We worry but do little to safeguard our privacy. So what does it take to protect our data? This new book has an unsettling answer: cold, hard cash
SECURITY theatre has reached new heights of absurdity: we perform this meaningless ritual whenever we change our passwords to digits only a quantum computer could love, repeating the process every three months separately for each of the hundreds of sites and apps we use.
As if this busywork could give us any control over our data! A password has little to do with security any more. It can’t stop the NSA from tapping in to the secret back doors left by mobile or email providers. Nor can it keep Facebook’s ever-shifting, intentionally confusing privacy policies from ensuring that advertisers will use your data for their own opaque purposes.
Small wonder a recent poll by the Pew Research Center found that while we worry,. For example, we don’t flock to Tor privacy software to cover our tracks – though, ironically, doing so would raise red flags at the NSA, prompting closer monitoring.
If thinking about this makes you tired, Helen Nissenbaum has a phrase for you: “security fatigue”. Nissenbaum and Finn Brunton are information researchers at New York University, and they wrote Obfuscation to start a revolution.
Exasperated by the widening chasm between security theatre and reality, they wondered if there was another way to resist the industrial spying/marketing/data-siphoning complex, one that didn’t require major policy or technology overhauls. The resulting book bills itself as “a user’s guide for privacy and protest”, and as an encyclopedia of the various ways people have covered their tracks, it’s both intriguing and instructive. But if you were looking for something “for dummies”, it falls somewhat short as many of its best exemplars are has-beens or never-weres.
Take FaceCloak. Announced in 2009, it promised the impossible: use Facebook, but keep your data out of the coffers of the company and its business partners. The idea was simple: “upload” a photo to Facebook, and FaceCloak would store place-holding ciphers in Facebook’s database, while it redirected the real information to a separate, encrypted server. This let you use the shell of Facebook without surrendering your data.
The FaceCloak site is now a mausoleum to ambitious privacy projects that fail in the face of mundane realities (for it to work, you would need to convince all your friends to use it too). It’s also a reminder that it’s hard to make money out of unsupported apps, especially those that don’t trade your data. In 2012, FaceCloak quietly stopped updating its code.
The book raises other intriguing questions about obfuscation. For example, is it always ethical? Take TrackMeNot, a plug-in that masks Google search queries by burying them in a vast cloud of fake requests. Here’s the dilemma. In 2011, Greenpeace estimated that if the internet was a country, it would rank sixth globally in electricity demands. In 2015, a search for “David Cameron pig gate” uses 0.3 watts of electricity, 0.2 grams of CO2 and a few drops of cooling water. Send 100 obfuscators to hide the search, and these costs balloon. It’s a new tragedy of the commons: a few people can coast on the rest of the herd, but what if we all use it?
Fascinating stuff, but the book can feel like a bit of a jumble as it skips along. This is a shame because whileObfuscation may fail as a “for dummies” guide, for anyone who wants to grasp the layered complexities of keeping their data safe, it is required reading. Particularly for those of you building the next generation of obfuscation apps, the book’s back-page decision tree will help you avoid the fate of FaceCloak.
Perhaps unwittingly, the book demonstrates the futility of individual resistance against state/corporate algorithms. Let’s face facts: either we let apps suck up our data or we pay hundreds a month for our games, music, social networks, email and so on.
Future generations may laugh that we took so long to see the obvious: the best obfuscation is cold, hard cash. If the authors have revolution in mind, it’ll have to be of a very different kind.
“Future generations may laugh that we took so long to see the best obfuscation is cold, hard cash”
(Image: Frédéric Lecloux/Agence VU/Camera Press)
Obfuscation: A user’s guide for privacy and protest
This article appeared in print under the headline “Pretty bad privacy”
This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.