XOT: On Privacy, Security, and... https://blog.xot.nl/ On privacy, security and (occasionally) other stuff Thu, 14 Oct 2021 19:49:17 +0000 en daily 1 Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design. https://blog.xot.nl/2021/10/12/privacy-is-hard-and-seven-other-myths-achieving-privacy-through-careful-design/index.html https://blog.xot.nl/2021/10/12/privacy-is-hard-and-seven-other-myths-achieving-privacy-through-careful-design/index.html Tue, 12 Oct 2021 00:00:00 +0000 .gea {margin: 5px}

Nobody at the turn of this century, except perhaps a few die-hard civil rights activists, expected privacy to become such a dominant news item a decade or so later. But after the Snowden revelations, the Cambridge Analytica scandal, and many other incidents and data breaches, tech companies have finally come under growing scrutiny. Hardly a day goes by without yet another news story covering how this or that company tramples our privacy in such and such ways. As a result, legal protection of privacy has started to improve. Unfortunately, this has so far not really led to any significant changes in the way technology is designed and used. Apart from isolated efforts and fringe services offered by enthusiasts, the bulk of the services we use are still privacy invasive at their core. As the COVID-19 pandemic forced us to suddenly do everything online, we were forced to grab the first tools we could find. Alas, the privacy invasive ones were closest at hand. This needs to change.

(This is the main message of my book Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design, that appeared October 5, 2021 at MIT Press. For all other posts related to my book see here.)

]]>
Privacy Myth 8 - Privacy Is Hard https://blog.xot.nl/2021/10/04/privacy-myth-8-privacy-is-hard/index.html https://blog.xot.nl/2021/10/04/privacy-myth-8-privacy-is-hard/index.html Mon, 04 Oct 2021 00:00:00 +0000 .gea {margin: 5px}

A common myth is that privacy is hard. Indeed, designing totally ‘private’ systems is next to impossible even under ideal circumstances. (The same is true for designing 100% secure systems by the way.) But we should not let perfect be the enemy of good. A little bit of effort and consideration can actually prevent a lot of privacy harm. In fact, just as technology can be used to invade our privacy, it can also be used to protect our privacy by applying privacy by design. Existing privacy-friendly technologies and privacy by design approaches can be used to create privacy friendly alternatives to the systems we commonly use today.

(This is the eight myth discussed in my book Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design, that will appear October 5, 2021 at MIT Press. The image is courtesy of Gea Smidt.)

]]>
Privacy Myth 7 - Privacy and Security are a Zero-Sum Game https://blog.xot.nl/2021/10/01/privacy-myth-7-privacy-and-security-are-a-zero-sum-game/index.html https://blog.xot.nl/2021/10/01/privacy-myth-7-privacy-and-security-are-a-zero-sum-game/index.html Fri, 01 Oct 2021 00:00:00 +0000 .gea {margin: 5px}

Security and privacy are often seen as opposite, irreconcilable goals; as a zero-sum game. Because the stakes involved are high, the debate is often heated and emotional. Privacy advocates and security hawks cling to rigid viewpoints, fighting each other in an aging war of trenches. As a result, measures to increase our security scorn our privacy. And privacy-enhancing technologies do very little to address legitimate security concerns. This is bad, both for our privacy and our security, and for society at large: “It is highly unlikely that either extreme—total surveillance or total privacy—is good for our society.”. But are privacy and security really a zero-sum game?

(This is the seventh myth discussed in my book Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design, that will appear October 5, 2021 at MIT Press. The image is courtesy of Gea Smidt.)

]]>
Privacy Myth 6 - Your Data Is Safe With Us https://blog.xot.nl/2021/09/30/privacy-myth-6-your-data-is-safe-with-us/index.html https://blog.xot.nl/2021/09/30/privacy-myth-6-your-data-is-safe-with-us/index.html Thu, 30 Sep 2021 00:00:00 +0000 .gea {margin: 5px}

Several years ago both Google and Facebook ran a large advertisement campaign in Dutch newspapers assuring us that our data was safe with them. What the campaign also apparently tried to achieve was to reframe privacy as “if you give us all your data, we will keep it private.” This is hugely problematic, as privacy does not mean that Google or Facebook keep our data private. Privacy means that we ourselves can do so. Adding insult to injury is the fact that companies like Google and Facebook are actively subverting our abilities and efforts to do so.

(This is the sixth myth discussed in my book Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design, that will appear October 5, 2021 at MIT Press. The image is courtesy of Gea Smidt.)

]]>
Privacy Myth 5 - We Always Need To Know Who You Are https://blog.xot.nl/2021/09/27/privacy-myth-5-we-always-need-to-know-who-you-are/index.html https://blog.xot.nl/2021/09/27/privacy-myth-5-we-always-need-to-know-who-you-are/index.html Mon, 27 Sep 2021 00:00:00 +0000 .gea {margin: 5px}

Many online services seem to think they need to know who you are, before granting you access to the service. Why else would they ask you for your name, your address, and sometimes even your phone number? We are so used to this practice that we often provide this information without thinking, not questioning whether this is really strictly necessary. But why should you identify yourself when buying a ticket to a show online, when you can buy the same ticket anonymously over the counter at the box office?

