This post should come with a big red disclaimer that says I’m not an expert, but since my screen is redshifted to hell, plain black will have to do. I’m just a Java programmer with a blog.
With that out of the way, I am subscribed to Hacker News Live channel, which posts updates regarding Google Chrome a few times, every time with dozens of thumbs-ups and only a few thumbs-down votes. A few weeks ago, I decided to just check the link, which I found to be an interesting read indeed. It’s not everyday you see almost 20 thumbs-ups on a single article on the Hacker News Live channel, so there must either be a really compelling point made or there are anti-Google bots on the channel.
That was the beginning of a pretty long journey.
Why Privacy is Important
If you don’t think privacy is important, then I doubt anything I say will change your mind. That being said, I think that it is a topic worth being informed on. I’m not an expert on this subject, but there are plenty of people who are and can convince you of the importance of privacy if I fail to do so. I’ll be sure to give links.
I wrote this tweet a few days ago. The first link of course, is to the “Nothing to hide” argument. The reasoning goes that if you have nothing to hide, then you have nothing to fear. You can allow for your privacy to be violated because you don’t care about what people are going to find. This is far and away the most common counterpoint I tend to hear about why people shouldn’t care about privacy. This is a vastly flawed argument in a number of ways. There are a lot of details on the Wikipedia page I linked, but you can find further information here:
The links above are a fantastic starting place to learn more about privacy and why you should care. I’ll even talk about why I care about privacy myself later on. But first, I’ll get back to why “having nothing to hide” is a terrible argument. First of all, it is overly presumptuous and implies that only criminals should expect privacy. It implies that law-abiding citizens should not be afraid of having their personal information exposed, because no harm can come to them if they can prove that they are completely innocent. However, even if you don’t have anything to hide, “you still have something to fear.” If you did not care about your personal information, would you be comfortable with someone using your identity to commit a crime? Would you let someone in to your bathroom to watch you shower and use the toilet? Would you invite people passing by to watch you sleep? Having nothing to hide is a poor argument for not caring about privacy. The truth is, you probably do have something to hide. You are not infalliable. If you have nothing to hide, you probably need to look harder. And even then, you should not have something to hide in order to expect privacy. You expect privacy when you are using the bathroom or spending time with your family. It would be creepy to have someone staring through your window, watching your every move. But you don’t have to take my word for it, there are lots of arguments for and against having anything to hide and whether that entitles you to privacy. Let’s keep moving.
According to the linked r/privacy wiki:
there is an ever increasing portion of our lives which is being recorded by corporations and governments, and these records can be used to our disadvantage, at any time, now or any-time in the future
Corporations and governments have an immense amount of power armed with the data they have collected from users and citizens. If you do have something to hide (which you almost certainly do, otherwise, do not ever lock your doors again), the question now becomes can they be accountable for that data. I believe I read an article which I’m currently unable to find about how Google’s reCAPTCHA v3 technology could even be used to detect Parkinsons based on the movement of a user’s mouse. This is a fantastic way to inform people who may not have been diagnosed yet. But on the other hand, this information may also be inadvertently published, for example, to insurance companies who will raise your premiums. Even if Google never ends up doing this, deducing health conditions based simply on mouse movements is a testament to the data collection power of Internet corporations. Even if Google cannot collect this data, someone else may exploit this technology themselves. Even if you don’t care if your rates increase, even if you don’t care if everybody in the whole world knew you had Parkinsons, it isn’t like it would help you to be in that situation. Even if it did help, it might hurt others. Even if companies and governments are good stewards of your data, assuming that no nefarious employees access that data, assuming that no one is able to read your data when you are sending it, assuming that there is “no one out to get you,” and assuming a plethora of other unrealistic expectations about how your data is handled, privacy still matters to you. The mere fact that you do not care about your privacy is an exploitable data point, because you be expected to give up your data needlessly. And this is in the best possible scenario. In reality, companies profit off of collecting and selling data. Allowing yourself to be complacent is like putting your wallet with all of your cash on the ground. Some people will try to find to owner or report it to police, but others are going to make a profit. Even if you do not value your own personal information, someone else will. Your data cannot help you if the government has access to both exculpatory information and incriminating information if their sole goal is to arrest you. It doesn’t matter if you have not committed a crime and it doesn’t matter that you have nothing to hide.
All of this is not to say that your information has been or will be used against you. Only that it may be, and that it is a very real threat. You may not be impacted yourself, but others already have. Look no further than the totalitarian governments. If you think that you don’t have anything to hide, think again, because chances are, you probably do.
