This is a follow on post to the one the other day on internet security. In many ways the issues of security and privacy go hand in hand, but you cannot guarantee privacy without ensuring security, so security needs to be dealt with before or concurrently with privacy issues.
When I think of internet privacy the primary offenders that come to mind are Facebook, Microsoft and Google (and their myriad products). It reminds me of the saying that if you’re not paying for the product then you are the product.
I’ve had a Gmail account for over 15 years. Prior to that I used the POP email service that came with whatever ISP I was using at the time. That worked, but it was a little clunky because you were limited to whatever email client was around (Outlook Express, Outlook, Thunderbird to name a few). Each had their own file formats and storage formats so moving between them was an issue. I can still remember converting files from PST to mbox and exporting files in eml format and back again as I moved between email clients.
But back to Gmail…I had considered how I could exit their service on and off over the years but had always considered how difficult it would be to try to transfer thousands of emails and maintain the folder/label structure I had put in place. I was aware that you could also access Gmail through IMAP meaning you could manage and view your Gmail messages through a client such as Thunderbird whilst still maintaining the web-based access.
I was also pondering how much information Google has about me. If one were scan my emails (hypothetically, of course) one could know my name, address, date of birth and other events, phone numbers, places of work, pay rates, earnings, bank account details, purchasing habits, reading interests, other interests, family members names and details. A number of these pieces of information could conceivably come from a single email were I to make an online purchase, but when it is combined with multiple other purchases/invoices and emails from my employers, banks and shops over the years then my legal identity is up for grabs.
You may say that any place I physically shop has the same information - name, address, phone number, email address, credit card details. True, but would you be happy to shop there again if you knew that as soon as you left the shop with your purchase the owner contacted their parent company and provided them with all of that information with the express intent of selling it to other companies for targeted advertising? I wouldn’t. You may.
Is this alarmist? Yes, but no. The reality is that Google know all this about me, and more. I came across a website the other day called delete Google which outlined some of the information Google has about me and what they do with it. Google provide a facility called takeout where you can obtain a copy of all of the data Google has collected about you. In my case the vast majority of that is my email, but on top of that are book purchases through the play store, app downloads through the play store, blog entries and comments I posted when I was a blogger/blogspot user/poster/commenter. There is also a list of my contacts from Gmail, documents and other files I have created in Google drive (and documents shared with me by others), my Youtube search and view history, and web browser bookmarks and history when using chrome. That’s a lot of data and more than enough to paint a fairly accurate portrait of me when I’m sitting in front of a computer.
Some may quote the phrase that if you have nothing to hide then you have nothing to fear. That argument doesn’t stack up. Edward Snowden had this to say in 2015:
Some might say “I don’t care if they violate my privacy; I’ve got nothing to hide.” Help them understand that they are misunderstanding the fundamental nature of human rights. Nobody needs to justify why they “need” a right: the burden of justification falls on the one seeking to infringe upon the right. But even if they did, you can’t give away the rights of others because they’re not useful to you. More simply, the majority cannot vote away the natural rights of the minority.
But even if they could, help them think for a moment about what they’re saying. Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.1
What’s the bottom line from this? I deleted my very-little Facebook account a month ago (I only needed it to administer a Facebook account for my previous employer). I deleted my very infrequently used Instagram account, and my very dusty, atrophying twitter account at the same time. I’ve also started to migrate away from Gmail - beginning with unsubscribing from a stack of mailing lists and other sites, resubscribing (in some cases) with an email attached to this domain. I now access my new email and old Gmail through an email client that uses IMAP. My messages are currently on two servers and my computer, but as I change my email details with different organisations I move the messages from Gmail to my new email account in my email client. The amount of new fodder Google has on me through my email is rapidly heading to nil.