GULYÁS, Gábor György, Ph.D.
2014-06-25 | Gabor
The Snowden revelations changed the way we used to think about the internet, even in our personal life, but the a business point of view. Apart from the severity of the everyday espionage that Snowden revealed, there is still a lot we could do for protecting ourselves and showing up a little resistance. For example, experts propose to use Tor, an anonymous communication protocol, by which we could remain anonymous throughout daily activities: browsing the web, exchanging emails etc.
Want to get some more tips? We have an ebook ready for you!
This is a good idea: it protects our privacy from (some forms of) mass surveillance, and also hides our data from the prying eyes of several commercial parties. However, as we have a vast amount of contact points with the digital world, this also leaves us a lot of homework. We need to remain self-conscious all the time, regularly revise our past decisions and train ourselves continuously.
Let us check out a few examples, how privacy gaps may remain despite efforts. If we use Tor for browsing over a cellular internet connection, then while we are protected of being tracked by the websites we browse (on a laptop), our location information is still available for the internet provider (and for the government). In addition, even if we use Tor browser on a smartphone, apps can leak sensitive information – with which we spend way more time than browsing (for the nosey: 86% vs. 14%). Furthermore, we could think of the ever changing privacy settings of social networking services, or the content that others post about us.
Approaching the issue in a pessimistic way, we could expect that privacy would not exist in the not-too-distant future, e.g., in 5-10-20 years. This can happen due to market changes (e.g., no ads no content), legislation issues (security vs. privacy), artificially changed social norms. In such cases, where opting-out or providing fake-data are not possible options, we have a very few options left, like providing ways to track our data and how it was used (here is a good example for passwords).
Researchers envision the possibility of using privacy enhancing technologies as a way to protest against surveillance and as a form of committing civil disobedience. This may also be a legit possibility in an unfavorable future, where opting out is not possible, just providing fake data for confusing monitoring adversaries. Such use of crypto and privacy tools is present today, but the difference to self-defense is in the way of their use. Privacy-technology expert Arvind Narayanan explains:
The key difference when encryption is used as protest is that it is a collective and participatory activity, rather than individualistic. Such users hope, in conjunction with other users, to make life a little bit harder for the powers that be and to protest the surveillance regime. Further, they would like to signal to their peers that they are conscientious citizens who will not accept the status quo.
Nevertheless, let us hope that there will be a better future, where technically it is possible to protect our data even while using social media and online services. But even today, we experience that this is getting more complicated and time consuming as the digital era develops. To ease things up, a privacy vulnerability tracker seems to be a suitable choice (i.e., something similar to existing security vulnerability trackers), that can be filtered respecting user interests without additional loss of privacy.
I think this good idea needs to be further developed: it is also important to automate responses in order to effectively adapt to changes (at least in the cases where technology can help). This could be significant at least for two reasons in the future. Not only the changes are becoming more frequent and the number of discovered vulnerabilities mushroom, but it is also hard to follow social media content, which also can violate our privacy (e.g., think of unwanted pictures that other may post about you, even when the topic is something else). Second, the legislation is moving towards a compliance-based direction, where the focus is on the compliances of companies rather than on strengthening the rights of data subjects. Using automatism fits such legal context.
Such an automatism is not purely science fiction anymore: with some existing services we can easily build proof-of-concept applications. This is why I really like the concept of IFTTT: if something happens within a services that we are connected to (e.g., someone post a tagged picture about us), something could be done about that automatically (e.g., save it to Flickr). At the moment, IFTTT is not particularly concerned about privacy and there are only a few recipes for privacy-enhancements (but here is a good idea to avoid being tracked by your WiFi signal throughout your daily commute). There are some further privacy-strengthening uses I could imagine, e.g.:
and the list could go on for long. It would be good to see services soon that are capable of doing such things.
This post was originally written for the Tresorit Blog.
Tags: future of privacy
CSP (1), Content-Security-Policy (1), ad industry (1), adblock (1), ads (1), advertising wars (1), amazon (1), announcement (1), anonymity (9), anonymity measure (2), anonymity paradox (3), anonymity set (1), boundary (1), bug (2), code (1), control (1), crawling (1), data privacy (1), data retention (1), data surveillance (1), de-anonymization (2), definition (1), demo (1), device fingerprint (2), device identifier (1), disposable email (1), ebook (1), el capitan (1), email privacy (1), encryption (1), end (1), extensions (1), fairness (1), false-beliefs (1), fingerprint (3), fingerprint blocking (1), fingerprinting (3), firefox (1), firegloves (1), font (1), future of privacy (2), google (1), google glass (1), home (1), hungarian keyboard layout (1), inkscape (1), interesting paper (1), internet measurement (1), keys (1), kmap (1), latex (1), location guard (1), location privacy (1), logins (1), mac (1), machine learning (3), neural networks (1), nsa (2), osx (2), paper (2), pet symposium (2), plot (1), price of privacy (1), prism (1), privacy (8), privacy enhancing technology (1), privacy-enhancing technologies (2), privacy-enhancing technology (1), profiling (2), projects (1), raising awareness (1), rationality (1), re-identification (1), simulation (1), social network (2), surveillance (2), tbb (1), thesis contest (1), tor (1), tracemail (1), tracking (12), tracking cookie (1), transparency (1), tresorit blog (4), uniqueness (3), visualization (1), web bug (3), web privacy (3), web security (1), web tracking (3), win (1), you are the product (1)