Skip to content

Privacy

Confronting your digital self

July last year I’ve deleted my Facebook account, but not just by deactivating my account, but by removing each and every post, tag and like. This was a head on confrontation with my digital self. The little information I believed to have submitted proved to be an overwhelming pile of data with serious privacy implications. This wasn’t just a rigorous action, it was a treatment teaching me about privacy. Being convinced I would be one of the few crazy enough to make the effort of deleting the individual scraps of information, I was surprised to find out that some of my friends did exactly the same thing. And more importantly, they had a similar mind-boggling experience. What if there would be a tools continually reminding you about the information you have shared, in statistics as well as by highlighting some of that information? Giving this feedback would certainly help to make people more privacy-aware, the initial step towards a better common practice.

Software isn’t magic

Last month the news landed that the recent Microsoft Outlook app for Android and iOS was leaking and exploiting login credentials. Because of this leak the European Parliament and some universities have blocked the use of this app. Although Microsoft promises double-encryption of the credentials, this specification is an optimistic representation of the actual practice:

What I saw was breathtaking. A frequent scanning from an AWS IP to my mail account. Means Microsoft stores my personal credentials and server data (luckily I’ve used my private test account and not my company account) somewhere in the cloud! They haven’t asked me. They just scan. So they have in theory full access to my PIM data.

— Rene Winkelmeyer

From an engineering perspective this seems to be a straightforward way of offering push messages when the original synchronization interface wasn’t suitable to. But something is of course totally off in the interface of the app. Asking whether or not you’d like to receive push-messages only covers part of the deal. The real result of switching on push-messages can be read in the privacy statement:

We provide a service that indexes and accelerates delivery of your email to your device. That means that our service retrieves your incoming and outgoing email messages and securely pushes them to the app on your device. Similarly, the service retrieves the calendar data and address book contacts associated with your email account and securely pushes those to the app on your device. Those messages, calendar events, and contacts, along with their associated metadata, may be temporarily stored and indexed securely both in our servers and locally on the app on your device. If your emails have attachments and you request to open them in our app, the service retrieves them from the mail server, securely stores them temporarily on our servers, and delivers them to the app.

— Microsoft

It is a unfortunate combination of a lack of security with an unclear presentation to the user. Likewise I’m curious who actually knows for that Google is storing all WiFi credentials of users having enabled the ‘backup’ option. In fact, these misconceptions of the inner working aren’t an exception, it’s more the usual case. Arne Padmos spoke at the last CCC and referred to a research into public perception of email. The over-simplistic drawings on page 15 clearly shows peoples lack of understanding about parties involved. Likewise 29% of U.S. citizens believe the cloud has something to do with the weather, and 95% are using cloud services whilst they thought they weren’t.

Software isn’t magic, but unfortunately it isn’t easy to understand for most people either. I’m certain we can, and should, do better job in educating the general public on these topics. It feels like a big secret waiting to come out, that so many parties and services are involved in getting a service to work. A secret we’d rather not bother a customer with, because the engineers have taken care of it and weighed the pro’s and con’s for the customer. But wouldn’t the customer be better of knowing what decisions underlie a system, to allow an educated choice?

In the Netherlands we have standardized obligatory layouts for energy bills so that customers have a better chance of understanding the product. Likewise there is a standard specification describing more complex financial products for a similar goal. In this regard it seems odd that digital services, which are often times highly complex, can get away with obfuscating instead of explaining. If more people would know their emails are like postcards, and would know that many parties handle those emails, I’m certain the demand for encryption would increase.

Optional rights

Our societies are built on rights which correspond to social norms; fundamental rights correspond to fundamental norms and local rights correspond to local norms. These rights can either be written down like laws, or they can merely be the practical manifestation of the informal norm. This collection of rights is a product of many, many years of progress, but this unfortunately doesn’t mean we can take them for granted. Every single day our rights are subject to discussion and shifting norms.

In recent history it seems that our established rights are no longer taken for granted but are repeatedly being offered as an option. The choice is offered between either keeping your rights or either having some increased convenience or financial benefit. Whilst this does not directly attack our rights, it still does so by way of shifting our norms. If some majority of people aren’t aware of this ‘trap’ and consequently give up their rights, this decreased level of rights becomes the new norm. In these cases the option of choice is hurtful to society, unlike the choice in the marketplace. This choice analogy is however used as an argument to justify the optional rights.

Recently in the Netherlands the right to choose your doctor was subject to debate in parliament, as the liberal party wanted to offer it as a choice, rather than as a right. Giving up this right would enable a financial benefit to the health insurances resulting from their increased negotiation position. In principle consumers should be able to still have this right available to them, but this market principle only holds if some insurances are offering this freedom of choice and the consumers are in fact aware of this consideration and care enough to defend this right. Erecting a new insurance company that adheres to these norms would be the way of the market, but unfortunately this is easier said than done. This market principle thereby undermines the stack of rights we have built over the years as a society via our democratic process.

