Why Privacy is Important

Opinion

8th January 2024

Updated 16th September 2024 - Added a picture and status update about Chat Control 2.0

The end of privacy?

End-to-end Encryption

By Christian Lendl on unsplash.com

The invention of encrypted end-to-end communication applications like signal or status is the first time in modern history where people have been able to have complete private conversations without having to meet in a secret basement somewhere (Enigma was a nice try but it was hacked during WW2).

Other means of communication is not secure:

• The US CALEA = Communications Assistance for Law Enforcement Act, enables three letter agencies to wiretap on any phone conversation or read any text messages sent.

• Technologies like the Stingray can intercept mobile communication.

• the 4th amendment right is eroded by the Patriot Act in United States. It makes it legal for three letter agencies to spy on their own citizens.

• The 5 eyes, 9 eyes and 14 eyes countries are spying on each others citizen and sharing information.

With end-to-end encryption, we can finally have our right to privacy restored. But politicians, lawmakers and three letter agencies are not amused…

Client Side Scanning

Apple invented the Client Side Scanning technology a few years ago and it was very controversial from the start. Client side scanning means that the phone or computer scans it’s content and report to Apple for abusive and illegal material.

Chat Control 2.0

There is now a legislation in the EU that is being considered to prevent child abuse online, the name is unclear to me but is referred to as Chat Control 2.0. This includes mandatory client side scanning of messages and photos before you send them.

While no sane person would ever have anything against prevention of child abuse, the proposed legislation will of course have some side effects:

• The main problem with the proposed bill is that the technology can’t be tuned to just look for Child Sexual Abuse Material, or CSAM for short. Like the Alexa or Siri listens to everything you say, the client-side scanning will look through all your contents, regardless if it’s CSAM or not. It’s basically mandatory spyware. I suggest your read Protons blog on why Client-Side Scanning is not the answer.

• This makes end-to-end encryption useless because three letter agencies would already know what you have on your devices. It’s like having the authorities looking over your shoulder while you type or talk to someone.

• False-positives will most likely occur.

Picture by Bahnhof. Used with Permission

There are other similar proposals that are also being worked on in other countries:

• UK have just passed the Online Safety Bill

• USA have the Stop CSAM Act

Update: The Chat Control 2.0 have thankfully, so far, been rejected by the EU parliament. They only received 63% of 65% qualified majority needed to implement this. But they won’t stop until it get passed. Next voting round will probably be in December 2024.

Why is privacy Important?

Have you ever considered why privacy is important to you? Or perhaps you don’t even care?

• Are you OK with big tech corporations and government agencies reading all your thoughts and opinions between friends and relatives? You have nothing to hide anyway, right? Don’t we have freedom of speech?

• Are you bothered if big tech corporations have your search history, your messages, your pictures, your phone contacts, where you have been, what you have purchased and what you are likely to purchase in the future, your intellectual property? They know what your religion is and what political party you sympathize with? Is it worth giving up this information for protecting us from terrorists or child abuse? Has it even been proven to stop any of that?

• Why don’t we want to share our nudes with the police or government agencies?

Who can say that they haven’t said or done anything they ever regretted, or might sound bad when taken out of context? What is socially accepted to say today, is much different than it was 10 years ago.

Even if you might think you are in the clear today, you have no idea what will be socially accepted, or even legal to say or do for the next 10 years to come. You might think you live in a country with free speech laws, but at the same time they have hate-speech laws for certain opinions. Those prohibited opinions can be expanded and contracted as it fits the current political landscape. It’s impossible to have both free speech and hate speech laws at the same time. Either you are allowed to express yourself freely, or you don’t.

Other topics might not be illegal to talk about, but are socially stigmatizing if you happen to have the wrong opinion. Those are opinions contrary to mainstream, a result of mainstream platforms censoring facts they declare as “baseless conspiracy theories”. Who decides what is true or not? Can’t we decide for ourself? Norway, where I live, it’s not easy for people here with different viewpoints than the ones in the mainstream media. For those reasons you might want to keep your opinions private.

You might be thinking that you are a totally uninteresting person to spy on. Although there might be some legally questionable activities you have been taking part of; maybe you bought parts for distilling moonshine, which is prohibited in some countries. Maybe you think that the government agencies have better things to do than focus on your petty “crimes” when there are terrorists and pedophiles lurking around. With the evolving AI technology, three letter agencies will most likely become more and more efficient in finding out what you are doing. And they might use anything that you have said or done against you, if you start criticizing too much.

Big Tech is manipulating you

This information gathering is affecting you more than you might think. It categorizes you into what kind of person you are, which can be used by governments and big tech to manipulate you. Search algorithms can steer elections by making you read or watch certain content, and steering you away from other. It can be used divide groups of people by political opinions. A divided people is much easier to control.

By Alexander Schimmeck on unsplash.com

I recommend this special interview with Dr. Robert Epstein on the Louder With Crowder podcast, on how Google are manipulating us with their applications:

https://rumble.com/v3n0rk1-how-google-manipulated-elections.html

Be wary of who you give the power to

Lastly, I think many people are confused about who the real enemies of the people are. The same people that operates child trafficking and funds terrorist organizations, are the same people that come up with the “solutions” for those problems. Just watch the movie American Made for example.

