I am on my way to Berlin to the 25th Chaos Communication Congress titled „Nothing to hide“. As the name implies, it’s about privacy. In particular of course privacy on the internet.
So let’s ask ourselves: Is there still some level of privacy on the net? Can there actually be?
„It’s all out there anyway!“
When reading some blogs or mailing list (like recently on openid-general) some people seem to be of the opinion that we don’t need to care about controlling information because it’s all out there already anyway! So why hide something at all then?
But the question is maybe: Why is basically everything available to Google these days?
I think the answer is simple: Because nobody really concentrated on hiding it from Google. Actually one of the biggest web industries is the one which tries to make sites as search engine friendly as possible. Because this gets you clicks and ad impressions and so on.
But is this reason enough to just give up and say that privacy is impossible anyway?
In my opinion not everything need
s to be out there but of course it always depends on your own decision (or should be at least) which might be limited by factors such as alcohol or education of course. But nevertheless if we would start to put in controls today then IMHO it’s possible to get at least a basic level of privacy. Also there needs to be a way to attach such information to data so that other parties honour it, too.
Of course this also goes with trust. When I tell something secret to a good friend I trust that friend to not tell everybody. The same can be true for websites. Even more: It could be codified in their Terms of Service. This of course goes along with the idea that data actually belongs to the user, not to the service. Many Terms of Service Agreements these days though define it more as being the latter.
Are expiration dates the solution
Another idea I heard about at the IdentityCamp in Bremen earlier this year was the idea of adding an expiration date to your data as e.g. photos. So if there might have been somewhat embarassing photos of you somewhere then those would be deleted automatically after e.g. 1 year. I don’t think though that this is really the solution to the problem. And then of course you cannot really take something off the internet once is visible to everybody including all the search engines.
So is privacy doomed?
Of course there is always the lower technical level where you maybe can sniff packets, monitor connection patterns and so on. This is hard to come by of course as the whole internet is not under your control (as you can only choose your final endpoint). But still there could be some political movement going on to make this better instead of the other way round as many politicians lobbied by certain industries do it right now.
On a higher level though websites could already do more. Why not give users more choices on how public their data is supposed to be? Why not invent some sort of metadata scheme to annotate data with those options? Once it’s visible for everybody your data is of course out of your hand but if you prevent full permission on your data you should be fine.
So I think there still is hope. As said, there won’t be 100% privacy but you never have that anyway. Giving users the tools and respecting their decisions can work though.