*(This is the fifth myth discussed in my book

]]>
Privacy Myth 4 - It’s Merely Metadata https://blog.xot.nl/2021/09/23/privacy-myth-4-it-s-merely-metadata/index.html https://blog.xot.nl/2021/09/23/privacy-myth-4-it-s-merely-metadata/index.html Thu, 23 Sep 2021 00:00:00 +0000 .gea {margin: 5px}

Traditionally a distinction is made between data and metadata, separating the actual content of a communication (e.g., a letter, a phone conversation) from the technical data necessary to establish the connection between the sender and the recipient (e.g., an address, or a phone number). Unlike its metadata, the data itself is often considered private and offered stronger protection: the secrecy of correspondence is enshrined in the constitution of many countries. But shouldn’t metadata be given similar protections? Is it really ‘merely’ metadata?

(This is the fourth myth discussed in my book Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design, that will appear October 5, 2021 at MIT Press. The image is courtesy of Gea Smidt.)

]]>
Privacy Myth 3 - I’ve Got Nothing To Hide https://blog.xot.nl/2021/09/22/privacy-myth-3-i-ve-got-nothing-to-hide/index.html https://blog.xot.nl/2021/09/22/privacy-myth-3-i-ve-got-nothing-to-hide/index.html Wed, 22 Sep 2021 00:00:00 +0000 .gea {margin: 5px}

Nothing is more pervasive than the “If you’ve got nothing to hide, then what do you have to fear?” myth. A common response is to list things that people do want to hide and have every reason to hide. But such a response actually falls into the trap that this argument cleverly sets up: it subscribes to the frame that privacy is about hiding bad things. As Daniel Solove puts it: “The problem, in short, is not with finding an answer to the question […]. The problem is in the very question itself.” So what, then, is the problem with the question itself?

(This is the third myth discussed in my book Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design, that will appear October 5, 2021 at MIT Press. The image is courtesy of Gea Smidt.)

]]>
Privacy Myth 2 - You Have Zero Privacy Anyway—Get Over It https://blog.xot.nl/2021/09/20/privacy-myth-2-you-have-zero-privacy-anyway-get-over-it/index.html https://blog.xot.nl/2021/09/20/privacy-myth-2-you-have-zero-privacy-anyway-get-over-it/index.html Mon, 20 Sep 2021 00:00:00 +0000 .gea {margin: 5px}

Technological developments impact our privacy. In the late nineteenth century cheaper, easier to operate camera’s combined with improvements in printing technology allowed newspapers containing pictures to be more widely circulated. Fearing that “what is whispered in the closet shall be proclaimed from the house-tops”, Warren and Brandeis formulated the right to be let alone. In 1999, Scott McNealy, then CEO of SUN Microsystems, famously proclaimed: “You have zero privacy anyway. Get over it.” Has a century of progress, especially in the area of information and communication technology, really killed privacy?

(This is the second myth discussed in my book Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design, that will appear October 5, 2021 at MIT Press. The image is courtesy of Gea Smidt.)

]]>
Privacy Myth 1 - We Are Not Collecting Personal Data https://blog.xot.nl/2021/09/17/privacy-myth-1-we-are-not-collecting-personal-data/index.html https://blog.xot.nl/2021/09/17/privacy-myth-1-we-are-not-collecting-personal-data/index.html Fri, 17 Sep 2021 00:00:00 +0000 .gea {margin: 5px}

Several years ago I parked my car into a car park. When collecting my car and driving out, I was surprised that I didn’t have to insert my parking token that I had just used to pay my parking fee. The barrier opened automatically, as if it magically knew I had paid. I quickly understood the ‘magic’ involved: there was a camera scanning the license plates of all cars entering and leaving the car park. The paper parking token I was given upon entry actually had the license plate of my car printed on it: that’s how my payment was linked to my car, and that’s how the barrier could tell I paid. Is the company responsible for maintaining the car park correct when it claims it is not collecting personal data?

(This is the first myth discussed in my book Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design, that will appear October 5, 2021 at MIT Press. The image is courtesy of Gea Smidt.)

]]>
Add friction to counter WhatsApp fraud https://blog.xot.nl/2021/07/11/add-friction-to-counter-whatsapp-fraud/index.html https://blog.xot.nl/2021/07/11/add-friction-to-counter-whatsapp-fraud/index.html Sun, 11 Jul 2021 00:00:00 +0000 WhatsApp fraud, where criminals try to embezzle money from credulous, vulnerable victims, is rampant. Part of the problem is that with internet banking and especially banking apps, transferring money is a breeze. Here I discuss some methods that could help to protect potential victims, by adding some purposeful friction.

]]>