Privacy
Tae  

The Importance of Digital Privacy

Published on 2021-06-13

A few weeks ago, the privacy-focused messaging app Signal tried to purchase some ads on a popular social media platform. You can see examples in their blog post, which show that the platform and advertisers can target you based on your occupation, personal preferences, location, major life events, and probably more.

Signal was ultimately unable to launch this ad campaign because their advertiser account was blocked by the platform. It’s not surprising to see that the social media platform doesn’t want its users to see what is collected. This platform is not alone or unique in collecting massive amounts of user data. Big tech giants have been trying to collect as much user data as possible. This process of collecting user data is often called telemetry.

Telemetry is not inherently bad or evil. It used to be (and still is) a tool for developers to gather information on its users to focus their development and bug fixing endeavors. For example, if you find a bug in your software that occurs when a specific combination of hardware is used, you would like to know how many of your users have that set of hardware. If it’s a majority of your user base, you should prioritize fixing that bug; otherwise, maybe focus your time and effort on other features. Sometimes, user telemetry data might provide more insight into where and why the bug might be occurring.

Then, someone figured out that they could use telemetry to gather more user data and use it for generating targeted ads. The modern web was born. I’m simplifying a bit here, but companies that provide services for free generally relies on income from advertisers. Think about an online service that doesn’t cost any money. You should immediately wonder how they’re paying for running their servers or paying their employees. Companies that don’t rely on user data as their main source of income will usually disclose how they’re generating income (donations, grants, etc.), with a relatively simple privacy policy page. On the other hand, companies that primarily rely on ad revenue (by selling user data directly or by selling targeted ad spots) will generally not disclose how they’re making money and have extremely convoluted privacy policies. After all, it costs money to run services and if you’re not paying for the service, you’re not the customer; you are the product.

I’m not advocating for either business model. What I’m advocating is that the users should be able to easily tell whether they are the customer or whether they are the product. Users should also be able to know what types of information is being collected. They might be ok with sharing their preferences and location, but probably not their medical records. Then, they can make an educated decision about what services to use. You might be comfortable with sharing your information in order to use an email service for free, though the privacy policy will be intentionally vague when it comes to exactly what you’re sharing . Some might be uncomfortable and decide to switch to an alternative provider that costs out-of-pocket payments. I specifically say “out-of-pocket” payments because the free services are not ultimately free. You’re effectively selling your user data. That’s a very personal matter and I have no say in that choice.

Digital privacy is even more important outside the advertising space. It can prevent government entities from targeting political dissidents and members of the press. It can protect asylum seekers and victims of violence from exposing their location. I want to preemptively say to those thinking, “I have nothing to hide.” It’s not about having something to hide; it’s about having reasonable protections for your personal space. Would you leave your door open because you have nothing to hide or because you have no valuables in the house? No, you wouldn’t. Digital privacy is exactly like a lock on your door. Hopefully, only people you let in will come through the door. Determined actors will get through, but that should be illegal with strong privacy laws. Most importantly, it’s not crazy or paranoid to lock the door in order to protect your privacy. However, it is important to notice that privacy and convenience are at odds with each other. So, you should consider your threat model (are you trying to avoid spam and advertising or are you targeted by nation states?) and try to balance out your need for privacy and your need for convenience.

Resources