Owning yourself


The revelations of the past few months have thrown into question how and where we choose to portray ourselves online. Mail being intercepted, filtered, and “items of interest” stored by GCHQ, the NSA, and other international government agencies. Evidence of major American Internet services supplying those same agencies with not just specific data, but feeds to their users data, on request, and the probable inclusion of back doors in encrypted services, has come thick and fast from the revelations of Edward Snowden and the reporting of Glenn Greenwald at The Guardian, among others.

Or at least they have caused a fairly small group of geeks to question their portrayal of themselves, or their digital footprint. It has been terrifying for me to see just how few “normal” people seem to care about anything other than the flight and asylum drama of Edward Snowden at the start of the story. The real meat was in the rampant abuse of every individual’s privacy at the hand of Western governments and their bloated spy agencies, in a still unfamiliar change to the rhetoric of our age.

I can only put this apathy down to a lack of understanding of what modern computers are capable of, some common imagining of a clearly impractical situation where spies are sat at screens reading every single email, banal tweet, cute Facebook message, and all the other ephemera which makes up a typical person’s use of the Internet. “That’s clearly impossible, so what is there to worry about?” They ask themselves, rhetorically, before going back to their day to day use of all these compromised services. Because people don’t understand that algorithms like Google’s PageRank allow us to routinely search huge data sets extremely quickly, they don’t understand that similar technology could be used by spy agencies to make sense of huge data sets comprising the interactions we make daily on the aforementioned services.

How many of us are better than that? Arguably, I’m worse, in having an understanding of the risks and not yet having made a wholesale change to my habits. Sure, I have plans to use encrypted email, host my own mail server, ditch Facebook, Google, et al, and rely only on open, preferably self-hosted software (not services) running on a server I control. But have I done any of that? Not really. I’ve started to use Duck Duck Go, when I remember that search is the pertinent verb, not google. I’ve investigated alternatives to Gmail, but not got far yet. Not even made any effort to leave Facebook or Twitter, though I have posted to them a lot less and revoked location access to each app, but all the tracking code is still in full force. I need to do these things, and I have the technical skill and understanding to make a good attempt at them, yet I have not made the time. Until I do, how can I tell those less technical friends what they should be doing, unless I’m asked?

Once I'ven done that, I’ll feel I can give that advice and evangelise about this, but what an enormous task, even to teach just one person about the consequences of using the services we use every day. When most people don’t even grok backup, encryption and anonymity don’t stand much of a chance, and self hosting even less so. “It’s too much hassle, and gMail’s been fine for so long” people will say, while thinking “why change now?”

The reason to change is simple. Everyone who has used any of these services, even at the most basic level of Google’s search, has left personal information which could be of devastating use to an adversary. Details of family relationships, friendships, old flames, thoughts about religion or politics, illnesses you may be suffering or suspect you suffer from, places you go, where your children go, and the list goes on and on. Sophisticated analysis of just search history could give you much of this, but the amount of information we share now could give the adversary all that and more. That adversary may be the state, in which case they already have access to everything. It could be a religious extremist, a criminal seeking to extort you, a scammer, or a political party; think for just a moment, can you really not think of any hypothetical situation where the information could be used against you? This isn’t a question of “having nothing to hide”- we routinely take steps like shredding documents which contain our name and address, lest we fall victim to identity theft - it’s all about what you have to hide, and from whom. Then remember that there is no such thing as an absolutely secure computer, and think again about what information you want your government to hold about you.

When the Internet began, and for the vast majority of the early years of the www, it was based on decentralisation. People hosted their own data, and could move it from one place to another. It was still horribly insecure, with almost nothing encrypted, and clear text reigning supreme, but at least your data was for the most part your own. Web 2.0 kick started the massive growth of centralised closed services, where someone else holds your data and makes money by selling it, and you along with it. We need to move back to a decentralised model, and the only people who can lead that move are you and I, the geeks with the knowledge and the skills to use and build what we need, technically, in order to own ourselves again.

Beyond that though, we need to effect political change. Without an upswelling of opinion to tell our politicians that this is not acceptable, this will just be a game of technical cat and mouse. Next time you get the chance, explain the freedoms which have been taken to your non-technical friends or family, and start the debate.