On the Nature of Privacy1st February 2019
(De rerum secretum)
A song to read to.
January 28th is Data Privacy Day
Exponential trends are incredibly difficult for human beings to rationalise. By now, most people are more or less aware that we are fast approaching a critical threshold of increasing complexity from which we are unlikely to return. But what does that mean?
Mankind’s ability to manipulate his environment with increasing proficiency has accelerated us through major evolutionary checkpoints with terrifying speed. Our ability to store, specialise in, and exchange knowledge is the Gutenbergian cheat code behind this. The fact that we must map these rates of change logarithmically is mind-blowing. The Hunter Gatherer Age lasted several million years; The Agricultural Age, several thousand years; The Industrial Age, several hundred years; and The Information Age several decades. We do not know what tomorrow brings, but it is clear that data is the primary ingredient.
In 2010 the world reached, for the first time, an astonishing zettabyte of data.
1 ZB = 10^21 bytes = 1 000 000 000 000 000 000 000 bytes = 1000 exabytes = 1 million petabytes = 1 billion terabytes = 1 trillion gigabytes.
In 2018 we hit the 33 ZB milestone. In just eight years, we managed to produce 32x more data than all of recorded human history. Even more alarmingly, by 2020 we will produce 1.7 megabytes of data per person per second. The total datasphere on Planet Earth is expected to reach 175 zettabytes of data by 2025.
In a world of exponential data production, Memetic warfare, government surveillance, and the gross mishandling of data by those we have entrusted it to, it is deeply concerning how few of us actually engage with sensible data practices. Why do we not care enough to alter our behaviour? How many more warning signs do we need before recognising the Orwellian exhortations as more than mere fiction?
I recently decided to investigate just how thorough Google’s data collection and storage services are. It turns out, that from just one Google account they had more than 100 gigabytes of personal data. 345,081,600 seconds, click by click, they had a digital trail of my every action across the 3994 days that have elapsed since 10th February 2008. I was nine years old! Some of them were relatively amusing:
Others are not as humorous… such as recognising that practically every page I have ever visited contained either Google or Facebook Ad Trackers.
Or that every single time you open or close an application on your phone it is also recorded.
Or that my entire GPS location history for nearly 6 years (until I started to pay attention to such things) had been recorded, as well as coordinates that were frequently visited e.g. “Home”.
Roughly three years ago I began to seriously consider the data I make available online, and reviewed all settings across all accounts in order to ensure that I am better in control of my digital trail. That being said, after the above findings I was a little concerned. How should I have known about such things back then? Should Google have made it easier to be aware of their opt-out tracking services? Where does the responsibility lie?
Personally, I think the ultimate responsibility should lie on the individual’s end. We live in a weird time where victimhood is seemingly actively encouraged, and accountability is obfuscated. Instead of wasting time on both whinging and the pursuit of those that may have wronged you, why not look forward and focus on preventative measures? We cannot expect the exceptionally bright young technologists who built the services we use today to have anticipated things playing out the way they have. The Internet is still very young, and it is the responsibility of everyone who is a part of it to help shape what we want it to look like. Sir Tim Berners-Lee wrote a brilliant open letter to the web at the start of 2017 outlining some of the biggest challenges we face. I would like to politely remind others that most tracking services tend to be very easy to opt out from.
“We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information. Information does not just want to be free, it longs to be free. Information expands to fill the available storage space. Information is Rumor’s younger, stronger cousin; Information is fleeter of foot, has more eyes, knows more, and understands less than Rumor.” — Eric Hughes
We need to encourage frank discussion about how data should be collected, stored, and used. Whilst they are often intertwined, we must make a crucial distinction between Security and Privacy, let’s define them as follows:
Security — the protection of data from unauthorised access.
Privacy — the limitation of derivable information from data if accessed.
We can also define privacy more broadly as: the power to selectively reveal oneself to the world.
Whilst computer security is generally a highly mature field with a variety of exceptionally well designed and tested practices, protocols, and standards in place — the privacy space leaves a lot to be desired. We can separate privacy into two conceptual camps of identity dependency and independency. I feel that this framework can be very useful when making decisions about one’s personal privacy.
During the Age of Enlightenment, Social Contract theorists explored ideas concerning the relationship between the individual and the state/political order. It is generally assumed that the latter exists in order to protect the liberties of the former. One might suggest that, on the whole, this objective has been fulfilled more often than not over the last several hundred years. Unfortunately a new contender has entered the ring. Historically, there would be few enemies of inidivdual freedoms that the relevant state would have been unable to easily protect from. Now however, the technological gulf that separates those that threaten and those that seek to regulate is not insignificant. It seems, so far, that the relevant incumbents intend to cooperate. But as Congress and Parliament begin to ask the right questions, we must be mindful that they don’t get too many ideas themselves.
Of course, there are some identity-dependent digital services that governments provide for their citizens, and this is unlikely to change. The manner in which we exchange this information on the other hand, can. The magic of modern cryptography is rarely appreciated by most. We have come a long way from the Caesar cipher of Ancient Rome, so far in fact, that we can now validate information without revealing what it is. Zero-knowledge proofs are the types of technology that we should begin to consider when asking questions about what we want privacy to look like in a world of yottabytes.
Outside of governmental identity-dependent digital services, it is impossible, under any circumstance, to justify the level of snooping that most online services require. It is no secret anymore that large data sets are a gold mine. We must minimise our footprint everywhere possible. Geolocation 24/7/365, social media that maps cognitive structures for homogenous character profiling, ad trackers embedded across the entire web, pixel trackers hidden in emails — these should not be part of our experience of the web. Where possible, we should use pseudonymous data so that the trails do not lead directly to us. Our objective should be to reveal the least amount of real data possible without destroying the browsing experience. The reality is that none of our data footprints are the ephemeral, immaterial things we understand them to be. They are enduring fixtures in the modern world. The future is uncertain, but data permanence is not.
What can be done without going overkill?
- Use a VPN that doesn’t store logs
- Use DuckDuckGo as your default search engine
- Use uBlock Origin on your browser
- Use Firefox Quantum with DNT enabled and 3rd-party cookies disabled
- Disable GPS functionality when not in use on mobile
- Block pixel tracking in emails
- Disable all Google Tracking Services
- Disable Google Ads
- Disable Facebook location services on mobile
- Disable Facebook Ads
- Disable access from non-critical apps
- Download a data dump and ask for deletion
- Set up a pseudonymous email with fake information for everything that does not require ID verification on the web
- Use throw away emails as much as possible
Where is the Life we have lost in living?
Where is the wisdom we have lost in knowledge?
Where is the knowledge we have lost in information?
— T.S. Elliot
On the Nature of Privacy was originally published in Hacker Noon on Medium, where people are continuing the conversation by highlighting and responding to this story.