Issue 02 - Privacy

February 5, 2018

In this issue we focus on privacy and emphasise why it is important for us to care about our privacy. We discuss two crucial arguments in favour of you caring about your privacy [Consider], offer links to articles and videos that discuss privacy issues [Become Aware], and explain the advantages of open source software -- in contrast to closed source or proprietary software -- for mitigating against privacy and security concerns [Learn]. We offer suggestions for privacy tools and messaging apps that help protect your privacy when communicating via your smartphone [Act].

We would like to thank everyone who sent suggestions about links to include or topics to discuss.

Consider

Most of us are law abiding citizens and feel that we do not have anything to hide, from the government or from big corporations. So, why not give up some of our privacy so that governments can track terrorists better or so that search engines can deliver better results or more tailored ads?

There are several problems with this perspective. The first problem is not necessarily about YOU. Even though you feel that you have nothing to hide, other people may have legitimate reasons to hide their information or behaviour. For instance, consider the case of a journalist investigating the illegal activities of a private company, or an activist trying to organise or empower people to protest an oppressive government. In both cases, being able to hide information from private institutions or governments is an essential part of these activities. Even though you do not have anything to hide, the right to privacy is worth protecting so that people who do have a genuine reason to hide information or hide their behaviour can exercise that right.

Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say. – Edward Snowden

A second problem with this perspective is that it is not really accurate: everyone has something to hide. I may be a law abiding citizen, but I probably do not want any or all of my acquaintances knowing what I do during my free time, who my friends are, or my political views. Think about it: if someone hacked into your computer today, would you consider this a violation of your privacy? Would you be completely OK with your information being out there for someone else to use? Family photos? Browsing history? Private email conversations? Further, what we may consider honest, genuine, or truthful information can be taken out of context and presented in an untruthful way.

Privacy is the right we should have to protect information about ourselves, to decide what information to share and with whom. We may decide that some information is worth sharing, but we should not have the right to decide that for other people. We may also choose to give away some of our privacy in return for seemingly more accurate search results or ads, but we should be aware that we are making that choice, and the price that we are paying.

We are moving towards a future where so much data is being collected about us that private companies can now provide a credit score or an insurance score based on our browsing habits or Facebook history. In the very near future, our bank could refer to these companies to assess if, based on our data, we should get a loan. "Data" such as our lifestyle habits, where we live or have lived, who our friends are along with their credit scores and income. Similarly, insurance companies could use metadata obtained from our smart phones to see if we usually drive our cars slow or very fast, whether we typically sleep a lot and/or very well, or whether we do sports. This information could be used to determine whether we pay more or less for our car or health insurance. Systems like these are not theoretic. Private companies and some governments already use these systems to some extent, for example, China is currently implementing a Citizen Score system based on data collected from citizens.

It is important to take steps to improve and protect our online privacy, not only for ourselves but to protect other people's right to privacy too. If only those people who legitimately need to hide their information use privacy protecting measures, they will be much easier to target by the very people they are trying to protect their information from.

As citizens, we can vote for people who care about our privacy and understand that privacy is a right. As consumers and users of technology, we can choose products and services that respect our privacy instead of products that do not. Only this way we can expect people, governments, and private companies to care more about retaining the privacy of its citizens.

Become aware

Why Privacy Matters

https://www.ted.com/talks/glenn_greenwald_why_privacy_matters

In this talk, journalist Glenn Greenwald presents some arguments on why privacy matters and why we should care about it.

NOTHING TO HIDE - The documentary about surveillance and you

https://vimeo.com/189016018

This documentary focus on the "I have nothing to hide" argument and presents reasons on why it is dangerous to think that we have nothing to hide and that we do not need to worry about privacy.

Dozens of Companies Are Using Facebook to Exclude Older Workers From Job Ads

https://www.propublica.org/article/facebook-ads-age-discrimination-targeting

This article details how companies are using data collected about user's online habits to target job ads based on the user's age.

