Privacy violations increasingly built-into the basic digital fabric

For a long time, it has been possible, to a large extent, to avoid privacy intrusions by advertisement-profiling companies and the like, by steering clear of the perpetrators. Sure, Google and Facebook among others have been deploying drag-nets across the web, but those can, at least to a decent extent, be kept away by VPN services, script blockers, LSO clearing and other practices, as long as one doesn’t have an account and use them.

A highly worrying trend lately, well, for several years, is that privacy-infringing practices aren’t only a part of websites anymore, but also of various sources which would traditionally be considered privacy friendly, or not even needing them for their business model.

More and more already-existing programs, browsers, drivers, and even standards, are being optimized for spying in their newer versions. You’re certainly familiar with the problems of Microsoft Windows 10. A couple of years ago, there was news that Nvidia graphics card drivers included ”telemetry” (in the 00’s we would’ve said ”spyware”). Mozilla Firefox, the go-to browser for the privacy conscious, is rapidly decaying – now when you install it, you are just informed that it collects a whole bunch of ”telemetry”, and how to opt-out of some of it. The rest, implied, cannot be opted out of.

Partially sticking with Firefox, the following was published a few days ago on the Private Internet Access blog: SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3. In short, in the protocol that’s supposed to keep you safe from the prying eyes of others than yourself and the page you’re visiting when there’s a ”https” in the beginning of the address, there’s now a function that’s like it was made for tracking you!

In that post, there’s a description of how to disable the tracking-allowing functions of it in Firefox. If it wasn’t for the step-by-step descriptions, it would be anything but straight-forward.

I’m no expert in this, maybe the description of the protocol requires these functions to be enabled by default, but in that case, the very least Mozilla could have done is to inform of their existence and provide easy controls for the user to disable them. If they took privacy seriously.

But if Mozilla took privacy seriously, they wouldn’t have opt-out functions for their own telemetry, they would have opt-in or forced-choice. Opt-out equals on, for the vast majority of users.

And at least default-on but opt-out, and often not even being possible to opt-out, is rapidly becoming the norm for operating systems, drivers (I installed a Canon printer lately, I think telemetry was forced-choice but the privacy policy implied that it sent some of it regardless of what you chose), games, you-name-it. Even hardware, in this (id)IoT era. (double pun intended).

(I know I have some libertarian readers, from and related pages, who will not agree with me for two reasons: 1 – the government won’t make laws like that, without loopholes, exceptions or even abuse potential for themselves, and: 2 – the companies do what they want, if people don’t want it, they will go to the competitors.)

But, my opinion is that we need legislation against this. It shouldn’t be legal to abuse people’s trust like that. In fact, the whole personal-data economy should be killed. Even if it is the most lucrative way of making money on ads, it is not the only one. Just look at DuckDuckGo. They are still there, and growing.

I have made this analogy before (although in Swedish), but I’ll do it again: When it was discovered that Freon/CFC:s were destroying the ozone layer, refrigerator manufacturers strongly opposed a ban on the substances, claiming it would be impossible to make energy-efficient refrigerators without them. Today, refrigerators are by far more energy-efficient than the best Freon refrigerator ever was.

There are other ways, even if the current one seems like the best, and if the other ones are taken more frequently, they will become better. Maybe even better than the current one.


(To those criticizing me according to the points above: Point one, you do have a point. GDPR puts heavy restrictions on how companies can handle personal data, but pretty much still give the governments free hands. It has also recently been abused to attempt to break the anonymity protection of sources to journalists. Great job for a law that’s for protecting privacy… Anyway, we’re approaching the point where even the total room for potential damage is less than the guaranteed damage of not legislating. Point two: What competitors? There are few at best, which will most likely soon follow suit. Most people are too stupid and/or lazy to care, meaning that the few of us who do care are out of options, as the market favors data abuse.)


Trackbacks / Pingbacks

  1. Indicier för auto-hellbanning | Integritetsnytt - 6 december, 2018

Kommentera gärna här

Fyll i dina uppgifter nedan eller klicka på en ikon för att logga in: Logo

Du kommenterar med ditt Logga ut /  Ändra )


Du kommenterar med ditt Google+-konto. Logga ut /  Ändra )


Du kommenterar med ditt Twitter-konto. Logga ut /  Ändra )


Du kommenterar med ditt Facebook-konto. Logga ut /  Ändra )

Ansluter till %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggare gillar detta: