Friday, December 28, 2018

Privacy Invasion as a Business Plan

The rise of the internet has resulted in many companies building business plans on invading the privacy of their users and selling the data to those wishing to track those users. For many companies this model of behavior has always been obvious. I never created an account on Facebook because of how strongly focused they have always been on invading privacy and selling that data. The distain for Facebook finally became more than a side note in 2018 (though there has long been some push back against them). Though still most people continue to use Facebook even as the extent of their bad behavior has come to light.

Certainly other companies (Google etc.) also practice gathering and aggregating information about individuals in order to profit. I have used Google from the beginning though I have reduced such use in the last few years (still using them quite a bit). Duck Duck Go has long been my primary search engine though I do also use Google. I added Fastmail years ago, but still use some gmail accounts.

The integration of online tracking and offline tracking (via credit agencies, credit card companies etc.) has greatly increased over the last 5 years with Google planning a central role (along with, of course Facebook and many others).

One of the worst behaviors by internet companies is to collect phone numbers in order to facilitate selling and integration of private information while pretending it is somehow a security issue. Though security experts all say using phone numbers for security adds security risks instead of using much more secure methods such as a security key. Companies that use deceptive security methods to collect phone numbers in order to sell the private information of their users make it very hard to trust what else they are doing.

Twitter has long claimed a security reason to collect phone numbers [update in 2020 - Twitter faces $250 million fine from the US FCC for these practices abusing the private information of users]. Now they have locked one of my Twitter accounts (because I sent a string of 5 reply comments) and refused to allow me to regain access without adding a tracking phone number (I had no phone number before). For this reason I won't be using Twitter any longer.

This experience once again shows the risks of promoting connections via a system that can lock you out when they chose. It is much safer to use systems like (blog, where you own the domain, email... that are within your control). Of course nothing is 100%, email can blocked (people that try to run private email servers find they are challenged by systems setup to distrust such email). But investing time in building communities (say on Facebook, LinkedIn, Twitter...) is risky. At any time they can change the rules and harm what you have built.

I suggest avoiding investing in Facebook, Twitter, etc.. To some extent it may make sense to invest some time in such communities but I suggest focusing most effort on things that are not built on the model of invading users privacy and selling that data to others.

One of the many things Apple is doing well is positioning themselves to protect user's privacy. With so many other businesses built on invading that privacy it provides Apple both a real opportunity to help and also a marketing advantage. Other organizations and tools are also filling a need to protect people from spying and malware (some of which is getting hard to distinguish from business practices of large privacy invading companies) such as EFF's Privacy Badger, ublock origin and Ghostery.

It is extremely difficult for individuals to protect their private information. It is essentially impossible. When companies built to sell that private information and create business processes to ease their business practices they often create a situation where their actions have resulted in false information created that somehow becomes the individual user's responsibility to fix (so when those privacy selling companies allow a person's data to be mis-used it is then called "identity theft" though it is not, it is companies misusing information and then putting on the individual the burden of fixing the errors). Europe has much better privacy rights than the USA does. But much more and better efforts are needed from governments to protect citizens from having their lives thrown into turmoil by the abuse and misuse of their private information.


Related: Governments Shouldn't Prevent Citizens from Having Secure Software Solutions - Businesses Misusing Required Private Information - Living Through Your Society Becoming a Police State - I Can Spy on You, But You Can't Spy on Me - Freedom Increasingly at Risk