If that sounds to preposterous to you, let’s assume you live in a “wonderful social democratic utopia” and the government allegedly just want to look after your best interests. That government won’t last forever. The tools you give to your allegedly benevolent government today, will be used by every totalitarian government in the future.

Privacy is an inalienable right of all men and women. If you give up your privacy for protection, you will end up with neither, and you will most likely loose all your other rights shortly after.

The Salvation is Open Source

If you agree that privacy is important, this is how you take a stand against mass surveillance…

Become more privacy aware

Read blogs like this one you are currently reading, or this one. Here are other examples:

• Rob Braxman Tech

• All Things Secured

Protect your personal information.

Personal information is any information that can be used to identify a specific individual. The first step to become more privacy aware is to think about what you are consenting to, and who will have access to that information.

• Personal Information;

  • Phone number

  • Home Address

  • Name and ID card.

• Location services

  • GPS Tracking

  • Find my phone

• Bio-metric authentications;

  • Face Recognition

  • Voice Recognition

  • Fingerprint Scans

• 2-factor authentications using phone number or other personal information.

• Applications requiring phone number and uses Cross Device Tracking.

• Is the application for free? How are they making their money?

Note: Bio-metric authenticators can be safely used if they are FIDO certified.

There might be fair reasons why a service need to make sure who you are. For example if you book a hotel room, or open a bank account. But should you really need to enter all your personal details just to take a bus ride? Or download an app on your phone?

Use privacy-respecting applications and services

Use applications that respects their users privacy. It may not always be easy to know if the application developers are sincere. To help you identify privacy focused applications, look for these characteristics:

• You have to pay for the service or it relies on contributions

• The application is open sourced

• Account creation does not require any personal details

• Decentralized infrastructure

• Possibility to self-host (run the service on your own hardware)

Note: Open Source Decentralized platforms in my opinion are the best long-term solutions.

You may also consider the applications security aspects; like what type of cryptography they are using. Even though the software developers might not be interested in your data, someone else might still be able to eavesdrop due to poor security.

Linux and other Open-Source OSes

You can use open source and privacy applications as much as you want but it won’t have any effect if the latest surveillance bills gets passed, unless you are running them on an open source OS like Linux

Other Open Source OSes:

• OpenBSD is also an option but it is not as common among regular consumers.

• Android is technically open source and runs a Linux kernel, but the mainstream phones are infested with Google spyware. You need to have a de-googlified version, like Volla OS, /e/OS or graphene OS for example.

• There are also Linux phones available. Sailfish and Ubuntu Touch are two interesting choices.

The mandatory client-side scanning will only affect the Big-Tech Companies. With Linux, there is no legal entity that can be hold accountable. How do you enforce a bill on something that is free? Even if OS developers like Canonical or Redhat was forced to implement a client-side scanner, the code would be right there in the open, and users could simply just disable it, or remove it entirely in a forked version.

Remember though that you can only have a safe conversation if both parties are on Linux. If you think you can talk with your spouse on Signal just because you have an Ubuntu Machine, when he/she is using an iPhone, forget it. We need to come together as a community and start using Linux for everything!

Don’t be naive though

Unless you are a targeted individual, your data can be very secure if you take the right approach to privacy. However, we are living in a connected world, and the underlying infrastructure is created by the establishment. When the Internet evolves, The US army or some other government entity will always have the most sophisticated technology first, before it comes to the commercial market. “They” will always have the upper hand when it comes to technology.

A good example is when NIST recommended a certain Elliptic Curve algorithm, but were very secretive about certain aspects about it, so nobody could be certain if it existed a backdoor or not, until Edward Snowden revealed it.

This is one of my favorite videos from Computerphile regarding the subject:

Is there any bullet proof cryptography? I’m certainly no expert but I think you can at best make it very difficult and costly to hack your data, but if someone really wants to do it, it may be possible. The only way to be completely safe is to cut off from the Internet completely, but that is simply not a reasonable option.

Special Mentions

I want to thank Nya Dagbladet for keeping updates about Chat Control 2.0:

• https://nyadagbladet.se/it-overvakning/regeringen-staller-sig-bakom-eus-massovervakningsdirektiv/

• https://nyadagbladet.se/it-overvakning/chat-control-ater-pa-agendan-i-eu/

I want to thank Bahnhof for letting me borrow their picture. If I still lived in Sweden, Bahnhof would be my first choice as ISP.

I want to thank Rob Braxman again for his inspiring videos that spawn these blogposts into existence. I recommend these two videos on the topic of mandatory client-side scanning:

End-to-end encryption will be a historical footnote! (a bit of a clickbait headline)
https://odysee.com/@RobBraxmanTech:6/e2e-x:0

Be Subversive with Linux:
https://odysee.com/@RobBraxmanTech:6/linux-x:d