I was watching Citizenfour the other day so you may understand my confusion.
I can say that I am privacy aware. On a high level, I understand how things work. I use a different strong password for everything, I have a GPG key and I opt for using open source services that make security a priority.
However I still use services that are not so privacy centric. I use Facebook and nearly all Google Services (Search, Gmail, Drive, Photos, etc.). These two alone can show you everything about me.
According to Edward Snowden's revelations everything is busted. Dropbox, Google, Apple.. You are not safe.
On the bright side, Snowden notes that the big software companies are doing steps in the right direction.
But let's say I stop using services from these companies and find alternatives. Am I really doing anything except dealing with bad UX experiences and beta software?
Any time I email somebody who uses Gmail — and anytime they email me — Google has that email.That was what Benjamin Mako Hill who maintains his own mail server realised and tried to estimate how much of his emails Google has. Here are his findings.
TL;DR; 51% of his email at the year of measurement had passed through Google's servers. Just wow! This guy works so hard and spends so much money every year to avoid this and there he goes.
The only way i can think of to email other people and keep it private without blowing my head up, is if I use Protonmail which I think is awesome. But even then, starting a casual conversation demands that you have to teach the other person how to use the service. Also mobile is a pain and the web interface is not packing the 11 years of experience that Google has with Gmail (yes, proper shortcuts).
Email is one and probably the easiest thing of all to keep private. There are many other ways your privacy can be invaded.
Most chat services are not encrypted by default (however this is changing), there has been massive security breaches and big data dumps in the last years. Your phone tracks your position constantly for years and records your habits. Your browser sees what websites you visit and where you click, what you search, what you need and when. Wearables will track your biometrics and exercise habits. There has been proof of manufacturers putting malware on their laptops or phones. One can go insane in minutes thinking about it.
Many of the above can be turned off but for most people the default remains current. I suppose there are very few people who have turned their Android's location history off and I am not one of them.
Why? The thing is that all these things make us more productive and they are very convenient. They provide the things we are most pumped about. Automation, collaboration and convenience. I can work on documents collaboratively with Google Docs and as I travel a lot I can easily work remotely with Dropbox and Drive. Using my location to tell me when I should leave accounting, transit time and traffic data to be on time for my next calendar event is awesome. Spotify analysing my music preferences and giving me something new to enjoy once a week is not that bad. There are many benefits in using these technologies to ignore them.
For regular folks, like me that want to make stuff and get work done, it is not an easy feat to do so with 100% privacy. To keep private you should spend a lot of time and work on it to setup and maintain the complicated systems. You have to change burner phones all the time and live like Harold from Person of Interest.
So we give up?
Absolutely not. But instead of getting down to build you own password manager because no one can be trusted and change online services every six months pursuing your tail, you can start by not doing EVERYTHING online.
Ironically most of my friends will argue that DOINGEVERYTHINGONLINE should be my nickname. They don't see the need to keep stuff accessible from anywhere and that's fine. For me having all the stuff I need accessible from any device and suffer minimum to zero dataloss in case of failure of my main machine is crucial. But it is not EVERYTHING. I do the following.
I evaluate privacy importance on my stuff. Long story short, if something must be seen by you and you only for whatever reason, don't put it online (without encrypting it for good at least).
Realistically this is what you can do to use the internet today without becoming paranoid.
On the grand scale the only solution is for the law to be enforced appropriately. If we don't have that the only thing we are doing is avoiding the unavoidable.
Liked it? Every week I send an email. It involves:
- Interesting things from the internet world.
- Discussions on pressing matters.
- Some personal additions.
- Many surprises!