Privacy vs “I have nothing to hide”
21 Feb 2019
I wrote an article a while ago about why I’m ditching Android. That article got numerous comments asking why I was so concerned about privacy and asking what I have to hide.
I want to take some time in this article to explain why each and every one of us has something to hide and should probably take privacy seriously.
Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.
Privacy vs Security
I wouldn’t want the world to know the details of the text conversations I have with my wife. We’re not discussing anything illegal or doing anything wrong, but I’d prefer to keep those conversations out of the public eye. Being private is different from being secure; privacy is a right, security is a choice.
A lack of privacy tends to lead to a lack of candidness. If there’s one person in the world I should be able to be candid with, it’s my wife. But I wouldn’t be able to be candid with her if I thought our conversations were not private.
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
Article 12 of the Universal Declaration of Human Rights
Private text messages aside, who really cares about data privacy, right? If your photos, contacts, calendar, email, browsing history, search history, musical tastes, files, thousands of status updates, likes, shares and physical movements are all in the cloud, who really cares?
Please read that last paragraph again and let it sink in – that is probably more data than your nearest and dearest have about you. Yet generally speaking, people don’t seem to be concerned that such volumes of data are out there and being used without our consent.
PayPal’s terms and conditions are longer than Hamlet. The vast majority of people will not have the time, or inclination, to read and decipher thousands of words in legalese to work out where their data is going. Ipso facto, this data is being shared without our consent, regardless of whether we have accepted the terms and conditions or not.
If someone came up to you in the street, said they’re from an online service provider and requested you store all of the above data about you with them, I imagine for many the answer would be a resounding NO!
So why should Google, Facebook, Apple or anyone other tech giant be any different? You could argue that they’re more secure, as they’re bigger. Which is probably true, but we established earlier that privacy and security are two different things.
Plus, being bigger often makes them a bigger target. Just look at the celebrity iCloud leaks – this is neither secure or private. It’s also indicative of the risks people run storing their most intimate data with 3rd parties.
The image below shows my movements on Google Maps from 2014. I had no idea I was agreeing to be tracked with such veracity. The details show exactly where I went and when during a day off when I was running errands.
This may seem fairly benign to most, but what if Google were compromised and this data was leaked? An attacker would be able to pattern exactly where I go, when I’m likely to be out of the house and places I frequent.
Want to burgle my house? Well, you would know exactly where I live and when I’m likely to be out in order to do so. Winning!
Threat actors aside, tech giants can (and do) use this data to build up an extremely detailed profile of us all. They can use this to serve tailored adverts, or worse still, sell this data on to 3rd parties.
That’s bad enough already, but what about 10 years from now? What if this trend continues and our privacy erodes further? What if Google strike a deal with a spurious 3rd party and sends all your data to them? Everyone remembers Cambridge Analytica, right?
Or what about your posts on social media? Remember the student who was fired from KFC for pretending to lick a tub of mash potato before posting a picture on Facebook?
Funny, right? But this picture will haunt this person for the rest of her life. She will always be that girl who was fired from KFC for licking the mashed potato. That’s out there. Forever.
What is the answer?
The answer is simple – stop using these services and look for privacy respecting alternatives where possible. They may not be free services, but at least you know the business model of the company isn’t to sell your data if you’re paying for the product you’re using.
The Privacy Tools website has some great advice and examples of many privacy respecting tools that you can use. You can also look at De-Googling your life.
What’s the point? You can’t be truly private online!
True, but why should that stop us? Just because it’s almost impossible to be completely private on the Internet, doesn’t mean we should stop trying. Even if we only manage to protect a fraction of our data, it’s a fraction less data that the tech giants don’t have on us.
Some people reading this may not care about their privacy, like the person who commented above. That’s fine, we’re all entitled to our own opinion. But if you do feel that way, I would ask that the next time you’re talking to a privacy advocate, please don’t assume they are executing their right to privacy because they have something to hide. They’re likely doing it just because it’s their right to do so.
My opinion could be completely wrong with all this, but I wanted to get my point of view out there in a longer form. I really hope the tech giants start respecting their user’s privacy, but until they do, I will carry on trying to protect mine where possible.