This grim future of unavailable rights is already a fact in the Dutch educational system, as explained at this Dutch page. Whilst the Dutch parliament has agreed on the right for people to strictly use open standards and free software during education, there is no single Dutch school offering such an educational program. The reason for this unavailability is that in practice schools can choose their IT-systems and the student in market for education respecting open standards and free software is apparently too small or to distributed. So despite our democratic parliament agreeing on this right, in practice this right is subject to the market offering and as a consequence this right isn’t defended anywhere.

Another example is the infamous Facebook, which uses their social lock-in principle to trap users into accepting new terms which violate social norms on privacy, intellectual property and copyright. So rather than offering any benefit in return, it leaves not using the service as the only alternative. In order to defend our established rights, we must stand against this violation both as users and as a society. In this regard we can be glad the Dutch Data Protection Authority is at least investigating Facebook’s new terms.

Considering established levels of privacy, security, freedom or any other kind or right as a marketable feature is hurtful to society, because it erodes our values, our norms and therefore our rights.

This insight was triggered partially by the presentation on Privacy in Context by Helen Nissenbaum and the presentation by Richard Stallman at 31c3.

Truly user-centered design

Federico Mena Quintero just published an extensive write-up about the reason for having the Linux-desktop (GNOME) focus on user-security and user-safety. Federico in return was inspired by the talk by Matthew Garret at GUADEC 2014, as featured by the Linux Weekly News. By using the parallelism of city-safety, Federico attempts to describe the way in which the total (desktop/city)-environment is benefiting from the established level of security and the achieved level of safety. I’d like to think that security is about the hard-limits, whilst safety is about the soft-limits, both of which can be crossed depending on the experience of the user. In a sense serving a secure and safe freedom-oriented system would make it impossible for users to compromise their own safety, security and privacy unless specific additional features are enabled. Of course the details about these features should be made very clear to the user, in order to avoid users unknowingly endangering themselves. The small bits which can be worked on at GNOME are listed in the meeting documents of the GNOME safety team.

Great insights from Flock 2014

This month the Fedora Flock conference was held in Prague. Even though I haven’t used Fedora in a while now, the conference was interesting to me because of other topics discussed. I already reported on the Novena presentation, but below I’ve listed other presentations.

Free And Open Source Software In Europe: Policies And Implementations – Gijs Hillenius

This presentation gives a nice overview of various initiatives around free software and how well organizations transition towards free software. The statement about the mayor of Munich has unfortunately been multiplied by the Linux press, but coming from this presentation it seems that the transition is properly locked into processes and there won’t be a change of plans any time soon. Gijs also gave other great examples of free software being used, of which the Gendarmerie struck me by scale and determination. Of course the main issue in Europe related to this topic is the reluctance of the European Commission of even considering free software, which is covered by Gijs as well.

Building an application installer from the ground up – Richard Hughes

The presentation give a nice overview of the process of solving the know problem of making legacy systems compatible with the new system. Basic considerations were how to deal with local and remote information storage and how to deal with fonts, plugins and terminal commands. I believe the team did a great job by keeping a local focus (including search), incorporating development efforts in the ranking, refraining from including all terminal commands in the software center (which would totally clutter the interface) and supplying content for the premium applications. This will help make software center a premium tool which will not only aid casual users, but will also be a powerful tool for power-users as well.

Better Presentation of fonts in Fedora – Pravin Satpute

Overall I didn’t find this presentation a strong one. It made me aware of a new fact, namely that developers are able to choose their own fonts, regardless of fonts included in the distribution or supplied by the user. However I’m not quire sure if Pravin maybe meant that developers aren’t able to develop for a specific set of fonts, because that is decided later on by the selected theme and the font settings. Halfway down the presentation a small discussion about the font feature in the new software center, where a main question arose on grouping fonts and how to deal with example texts. These questions however remain unanswered. Pravin provided a link to his font portal which seems to be aimed at providing additional features like comments and character support views on top of a concept like the Open Font Library. The key point I took away from this presentation is that work is needed on creating a generic overview covering the font characteristics, the character support, license information, readability, and possibly user reviews.

GNOME: a content application update – Debarshi Ray

This presentation gives a great overview of the effort of GNOME to come up with a set of applications to manage content, much in the same way Adobe Bridge has introduced the concept a while ago for the Adobe Creative Suite. It is not about viewing or editing and it is not about the files, it is about the content from various sources and managing it. One of the powerful concept explicitly highlighted is the ‘reversible delete’ so that rather than explicitly asking for confirmation, you can undo an accidental deletion. Furthermore secondary click (right click) have been removed to better suit touchscreen controls. Debarshi also gives a hint of things to come concerning sharing via various sharing points, managed in the settings dialog. The mock-up shown also shows regular applications like GIMP and Inkscape to be covered by this concept of sharing points, which seems odd but would help to unify the management concept.

