Opinion: Is online privacy lost? Forever?
I have a Barnes & Noble Nook HD+ Android-based tablet. I put a fairly recent version of CyanogenMod on it. I mainly bought it because it has fairly nice hardware specs at a fairly low price even if it is missing some features. I bought it because I felt that as an IT person that I must keep up with mobile technology and software. I sit at a computer all day at work. I have a desktop at home that I use a lot even if I'm not sitting directly in front of it. I have a netbook and I frequently use a more powerful laptop from work. I'm not really mobile very often... except when I'm either in the car or on the Streamline bus to/from work. I don't want to pay for multiple Internet access services so I don't have a data plan nor a cell phone.
What Privacy? - Another aspect of mobile devices is the software environments they run and how there is virtually no privacy offered by them. Again, I'm not really a privacy nut. No, no, really. I have my tablet that I don't use much... but I turn it on periodically so it can update a dozen or more apps. Every once in a while one or more of the apps will not auto-update because they are wanting to change their permissions. Take today for example. I charged up the tablet, turned it on... and 15 apps updated but the 16th one needed approval. It was the Google Search app... which is very much a core program provided by Google with Android. It wanted the following permissions:
1) Device and App history, 2) Identity, 3) Contacts/Calendar, 4) Location, 5) SMS, 6) Phone, 7) Photos/Media/Files, 8) Camera/Microphone, 9) Wi-Fi conneciton information, 10) Device ID and call information, and 11) Other
It turns out that Other is "Contacts data in Google accounts".
You'd think that Google would be a model citizen and an example for their third-party developers. Well they are, but in a bad way. Android created this whole permission ecosystem as a way for users to have more control over what gets shared with the software companies and their outside world. As time has passed it appears that almost no one cares what permissions an app asks for... they will grant whatever they ask for... because they want to use the application. In fact some wish the acceptance process was automated so they wouldn't even be asked.
The saying goes that some free-of-cost software (not to be confused with Free and Open Source Software) is paid for with privacy... and that is very much the truth. It is also true of much of the software people do pay for. The practical reality is that a large number of applications want access to everything just so they can have the data... not that they really need much of it to serve their application function.
Questions That Pop Into My Head - How much data is gathered on a mobile software environment user? How many overlapping, slightly different copies exist across the millions of servers around the world? How much of that data is being troved or intelligently processed for deriving additional information? How much of that is protected with reasonable use policies? How much is sold over and over again? How much of it is collected by governments either by them asking for it or them being a transmission man-in-the-middle? How many of the data collections have been hacked into by unauthorized third-parties who make their own copies or have continuous access? Yeah, lots of fairly intangible questions... that are just mind blowing and numbing at the same time.
Does I sound like I'm complaining? Does it do any good to complain? Sorry. :)
Divided and Conquered - Some people are completely oblivious to privacy concerns. Some people are somewhat aware but don't think there is anything they can do about it so they just live with it. Others think it is just the way things are and need to be if you want the benefits of intelligent software. How many don't even try to understand any of it because it is too darn complicated?
Rebels With A Cause - Yet... some... other people... are building different systems that seem to care about privacy. I saw a few blog posts on Fedora Planet today. One was entitled, Desktop Containers - The Way Forward. Another, Sandboxed applications for GNOME. And yet another, Project Atomic + Docker: A post-package world?. The main focus on those is using application containers to change how software is developed and distributed... but in the context of this blog post... how they can also provide application isolation which translates into better privacy.
Wow, someone seems to still care about privacy. Everything isn't lost... but then again... how successful will such projects be? ...and being on Linux, how much market penetration will they really get into the masses currently giving everything away with their mobile lives? I also have to wonder just how many of the developers of these projects are also mobile users giving away their own data?
Same As It Ever Was - Another sad thing about this is that the mobile world is really only following the pattern of the desktop world. Well, more precisely, the web browser world. While a web browser application on the desktop operating system may not be accessing all of the data from other programs and sharing it with the browser maker... be certain that the vast majority of web sites are trying to gather as much information about the user as possible. Tiny bits and pieces of content on each web page, most of it hosted on servers other than the one providing the main content, are analyzing the web browser environment to determine the best way to gather information. If the browser has "Do Not Track" features, then they are trying to find ways around that... and there are tons of ways. Various commercial data gathering services are busy sharing their bits with others' bits to correlate information to derive yet more information. They pretty much know what websites we visit, what files we download, what we search for... what we care about and don't care about... and some form of who we are. They don't really care about knowing us, they just want to use all the information to increase their bottom lines.
How different is desktop computing than mobile? A lot but not so much. And we just take it, don't we? Well, to some degree. There are tools out there. Some of them simple browser add-ons like AdBlock Plus, HTTPS Everywhere, Ghostery, etc... that help end users get some understanding of what is going on and offer a little better control on how they are being (ab)used. Then there is Tor, The Onion Router... and a few mini-home-router projects that are trying to make anonymity somewhat possible. And of course there are some in government who think that people who care about such things and use such products might have something to hide... and need even more scrutiny.
While I don't have (much) anything to hide, I don't like the idea of being bare naked for anyone wanting to have a peek. How about you?
What is the way forward? - Is privacy already gone forever with the war being lost... or are there still some battles that may determine better outcomes for a subset of the human population? I guess I'll just have to wait and see. In the mean time, I continue to fight off the little voice in my head that says I need a smart phone... and I try to learn more about and utilize some of the desktop tools that make me look suspicious. :) Oh, and I didn't even bring up... Ocial_Say Etworks_Nay, did I?