Privacy, Dependence on IT Providers and Alternatives

Contents

  1. Dependence to the Provider, Fair Competition and Sovereignty
  2. Privacy, Data Protection and Online Manipulation
  3. Privacy, Data and Operating Systems
  4. Free, Proprietary and Open Source Software
  5. A Few Tips About Free Operating Systems

Dependence to the Provider, Fair Competition and Sovereignty

General Issues with Software

Software can make us dependent in a number of ways. Mainly:

  • By developing our own technical solutions relying on some technology, changing provider or software comes with a cost and a risk. Attention should be paid to modularity ans software architecture to minimize this reliance on one tool, such as an external Application Programming Interface or library (see for instance the adapter and decorator software design patterns when organizing source code).
  • By having our data stored with a provider (typically a cloud service), it might be difficult to change provider due to difficulty to move the data from one provider to another (i.e. export from your current provider in order to import to the new provider).
    It is generally unsafe to rely on promises from companies about data export features because they can change their terms of use any time (unless it is inscribed in regulation...) , and the structure/format of your data is constrained. Consider carefully the differences between the GDPR, the Cloud Act and other regulations, and check which regulation the software you use is subject to.
    It is generally possible for you to access your data (for example with GET requests on APIs) and make a script to change its format and export to a convenient format.

If attention is not adequately paid to these dependence problems, it can be a horrible headache to change provider, which can completely jeopardy sovereignty or independence for a company or a country.

Note that, as opposed to hardware, you generally don't own the software you use, but you are granted a license to use it. You may have not reed it in many details with all the small prints, but chances are that the terms of the license can be changed any time, without a prior delay allowing you to even think of changing provider before you already accepted the new terms...

The Case of Cloud Services

In the case of cloud services, your data can also be located in another country than your own, and therefore be subject to different privacy laws than your own country's.

For example, the US constitution (theoretically...) protects the privacy of American citizens, but not the people from other countries. This creates additional sovereignty issues and data protection issues for businesses and individuals. Consider carefully the differences between the GDPR, the Cloud Act and other regulations, and check which regulation the software you use (or the object in the IOT) is subject to.

Another problem arises when a business uses cloud-based services from a big player, the big service provider might be competing against its own B2B users, pursuing a winner takes all strategy.

The metadata of many businesses on similar markets can be gathered (through parsing, scraping, wrangling) and combined to obtain higher grade datasets on which to use artificial intelligence or big data optimization techniques.

The artificial intelligence features might be part of a publicly acknowledged and advertised business model, but provide an unfair advantage to a big cloud services providers based on asymmetric information.

Privacy, Data Protection and Online Manipulation

To understand the problem with privacy online, we should try to grasp the nature of the networks of APIs through which is going the data we leave on a computer, a pad, a phone, a connected watch, or connected objects of the Internet Of Things (IOT).

This data can include such things as your family situation (spouse, kids, etc.), your friends and family's personal data, you location at every moment, the TV programs you watched in the past weeks, your favourite songs, etc. If you use some voice system for TV or microwave oven command, it even includes the sound of your voice and everything you say in your living room or your car, etc.

How your Personal Data is Handled

Below is an example of a multi-platform architecture for an application which can handle big files, such as videos or other media:


Typical Architecture of a Multi-platforms Application

The app is called multi-platform because a user can access her data either from her computer (from different OS such as windows of mac), or pad, or phone, for different kinds of phones (android, iphone, etc.). All of those different ways to access the same app are called platforms. There is generally yet another way to access the same data, which is the WEB app, that is, over the World Wide Web using a web browser (such as chrome, or preferably firefox or brave).

What all of this means is that your data is not stored on your device (except for the data which is cached for optimization), but on a server, that is, a computer which is (generally) located in the facilities of a company, and offers the service of storing your data and making it available. The most commonly used technical solution in up-to-date systems nowadays is Web APIs with RESTful architecture (see my own lecture about server-side Web programming).

As you can see, different actual applications (so called client software) on different platforms can access the same data on the server (see the case of a Web client in my own lecture about client-side Web programming). There might be several servers with synchronization, caching and load balancing for complex applications with large quantities of data. This in turn leads to the data moving back and forth on networks.

To make the picture more realistic, contemporary trends are so-called Service-oriented architectures in which the computing and processing tasks for an application is distributed over a complex network of API's. Its advance form is the microservices in which each API or service has a very specialized task. Thus, the data to be processed goes through a high number of different servers, which can be physically located in different countries.

The data is usually secured in some way, in the sense that you must give credentials, or prove a clearance status to access the data. That's when it gets complicated. The general way to manage who can access which items of data is called OAuth right now. It looks great but tricky, but, as we shall see, it can be used poorly to make business easier, which causes major privacy issues.

