Online privacy: a tale of irony and contradiction

This is the post that prompted me to start this blog a month ago.

I understand online privacy better than most. Unfortunately, privacy (and security; the two often go hand-in-hand) is often at odds with convenience. I have previously sacrificed convenience over privacy and security in many instances, because the latter two are important to me. Fair warning, this post doesn’t answer how to compromise between the above; it merely highlights my frustrations while trying to do so. Here are some of the more significant attempted compromises I’ve made, and the associated struggles:

Running free and open source software on my Android phone

I’ve had Cyanogenmod installed on my phone since shortly after I purchased it. For the past year or two, I’ve had it installed without any of the Google apps, such as the Play store, YouTube, Maps, Hangouts, Google+, and Gmail. Not having the Play store meant not being able to install any of the apps it offered. Instead, I made do with F-Droid, an app catalogue that exclusively contains free and open source apps.

This encumbered my ability to interact with other people, sites, and hardware. I couldn’t use common chat applications, some social media sites were clunky because I was limited to their mobile web page which is often a second-class citizen to their mobile app, and I couldn’t stream to my Chromecast. Eventually, about a month ago, I caved and installer the Google apps, because the disadvantage of missing out finally outweighed the advantage of knowing with reasonable certainty that my location data, contacts, and other private phone information was safe from third parties.

Facebook

I deleted my Facebook account in 2013 after it insisted on hounding me for personal information regarding my education institutions and place of employment. Initially, it was freeing. I had more time up my sleeve, and knew that even if Facebook didn’t delete the data for my old account, they weren’t getting any new data from me (though possibly from others; see Shadow profiles).

Again, though a couple of months ago, I’d gotten sick of the disadvantages. I’d occasionally get forgotten by people organizing events, because I wasn’t on Facebook to be invited. Many friends were difficult to get hold of because Facebook was one of their main communication media, and when I met somebody new in person and wanted to keep in touch, the first question I got was “What’s your Facebook”? My social life could be enriched, and so, with significant trepidation, I yet again forfeited my personal information to Facebook and started adding friends.

Gmail plus-addressing

I try to sign up to different sites with different email addresses (using Gmail’s plus addressing). This way, if i receive spam to a plus-address, I know which site disclosed that address (this, I admit, has never actually happened).

On January 21, a colleague and I were discussing various web services, and I mentioned that I used Gravatar, which serves up a picture for use as your avatar based on your email addresses, to any website that supports it. My colleague remarked that they were surprised that I, somebody reasonably privacy-conscious, used Gravatar. I considered this briefly. Gravatar works by asking you to supply all your email addresses, and upload one or more pictures, each of which can be associated with one or more email addresses. Then, when you sign up with one of those email addresses to a site that supports Gravatar, the site can send a request to Gravatar which includes your email address, and retrieve a picture that it can then use as your avatar or profile picture.

Gravatar is a free-as-in-beer service. They don’t charge members any money to use the service. Given this, they obviously need to make their money elsewhere, so it’s reasonable to assume they monetise their members, making members the product. Each request that a Gravatar-supporting-site sends to Gravatar likely contains a referrer stating which site made the request. This means that Gravatar could collect a huge database of all the email addresses associated with a member, and all the Gravatar-supporting sites they visit, then sell this information to the highest bidder. Because some of the sites I use plus-addressing on support Gravatar, Gravatar needs to know all thise addresses, making using Gravatar reckless, to say the least, because Gravatar can be used to unify my identities across all sites that support it. I signed up for Gravatar years ago, before I was quite so paranoid, so it hadn’t been subject to my now-more-stringent privacy analysis. Ironically, here I am blogging about Gravatar on a blog hosted by WordPress, who own Gravatar.

Solutions?

So how does one integrate with society while remaining reasonably private and secure? I’ve no idea, but I’m still looking, despite feeling a bit resigned to the reality that sometimes it’s all too hard.

To blog, or not to blog

For years, I’ve pondered the idea of starting a blog. It never seemed worthwhile, and there always seemed to be plenty of hurdles.

Hosting

Where would I host a blog? As a big supporter of data sovereignty and data liberation, I didn’t want to lock myself into a particular service and so considered self-hosting.

On the flip side, as a systems administrator, I didn’t really want go have to deal with the maintenance of yet another service on one of my servers, particularly something like WordPress with I get the impression needs regular updates applied, which aren’t necessarily available in a timely manner from my Linux distribution’s package manager.

Ultimately, after creating a WordPress.com account in 2012 to occasionally contribute to another blog and squat on my username, and subsequently determining that the site has an Export function which returns all content as XML, I decided that was Good Enough(TM) and made my blog publicly viewable and searchable.

Content and frequency

What do I have to blog about? If what I write is only of interest to me, I may as well keep a private diary. If you look at my Twitter feed, you’ll see a huge percentage of it is retweets of others, rather than original content. Do I really have anything to say?

Of course I do. Despite being busy out and about actually living my life, I still spent significant time reading and forming opinion on topics that are important to me (see my About page). Occasionally, there’s a topic I feel strongly and educated enough about to weigh in on with my own thoughts. Sometimes I do this on Twitter, however sometimes 140 characters just isn’t sufficient.

Is it worth setting up a blog, though, for the seemingly rare occasions I feel like sharing my opinion with the world? Well given I’m hosting on a managed service, the cost of maintenance is basically zero, so there’s no harm in having a site that is often dormant until I need it, and I have no obligation to set a schedule for how regularly I post content.

That said, I enjoy writing, and if I don’t strive for anything too close to perfection (e.g. in the form of ensuring I know everything about a topic before authoring a post on it), just the fact that I’ve got a space available to share my thoughts may lower the barrier enough that I do so more often than I’d expect.

Naming

Ah, the all important question. What do I call my blog? I wanted something unique (there are a lot of blogs out there, and many of the names I considered were in use) and memorable, while having a nice ring to it. “mattcen’s mumblings”, which occurred to me the other day, contains a username that is mostly only associated with me across the internet, and it alliterates nicely, so it’s as good a name as any.

Privacy

Privacy is, ironically, the topic that finally made me choose to write a blog post (that’s coming soon), so I won’t go into too much detail here. Suffice to say that, despite my privacy attempts being largely in vain, I am usually quite conscious about what I share on the internet so there’s little reason to share any more information than necessary. Time will tell whether I have any luck retaining any semblance of privacy.

Conclusion

So I have a blog. It may get lots of updates, or it may not. The posts may or may nor be useful or interesting to anybody. You’re welcome along for the ride to find out!