Nicolas Engel

Idea(ls) on cybersecurity

How to bypass electronic mass surveillance? (1st part)

If electronic surveillance seems to become the norm in our modern societies, it is above all because information is an individual’s primary wealth. Its administrative data allows to define his identity, his patrimony and his professional activity. The data from his social networks or email messaging allow to know more about his tastes, his aspirations and his buying behaviors. Finally, electronic devices (mainly smartphones, but more generally all connected devices, cars, home automation, drones, etc.) complete the landscape by enabling individuals’ physical activity (their geolocalized movements) to be linked to their virtual behavior.

In this increasingly dematerialized economy, is it still possible not to be spied on? Is it still possible to remain anonymous, allowing to remain in control of his identity, opinions and tastes? To not feel that you are always browsing the same content on Internet? How is it possible not to be recommended always the same advertisements on search engines, the same videos on Youtube, the same search results?

A protean anonymization

Anonymization solutions on Internet are not uniform because stakes are multiple.

Before going further, it is important to note that the solutions described below are for my personal use and do not claim to be exhaustive. They aim to simply describe my approach in compliance with French laws and regulations.

Protecting my digital identity consisted in the following steps:

For each step, I will try to describe the advantages and disadvantages of my approach and the results that I get out of it.

Avoid the use of platforms whose purpose is to resell your personal data

The first solution may seem the simplest. But if we look at it closer, the awareness it required was not obvious.

Like many millenials, I accompanied the advent of the Internet by using social networks during my student years.

However, when using a social network, we think less about the usefulness of the network than about the users (friends, family) on it.

It is necessary to understand mechanism behind social media. I can only recommend Netflix’s excellent documentary entitled “The Social Dilemma”.

These platforms, like Facebook, Instagram or Linkedin, aim to collect as much personal information as possible about their users in order to improve their advertising targeting or to resell the data directly to businesses. Therefore their uses aim to capture the attention of its users to collect their behaviors. In my quest to re-appropriate my digital identity, I have stopped using several networks.

The app’s behaviors to get us to scroll continuously spoiled its relevance.

What do I get out of it ?

Not using Facebook or Instagram anymore made me initially fear a withdrawal from society, a loss of friends or relatives. Experience has proved that this feeling was totally irrelevant. Leaving these networks allowed me to reconnect physically with people, to have more sincere and authentic relationships than through messages and other likes, which ultimately prove to be artificial and impersonal.

Another benefit of leaving these networks was the time freed up. I was wasting my time on smartphone playing games that I didn’t really enjoy and that turned out eventually to be quite frustrating. Stopping Instagram also allowed me to stop comparing myself to people who didn’t bring me the inspiration I was looking for. In the end, my self-confidence improved. Finally, the anonymization of my activity on the Internet was striking with a drastic reduction of search results for my name on Google as soon as I deleted my accounts at the end of 2018.

For all these reasons, I appreciate on a daily basis the decision I took and I do not consider going back to these social media.

Protecting my communications through services using true cryptography

The second pillar to regain my digital identity was to better control my communication channels. The departure of Facebook and Instagram allowed me to refocus my communications on Whatsapp, an application that also belongs to Facebook.

From a data protection point of view, Whatsapp uses end-to-end encryption, having implemented “E2E” the protocol of the Signal application. End-to-end encryption ensures that your message is transformed into a secret message by its original sender and then decoded only by its final recipient.

I had therefore deduced that WhatsApp was completely private. Unfortunately this is not the case due to Whatsapp’s use of metadata.

Why is metadata important?

Metadata are all informations about a message except the content. It could be described as “activity records” with for example sender, recipient, time of sending or location of the sender. Even if Whatsapp cannot access the content of a message, the phone numbers involved in the exchange and their timestamps remain stored on the company’s servers. If a court or intelligence agency orders the company to share information about a particular user, the amount of metadata the company will transmit will likely be sufficient to create a profile and infer your usage. Uses that can be further refined with your usage data on Facebook or Instagram.

In front of this observation, I looked for a messaging system more respectful of my personal data with the following criteria:

Alternatives to Whatsapp exist even if the perfect solution does not exist.

In my case, I chose Signal, which is an open-source messaging system that provides a good level of confidentiality by encrypting messages and calls from end to end.
However, the solution needs a phone number to register you. It is therefore not anonymous but only records your last connection to their server. In addition, message timestamping is based only on the day and not on the hour, minute or second of the messages sent. Finally, Signal is based on a non-profit foundation whose objective is to promote respect for personal data.

Personally, I am very satisfied with the use of Signal, which I find intuitive and complete. At the same time, I continue to use Whatsapp to avoid forcing my contacts to migrate from email. My freedom ends where other people’s freedom begins. I am happy to share my approach with those who ask me, but I won’t impose my choices.

Nevertheless, can my communications be summed up in these 2 applications ?

Of course not because emails are an important part of my identity on the web. It took me a while to find the right solution to my desire to take control of my digital identity. This will be the subject of a second article, which will explain why and how I left Google’s services to competing services that are more respectful of my personal data.

Cram them full of noncombustible data, chock them so damned full of ‘facts’ they feel stuffed, but absolutely ‘brilliant’ with information. Then they’ll feel they’re thinking, they’ll get a sense of motion without moving.”

Fahrenheit 451 — Ray Bradbury

Leave a Reply

Your email address will not be published. Required fields are marked *