Constantly monitor those in power

"Quis custodiet ipsos custodes?"

That's a question we should be asking more in this day and age of constant surveillance.

I'm toying with a proposal: Anyone who goes into public office should have absolutely no privacy whatsoever. Every movement should be available on video, every email and message logged and read, and every conversation recorded. Even the most top secret and sensitive state negotiations should be watched by duly vetted, randomized—and constantly monitored—professional monitors. As with state secrets, maybe for things like sex, bathroom breaks, etc., only some special monitors would have access.

Whether or not monitors actually saw every moment and heard every word, it would all be there, available to the law, not capable of being tampered with. And perhaps we would want monitors to actually watch it all, people duly tasked to catch any whiff of impropriety.

No one would go into public office then, you say? Nonsense. Power is powerfully attractive. No dishonest, secretive person would go into public office—that seems clear.

It would be humiliating, you say? Well, power ought to be a humbling thing. Only those really willing and able to wield it in the full light of day it should be able to.

Sunlight is the best disinfectant—and power, throughout human history, has so often been so profoundly dirty.

It is not as if we don't have the technology. (Well, we do if we create legal consequences for tampering with the monitoring devices.)

Power corrupts, they say; but consider that it corrupts primarily in private. If all email, phone, etc., were transacted under massive, constant monitoring, only honest public servants would go into politics.

What state interest—to use the language of the lawyers—is really served by public officials having privacy, in light of the awful consequences of allowing power to be wielded in secret? Is the privacy of a President, Senator, or big city mayor really so important that it outweighs the public's profound interest in making sure that power is never abused?

We might have a similar legal requirements regarding executives of companies worth over $N. Clearly, they too wield far much power for us to trust them to exercise that power responsibly. They need a rolling, anonymized, and confirmed-independent cadre of monitors.

The precise social and technical requirements of monitors as a citizen role (and, perhaps, profession) would be difficult to work out, granted, but not insurmountable. Monitors might sell secrets? This is why monitors themselves would be monitored. They might collude with each other and with power to overlook misdeeds? This is why they would be unknown to each other and reassigned on a rolling basis. Isn't there still a need for privacy even for the most powerful positions, in the case of sex or using valuable cryptocurrency keys? These are technical problems with technical solutions, to a certain extent, and the punishment for violating your trust as monitor would be harsh.

What kind of person would a monitor be? Professional monitors would be vetted for honesty, intelligence, and responsibility, I imagine, not unlike judges. It is probably important that the monitors be drawn from pre-vetted but fairly large public pool, not (or not just) a privileged professional class. The role would be like jury duty. And again, the consequences for a monitor divulging legitimate secrets would be very serious.

It is also possible that people would be available only to do random spot checks; or even less, just to monitor that the system is working reliable and recording everything. The mere fact that the data is being saved constantly would probably be an adequate disincentive for most criminal politicians and executives.

Finally, this proposal would make leadership more of a moral calling. That's what it would be, then, too: difficult and wise leadership, not morally fraught power. It would require real personal sacrifice; it would require you to be on your best behavior, and that your best really can stand up to close scrutiny.

Obviously, I'm not sure of the details. But it sure is fun to think about a system in which there is totalitarian surveillance of the powerful and not of the people.

Totalitarianism only for the powerful—never for the people.


On the misbegotten phrase "surveillance capitalism"

The loaded phrase surveillance capitalism has been in circulation since at least 2014, but it came into much wider use this year with Shoshana Zuboff's book The Age of Surveillance Capitalism. The phrase means the system of extremely widespread surveillance by giant private corporations, entailing the systematic invasion of our privacy as well as control and abuse of our personal data.

I am opposed to the phenomenon that the phrase names, but I also am opposed to the phrase itself. How so? As I've made amply clear in this blog, I think we should care much more about privacy, and indeed we should be hardcore about it. Moreover, the best defense we have against incursions on our privacy by Big Tech is to decentralize social media (and other data, too, come to think of it) and to embrace data self-ownership.

The problem with the misbegotten name "surveillance capitalism" is that it implies that it is because of capitalism that we currently live under a regime of surveillance through social media (as well as financial, medical, and other data). This is nonsense. Indeed, it should be obvious why it is nonsense. But I enjoy explaining obvious things, and sadly it sometimes seems necessary. So here goes.

It isn't capitalism per se that is responsible for our massive surveillance. The Internet was capitalistic in 1999 but did not feature 2019 levels of surveillance. We could still institute new decentralized systems of data exchange that would make what Zuboff is pleased to call "surveillance capitalism" much more difficult. Moreover, massively intrusive surveillance can be expected to happen, and actually does happen, under socialism, as it does in China.

The reason we live under a regime of massive surveillance is not economic or political but technological: blame it on the cloud. Because we need to sync data on our various devices, and between large networks of people, our data came to be put in the cloud. Though they could have been, different networks were not made interoperable, so that you and I could take exclusive control of our data if we wanted to. Instead, each of the Big Tech giants—Google, Facebook, Twitter, Instagram, etc.—came to have its own internal data standards which allowed it to operate its own walled garden, insulated from the others and from smaller competitors. The economic system of capitalism is, quite simply, governments permitting free markets to operate with comparatively little regulation. The presence of such a system is not enough to explain why we found ourselves with such proprietary standards and walled gardens.