What you need to understand here is that not only you can access your data, but a number of other people can too:

  1. Your personal data can be shared with advertisers for the purpose of Targeted advertising or marketing, as well as supply-demand adjustment and stock management in industries.
  2. Your personal data can be shared with people with bad intentions which just have to pretends they are in the advertising business.
  3. Your personal data can be technically accessed and modified by anybody with administrator permissions required for the maintenance of the server on which the data is stored, unless you can be guaranteed a good level of encryption of your data, for which only you have the key.
  4. Your data is liable to be subject to Competitive intelligence.
  5. Your personal data can be shared with or hacked into by stealthy government agencies (services such as the CIA or the NSA or through the Great Firewall of China) or by criminal organizations.
  6. Your personal data can be shared with governments and other partners of your app's provider. It is known, for example, that the US Pentagon has contracts for billions of dollars with big tech companies, such as the JEDI contract with Amazon for 10 Billions dollars, the details of which are undisclosed.

Examples of Illegitimate Use of Personal Data

As the whistle blower Edward Snowden has shown, governments can access your data in a number of ways for the purpose mass surveillance, including hacks that are not supposed to be on the manual.

China has established a huge firewall called the Great Firewall of China, by which they can selectively disable connections, but also monitor the data going through, or even potentially (as it is technically possible) counterfeit the data, including targeted adds originating from Chinese providers, but destined to western websites.

Another issue with massive impact is the activity of Cambridge Analytica, which accessed in a regular way the APIs and used that data for a number of political manipulations (allegedly in different election campaigns, including the US presidential election in 2016 and the Brexit referendum, with ongoing legal processes).

A common way to implement political manipulation is through replacing a regular targeted ads by a political message, taking into account your personal data (such as tastes, political ideas, gender, family status, etc.), thus exploiting and amplifying the phenomenon of a social clique

Privacy, Data and Operating Systems

An Operating System (OS) is a broad layer of software which allows an actor, which can be a human user or a computer program, to access the basic functions of a computer (or phone, pad or an object in the IOT), including acting on the hardware (have a processor perform calculations, write data on a disk, send data over a network hardware device such as a wifi card, etc.).

The OS interacts with each piece of hardware through specific dedicated software modules called device drivers.

The OS generally includes one or several human-machine interfaces, which allow humans to interact with the OS (and therefore with the machine). This human interface can be a command line interface (which requires high level technical skills) or a Graphical Human Interface (GUI), allowing non expert users to interact with devices such as a mouse or a touchscreen, to open window, dialog boxes, click on buttons, enter text, etc. The main GUI allowing humans to interact with and OS is also called the desktop environment for the OS.

At last, an OS has a built-in mechanism to install applications (or Apps for short), which allow to extend the functionalities of the OS for specific purposes such as Web browsing, text processing, listening to music, messaging, image or video editing, etc.

Today's proprietary operating systems typically require that you create an account for (some or all of) your data to be stored on the OS provider's servers. Hardware manufacturer such as big phone manufacturer also incite you to create accounts and send data to their servers. The use of a proprietary operating system is therefore intimately related to privacy, regardless of the apps that you use.

Free, Proprietary and Open Source Software

We should distinguish between proprietary OS (the best known are windows from microsoft, apple's OS for mac, iphone, ipads, etc., chorme OS for netbooks, android phones and pads), and the so-called free OS (such as the linux family and the free BSD family). Those main categories do not exactly match the distinction between closed source code (such as microsoft's and apple's OS and open source code, as the example of the android, which is proprietary but open source, shows.

The difference between proprietary and free open source lies in differences such as:

  • A proprietary license might grant special rights to an organization, such as the company which created the software;
  • A license for some software might be free, but if the company owns some higher grade version of the software which is not free, the the users of the free version will be "trapped", as they have to go through the company to have the best performance

You can find a list of open source licenses, as well as elements for comparison here. Here is another source with elements for comparison. When using open source in a business, care should be taken whether or not the license is permissive. A more permissive license will allow you to do more stuff for commercial use.

A Few Tips About Free Operating Systems

(see also my page on Basic Use of lubuntu Linux and data security)

There are two main families of free operating systems: the Linux family and the Free BSD family. Each of these two families has its own Kernel, which includes all the drivers to allow management of every supported piece of hardware. Ideally, those drivers are free, but they sometimes need some so-called firmware provided by hardware manufacturers who won't release their specifications.

An example of a user friendly, simple, operating system, which is light, in the sense that it allows you to use conveniently either old computers or cheap computers, is the lubuntu linux distribution, which is a variant of the Ubuntu Family.

The default desktop environment for lubuntu, which is called LXDE is arguably simpler and much easier to use than its proprietary counterparts, such as Windows's or Mac OS's desktops.

Due to its minimalist approach and limited use of the network (notably by avoiding sending data on the OS provider's servers), such a distribution as lubuntu also consumes less energy than Windows or Mac OS, and has a reduced impact on the environment.

The Ubuntu family of distributions of linux is closely related to the Debian linux distribution, which is strictly restricted to free software, and is less user friendly.

Those free OS come with a broad range of free software, which can be easily installed through a software manager, for most purposes. The software can be made available for install from a DVD instead of the network if you need to work offline for long periods of time (using tools like debmirror, debpartial, debcopy and mkisofs to personalize and create your DVD image). Note that it is also possible to install several OS on one computer through hard disk partitioning. See the section about drive partitioning for more information about disk partitioning.