It’s interesting how fast time flies. I remember the 16-year-old me thinking “a government backdoor is hacker’s backdoor” when reading criticism of OpenBSD, and the next day Edward Snowden’s first NSA leaks hit the media, that with my mom subsequently defending the surveillance programs.
Since then, we’ve all seen things change. Many of NSA’s programs were ruled unconstitutional, we took a big leap on privacy and security in some places (e.g. Let’s Encrypt). At the same time Big Tech basically went all in on Big Data, AI, and advertising at the expense of our privacy. To me, unfortunately, I’ve also been pulled into a “Big Data” career, one I’m trying to get out of (well, do you want me to support Big Brother?).
In the pre-Snowden world, security was prety weak. The only places SSL was really used was where you entered your credentials or credit card number. Everywhere else, it was plain old HTTP. You had to pay for SSL, and even post-Snowden (but pre-Lets Encrypt) I have paid for SSL on my mail server. For reference, I was planning to self-host email pre-Snowden but didn’t get to it until after the leaks.
On top of that, people didn’t see a reason to take privacy seriously then. Nobody knew the government was spying. Some people had suspicions. I once thought if I visited the American Nazi Party website I would have the police at my door. But now, people know the government is spying.
At the same time, many of the privacy tools are made by geeks for geeks, and only a certain fraction of them. I might have the competence to use them, but despite having grown up on mostly “libre” software, I practically had to take a job at Microsoft 365 when they offered me 100 grand during the time none of the larger NYC-based tech companies wanted to interview me.
And while I can learn a new tool, many people don’t want to switch from Big Tech to a FOSS alternative, even geeks. Whether it’s inertia, or the network effects of big operating systems and social media platforms which locks users in, or the fact that “privacy preserving” alternatives today are mostly for geeks.
There’s a reason why Big Tech companies are now trillion dollar companies despite privacy risks. There’s a reason why most people stayed with Twitter even if they hate Elon Musk. And even if there are engineers capable of making a privacy-preserving FOSS project awesome, they might get hired by Big Tech to not do that but instead keep users using Big Tech.
Yes, if I didn’t work at Microsoft, I would fully advocate for FOSS and self-hosted alternatives at the top of my heart. Just look at my webmail interface or my cloud storage, do these look like Microsoft login forms? Probably not. But even if I didn’t work at Microsoft, I probably would have a job at a smaller company using AWS and Gmail and MacBooks, or maybe another enterprise all-Microsoft shop.
To change the topic a bit, the reason why the NSA has the power it has is becausse we built tech companies on Big Data. If Google and Facebook has data on everyone, the NSA would love to have their slice of cake. If we didn’t build companies on Big Data, the NSA wouldn’t be nearly as powerful as it is.
But even if people are concerned by spying, they are lured by “free” websites and apps which profile them, sell their data to advertisers, and keep users addicted. We basically set the standard of an online tool to be free and ad-supported.
While I’m much younger than that, if you’re old enough to remember the 90s, many ISPs then offered a suite of services alongside dial-up Internet, like email and Usenet. While the NSA could still have spied on them, ISPs then had no incentive to monitor every action of ours, as long as we paid the bills on time. (Note: monopoly ISPs of the present day are a different story that I won’t discuss here).
But as Big Tech started offering similar services like email, they initially gave them “free” services to compete with ISPs. They turned ISPs into dumb pipes by getting us to switch to Big Tech alternatives, using our data to print money.
While I certainly don’t want to switch back to ISP email, and neither do you, if we want to combat NSA spying, we need to not just ban spying on the government level, but also change the model of tech companies away from Big Data, AI, and advertising.
Even laws like the GDPR and CCPA doesn’t make Google not be a surveillance capitalist, it’s in their DNA. We need companies which inherently aren’t built on surveillance capitalism, like Tor, or Signal, or Mastodon, which in turn have little-to-no data to share with the NSA, GCHQ, FSB, BND, among other agencies. We need people to work on making privacy-protecting alternatives something people want to use, and not skip over if they’re not a Linux geek.
After all, Google’s “big data” could let states have information on abortion (and possibly transgender healthcare) seekers, so it doesn’t matter if you as an engineer live in progressive California if Mary Kate lives in Texas and needs an abortion, or Taylor Smith needs to transition from male to female (or vice versa) in Florida.