The Open Source Solution to Privacy

In this part of the series, I want to explore the various open source solutions that have risen recently. The transparency of open source software offers a unique solution to the issues of protecting the privacy of citizens by allowing anyone to check the integrity of the code used to generate applications. This is only possible with a proactive community, so companies like Mozilla have begun putting more focus on auditing code.

The Issue of Online Privacy

Companies everywhere require you to share personal information to access their services, from social networks to search engines to online marketplaces and more. It is becoming far more challenging to protect your private information while utilizing modern information networks, and the breach of a single website has the potential to cause devastating loss of data across multiple networks. Information security has never before been more important.

Richard Stallman, the founder of the Free Software Foundation, claims that cloud computing is a trap because it is not possible for a company to guarantee access to your data. As I’ve mentioned before, the government has decided to pursue business owners when their customers engage in illegal activities; this means that any company providing cloud services risks being targeted by the government and can result in the data of users suddenly becoming inaccessible. Fortunately, there are open source communities working on solutions to these problems focusing on distributing networks, privacy in the cloud, and securing private information. Stallman has even begun working towards a secure, private cloud by building off a selection of applications that form the foundation of cloud computing services.

The Distributed Network

The solution to network privacy has so far seemed to be in the act of decentralization. Bitcoin is a great example of this since its security and functionality are secured by the distributed network of computers that support it. Disrupting the Bitcoin network would require immense computing power, a feat that is nearly impossible today. TOR, Occupy Here, and Commotion are all distributed network applications developed to combat intrusive spying.

Tor has the most widespread potential for creating networks that are exceptionally difficult to spy on. From their website:

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

In other words, Tor creates a network across the Internet that allows people to anonymously transfer information. This network can be utilized by nearly any digital service including banking, email, file transfer and payment processing. This means that any developer can set up an application to work across the Tor network, vastly improving the privacy of their service. More businesses and governments across the globe will likely start paying more attention to TOR as a method of transferring sensitive information in response to the exposure of the NSA’s spying activities.

Commotion and Occupy Here are examples of applications that are still in their infancy, but have a wealth of potential applications. At the time of writing this article, Ukraine is experiencing ongoing protests, riots, and military action; recently the government of Ukraine used the cellular network to gather locational data of subscribers and warn subscribers they were being documented as participants in mass riots. This practice raises numerous concerns; primarily, this means the Ukrainian government is actively collecting meta-data on users from the cellular network, meaning that users can’t trust this network for private communications. Commotion can potentially allow people to circumvent these practices by redirecting traffic through intermediary nodes. Additionally, Occupy Here can allow participants in demonstrations, like the ongoing protests in Ukraine, to share information even if the government decides to shut down communication networks.

Protecting Shared Information

Ultimately, people want the ability to participate in the numerous modern technological networks available. These networks almost always require some amount of personal information, meaning that you often need to give out sensitive information to gain access to services. Each story that covers a company leaking sensitive information or that shows organizations using inadequate security demonstrates just how bad our protection is. What we need is a way to verify our identities online without sharing any more personal information than necessary.

The Open Privacy white paper offers the most comprehensive understanding of a system that could allow this to happen. The goal of Open Privacy is to allow open interaction while retaining complete control over shared information. This system would allow users to create any number of pseudonyms connected to the same identity, but can’t be linked together by other users unless the owner of the pseudonyms chooses to identify herself.

This system would use reputation that contributes to a user’s overall reputation, encourages long-term profiles, and allows consumers to maintain privacy, control their data, and receive customized search results and ad experiences without identifying themselves. Advertisers benefit through the ability to gather profile and demographic information allowing them to create more accurate marketing materials.

The World of Open Privacy

I plan on exploring the integration of cryptography into these privacy controls more in the future. The bitcoin blockchain offers the ability to verify certain types of information without revealing the contents. For example, a user can prove ownership of an electronic document at a specific point in time without revealing the contents of the document. I believe this concept could be incorporated into the sharing of personal information. A user could create a single-use key for contact information (eg. Email, phone number, address, etc.) that allows another user to contact them without the underlying information being revealed.

I want to close this series with one final concept. Nicolas Taleb coined the term “antifragile” to denote an ecosystem the benefits from stress and chaos; these systems tend to rise up against adversity to become more intelligent and robust. Open source communities are antifragile because they are decentralized with a low barrier to entry. The governments around the world that are continuing to encroach upon the rights of citizens will fuel the further development of systems like the ones I have described in this article, further increasing our capabilities to control our own information.

Part 1 of this series covers the spying being carried out by various governmental institutions around the world.

Part 2 of this series covers the inadequacies of proprietary solutions.