Software can make us dependent in a number of ways. Mainly:
GET
requests on APIs) and make a script to change its format and export to a convenient format.
If attention is not adequately paid to these dependence problems, it can be a horrible headache to change provider, which can completely jeopardy sovereignty or independence for a company or a country.
Note that, as opposed to hardware, you generally don't own the software you use, but you are granted a license to use it. You may have not reed it in many details with all the small prints, but chances are that the terms of the license can be changed any time, without a prior delay allowing you to even think of changing provider before you already accepted the new terms...
In the case of cloud services, your data can also be located in another country than your own, and therefore be subject to different privacy laws than your own country's.
For example, the US constitution (theoretically...) protects the privacy of American citizens, but not the people from other countries. This creates additional sovereignty issues and data protection issues for businesses and individuals. Consider carefully the differences between the GDPR, the Cloud Act and other regulations, and check which regulation the software you use (or the object in the IOT) is subject to.
Another problem arises when a business uses cloud-based services from a big player, the big service provider might be competing against its own B2B users, pursuing a winner takes all strategy.
The metadata of many businesses on similar markets can be gathered (through parsing, scraping, wrangling) and combined to obtain higher grade datasets on which to use artificial intelligence or big data optimization techniques.
The artificial intelligence features might be part of a publicly acknowledged and advertised business model, but provide an unfair advantage to a big cloud services providers based on asymmetric information.
To understand the problem with privacy online, we should try to grasp the nature of the networks of APIs through which is going the data we leave on a computer, a pad, a phone, a connected watch, or connected objects of the Internet Of Things (IOT).
This data can include such things as your family situation (spouse, kids, etc.), your friends and family's personal data, you location at every moment, the TV programs you watched in the past weeks, your favourite songs, etc. If you use some voice system for TV or microwave oven command, it even includes the sound of your voice and everything you say in your living room or your car, etc.
Below is an example of a multi-platform architecture for an application which can handle big files, such as videos or other media:
The app is called multi-platform because a user can access her data either from her computer (from different OS such as windows of mac), or pad, or phone, for different kinds of phones (android, iphone, etc.). All of those different ways to access the same app are called platforms. There is generally yet another way to access the same data, which is the WEB app, that is, over the World Wide Web using a web browser (such as chrome, or preferably firefox or brave).
What all of this means is that your data is not stored on your device (except for the data which is cached for optimization), but on a server, that is, a computer which is (generally) located in the facilities of a company, and offers the service of storing your data and making it available. The most commonly used technical solution in up-to-date systems nowadays is Web APIs with RESTful architecture (see my own lecture about server-side Web programming).
As you can see, different actual applications (so called client software) on different platforms can access the same data on the server (see the case of a Web client in my own lecture about client-side Web programming). There might be several servers with synchronization, caching and load balancing for complex applications with large quantities of data. This in turn leads to the data moving back and forth on networks.
To make the picture more realistic, contemporary trends are so-called Service-oriented architectures in which the computing and processing tasks for an application is distributed over a complex network of API's. Its advance form is the microservices in which each API or service has a very specialized task. Thus, the data to be processed goes through a high number of different servers, which can be physically located in different countries.
The data is usually secured in some way, in the sense that you must give credentials, or prove a clearance status to access the data. That's when it gets complicated. The general way to manage who can access which items of data is called OAuth right now. It looks great but tricky, but, as we shall see, it can be used poorly to make business easier, which causes major privacy issues.
What you need to understand here is that not only you can access your data, but a number of other people can too:
As the whistle blower Edward Snowden has shown, governments can access your data in a number of ways for the purpose mass surveillance, including hacks that are not supposed to be on the manual.
China has established a huge firewall called the Great Firewall of China, by which they can selectively disable connections, but also monitor the data going through, or even potentially (as it is technically possible) counterfeit the data, including targeted adds originating from Chinese providers, but destined to western websites.
Another issue with massive impact is the activity of Cambridge Analytica, which accessed in a regular way the APIs and used that data for a number of political manipulations (allegedly in different election campaigns, including the US presidential election in 2016 and the Brexit referendum, with ongoing legal processes).