One article claims that services that collect data “provide […] some value.” Let’s say that you aren’t like me and you do care about ads. You think that being tracked, having your preferences recorded, and having a slower browser is a good thing because you benefit in the end. But the argument is severely flawed. The author subsequently points fingers at ISPs since they allegedly don’t provide you a better service, they give data to the cops, and they don’t tell you you are being tracked. These are all debunked by Facebook’s Data Policy, which states that they also comply with law enforcement, and by Comcast’s Customer Privacy Notice, which literally says that they collect traffic and use the data they collect to improve their services. I’m sure other ISPs will have similar policies. But never mind that fact, the whole point is that there still is value to be gained from expectation of privacy, even if you think you benefit from not having that expectation. Again, just because the data isn’t being abused right now doesn’t mean it won’t be in the future (on the other hand, as I keep saying, it doesn’t mean that it will either). The data and the conclusions that can be drawn from it are powerful bargaining tools if they reveal information that you don’t want people to know. But let’s say that you don’t care. That does not mean that you shouldn’t be entitled to be able to control the data advertising companies collect. Like I will describe in the reasons why I personally care about privacy, I state that it is about controlling my information. If you do not care about your information, you are implicitly allowing for that information to be released about yourself. So although you don’t care about the data being collected itself, you do care about controlling it. Even if you don’t do anything to hide that data in the first place, your lack of control is in of itself your decision. You should have the option halt the collection of data if that is your choice as well. Allowing your personal data to be collected is as much of a decision based on your privacy preference as is not allowing it to be.
There are so many more points and counterpoints that I can’t list them all here. Instead, I’ll leave more links so you can read them yourself.
- Arguments Against Privacy and What’s Wrong With Them
- The problem with the right to privacy
- Three Reasons Why the “Nothing to Hide” Argument is Flawed
- Why Does Privacy Matter? One Scholar’s Answer
EDIT 2019-20-11 21:01:25:
I found yet another gem a few days ago but I seem to be unable to figure out where it came from. Nevertheless, I feel that it is worth putting here: the “I have nothing to hide” argument is inherently flawed because your digital life and the profiles that Internet companies build on their users is so vast and complex that you might not even realize that you have something to hide in the first place.
Why I Care
I myself have my own personal reasons to care about privacy.
In no particular order, I care about my privacy because I think that it is important for me to control my personal information. For example, the front page of my GitHub profile has my name right on it, but it’s not like I go around on public forums announcing my name. This is a deliberate choice. While I’m not keeping my identity private, I think an important part of privacy is the element of control. I’m not preventing anyone from finding out who I am, because I post plenty of that information on the web. If people are curious, they can find out more about me. There are going to be creeps online of course, but from my own personal experience, I feel that having this information in public has benefitted me much more than it has been a detriment. It has helped me connect with people on more than one occaision. But you may be curious, how does controlling my data relate to privacy? Here is what the IAPP has to say on that matter:
Broadly speaking, privacy is the right to be let alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how your personal information is collected and used.
By making my information less visible in some contexts and more so in others, I am controlling my privacy. However, in other contexts, that could also mean hiding my information more or less completely. For example, I share my Discord information with very few people, same deal with my Steam account. I don’t share my passwords with anyone. Privacy doesn’t mean that you explicitly need to hide anything, only that you are in control of information.
Secondly, I care about my privacy because I think that some of my information shouldn’t fall into the hands of hackers. Online accounts often link information such as birthdate, phone number, friendships, etc. Many companies have privacy policies that say that your information is encrypted or stored safely and all of that. However, the IAPP states:
While security is necessary for protecting data, it’s not sufficient for addressing privacy.
And they’re right. There are many examples of this being exhibited in the real world, such as in the case of Facebook just last year. The truth is, once you give your data to a company, it is stored inside of a black box. I don’t want to sound like a consspiracy theorist or anything, but I don’t want my data to be in the hands of someone I don’t know, running software that might have vulnerabilities, or servers that are behind on security updates. I expect that companies I give my personal information to protect that information. Even companies proclaim themselves to protect your privacy make mistakes as well. (See the comments, the main post is entirely outrage bait and spreading FUD).
