Protecting your internet privacy requires a business rethink, says Concordia researcher
Bipin Desai has been worried about your online privacy for quite some time.
As long ago as 1994, the computer science and software engineering professor at the Gina Cody School of Engineering and Computer Science was issuing Cassandra-like warnings about the ramifications of the corporatization of the internet.
His concerns were prescient. The past quarter-century has witnessed an unprecedented commodification of personal data and erosion of personal privacy. Addiction to mobile devices has exacerbated both.
In a paper he delivered at the 23rd International Database Applications and Engineering Symposium (IDEAS 2019) in Athens, Greece, Desai outlines how tech giants like Google, Facebook, Amazon and Apple gained control of and profited from our data. But he also presented a way to reassert control and wrest it away from them.
“How do you fight Google? How do you fight Facebook?” he asks. “They are not going to do anything about our privacy rights. So what am I going to do to protect my data? I’m going to take it away from them.”
Everyone is a server
He proposes a straightforward if radical solution: add an open-source functionality of an email and web server to the individual modem-wireless routers found in most homes and small offices. A simple interface would let even the least tech-savvy users manage their individual system.
Emails would originate in the users’ owned system, personal web pages similar to current social media sites would be hosted on their personal servers and all data would be stored locally. Content and data would only be shared with the user’s permission, and both email and web content would be encrypted to avoid electronic eavesdropping.
Connectivity long ago reached beyond individuals. It has permeated even our household infrastructure via the Internet of Things (IoT). In light of this, Desai has come up with additional steps to insulate users from data-snoopers.
He and his former master’s student Ayberk Aksoy developed a router-based system called Heimdallr that would monitor traffic, store data and only allow verified and approved software updates. The updates would be certified by an independent agency similar to oversight organizations found in other industries.
In one stroke, he believes, this would empower individual users and restrict Big Tech from accessing personal data.
“There would no longer be the need for any tech giants to provide email or web service,” he writes. “Technology has progressed to such an extent that these services could be incorporated in a device many home owners already have and its cost would be no more than that of the latest mobile device.”
The personal web
Desai knows that changing the business of the web is a daunting task, especially without political leadership challenging the status quo. He says the European Union’s General Data Protection Regulation, which asserts that users own their data and have a right to decide who can use it and how, is a good start. However, enforcing those rules globally will not be easy.
“At this point, the way the web works is saturated in everybody’s mind,” he says. “How do we change our framework to bring it back down to the personal level?”
Read the cited paper: “Privacy in the Age of Information (and Algorithms.)”