Recently Mark Zuckerberg published a lengthy piece entitled, “A Privacy-Focused Vision for Social Networking.” In it, he explains how he thinks messaging — and social media in general — will become more private in the coming years, and specifically how he plans to make Facebook more privacy-focused.
This article examines those claims and concludes that Facebook and other big platforms can’t be trusted to uphold privacy, but describes new technologies emerging for those who haven’t given up on the idea of living privately.
Here are two key quotes from Zuckerberg:
I believe the future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever. This is the future I hope we will help bring about.
I believe we should be working towards a world where people can speak privately and live freely knowing that their information will only be seen by who they want to see it and won’t all stick around forever. If we can help move the world in this direction, I will be proud of the difference we’ve made.
The support for encryption specifically, and privacy generally, should be applauded. It’s great to see the leader of one of the largest networks in the world making such promises.
Can these promises be trusted? Will Facebook truly become a champion for privacy in the coming years?
There are reasons to be skeptical, but ultimately the answer is simple: we don’t know. And more importantly, we can’t know.
Let’s remember what privacy means. Our earlier piece about privacy in online commerce says, “Privacy is a person’s ability to control the information they share about themselves and with whom.” If the information you want to keep private is only shared with those you are comfortable with, then you have privacy. As soon as that information gets into the wrong hands, you’ve lost your privacy.
This implies that you need to trust everyone you share your information with to keep that information secure. This is why we can’t know if Facebook will uphold privacy. It requires us to trust them.
This isn’t only true of Facebook, but of all platforms which are able to access information about you which you don’t want shared with the world. Google, Amazon, nearly all of the big companies online today need to be trusted with the information we give them.
We already know these companies have a poor track record when it comes to privacy. This makes sense because their business models rely upon getting as much data about their users as possible in order to sell them better advertising or products. They have a strong interest in ensuring this access to data continues. Whenever they claim to want to reduce their access to user data we should be suspicious unless they are offering a compelling change to their business model at the same time.
But let’s say that these companies are beginning to recognize that indiscriminate data collection is unpopular, and they want to signal to the public that they are changing their ways. Can these platforms be trusted?
There are several reasons to be skeptical that these platforms will deliver on promises of privacy.
Reason #1: Centralized architecture
Facebook has full control over their own platform and can see everything happening on it. Even in the case where they implement end-to-end encryption for messaging they are still able to see the information about the message, such as the sender and recipient, the time it was sent, and the size of the message (the metadata). Also, you are forced to trust that they aren’t simply extracting the data they want from your message before encrypting it.
A centralized architecture requires full trust in the platform. They have full control, you have none, and you’re just hoping that they are doing what they say they’re doing.
Reason #2: Code isn’t open source
Related to #1, users are forced to trust the platform because they don’t know what is actually happening on when they are on the site. Facebook says it will implement end-to-end encryption, but how can this be verified?
Open source means that code is published publicly and anyone can review it to ensure it’s doing what it’s supposed to do. These platforms might publish some open source tools, but their core architecture that handles most activity on their platforms isn’t available to the public. We are forced to trust them.
Reason #3: Big platforms require identity
Most of these platforms force you to share your real-world identity with them. This makes the value of their information — and the importance of protecting it — even more important, since all the data you generate is tied directly to your real-world identity.
Even if the platforms don’t force you to share your identity, they may still be able to know your identity. Social media can see who you connect with and talk with, and with so much data it’s often not too difficult to connect the dots.
Reason #4: Big platforms are big targets
Partially because of #3, malicious parties see these platforms as juicy targets. That much data in one place is very enticing.
Every other week we hear about a database breach where tens or hundreds of millions of records are stolen. There’s no reason to think this won’t continue.
Not only can these platforms expose this data to malicious parties — or simply sell it off — you’re also trusting them not to lose it altogether, something MySpace just accidentally did with years worth of user data.
Reason #5: Companies are vulnerable to overreaching government action
Even in the best case scenario where the platforms are genuinely committed to privacy, they have open source code, they don’t require identity, and they properly secure their data from malicious attackers, they still might be unable to maintain user’s privacy due to the political environment of their legal jurisdiction.
For example, last year Australia passed legislation that allowed law enforcement agencies to demand access to end-to-end encrypted communications, effectively requiring companies to break the encryption altogether.
These platforms might try fighting in court, but ultimately they are large companies which are almost certainly going to be forced to follow the mandates of their legal jurisdictions, no matter how anti-privacy those mandates might be.
If we can’t trust Facebook—or any of these big platforms—to uphold privacy, then is there nothing we can do to stay private?
Fortunately, we’ve seen an emergence of new technology over the past few years that upholds privacy in ways that don’t require nearly as much trust as before.
Haven is one such application, giving people one place to shop, chat, and use their cryptocurrencies privately. It works differently from the big platforms. Haven users join a peer-to-peer network of people running the app, all communicating directly with each other and using end-to-end encryption. The back end where communication and transactions happen is built on OpenBazaar, which is fully open source code. There’s no identity required to use Haven.
Haven doesn’t give perfect privacy — for more details read this piece — and it doesn’t remove the need to trust in a third party to keep your information safe. Haven users do need to trust the company building Haven, OB1, in a few ways. First, they need to trust that we are using the open source OpenBazaar back end code in the app. Second, they need to trust that we aren’t tracking Haven users through the data they generate when communicating with our infrastructure. Lastly, they need to trust that we’ve correctly built and implemented the code in ways that don’t compromise privacy.
OB1 exists in order to bring free trade to the world, and we’re committed to building and maintaining Haven in ways that provide users far more privacy then they can find on the popular alternatives. We never use data to attempt to identify users or sell the data. We simply delete it.
We can’t know if the Facebooks of the world can be trusted to uphold privacy, but we can stop needing to trust them altogether by using new technology which gives us more control over our own information.
Are you interested in taking your privacy back in your online shopping? Learn right when it launches by joining the email list below.