the privilege of privacy
October 20, 2015
[image reads: the privilege of privacy by b. binaohan]
The Push for Privacy
The related issues of privacy and security online and in tech are mainstays of the current discussions on tech. Something that seems to have been awoken with Facebook and its erosion of what privacy means over the years:
The rise of social networking online means that people no longer have an expectation of privacy, according to Facebook founder Mark Zuckerberg.
“People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people,” he said. “That social norm is just something that has evolved over time.”
Zuckerberg said that the rise of social media reflected changing attitudes among ordinary people, adding that this radical change has happened in just a few years.
Regardless of whether or not this is true – I don’t think it is – this perception is common enough. And while post-Snowden, many people became alarmed at the idea of government surveillance and this lack of privacy, scrutiny for tech orgs themselves tends to wax and wane.
The thing that interests me most about the conversations about privacy online is who discusses and how they discuss it.
As far as I can tell, many of the people who’re most concerned about privacy online appear to fall into two camps: white men (of varying priliveges and often techbr0s) and marginalized/vulnerable people. As far as I can also tell, very rarely two these two groups ever actually talk to each other – something I’m not terrifically surprised by.
It’s also very clear that the motivations and desires for privacy comes from very different places. Many of the marginalized people I know guard our privacy because we worry about our safety. Based on what I see white techbr0s write on privacy, it seems to be more a matter of principle (e.g. “I have a right to privacy, so I’ll fight any encroachment!”). It isn’t that I think the techbr0 reason is less valid, since I do think that the slow erosion on rights is something worth resisting, but rather that these varying motivations have real consequences for how privacy is enacted and understood online.
The relationship between privacy and security
While the concepts of privacy and security aren’t equivalent, online and in tech they are very closely related and mutually reinforcing. Such that the more secure your use of tech is, it is likely to also be somewhat more private. And that steps and actions taken to preserve privacy, will often have the benefit of increasing your security.
Take encryption and HTTPS, for example. The encryption given by the certificates (and their validation by an external entity) increases your privacy by encrypting your website activity. It also increases security because the encryptions means that any sensitive data transferred is much more difficult to expose (this is why pretty much every commerce site uses HTTPS). This generally applies to most uses of encryption, serving the dual purposes of privacy and security.
However, this relationship breaks down in some very important ways. While Facebook (and most other social media sites) will use HTTPS to encrypt your activity, very few people ought to consider this as increasing your privacy. Especially not when considering privacy from the tech companies themselves. Most of these companies will have varying tools for increasing privac of your account in relation to other users (or the web in general) but none, as far as I know, provide many tools at all for determining how much privacy you can expect from the company.
Now, this isn’t wholly true, but the cases are fairly limited and not necessarily the easiest things to implement. Google allows some level of privacy against them if you tell them not to use your search history to personalize your results or to deliver targetted advertising. Just as both Chrome and Firefox give you an option not to send anonymous data about your browser use. But note: many of these features are ‘opt out’ and turned on by default.
This problem I’m highlighting isn’t particularly new or all that interesting anymore. Not since the axiom of “If you are not paying for it, you’re not the customer; you’re the product being sold”1. My understanding of this, is that it is about data. You pay for online services either with money or your data. Whether or not this is true is probably debatable, but what matters is that many people see at least a grain of truth in this. Even more importantly, is that many people in tech see some level of truth in this.
The cost of privacy
I think the earliest post I read about privacy online was Marco Arment’s post from 2011 where he wrote a phrase that impacted many of my online behaviours since:
You must own any data that’s irreplaceable to you.
Now, he isn’t necessarily talking about security or privacy in this blog post, but rather the problems with relying on tech companies to provide us with critical services. His concerns appear to be more about data portability and safety. It still made a big impact on me.
So too would various things I’ve learned over the past four or so years. The biggest thing I’ve learned is that privacy and security are too expensive for most people. By ‘expensive’ I don’t only mean money but also skills/ability.
Based on current discussions over privacy and security, most solutions that exist either require you to pay money or have an above average set of tech skills (or some combination of both). Because of this entry cost, most people simply cannot afford to have secure and private online lives. Moreover, beyond a few initiatives, most tech companies and techbr0s seem generally disinclined to make security and privacy more accessible. Instead, most seem to point and laugh at the plebes who dumbly hand over our data (to them).
I’m sure its obvious where the conflict of interest is here. By and large, it would be a disaster for the tech industry if the bulk of the population where to implement many of the privacy and security tools used by the industry. Or even to talk Arment’s exhortation seriously about owning our own data. What if Facebook users, en masse, get tired of the privacy violations and start leaving the service? What if people get fed up with Google’s advertisements stop using its various services?
Fortunately for the tech industry, the cost of privacy and security is often too high for many people to pay. And so, even when we know better, we continue to give up our privacy and data to techbr0s who laugh at us for being ‘sheeple’.
So yeah. I think the way the tech world has designed things results in the most meaningful tools for privacy or security being inaccessible for the average user. Either in terms of financial cost or skills/time/ability (or some combination of the two).
I know I’ve basically thrown in the towel. Unless my income magically increases and I can afford to pay for things like email, it is just too much fucking money for me right now2. Sure, I have greater skill and ability to learn new tech stuff, so I’m somewhat better off than many of my friends, the problem is that pretty much none of them can follow. So I stay where my friends are because, who would’ve thought, I actually use social media to, um, you know socialize.
The other problem, with all of this, is how alienating the advocates for internet security/privacy are. Because, let me tell you, seeing a bunch of white techbr0s mobilize the exact same arguments that white men use to justify online harassment and abuse doesn’t incline me to consider the substance of their arguments. Nor is the fact that of the two communities who tend to care about privacy and security the most, these concepts have radically different meanings and implications.
That techbr0s often only talk about security in the sense of data and whatever, without thinking about security in the ‘omg am i safe?’ sense means that a lot of the people who could use their recommendations probably don’t even bother to look. The fact that techbr0s demand security and privacy while continuously building services and technology that undermines it for the people without their privileges is also… shall we say, off-putting.
I really do think that more people would do things like encrypt their emails or take other proactive steps to maintain their privacy and security if, for example, they were presented as “hey, if you do this thing, it’ll help prevent you from getting doxxed”. Increasing accessibility would also mean ‘do this thing’ is some relatively easy thing for many people to implement (something similar to EFF’s SSL certificate innitiative).
It would also be really nice if the tech industry would stop blaming the victims of data breaches, insecurity, and lost privacy. Every time something like the ‘fappening’ happens, there are all these privacy/security tech pieces that come out that are basically “lol, don’t take nude selfies. or if u take nude selfies they should only be viewed on a non-networked computer. why r u sharing these anyways????”. Sure, some companies are harmed by data breaches, but more often it is users who deal with the worst consequences (especially if we are talking about abuse and harassment).
- Attributed to Andre Lewis ↩
- It's funny because I'm not the poorest of the poor. My situation is stable in the sense that my job gets me enough money to cover bills every month. Except that I have about $150 leftover to buy food for two people. So, yeah, even something like Fastmail which is about $3/month actually makes a difference, especially when you add in other costs. ↩