More privacy regulation, please!

I think privacy matters and that we should fight for it.

Facebook has caught a lot of negative press lately. Most news had to do with their data harvesting methods and privacy violations. Q4 2018 turned out to be very profitable for Facebook, and it seems investors and end-users don't seem to worry too much about the way Facebook operates. This strikes me. Do Facebook users not care about privacy? Don't they mind being tracked on the web? I'm not sure what the reason is. It may have to do with unawareness, ignorance, social inclusion, tech savviness. I really don't know.

What I do know though is that I'll try to convince every website owner and developer to think twice before implementing third-party integrations such as Google Analytics, Facebook Like buttons, and Hotjar (heatmaps / tracking), to name a few. It's easy to insert a JavaScript snippet, but the end user pays.

I'd also advise people against using Google Chrome and to avoid installing browser extensions that are not open source or are not from a pro-privacy author / origin. I recently made a Chrome extension and it's very very easy to log all browser traffic and send it to an external server. I'm not sure people realize what can be behind a small good looking icon.

The same applies to smartphone apps. I've decompiled a few Android APKs now and sniffed the data that is sent via Wireshark. The amount of tracking is astonishing. It's even more than on regular web pages. Why? Well probably because it's not notable by the end user. There's also no way to opt-in / opt-out from it, e.g. via a cookie bar. It's a violation, in my opinion.

In Europe the GDPR legislation is awesome. I see many companies implementing functionality that for example allows for data export or to easily delete an account. I think the legislation also has a positive effect on security. This is great, and I hope that the US will adopt similar legislation soon. Some companies make it their USP to offer privacy aware software as a service, for example. I love that. On the contrary, I recently came a across Project and Task management system (Flow) and they basically track everything. It's horrible, and for me it's a big reason not to use their product.

I recently donated to Bits of Freedom, an organization that protects the right for privacy and the right to communications freedom in the Netherlands. I think it's important that such entities have a voice. However, I think that we as developers and end-users can have a huge impact as well. As a developer it may be that we don't store data that doesn't need to be stored, or that we adopt good security mechanisms, or that we apply the 'privacy by design' principle when building new software. As an end user we can send companies an email to make it clear privacy is a thing. If they receive one email, it may not have much impact. But if they receive 20, it's put on the agenda. End users could also think about what the consequences are of using Alexa, Skype, and Google Hangouts. Literally everything is stored, transcribed, and can be used for analysis. I think we should be aware that a political system can change very quickly. Companies may be forced to hand over data, and combining such data can give a pretty accurate view about a person. But aside from that, data leaks / hacks are very common. I'm afraid there will always be trade-offs between convenience (e.g. an instant answer from Alexa) and privacy / security. An example is Signal. It's a great open source messaging app, but it's just not as great as it's competitor WhatsApp.

To end this blog positive, Europe now funds bug bounties on various open source projects. Whoever managed to pull this off, you're a hero.

Relating links: