Today is the thirteenth Data Privacy Day, and the Internet is awash with horror stories of data breaches, hacks and privacy violations. A few decades ago, the notion of sharing personal information online would have filled most people with horror. Today, the opposite is true.
New smart lightbulb? Download the app, and sign up with your info. Cat’s birthday? Snap a selfie for all the world to see, before asking your always-listening smart speaker to sing Happy Birthday. For better or for worse, the torrent of information we share has increased exponentially, as more and more businesses adopt the surveillance capitalism model. Even your antivirus software could be selling your web browsing history.
Things, however, are beginning to change.
In recent years, the issue of privacy has come to dominate tech news headlines. From high profile hacks and data leaks to unscrupulous business practices, focused tracking, and even election meddling and disinformation campaigns, our perception of what we share online and who we should share it with, is shifting.
New laws like the EU’s General Data Protection Regulation (GDPR) have been introduced to dish out harsher penalties to companies lax in their data practices. To date, we’ve seen 199 fines totalling €116,644,629, with Google forking out the largest single fine of €50,000,000. We’re seeing an increasing focus on ensuring that our data is not only safe, but used in fairer ways, while holding companies accountable with stricter standards.
As regulations bite and privacy breaches continue to hit the headlines, privacy is increasingly becoming a hot-button issue for consumers—and new products and services are cropping up to help address their concerns.
Privacy in the spotlight
The list of data breaches grows daily. Last year, the personal information of 210 million Facebook users, including phone numbers, was left exposed on unprotected servers. This year, a study found that dating apps Tinder, OKCupid and Grindr were sharing data such as GPS location and sexuality. The same report also found that most of the apps that were studied lacked clear information about what users are consenting to, with little to no in-app settings to help control what you’re sharing.
The world of cryptocurrency hasn’t escaped unscathed, either; crypto exchanges including Poloniex and Coinmama have both seen data breaches in which users’ email addresses and passwords were exposed.
And the amount of data that’s being gathered is only set to grow. Last year, Facebook came under fire for harvesting the email contacts of 1.5 million users without their knowledge or permission. It claimed it was an accident, before deleting the data. Recordings from Amazon’s Echo smart speakers are routinely passed to human annotators for review, in order to better train its software algorithms.
Even our faces are now considered fair game. The New York Times revealed the actions of Clearview—a company that uses AI facial recognition software to scrape billions of images from social media. It’s used by 600 law enforcement agencies, including the FBI, to match pictures of suspects with their social media profiles.
How companies are putting privacy first
Just over a week into January, none other than Mark Zuckerberg himself addressed the issue of data privacy as part of a New Year Facebook post: “Platforms like Facebook have to make tradeoffs on social values we all hold dear—like between free expression and safety, or between privacy and law enforcement, or between creating open systems and locking down data and access,” he wrote, adding that governments should establish clearer rules around elections, harmful content, privacy and data portability.
Zuckerberg’s comments came in the wake of a 2018 scandal in which the personal data of millions of Facebook users was harvested by political consulting firm Cambridge Analytica and used to target political advertising, highlighted in the 2019 Netflix film The Great Hack. This week, Facebook released Off-Facebook Activity, a tool that lets users track what information the company’s receiving about their activity on other websites.
Facebook’s not the only company that’s making noises about user privacy. This month, Apple headed to Las Vegas for its first official appearance at the Consumer Electronics Show in 28 years; the representative it chose to send was its senior director for global privacy, Jane Horvath. Previously the global privacy counsel at Google, her mere presence at CES is a reflection of the importance the Cupertino tech behemoth places on privacy.
When asked if the tech industry is doing enough to protect our privacy, Horvath responded by stating that “I don’t think we can ever say we’re doing enough. We should always be doing more. Things are changing, there’s no way to say that at this point in time we’ve reached a panacea.”
Apple may tout its privacy credentials in its advertising, but soon after its CES appearance, Reuters revealed that Apple dropped plans to let iPhone users fully encrypt backups of their devices in its iCloud service, after the FBI complained that the move would harm investigations.
New companies tackling online privacy
The current privacy landscape may be enough to make you consider a new life involving tinfoil and a Faraday cage, but there is hope.
Increased consumer awareness is driving calls for safer practices and regulation. Hot on the heels of Europe’s GDPR, California’s new Consumer Privacy Act introduced the the most sweeping, comprehensive data privacy law in the US.