A common way to implement political manipulation is through replacing a regular targeted ads by a political message, taking into account your personal data (such as tastes, political ideas, gender, family status, etc.), thus exploiting and amplifying the phenomenon of a social clique
Edward Snowden is a major whistleblower who released https://en.wikipedia.org/wiki/Edward_Snowden#Global_surveillance_disclosures">invaluable (classified) information about mass surveillance practices by intelligence services around the world, and particularly in the USA where he worked as a technologist and system administrator for the CIA and the NSA.
An Operating System (OS) is a broad layer of software which allows an actor, which can be a human user or a computer program, to access the basic functions of a computer (or phone, pad or an object in the IOT), including acting on the hardware (have a processor perform calculations, write data on a disk, send data over a network hardware device such as a wifi card, etc.).
The OS interacts with each piece of hardware through specific dedicated software modules called device drivers.
The OS generally includes one or several human-machine interfaces, which allow humans to interact with the OS (and therefore with the machine). This human interface can be a command line interface (which requires high level technical skills) or a Graphical Human Interface (GUI), allowing non expert users to interact with devices such as a mouse or a touchscreen, to open window, dialog boxes, click on buttons, enter text, etc. The main GUI allowing humans to interact with and OS is also called the desktop environment for the OS.
At last, an OS has a built-in mechanism to install applications (or Apps for short), which allow to extend the functionalities of the OS for specific purposes such as Web browsing, text processing, listening to music, messaging, image or video editing, etc.
Today's proprietary operating systems typically require that you create an account for (some or all of) your data to be stored on the OS provider's servers. Hardware manufacturer such as big phone manufacturer also incite you to create accounts and send data to their servers. The use of a proprietary operating system is therefore intimately related to privacy, regardless of the apps that you use.
As explained above, applications (or Apps for short), allow to extend the functionalities of the OS for specific purposes. To that aim, each OS has mechanisms to allow installation of Apps, with some policy for clearance for the App's provider and authorisations.
Each application will need access to specific data from the device, as well as specific hardware functionalities. For example, and application for Music Streaming and MP3 playing will need access to network connection, memory disk reading and writing, as well as producing sound. A voice recorder (be it combined with Speech Recognition or not) must have access to a microphone to capture surrounding sounds, as well as memory disk writing and. If the recordings have to be transferred to the cloud or to another device, the voice recorder must access network connections.
Here are examples of how users can see which application can access which data on windows, iphone and android. This allows to know about the control by the OS of which data the App can access and broad categories of thing the App can do with the data. Generally, you just cannot install or use the application if you don't accept to grant all the permissions an application asks for.
Now, an application will generally make claims about how the data is handled and used. One of the problems is the obscurity of the documents explaining what the Apps does with the data. Here is for example the facebook data. However, the application can technically do many other things with the data they access, be it related to legitimate business goals or not, which is not explained at all in those documents, and is only limited by regulation (if any), the enforcement capacities for regulation, and the permissions granted by the OS mentioned above. In the case of a social media App like facebook, the application can access most of the possible permissions enforced by the OS.
For example, a voice recorder which allows to record a voice on a phone, and send the sound file (e.g. MP3) to a computer through the network can technically record the sounds around the phone, send it to a server 24 7/7, then apply Speech Recognition algorithms on the sound files to automatically detect words for the purpose of spying or mass surveillance. Only the claims by the application providers ensures conformity to the official use, and it relies mainly on trust in the application provider.
Chinese technology companies, such as Tencent have developed Apps which are all purposes and can access all the data and functionalities at the OS enforcement level. This is essentially an additional software layer which allows to substitute the whole all-purpose App for the OS interfaces and system of multiple Apps.
This can raise privacy concerns for the App users, as the App can technically access all kinds of data, including the sound captured by a microphone, pictures captured by a camera, as well as all the user's memory data, then send this data on servers to be processed and combined in an apparently completely obscure way, which may include Speech Recognition algorithms on the sound files to automatically detect words for the purpose of spying or mass surveillance.
