I’ve spent a fair amount of time over the past year reading and writing about privacy policies and how to lead a more private digital life, and chances are that you have too.
There are several symptoms of the digital privacy problem that plague the average user — Crooked privacy policies, cookies and cross-site trackers, motion sensors, software that narcs on you, hardware that narcs on you. At this point, the adjective ‘smart’ is basically shorthand for “collecting and passing data to somebody”.
There exists a fair amount of material educating the users of technology about ways to have a more private online experience. But while well-intentioned, these solutions involve procuring additional hardware, and/or evolving know-how to keep updating your defenses. This is not scalable and before long, most users give up.
The average user does not read 1000-word privacy policies. The average user has bluetooth and location enabled on their phone all the time, with 100 apps open. The average user wants relevant news immediately. The average user just wants to have fun online.
Hoping all the time that nothing untoward is happening, while it very much is.
It is tempting for the privacy-savvy to despair at the ‘ignorance’ of the average user, but it is not the average user’s duty to have intimate knowledge of the technology they use. We don’t all understand agriculture or processing, we simply trust that the food we buy and the water we use to drink and bathe will not harm us. This is not to criticize what really is good tech advice (a lot of it quite low-effort and free of cost), but these are not really solutions for privacy.
As the core of the online privacy issue went unaddressed for years, it created fertile ground for a pro-privacy counterattack made up of ad-blocker extensions, private browsers, private messaging apps, VPNs etc. that spar with big tech firms. The average user has no idea about the nature of the transaction they have with big tech firms so, in a twist of irony, the same ‘Just click Agree’ behaviour that has users sign up for websites without reading privacy policies also has them install private browsers and ad-blocking extensions in direct violation of the Terms of Service of said websites.
However, users taking privacy into their own hands could have unintended consequences. Companies who don’t want their user base to decline simply bombard whoever isn’t blocking ads with a lot more ads. Some companies (as their ToS entitles them to do) simply deny service, asking users to disable pro-privacy extensions or use a different browser. Others have created paid versions of their services and started to annoy users into signing up. Savvier (or simply richer) companies simply acquire what used to be pro-privacy startups and eventually rip up what made them good.
Thus begins a game of whack-a-mole, a perpetual back-and-forth dance not that different from what happens in the world of malware. Besides, this line of action suffers from a familiar problem — Users need to possess the know-how to choose a private service that actually does what it promises.
This is why the attention must start to move from ‘how to have a more private online experience’ to questions that address the root of the problem — is it right to track users as their ‘payment’ for a service? Does every member of the public need to access these services if they cannot pay money for them? Should users control what data is collected and get paid if their data is monetized?
Framing privacy and related issues as ‘tech problems’ that product managers and developers can solve is in the interest of these corporations, because it allows them to present themselves as the solution to the problems they have created when, in their current form, they are not.
These companies are amazing at solving actual engineering problems, like content delivery, navigation, and image rendering. However, the issues such as violation of privacy, virality of misinformation and addiction are not something just sleight of hand by UI designers or programmers can conquer, particularly those beholden to the companies’ earnings targets. These problems are direct consequences and/or intent of business models.
In simple words — these are not engineering problems. These are political problems.
Jolted out of their apathy (in part by the demonstrated ability of these platforms to influence elections), authorities have been making incremental progress in the past few years. We are still no closer to a solution, however, as the core business models remain largely untouched.
And problems tend to swell in magnitude the longer they are ignored/tolerated. Over the years, these companies have hooked billions of users and made mind-boggling sums of money, becoming entities more powerful than almost every country in the world. The rich and famous increasingly rely on social media to reach their audiences, as do the real customers of these products — advertisers.
Given how far the ecosystem has evolved unchecked, it’s hard to see what exactly fixes things without angering a lot of dependent users and businesses. GDPR is but a start.
Is the answer heavier fines? Hitting the bottom line can be a good incentive for companies to clean up their act, and Big Tech companies have certainly been slapped with several fines for privacy violations over the past few years. If a fine must effect a tangible change of outcome, however, it must be severe enough to matter. So far, the worst fines, while big numbers in their own right, chew out a month’s revenue at worst, being insignificant enough to be considered a cost of doing business given how much these firms rake in profits every year.
Is contextual advertising the answer? This would mean tracking of users would no longer be necessary for stated business. While proponents of targeted advertising swear by its superior efficacy in comparison to other mediums and methods, some firms have done away with cookies and resorted to contextual advertising post-GDPR with promising results.
One thing is for sure — these behemoths will not be easy to dictate terms to. Governments face a similar challenge with many industries over other issues like climate change, labour rights and tax evasion. Authorities are also quite capable of repurposing corporate surveillance to their own ends (to either augment or serve as their surveillance), so the average user could come to rely on interest groups to pressure politicians and watch their moves.
In summary — many pro-privacy measures are cost-free and effort-light, and a lot of people should be able to take steps even if only to stop unethical firms from profiting. But regardless of whether you can or want to install Pi-hole right now (You should if you can), the most effective way in the long term is to push your political representatives to take these problems seriously and take action.
Most countries assure their citizens that they have the right to privacy, and these are words that need to be backed up.