Now, California residents are able to ask companies to delete their data, or refrain from selling it—a substantial improvement over the previous environment, in which companies weren’t even legally required to tell you what data they’d collected.
These new regulations are creating niches for privacy-focused companies to set out their stalls. UK app Mine lets users see what businesses hold personal and financial information on them, streamlining the cumbersome process of sending out GDPR data deletion requests into a single click. “Regulations are great, but without the proper tools to make control easier for the average person, they’re less effective,” Mine co-founder and CEO Gal Ringel tells Decrypt. “Mine isn’t a tool to scare people. Our mantra is that stopping sharing isn’t the solution—we want to empower people to have a choice online so that they can start to understand what companies have their data, so that they can exercise their rights at the click of a button.”
Beyond tools and software, you can also buy devices designed to protect your entire home from online snoopers and intrusion. Touted as “the first convenient privacy product for everyone,” Winston is a hardware filter that connects to your router, stopping ads and tracking across all devices connected to your home network—from consoles and smartphones, to laptops and tablets. “Virtually everyone is now aware of the dangers of uncontrolled data collection,” Winston CEO Rich Stoked tells Decrypt. But, he says, people are still unaware of just how severe some of the examples are. “The company that watches out quickly and accurately you enter information into web forms, or the fact that your ISP sees when you plug in medical devices into your network; all this data is for sale,” he says.
Decentralization to the rescue?
The blockchain and crypto community’s ideological commitment to decentralization means that, unsurprisingly, it takes the idea of data privacy to heart. After all, what better illustrates the perils of centralization than a mega-corporation’s silo of user data, a single point of failure in the system that’s a huge and tempting target for hackers?
Crypto projects like Brave Browser are already helping to secure users’ privacy; the privacy-focused browser blocks online tracking by default, and rewards users for watching privacy-respecting ads with the Basic Attention Token (BAT) cryptocurrency. Users can then allocate their BAT earnings to the websites they visit the most, or use it to tip websites and creators directly. Last November, Brave hit 10.4 million monthly active users, doubling its user base year-on-year. “The privacy wave will continue to rise,” Brave co-founder Brendan Eich told Decrypt, predicting that established players stuck in surveillance capitalism business models will start to come under pressure from users demanding a “privacy-by-default approach.”
Elsewhere, crypto users are keeping their transactions under wraps using dedicated privacy coins such as Zcash and Monero, which employ technologies like zk-SNARKs and ring signatures to mask transactions.
Other projects are exploring novel technologies like multiparty computation to keep data secure; the latter promises to revolutionize fields like medical research by enabling computations to be run on decentralized, encrypted data, with the results verified on the blockchain’s immutable ledger.
"Without getting into technical details, zero-knowledge proofs allow stakeholders to prove that things existed or took place, without revealing what data led to that knowledge," Dr. Robert M. Learney, lead technologist for blockchain at UK technology innovation center Digital Catapult, told Decrypt. "With multiparty computation, groups can collectively build models to gain insights from their data without revealing the underlying data to everyone involved."
These techniques won't just empower consumers to take control of their data; they'll enable a new data-driven economy to flourish, by freeing companies of the need to keep their proprietary data in silos. "Companies have been told for the longest time that ‘data is gold’—and as we know, people like to hoard gold," Learney said. "But unfortunately it’s not really gold, it’s more like blood—it’s only useful if it’s flowing and being used."
Even the creator of the World Wide Web is getting in on the act. Tim Berners-Lee’s startup Inrupt envisions a new model for the web, in which people store their data in a personal data POD, providing permissioned access to different levels of the data at their discretion. Users could have a personal profile, a jobseeker profile and a simple age verification profile, allowing different companies and organisations to access one profile’s data—but not the others. Decentralized ID network Blockstack provides a possible model for how this could work; a single user ID gives you access to an array of decentralized applications (dapps) like productivity suite Graphite Docs and the Recall photo vault, which let you keep your encrypted data on the decentralized Gaia storage network.
For the time being, though, it’s up to us to keep our personal data secure. “Under the growing threat of fines and new privacy laws, tech companies have been forced into emphasizing how they now give us “transparency” and “control” over our data,” Ashish Singhal, CEO and co-founder at CoinSwitch.co, tells Decrypt. “Yet on the thirteenth Data Privacy Day, we are still living in a time where the entirety of the burden of protecting one’s data lies with the consumer.”