The discussion of whether this is unlawful or not is beside the point. Rather, we think that it is important to be aware that these practices are happening, and by allowing companies to store and use our private data actually supports the tracking and targeting practices of such companies.

The NSA’s voice-recognition system raises hard questions for Echo and Google Home

https://www.theverge.com/2018/1/22/16920440/amazon-echo-google-home-nsa-voice-surveillance

This article is based on an The Intercept report on how NSA is improving voice recognition technology to listen in on an extraordinary amount of voice data to find people based on voice prints. This technology could be used in the future by surveillance agencies to listen in on home devices like Google Home or Amazon Echo.

Learn

Open Source Software

Software is developed using many different programming languages. The source of a program is usually composed of multiple files of code. These are text files that describe what a program does when executed and contain instructions in some programming language like Java or C. The source code format is made for human reading and writing. To execute this code, developers need to convert this source code into a binary file that can be executed by a computer.

If the software is closed source, only the binary file is distributed and this is the file you download when you download some software from a website. This binary file contains instructions only readable by computers and it is very difficult, often impossible, to determine what the software does when executed.

If the software is open source, the source files used to produce the binary file you download can also be downloaded and inspected. This means that not only can we produce a binary file and execute it, but we can also inspect that source code and determine what the program does.

Note that open source software does not need to be free as in free beer. Someone can write some open source software and sell both the source code and the binary files. Closed source software can, and often does, include open source software in their binaries, provided the legal license used to develop the open source software allows it.

Whether or not software is closed or open source has certain implications for our privacy and security. If a web browser is open source, for example, then we could inspect its source and determine if the browser is sending private data to some remote company while we browse the web. If the browser is closed source, it is sometimes very difficult, or impossible, to determine if our privacy is being violated as we only have access to the computer readable version of the program. We cannot inspect what the program is doing.

Closed source programs do not allow people to review the source code and determine if the developers properly used security algorithms or libraries in order to encrypt data, for example. We are not able to determine whether the program uses industry standard encryption methods, or if there is an easy way to break the encryption used by the application. The application could also contain malicious code that may be used by hackers to compromise our computer and obtain data stored in our computer.

When software is open source, everyone who is willing to donate some time can help improve the software. People can develop additional features, fix bugs, write documentation, and provide support. As a consequence, there are large communities of people built around these software projects, which in turn helps to build trust and improve the software for everyone.

Open software may not always be better than closed source or proprietary software. As with any software you install on your computer or smart phone, you should take a moment to check the project website and available reviews. Nevertheless, open source software is a more trustworthy alternative to proprietary software when it comes to privacy protection.

Act

Signal Messenger

https://www.signal.org/

There are many open source messaging applications that you can use on your mobile phone. Signal is an open source messaging application that encrypts your conversations, protecting your privacy as well as the privacy of the people you are talking to. Both the client and server implementations of Signal are open source. If you need some help installing signal you can visit this website

The encryption protocol developed and used by Signal was made open source, and currently is used by other applications like WhatsApp and Facebook Messenger. However, WhatsApp and Facebook Messenger are not open source and therefore we do not know what information Facebook can know about our conversations when using these applications, if the application contains malicious code, or if the Signal Protocol is being implemented properly. The same is true for other closed source encrypted messaging applications like Threema. See this article for more information on WhatsApp vs Signal.

Recently, there were some reports that WhatsApp Security Flaws Could Allow Snoops to Slide Into Group Chats.

Telegram is often suggested as an alternative messaging app, but Telegram uses custom cryptography, which the authors claim to be safe. However, in computer security circles this is considered bad practice. Using a tested and proven protocol like the Signal Protocol is considered to be more secure. In fact, we are able to tell what type of cryptography Telegram uses because Telegram made its code open source.

Privacy Tools

Over the next issues we will be talking about some of the tools at privacytools.io. You can visit that website and learn about many of the tools and services available to protect your online privacy.