The simple fact is, I personally don’t see why companies should have access to data that they don’t need. I don’t care if they encrypt it, I don’t care if it is anonymized or if they never sell it, or if they don’t even have it stored in the first place. Why am I sending this data then? That would be analogous to going out to lunch and then suddenly informing everyone there of my personal health issues. Not only would this be completely inappropriate, but the information I’m announcing is completely unecessary because I’m going to eat, not going to the doctor. To apply this to a browser for example, why is Google Chrome sending information back to Google when my browser would work completely fine without that data sent anywhere? I don’t care what is being sent, why is it even sent in the first place?
Finally, I personally care about my privacy because tracking takes up my computer’s resources. Loading ads and spyware implanted on websites that are designed to track you takes up CPU, RAM, and battery power. If I’m on a slow WiFi connection, I want every little bit of bandwidth to load the fucking website, not a bunch of ads. I’d be happy to donate my money to subscription-based services such as reputable news sites and content creators if it means getting rid of ads and they get 100% of the revenue. Nevermind the fact that advertising companies want to collect every bit of data possible about me to “tailor” their ads, I literally just don’t want my battery to be drained any faster than it already is by being tracked.
What You Can Do
I will warn you before this that when regarding privacy, many of the sources that you’ll run into are not shy about coming off as tinfoil hatters. I’ve found sources that run articles about the fall of capitalism, the end of the world, etc., which can be expected of people who tend to be paranoid, if not overly so at times. However, privacy and security are real issues that governments are interested in as well, and I advise that you ignore the more extreme conspiracy theorizing and select the portions of the articles that are rational, or the ones that match your own threat profile.
Again, I will reference the r/privacy wiki that I linked early in this blog post. It has a lot of references to many different tools to minimize or take control of the data being collected on you. Another great resource is not only looking at other reputable sources of information on privacy-respecting software such as PRISM Break, but also looking at discussions about privacy and the strengths and weaknesses of different services on their GitLab issues page as well.
Another great resource is the Spyware Watchdog, with the linked page going to a comparison of different web browsers. I personally use Ungoogled Chromium because I prefer a Chromium based browser that had all of the spyware disabled right out of the box. I have the following extensions installed:
- Cookie AutoDelete
- HTTPS Everywhere
- Privacy Badger
- uBlock Origin
There are plethora of different extensions for Firefox as well, but since I’ve moved on from using Firefox, I won’t list them here. I personally prefer the UI on Chromium and I liked not having to configure anything.
As an extended note, be aware that Chromium is NOT the same as Ungoogled Chromium! Using the stock Chromium is just as risky for your privacy as using Google Chrome. You can find Ungoogled Chromium here.
If you are not using Linux, I highly recommend switching. Since I already use Debian by default, I have little to say on this matter. You should read up here.
I personally use StartPage. I’ve used DuckDuckGo in the
past but I’ve personally found StartPage to be a lot better
in terms of search results. Your milage may vary. Again,
for more alternatives.
EDIT 2019-20-11 21:01:25:
Before writing this article, I had hundreds of logins. I’ve sent dozens and dozens of emails to the different sites that I’ve had accounts on asking for them to delete accounts I no longer use. Before deleting your account, you should try to obfuscate some of your personal data if you see fit. You can read each website’s privacy policies if you don’t know who to contact to delete your account. Deleting your account means that the data is (hopefully) removed from the service provider’s servers, and you will (hopefully) reduce the size of your digital footprint. You can reduce the chance of having an account compromised if you don’t have as many accounts.
Spread the Word
If you’ve made it this far, you probably at least care about privacy enough to think that it is an issue worth promoting. Tell your friends, advise them to move away from using services that track users and services that do not respect their users’ privacy. Privacy is an issue of complacency. It is easy to have your rights taken away and your freedoms to be violated if you never knew you had them in the first place. At worst, at least people will be more informed if they do not choose to control their personal data.
These are only some of the ways that I’ve tried to control my data and my privacy. There are of course, many more ways to improve even what I’ve listed here, and there are other services that are worth giving up that the reader might be using that I don’t know of. Evaluate what your risk profile is, minimize your digital footprint, and assert your right to privacy.
Obviously, this isn’t a programming-related post, but I still hope that you’ve learned something nevertheless. Privacy is not only about the here and now, but also about the future. Now that we are hearing more and more of the media publicizing hacks for political gain such as the Clinton email leak and the Cambridge Analytica scandal, it is more important than ever to take a hard look at how much we really value our privacy, and by extension, how much we value our democracy. Privacy is obviously a controversial issue because it is so politically charged, but I’ve tried my best to try to stay neutral on this matter. I don’t think it matters what political party you subscribe to, or how much you think you care about your privacy, it is an important issue in the digital age.