~/chrisrzhou

Rethinking Data Privacy

2019-07-08
3min
#data#privacy#digitization#web#corporations

Breaking Up

For many years, I enjoyed the services of Amazon, Google, and Facebook. I worked at Facebook for four years and loved my time there. Last month, it was finally time that I felt cheated in my relationships with the mega-corporations that I entrusted my personal data in exchange for their services.

Establishing Some Rules

It is difficult to fully relinquish the services of these mega-corporations. They are 'free', convenient and addictive drugs. I established a few rules for myself to kickstart better data privacy practices:

  • I want to clean up any online accounts associated with my email.
  • I want to go over data privacy and marketing preferences in online accounts whenever possible.
  • I want to continue to communicate with friends.
  • I want to continue to buy stuff digitally.

Purging my Email and Accounts

It occurred to me that while Gmail is a great email service, it is not really a good email provider. This is because the business model of Gmail is still fundamentally based on ads, which is built on top of your personalized data. It became immediately apparent that I was willing to pay for privacy, and I opted for a paid encrypted email service through Protonmail.

Switching to chrisrzhou@pm.me, I carefully went over all the online accounts associated with my email that I curated on 1Password. Whenever possible, I went through privacy and marketing preferences, and worked on closing unused accounts if the option is provided. As I deprecated my Gmail account, I discovered how great it was to be in control of what accounts are associated with my email, and keeping a good hygiene in unsubscribing from marketing emails whenever possible.

Living Off the (Ads) Grid

It is absurd to live off the digital grid today, but it is not absurd to learn how we can mitigate some risks and improve our knowledge on data privacy. I convinced myself that I was fine with the general idea of ads because they are a cost to the seller. However, I was definitely not fine with the idea of ads-trackers because they are a cost to the consumer (i.e. data privacy).

To get off ads-trackers, I researched and made the switch to Duckduckgo and Firefox privacy browser. It is a good feeling knowing that you are using services that are powered by business models that do not involve the use of personal data. Duckduckgo bang is also an incredibly pleasing way to search the internet and I am slowly but surely falling in love with a more respectful search engine and browser.

Thoughts on Personal Data

The exercise I undertook above to improving my data privacy on the internet was straightforward but extremely tedious. I felt that the responsibility of managing personal data and online services was completely reversed:

  • I had to check on every account what was stored. At times, you were forced to include 'mandatory' information that you do not wish to provide.
  • There was usually not a simple way to delete accounts, and even if they were marked as deleted, you can never know that it is truly deleted. This can only be guaranteed by cryptography and mathematics, and not by promises.
  • Changing a personal data field that affects multiple account requires manually going through all the accounts to make the change.

As you can see above, the responsibilities of managing personal data should be flipped:

  • I should have a simple way to know what personal data is stored across online services since this data belongs to me.
  • Deleting an account or personal data should give me 100% confidence that it is deleted, guaranteed by cryptography and mathematics.
  • I own my personal data, so making a change in my personal data should affect all online accounts that refer to it.

These real pain points as part of migrating my email account are the exact problems that the Solid initiative is working on solving. I am super excited with this initiative and I expect to learn and hack more in this space.

What's Left?

It takes a lot of sacrifice to fully get off the convenient services provided by mega-corporations. It means losing ways to communicate with friends and communities who are committed to these services. Although I no longer use Facebook, I made a calculated tradeoff to still use Messenger, Whatsapp and Instagram as lightweight ways to keep up with friends. I continue to use Amazon while being more aware on doing my best to protect my data privacy.

I am hopeful in the future that we will be able to live in a world where we build and sell services that we trust and love with no hidden costs to the consumer. I see this future materializing when:

  • Governments enforce better privacy requirements as in the case of GDPR.
  • Mega-corporations are competing with each other to store less data and respecting user privacy.
  • Privacy-focused companies such as Duckduckgo and Mozila becoming more successful and relevant due to increasing demand for data privacy.
  • Initiatives like Solid are building the fundamental infrastructure for a privacy-focused web. We can expect a growing ecosystem of apps and services in this space.
  • You will becoming an active voice educating our friends about the importance of data privacy on the internet.

Remember, your digital identity is part of your identity in this digital age we live in!