How Is the Fedora Kernel Different – Levente Kurusa

This presentation was beyond my state of knowledge about kernels and the Linux kernel in particular. It did however highlight how the Linux kernel can be tweaked to meet different needs and how different distributions make different decisions on these settings. In general however I would believe most users would never be able to distinguish these kernels, just like I wouldn’t. I’d be more struck by decisions on a higher level like the default desktop environment and the package manager.

Procrastination makes you better – Life of a remotee – Flavio Percoco

This presentation gave a brief and humorous overview on the struggles of working remotely, covering some tips on improving your working life. It is strong in the sense that it was a very personal story, relating to many remote workers, although it only has limited pointers to other material on dealing with working remotely.

UEFI – The Great Satan and you – Adam Williamson

This was a very explanatory presentation covering both the technology of UEFI and Secure boot and the practical implications. Since I have no experience with a machine featuring UEFI, I didn’t have any idea about how much of a pain dealing with UEFI and Secure boot would be. It seems this very much depends on the machine being used, although best-practices exist. Also it clarified the controversy around Secure boot, since basically other keys apart from Microsoft could have been included, but unfortunately no other party was willing to take on the job. Surely a presentation worth recommending.

UX 101 – Practical usability methods that everyone can use – Karen T.

I found this presentation be a great one, coming clearly from a design-side rather than a development side. The presentation gives a concise overview of achieving a great interface, which is great to watch again before taking on a new project involving design. I believe anyone involved in user interfaces can learn from this overview.

Yubikeys – Nick Bebout

This presentation covers the Yubikeys by Yubico, which can be used for two-factor authentication. The newer model called the Yubikey Neo also features the possibility of hardware-based PGP. The presentation covered some aspects specifically targeted for Fedora users, but it did a decent covering of the features of Yubikey and even of smart-cards. Including a demo, this presentation offers plenty of pointers to delve into the various aspects of key management and two-factor authentication.

Good design

In the 1970s industrial designer Dieter Rams famously wrote his ten principles for good design which is a powerful way of evaluating the quality of any product. Many methodologies exist on how best to design in order to achieve a certain kind of product, but I have yet to come across any other methodology on evaluating the end-product. In a way that final evaluation is all that matters, even though many companies can get away with tricking customers into buying lesser products. Setting a standard of good products will be a tremendous boost for overall wealth in the world, since this will most surely inspire others to strive for similar goals.

The products by Apple are known to be adhering to these principles of good design, whether or not they intended it to. The way in which products adhere to these principles unfortunately can’t be measured quantitatively, making it also hard to define a ‘best’ product. This especially holds true because these principles aren’t in any way limited to industrial design. Just think about how Wikipedia has established not only their product but also their underlying mission making it so that now all these ten principles can considered met.

Privacy and security

Considering how issues related to privacy and security map on these principles, I believe that principles 6, 8 and 9 call for the implementation of proper security and privacy, whilst principles 1, 2, 5 guide the right way of implementing privacy and security. This user-friendly approach of privacy and security has luckily been called upon in the community many times over.

  • The 6th principle ‘good design is honest’ calls for a product to clarify what security and privacy is given and also what isn’t. If say back-doors are purposely added to a product, this should be clear to the user. If on the other hand the product is as secure as possible, users should be informed what threats exist however unlikely.
  • The 8th principle ‘good design is thorough down to the last detail’ calls on designers (and engineers, which are also designers) to leave no aspects undecided, and therefore requires them to take a stance on matters like privacy and security.
  • The 9th principle ‘good design is environmentally friendly’ goes a long way of addressing all issues that are related to a product but also go way beyond the scope of a single product. The main argument here is the generalization principle of ‘what if all products were like that’, which calls on even the most limited product to respect the bigger picture. Examples included in the original principles are resource conservation, minimizing physical pollution and minimizing visual pollution. All of these examples of course hold for the complete product cycle, since this is needed to even grasp the bigger picture. Personally I’d like to believe that respecting privacy and security are part of this 9th principle, since if all product would violate privacy and security, a fearful society described in George Orwell’s book Nineteen Eighty-Four might become a reality. This is the referred bigger picture this principle adheres to.
  • The 1st principle ‘good design is innovative’ calls on designers to refrain from solely relying on ‘common standards’ and consider new innovations to be incorporated in their products. If everybody just keeps saying privacy and security are hard and leaves it at that, society will only deteriorate on this issue.
  • The 2nd principle ‘good design makes a product useful’ and the 5th principle ‘good design is unobtrusive’ emphasize the importance of not putting the burden of security and privacy on the users. Most users don’t like to fiddle with that and will mess things up eventually regardless of intention. These issues should be for the designer to solve, not for the user to worry about.

Conclusion

These powerful principles might some times seem to be in conflict with each other and often times products are designed for short-term gains despite best intentions. It is however up to involved designers to improve the products and make the hard compromises required, not only to suit target customers but to suit society as a whole. This holds for privacy and security just as it holds for aesthetics and sustainability. Designers have to power to shape our world and with great power comes great responsibility.