Last year was a landmark for online privacy in many ways, with something of a consensus emerging that consumers deserve protection from the companies that sell their attention and behavior for profit.
The debate now is largely around how to regulate platforms, not whether it needs to happen.
The consensus among key legislators acknowledges that privacy is not just of benefit to individuals but can be likened to public health; a level of protection afforded to each of us helps inoculate democratic societies from manipulation by vested and vicious interests.
Forget telephoto lenses and fake mustaches: The most important tools for America’s 35,000 private investigators are database subscription services. For more than a decade, professional snoops have been able to search troves of public and nonpublic records—known addresses, DMV records, photographs of a person’s car—and condense them into comprehensive reports costing as little as $10. Now they can combine that information with the kinds of things marketers know about you, such as which politicians you donate to, what you spend on groceries, and whether it’s weird that you ate in last night, to create a portrait of your life and predict your behavior.
After the Sony mega-hack, protecting email privacy may seem paramount. But at digital payments startup Stripe, email isn’t kept all that private in the first place.
Recently, Stripe openly detailed the internal system it uses to achieve what it calls “email transparency,” saying “almost all” messages inside the company can be read by all employees. Private emails at Stripe aren’t forbidden. But they are the exception.
No, these emails can’t be read by people outside the company. But it shows that privacy isn’t always as important as we think it is. Stripe’s system is part of wide-ranging effort to build services that seek to make our communications more public, not less—an effort that includes everything from familiar consumer services like Facebook to business tools offered by the likes of Slack and GitHub.
As far as the technology goes, open email at Stripe isn’t that complicated. Employees are asked to CC any work-related emails to topic-specific mailing list archives managed through Google Groups. Project lists are the most common, but categories range from individual countries to a “crazyideas@” list. Via the lists, all email becomes public and searchable inside the company. Stripe now has 428 lists in all.
Maintaining your privacy online, like investing in stocks or looking good naked, has become one of those nagging desires that leaves Americans with a surplus of stress and a deficit of facts. So it’s no surprise that a cottage industry of privacy marketers now wants to sell them the solution in a $50 piece of hardware promising internet “anonymity” or “invisibility.” And as with any panacea in a box, the quicker the fix, the more doubt it deserves.
Last week saw the fast forward rise and fall of Anonabox, a tiny $45 router that promised to anonymize all of a user’s traffic by routing it over the anonymity network Tor. That promise of plug-and-play privacy spurred Anonabox to raise $615,000 on the fundraising platform Kickstarter in four days, 82 times its modest $7,500 goal. Then on Thursday, Kickstarter froze those pledges, citing the project’s misleading claims about its hardware sources. Other critics pointed to flaws in Anonabox’s software’s security, too.