July 17, 2015
Business services use behaviour data obtained from other sites to profile internet users. The consumer web sites have direct access to user generated data which they often use to further their own goals.
Online services provided by consumer sites do not require people to install software on their computers because both the application and the user’s data are stored on the site servers. This has the obvious and tempting benefit of delegating the burden of backup and administration to the provider. It also enables the user to work from any Internet connected computer. The problem is that the provider now has unfettered access and complete control over the user’s data.
Having control over the data means the user is at the provider’s mercy when he wants to modify his data in a way which does not suite the company. Two examples are when the user wants to move to a competitor or when he just wants his data permanently removed from the Internet.
Having unencumbered access to user data allows the provider company to use the data for its own benefit. In benign cases it is used to improve the user’s experience of their service, however companies are driven by profit not clients’ best interests. The open access to user data also makes these companies easy targets for authorities and criminals, which almost by definition don’t have the data creators’ best interest at heart.
The rebuttal most Internet companies present for the issue of open data access is that they do encrypt all data using unbreakable military grade encryption before storing it. This argument is a red herring. While many probably do encrypt the data as they say, it is only encrypted while not actively used. The company still needs to decrypt the data for their service to operate. And then we are back to where they have unencumbered access to all their clients’ data. This type of encryption does provide the slight advantage of adding an extra layer of complexity to those who wish to obtain the data without the cooperation of the company.
Consumer sites have direct access to their users’ ideas, intentions and associations. They use this knowledge to interfere in people’s lives. Some find it convenient to have their photographs connected to all their online accounts without having submitted the photo anywhere themselves. Those who admit that they value their privacy usually feel that the amount of freedom and autonomy sacrificed for small conveniences is unjustifiable. Future convenience is not guaranteed but getting the relinquished freedom back definitely gets more difficult with each piece of data handed over to a company.
Business services use statistical analysis to make behavioral predictions based on the user profiles they created or bought. This may lead to unwarranted attention to a person’s life by interfering entities.
Claiming back some freedom requires conscious, but not difficult, action. The principles are client-side encryption, distributed data and anonymity. Anonymity will frustrate the data gathering processes of the business services which will result in less accurate user profiles. Distribution will reduce the level of insight into and control over your data any single company has. Proper client-side encryption will completely prevent accessing your data both by the service provider and any other undesirable entities.
Tools which provide some level of anonymity are ad blockers, tracker blockers and anonymizers. PRISM-break.org is a good place to start looking. Single sign on (SSO), i.e. the process of logging into a site using for example your Twitter account, is a very bad idea if you are looking for anonymity. SSO immediately provides both Twitter and the other site with a lot of information they would have had difficulty to discover otherwise.
Distributing your online data is easier, if slightly more inconvenient. The principle is: One site, one service. If you use web mail, search, document collaboration and file sharing services, use a different company for each. Each company will control only some of your data, instead of a single company controlling all your data.
Client-side encryption is the concept of encrypting your data on your own computer in such a way that it it impossible for the service company to decrypt the data by themselves. The only way to achieve that is by ensuring that the encryption secret (i.e. the password or key) never reaches the company. User friendly services providing client-side encryption are rare but that should change in the near future.
So now you have a ton of sites you use because you distribute your data and each has its own user name/password because you don’t use SSO. How do you remember all login details? Write them on a piece of paper and keep it in your wallet. Really.
Strongroom Secure Photo Backup is an online backup service for your photographs featuring client-side encryption. Your privacy is the most important consideration in every design decision. Every file is encrypted on your machine using your personal encryption key before going onto the Internet. Even the file names are replaced with meaningless text.
Strongroom Secure Photo Backup is built on Selective Share host-proof technology.