When we talk about privacy as a concept, we tend to drill into the benefits of privacy and the crucial role that it plays in our lives as individuals. In aggregate, privacy extends its role to protect fundamental freedoms that we all agree are pillars to a free and happy society.
What we don’t talk about is the challenges that privacy apps face, and how often tools are not designed to fulfill the needs of the needs of the end user.
You Can’t Trust Networks or Equipment
We live in a world where data is the new oil. Every little data point is a morsel to sell, and information that can be leveraged. There’s an entire economy designed around this simple concept that is worth trillions.
This means that there is ample incentive for every point of contact that a user touches to be stored, categorized, and ultimately sold.
As a developer, you can’t trust your user’s modem, routers, ISP, cell carrier, their operating system, or even your own servers and equipment unless you own and operate them. As a user, you can’t trust the developer’s code isn’t collecting information, or that the developer’s have considered all of these threats.
In a landscape where nothing can be trusted, there’s two key ideas that lead us away from the event horizon of this data black hole.
Open Source Software
Using software that is open source is a critical piece of the puzzle, because this allows peer review to verify that the developer isn’t collecting unnecessary data to make the app or service work, and that the developers have considered all of the external privacy threats.
If the software isn’t open source, there’s no way to verify this. You have to implicitly trust that the developer doesn’t want to grab your data for money, which is always in their interest to do. You are hoping that the developer is principled enough to resist the urge to make more money off of you. This is an even greater concern when the application is free. You have to consider how, if not through your data, is the app developer making money?
End to End Encryption
So you’ve selected open source software, this means that your data is probably secure, right? Wrong. It is crucially important that you are also protected from points of data collection all over the networks that make up the Internet.
Encryption can protect some data, like the content of websites that a user visits. But it doesn’t protect users from information collection where the encryption terminates. This means that unless decryption takes place at the final destination of the connection, the servers can listen in on the conversation and collect data. This is something you often see in the social media world. Facebook, Google, and Twitter have no problem employing https, but all of your data is decrypted by their servers and read, categorized, and sold. This is the crucial detail; If you send an email through gmail, it is encrypted until it reaches Google. It is then stripped of encryption, read, categorized, and stored as marketable data. It then is encrypted once again, and sent off to the person that you intended to communicate with. This is centralized encryption.
This is where the concept of end-to-end encryption steps in. This means that if two devices are communicating, if these two devices generate the keys and negotiate the connection, none of the equipment or services between them can read the data. If you use PGP email, Google can’t decrypt your messages to read it. All they can see is that it is an encrypted message, who it is from, who is to, how large the message was and when it was sent.
These are still data points that help Google, but cutting out the content of the message largely blinds the data collection.
In Combination Open Source and End-to-End Encryption Fix the Problem
When you roll these two concepts together, you create an environment where a user can trust the application, and they can also implicitly distrust the Internet generally.
It doesn’t matter if the service is leasing servers from Amazon Web Services or Microsoft Azure, even if these giants are performing data collection and analytics (they are), they can’t read any of the actual data.
There’s Still a Long Road Ahead
When you look at the horizon of privacy, there’s a number of hurdles that expand beyond these simple concepts. The place where open source and end-to-end encrypted solutions often fall short is the user experience.
Without speed and easy to use software, reaching for privacy is often reaching for headaches. You have to give up an incredible amount of convenience in order to gain surety.
This is why projects that move the needle, like Signal, are so important. They show that we can push forward on this frontier and still achieve wide-adoption if we commit to reducing the pain of going private.
An example of the user experience struggle is Lineage OS, a replacement privacy-focused open source operating system for Android smartphones. The project has done a wonderful job creating and deploying a decent user experience once you get the OS installed, but getting the OS is a web of unlocking bootloaders, messing with phone drivers, interacting with the command-line, and Googling cryptic errors throughout the process. This barrier pretty much ensures that wide adoption will never occur, no matter how good the software is after installation. The developers need to find ways to make it easier on the user to get it installed and working properly.
We are getting there. Privacy apps keep getting better. Stay knowledgeable on what is good and what isn’t, and look for open source and end-to-end encrypted solutions.
About Derek Zimmer
Derek is a cryptographer, security expert and privacy activist. He has twelve years of security experience and six years of experience designing and implementing privacy systems. He founded the Open Source Technology Improvement Fund (OSTIF) which focuses on creating and improving open-source security solutions through auditing, bug bounties, and resource gathering and management.
A complete guide to Internet privacy