Not a week passes without hearing in the news of a major data breach, a social media service into yet another mess-up, or a major vendor purchasing a popular service. What’s the usual outcome? Outcries of disgust, rants, complaints about privacy invasion/loss of privacy, individuals threatening to leave the service, calls for boycotts, but in the end, nobody is moving a finger except for a few hardliners.
I will develop below some thoughts on the matter, with the aim of making the reader understand that our responsibility as individuals also extends to our choices in the online world (in case you had any doubts about it).
Free Online Services: the hidden cost of “Free”
Since the beginning of the mainstream Internet as we know it (mid/end of the 1990’s), we’ve been used to “free” services, such as e-mail services, free hosting for blogs, photo hosting, etc. I will not deny that these services have been very convenient for swarms of people; they helped democratize the use of internet as well as communication means such as email and chat. One should not minimize the impact of mass-email adoption, which disrupted traditional means such as physical mails and faxes.
For many startups, the business model has often been to introduce a free tier, then gradually attempt to monetize the service. Monetization was achieved either via paid tiers including premium features, or via the use of advertisements, often complemented with data collection. For rational startups, the hope and/or business plan is that premium features will be appealing enough for free tier customers to hop onto one of the paid tiers. Or that advertisement will help sustain the business.
And the online advertisement world is a fascinating and scary one, especially in the Big Data era. As the Internet evolved, technology and innovation followed as well. Static ad banners started to evolve with dynamic banners, cookies, tracking etc. and thus online advertisement companies were somehow able to figure out some of your interests.
And then the first social media networks made their appearance. And who says social media mandatorily says Facebook. Not that they were the first social media, but they were the first (and one of the rare) to evolve from a university dormitory concept into a corporation and de facto standard platform. It’s needless to say that running an infrastructure the size of Facebook isn’t an act of charity. It costs tremendous amounts of money, and Facebook have been using advertising as their business model. But there’s a twist. This is not just “simple” targeted advertising because you were looking at smartphones or dishwashers the day before on Amazon. Facebook goes way beyond that, and so do other services such as Google.
What you share, what you like and what you look at on the internet (yes, you are being tracked) is recorded and analyzed. It constitutes an incredibly precious source of information and revenue for these major advertising companies; it allows companies and organisations looking to push ads to very precisely target their audience with downsides such as explicitly discriminating groups of individuals based on interests, ethnic, religious or sexual preferences.
Online Presence: A Self-Assesment
We’re well 20+ years into mass-adoption of internet, and it’s undeniable that many of us have an online presence. This online presence is the aggregation of our social media accounts, our blogs, websites, hobbies and of course the many online outlets were most of us shop regularly. Our information is disseminated everywhere, albeit perhaps partially, but it wouldn’t be hard to cross-check those many sites to establish individual profiles. I wouldn’t even be surprised that this already exists in totalitarian regimes where some “citizen reliability indexes” already exist.
You should therefore be careful about what information you are exposing, to which party, and you should also assess the importance of divulging such information. Most importantly, you should be careful about which services you are using and you should attempt to assess your “need” of using a given service vs the potential risks. Your mileage may vary, but this could be a sample evaluation grid:
- Core rationale (work requirement? personal use?)
- Importance (essential for work/networking? needed to keep in touch with relatives/friends? just to look what’s going on and post the occasional rant?)
- Service Reliability (Is the service taking privacy seriously? Was the service breached? Is the service known for repeatedly mishandling data/abusing privacy expectations?)
- Cost vs Outcomes (Is the service free or paid? Are you getting the right value out of it?)
- Sensivity (Is the service storing sensitive data? Are you a “person of interest” -political activist, journalist, whistleblower, minority leader/member- that might be the target of surveillance? Is the service above and beyond suspicions? Is the service owned or indirectly controlled by nation-state intelligence actors?)
- Exposure risk (What is the risk if my data is compromised? What data am I comfortable to share? Can I afford to share crucial data online?)
I could have made a table to evaluate a service importance but since I’m kind of lacking time these days, I don’t feel like making experiments in WordPress. In any case, hopefully this should give you an idea of what I mean: controlling where your online data is stored and who is entitled to see/use it helps you control and reduce your attack surface. Unfortunately, this doesn’t protects you from any breaches that may affect compromised e-government systems or financial systems (where some of your data may be stored for legal reasons) but that’s a good start.
You’re in control!
You’re in control. Many times I hear someone ranting about a given product, or a given online service, save for mentions of upcoming mergers & acquisitions. Nobody is forcing you to use one or another service, unless of course you have professional imperatives that get in the middle.
Free services have one convenience: they don’t cost you anything; you should nevertheless carefully think about how the service is sustaining their cost of operation because you, the user, may also end up being the product, and a pretty profitable one in some cases for those who collect and sell your data.
Another aspect is that free services may not be able to monetize properly their offering and may disappear. This happens very often and is one of the reasons why I’ve opted for using certain paid products. First of all I have to assess what software tools are needed for me to do my work comfortably. Secondly, I want to vote with my feet and wallet to support companies that work ethically and have made continuous and consistent support to digital rights and privacy rights. And you may call me crazy, but companies such as Apple and Microsoft are on our side, there have been considerable cases where those two companies have provided support or so-called amicus testimonies in high-profile privacy cases in the USA. Third thing is that I also want to support independent developers to do what they love and help them get a decent living out of the awesome products some are making.
The takeaway from this discussion is that you’re hopefully adult, responsible, and in control. You should make your online choices with the same level of scrutiny and responsibility as your everyday’s life choices, because our online choices ARE part of our everyday’s life choices. The next time you are unhappy about a service or a software, evaluate your options, make the right choice, don’t be afraid to be vocal but most of all: do something about it: vote with your feet, and with your wallet. Don’t assume that your individual actions have no impact. Your actions, and those of other educated and aware citizens are the tiny streams that build up huge rivers, until critical mass is reached. Also, look well at who is the buyer in M&A cases, and look beyond decade old assumptions, because sometimes those who look like your enemies can turn up to be your best friends.