5 Jan 2017

Pigs in a digital world

Have your heard the joke about the two pigs? I think it’s a great way to start the new year (happy new year!). So here you are:

((photo de saucisson

Two pigs are in a farm and have a chat:

I love this place! Isn’t it cool that all the food is for free?

The second pig swallows its food and replies:

Of course, and on top of it, the lodging is for free too!

I often tell this story during talks I give at conferences, then I show the following image:

Saucissons.jpg

Most of the people have a laugh when seeing the dry sausage picture, making fun of the two pigs that think that they are customers of the farmer (If you did not know that they are not, I’m really sorry. I suggest that we avoid discussing the Easter bunny and Sant Klaus in the future).

Pigs are not the farmer’s customer. They’re just raw material. The actual customer is the one who pays money.

On the other hand, most of us thing that we are customers of Google and Facebook and similar “free” on-line services. Facebook is pretty open about it on its home page: “It’s free and always will be.” Gmail, Google Search, Google Maps and many other services work the same way…

Luckily, we will not end up in thin slices of dried sausage, but seeing that pigs are so naive leads us to the following question: how come that if we’re not the clients of such companies, they end up being so rich and valuable?[1] Actual clients are people or organizations that do pay. In this case, it’s the advertisers, who buy targeted advertising from Facebook and Google. For the ads to be targeted, Google and Facebook have to collect as much data as possible to profile the users.

Facebook does it by analyzing what we like, what we click on when visiting Facebook.com. Things get worse on mobile, as the Facebook app for Android requires access to a whole lot of personal data: GPS position, address book, text messages and so on:

Permissions_Facebook_Android.png

Over all, we’re not Google’s or Facebook’s clients. We’re digital pigs. It’s high time that we claim our privacy and personal data, by using services that are not based on targeted advertising… Cozy Cloud and its personal Cloud approach, for example! For now, Cozy Cloud’s commercial offering is not yet open to the public, but I suggest that you subscribe to our newsletter so that we keep in touch about the upcoming Cozy Cloud launch!

Note

[1] The infamous GAFAMs (Google-Alphabet, Apple, Facebook, Amazon, Microsoft) are the 5 most valuable companies worldwide.

14 Dec 2016

Privacy by design is not enough

Privacy by Design

Privacy - the great forgotten in today’s digital landscape

Plotted, profiled, monetized: this sums up the current situation regarding our Internet activity. The ‘free’ template has been the norm on the Internet for a few years now. Even if the services proposed by large companies such as Google and Facebook are known for offering free-seeming services, their business model is excessively profitable.

There are several reasons for this:

  • The free nature of services enables a significant amount of data to be accumulated, and analyzed to draw interesting correlations for advertising purposes.
  • There is a very strong belief in the value of users’ personal data. Collection capacity has therefore become an index of company growth, which drives investors to invest. Personal data is a new refuge value - or a new bubble.

Monitoring and predicting, in defiance of user privacy: the situation is not going to improve. Google and Doubleclick, Alphabet’s advertising agency, are now cross-referencing their data to more accurately target users.

Regulating practices: the role of states

In response to this growing intrusiveness, attempts at regulation are cropping up all over the place. At the European level, it’s the G29 - the meeting of all the European DPAs (Data Protection Authorities) that is most concerned with limiting the collection of personal data. Until now, their business has essentially been to require companies to comply with the law. But in the meantime, the question of personal data has grown both in size and importance: when someone is punished it’s because the harm has already been done, the data have already been collected, there has already been a violation of user privacy. As a result, the DPAs have become both legislative and legal regulators: the results are clear with, notably, GDPR implementation as of April 2018, which puts in place numerous preventive measures and focuses on an increasingly important concept: Privacy by Design.

What is Privacy by Design?

The idea of Privacy by Design is simple: instead of risking punishment, a company is better off integrating respect for privacy at the design stage of its product. For this, it must follow 7 simple rules:

  1. Act before there is a problem
  2. Process the minimum amount of data possible and keep it only for as long as is strictly necessary
  3. Design projects with a view to privacy right from the start
  4. Consider everybody’s interests (security, economic impact)
  5. Secure data from start to finish
  6. Ensure the transparency and visibility of processed data
  7. Respect user privacy

In theory, Privacy by Design is therefore an interesting piece of regulation: it provides standards to respect, it allows companies to easily protect themselves from the problems of privacy and personal data.

In fact… it’s a little more complicated than that. The idea of privacy by design poses several problems:

  • imposing criteria to define privacy and telling companies to get on with it, is very top-down
  • today, most Internet services operate on the personal data they have retrieved: do all Internet users define privacy in the same way?
    • most importantly: to suggest that adhering to the seven rules of privacy by design is enough to ensure the privacy of users is to give them a false sense of security which could be far more damaging than telling them nothing at all.

A false sense of security

Let’s give an example: you want to communicate something very important and very confidential to someone. Without a computer, it’s quite simple : if you meet up with the person in a desert, far from any microphones and Internet devices, you can normally deliver the message in complete confidentiality.

If you want to communicate the same information digitally, good luck! Even using a “privacy by design” application, you will have to rely on a long, too long chain of trust …

You are sure about your email application. Great. Are you sure about your correspondent’s, too? Sure your browser is not saving what you type? Sure your computer does not pass on what you type on your keyboard? And the BIOS, have we thought about the BIOS?

Speaking of privacy by design is very nice, but if you are not sure of the foundations, it only creates a false sense of security. Respect for privacy has not only to ensure that no data will be disclosed: above all, it’s about making it possible to circulate our data in a framework of trust, according to our needs and desires, and having confidence in the third parties with whom we share them. Only one option is possible: choosing our own solution. We can never audit everything. Absolutely perfect security does not exist. On the other hand, by encouraging competition, by facilitating the transfer of data from one player to another, users can boycott software or a chain of confidence they do not like. To do this, portability is an essential issue. We’ll tell you more about this in the next post!

8 Dec 2016

Gregory joins Cozy Cloud!

gregory-rejoint-cozy-cloud.png

Once we started our second round of equity financing, we knew that we would have to grow quickly and efficiently in order to increase the speed and stability of our development. This is a challenge all companies must face. This is when it’s important to recruit the best people so they can work in  […]

Continue reading

29 Nov 2016

Cedric joins the Cozy crew

Cédric joins the Cozy Crew

At Cozy, we like to keep in touch with student communities. That’s where we often meet passionate people determined to find meaning in their work, who are very enthusiastic when discovering a new language and development project. That’s how Cédric found us: he wanted to create a professional data  […]

Continue reading

28 Nov 2016

On the road to Cozy version 3

roadmap_1200x600-nuage.jpg

TL; DR: Cozy is an Open Source / Free Software project that is both audacious and moving fast: applications are getting better, users are numerous and the community is very active. Financially, things are going well, the recent funding roud enables us to hire more developers. There is an issue  […]

Continue reading

- page 1 of 5