shopping on Instacart, her browser hits all kinds of other sites. Sites that are stopped by PiHole for being known data collectors. “Man, you’re cool for knowing this stuff,” says no one.
“Wait, rewind,” she says. “Are you saying that we can’t shop on Instacart because Instacart is shopping our data out?”
“Exactly. Instacart is not just the friendly and convenient delivery service we’ve come to count on. It’s a spy, offering free delivery in exchange for the trafficking of our data.”
“What a bunch of dicks,” she humors me.
I proudly go on, “think about it. The actual cost of delivery doesn’t even cover the delivery person who shopped and brought the groceries to our house. What’s the saying — if the product is free, you’re the product? Well in this case, our data is.”
And by being a responsible digital citizen and installing Pi-hole servers to protect us, I have inadvertently prevented Instacart from doing their business, which makes us ineligible for the service they claim to provide, because it’s actually NOT THE SERVICE THEY PROVIDE! In its purest form, Instacart is a data collection business.
And they’re not the only ones. Amazon, Uber, AirBnB, Fandango, Ticketmaster, Netflix, and most other “trusted” digital companies are also primarily in the business of collecting data. And then there’s the motherships of data collection: Facebook and Google.
“So why don’t they tell us this? Why all the small print?”
Well apparently, in 2019, data collection is not considered a noble endeavor. Ad-tech, once scalding hot VC-bait, has become an unspoken yet necessary evil. Ad-tech so sophisticated, in fact, that we sit around together over dinner theorizing how all the microphones in all our devices are listening in on our private conversations to serve us more ads. And while I’m sure that some immoral employees at a variety of tech companies dabble in spying, for the most part, the ad-tech is just so slick that we don’t know we’re being tracked from site to site. Algorithms spit out products we actually want, tempting us into providing the information they need to stay in business. It’s everywhere. Including that new TV you installed — ignoring the Terms Of Service when you set it up — that happened to upload a list of your home machines, which is then sold to ad companies, allowing ads to follow you from machine to machine, location to location.
It may not be noble, but it is effective. And by hiding key information in “terms of service”, these companies don’t just expect their consumers to be irresponsible digital citizens, they encourage it.
At this point, my exasperated and hungry wife (because there’s still no food in the house) asks a very valid question: “So what? Who cares if these companies are tracking our transactions, choices, devices and locations? What value does my data have to me? Why is data collection such a bad thing?”
Here’s my slightly edited answer: Our personal shopping data, anonymized and sent to half a dozen data collectors, is fairly harmless to our well being. And by itself, it is not worth much of anything to anyone. But add our anonymized personal shopping data to hundreds of thousands of other digital citizen’s anonymized personal shopping data and that creates some serious potential value. Value that is being harvested from individuals who are neither compensated for, nor even conscious of, their involvement. This data has enough potential value to warrant building a company to collect it — maybe hundreds of companies! Including a little company called “Instacart” that profits on the data it collects by providing customers with “free delivery”.
“So…why doesn’t Instacart just call itself a grocery data collection company?”
The short answer is nobility. Like I said, “data collection” is a kind of dirty word, conjuring images of pop-ups, Nigerian scammers, spying NSA employees and other digital badness that companies rightly don’t want to be associated with. So instead of calling itself what it may actually be, Instacart hides behind the nobler mechanism that enables its collection: Super helpful grocery shopping and delivery services. Good clean fun.
But let’s say it didn’t hide it. Let’s say that Instacart (who I am sorry we’re picking on at this point, because we’re fans) was upfront about their offering, going so far as to say this to consumers:
“Instacart: We offer free home delivery in exchange for your wonderful shopping data!”
Well, yeah it needs wordsmithing, but maybe you’re okay with the concept. If they were transparent in their offerings, we would have a choice about how we use the service. We would be complicit, because we would have agency. In this scenario, our data wouldn’t be stolen from us, it would become a commodity that we possess, like money, that we can voluntarily exchange for goods and services.
Maybe Instacart could even provide some sort of dashboard where we could control what types of shopping data we are comfortable sharing. Maybe we’re okay with most major food groups, but prefer to leave our over-the-counter meds, secret binging favorites, and alcohol off the list.
Now, let me add that I don’t think data or data collection is a dirty word. To be perfectly transparent, I work in data. I believe in the power of data, and it’s potential to change the nature of human interactions. And this isn’t some sci-future bullshit, it’s happening today; data has become everything. The question is, how can we apply a tangible value that profits all of us, not just corporations?
Well, that depends. It could be the delivery of my groceries, maybe it’s travel points, a cup of coffee, who knows. Point is, as data becomes currency, it’s easy to imagine a shifting of the world power dynamic; Where digital citizens are no longer limited by the value of their local analog currency, but have limitless potential because of the value of their own personal data.
And as a responsible digital citizen, we should be in control of that data. If it’s profiting companies, which we understand it is, we should be in charge of where it goes and how it is spread around. I, for one, am not afraid of this future, where the collection of data is transparent and valued, I am just asking for honesty. For tools. A clear declaration of value. And these things are coming. I know. I’m one of the many people actively building them.
Data Economies, when built on systems of trust, will enable these sorts of exchanges. They will ensure that we have control over not only our personal shopping data, but all of our data.
Will we still need Pi-hole at home? Absolutely. The war on the internet isn’t going to end anytime soon, but maybe this small battle will shift. This battle over data collection being a bad thing, and the masquerade that in turn we pretend to buy into.
Because this secret war isn’t so secret anymore, is it?
Rob is part of the team at Lydion Research, who are focused on building tools that activate the true power of data.
Be sure to check out Lydion’s latest podcast, Brave New Data. You can listen below, and subscribe here or wherever you listen to your favorite podcasts.