The internet of things include voice commanded TV sets, kitchen appliances or home air conditioning/heating systems. They also include CCD cameras, either for the purpose of streets/buildings surveillance and other applications.
Voice user interfaces allow for a user to command machines using speech, currently mainly lists of keywords corresponding to commands. It uses Speech recognition algorithms on the sound surrounding the considered machine, and automatically detect words. For this purpose, the software must access a microphone at the OS enforcement level.
The overwhelming majority of existing systems work by uploading the sound files to a server, where the sound is processed. Those systems which upload the sound to a server include Google Assistant, Amazon Alexa, and Siri, which was originally developed in the SRI International AI centre, which is also the root project for the speech recognition project of the US Defense Advanced Research Projects Agency (DARPA) project named CALO.
Cameras are becoming pervasive in many cities, making mass surveillance through facial recognition possible without the people being aware or well informed about the algorithms used or the purpose of the surveillance.
These technologies technically allow to track one individual going out to know where that person goes, and could be combined with other data from spying software installed on the person's device, etc. States which practice mass surveillance can also combine this data with electronic payment data or Web tracking.
Some specialists have also expressed concerns about misuse, bias in surveillance and incarceration, and social consequences.
Satellite Imagery can be Imagery Intelligence to gather intelligence. Today's high resolution images allow to track a car, or even an individual, and can be combined with facial recognition or Mobile phone tracking. This allows to check, for example, that the path followed by a phone coincides with the path followed by a car, even as the GPS localization feature on the phone is turned off.
Otherwise, it has never been easier to put a connected spying device in a building which will record, process or transmit sounds to a server for processing through a wireless/mobile network connection. Here are a few ideas to detect such a spying device:
We should distinguish between proprietary OS (the best known are windows from microsoft, apple's OS for mac, iphone, ipads, etc., chorme OS for netbooks, android phones and pads), and the so-called free OS (such as the linux family and the free BSD family). Those main categories do not exactly match the distinction between closed source code (such as microsoft's and apple's OS and open source code, as the example of the android, which is proprietary but open source, shows.
The difference between proprietary and free open source lies in differences such as:
You can find a list of open source licenses, as well as elements for comparison here. Here is another source with elements for comparison. When using open source in a business, care should be taken whether or not the license is permissive. A more permissive license will allow you to do more stuff for commercial use.
(see also my page on Basic Use of lubuntu Linux and data security)
There are two main families of free operating systems: the Linux family and the Free BSD family. Each of these two families has its own Kernel, which includes all the drivers to allow management of every supported piece of hardware. Ideally, those drivers are free, but they sometimes need some so-called firmware provided by hardware manufacturers who won't release their specifications.
An example of a user friendly, simple, operating system, which is light, in the sense that it allows you to use conveniently either old computers or cheap computers, is the lubuntu linux distribution, which is a variant of the Ubuntu Family.
The default desktop environment for lubuntu, which is called LXDE is arguably simpler and much easier to use than its proprietary counterparts, such as Windows's or Mac OS's desktops.
Due to its minimalist approach and limited use of the network (notably by avoiding sending data on the OS provider's servers), such a distribution as lubuntu also consumes less energy than Windows or Mac OS, and has a reduced impact on the environment.
The Ubuntu family of distributions of linux is closely related to the Debian linux distribution, which is strictly restricted to free software, and is less user friendly.
Those free OS come with a broad range of free software, which can be easily installed through a software manager,
for most purposes. The software can be made available for install from a DVD instead of the network
if you need to work offline for long periods of time (using tools like debmirror
, debpartial
,
debcopy
and mkisofs
to personalize and create your
DVD image).
Note that it is also possible to install several OS on one computer through
hard disk partitioning.
See the section about drive partitioning for more information about
disk partitioning.
There are a number of issues about compatibility with hardware which, quite often intentionally, hinder both competition and the development of free software and free operating systems. We can cite :