If you are still not convinced, then imagine, if you will, that the Democratic left took control and converted America to the sort of government-controlled economy so many democratic socialists want with increasing desperation. That would not make it more likely that we would adopt a system of neutral, open standards. Why would it? Data standards and our economic systems certainly seem to have little to do with each other. Indeed, a socialist economy would be much more likely to impose various kinds of surveillance and top-down control. After all, such control is essentially what "market socialism" is all about. In the market socialist economies that the American and European left hanker after, giant governments and massive corporations would naturally work together to surveil the populace via the social media panopticon. Not for nothing has the Western left-wing commentariat backpedaled on their original expressions of horror at Chinese social credit system. Maybe it wouldn't be so bad, some are saying.

And that, of course, would be surveillance socialism.

By contrast, the adoption of common, open standards that would allow us to own and serve our own data without fear of interference by massive authorities, corporate or governmental, would essentially be an individualist, pro-liberty system, much as the Internet itself was and to some extent still is.

The irony is rich indeed when giant institutions like Facebook and Twitter are led by avowed progressives but, because they are corporations, it is capitalism that is blamed for their immoral power-grab. At best it could be blamed on corporatism. What's the difference, you ask? Capitalism is defined by and highlights the freedom of economic interactions. But, you ask, wasn't it corporate freedom that allowed Big Tech to take control? Not really; not necessarily. Corporate freedom greatly underdetermines why our privacy has come to be systematically violated in 2019. In other words, it's not enough to explain the problem. Corporatism, by contrast, involves the wielding of power by giant corporations; by now, it is clear that it was the desire to shore up their power, economic power to be sure but also ultimately their political power, that motivated Big Tech to make our data into their private fiefdoms. So the more apt term is, surely, surveillance corporatism.

Indeed, it is only a free market system that could be counted on to support and guarantee any future possibility of privacy, or freedom from surveillance. If enough of us are left free to build network of decentralized social media, decentralized (and properly encrypted) cloud storage, and encrypted communication, then how will it be possible for us to be monitored, except with our very clear acquiescence (as when we write public blog posts)? If we join together in decentralized networks, it will be impossible for us to be subjected to the same sort of surveillance. Well, it will be impossible if we are left alone.

But governments could require that we make our data capable of being monitored. Those politicians and bureaucrats who have insisted on having (probably unworkable) government back doors for encryption fall into this camp. The problem is that progressives and socialists ultimately want to regulate (if not collectively own) pretty much everything. But to do that, they need to surveil everything; they certainly can't permit conversations and economic transactions going on out of earshot.

So let's call such a system of government-sponsored regulation, indeed, surveillance socialism and possibly surveillance corporatism. Unlike "surveillance capitalism," those really would be apt sobriquets, because it would be the essentially socialist demand for regulation or collective ownership that would require our data to be left open to government surveillance—and indeed, perhaps also to corporate surveillance by the wealthy friends of politicians. Such chummy back-scratching is, after all, how market socialism, or corporatism, works.


The challenges of locking down my cyber-life

In January 2019, I wrote a post (which see for further links) I have shared often since about how I intended to "lock down my cyber-life." That was six months ago. I made lots of progress, but it seems I'm far from finished, too.

In that post, I explained three problems about computer technology (viz., they put at risk our security, free speech, and privacy). I resolved to solve these problems, at least in my own case, by executing a lengthy to do list involving such things as adopting a better method of managing my passwords and quitting social media.

So the problem is that I didn't quite finish the job. Finishing the job, as it turns out, is kind of difficult. There's always a little more that can be done. Simple-sounding tasks, like switching browsers, can have aspects that one just never get around to. So in the following, I'm going to discuss the things I haven't actually done. Perhaps in a later post I'll make a to do list that you can use. But first I need to just talk things through.

  1. Stop using Chrome. Well, of course, I did stop; that was easy. I'm not sure when the last time I opened Chrome was. I switched to 95% Brave, but also 5% Firefox for those times when Brave seems to have a weird Javascript issue (what's up with that, Brendan Eich?). But I still have so many questions:
    • What do all of these different features of Brave do, really?
    • Do they really work? Are they adequate? Are there other plugins I should be using on top of what is built into Brave?
    • When I don't want a website to be able to infer who I am, must I use the Tor feature? Does browsing "Privately" help at all? (It deletes cookies, OK, but...)
    • What should my cookie strategy be? Should I generally browse with cookies off?
    • What are best practices for browsing generally? I remember reading a bunch of things in The Art of Invisibility that I thought were good ideas but which I don't think I ever implemented.
  2. Stop using Google Search. I use DuckDuckGo about 90% of the time, StartPage (which uses Google results) for the 10% when I think Google might have better results (which it does maybe 20% of the time, to be honest—that's when I'm dissatisfied with what I get from DDG). Sadly, I do rarely use Google News when I need to look more deeply through the news. So:
    • How do I comprehensively search recent news without using Google News? (I just haven't investigated the question, that's all. There are lots of apps, but are any really comprehensive while also respecting user privacy?)
  3. Start using (better) password management software. Don't let your browser store your passwords. And never use another social login again. So I'm doing pretty well here. I did stop using social logins many months ago and never looked back; if you're already using a password manager, they aren't an added convenience. The password manager I use is Enpass, which is easy to use and allows me to sync directly between my devices and my NAS, bypassing the cloud (unless you want to call my NAS a "private cloud"). My only misgiving is that Enpass is not open source, which means they could be sending copies of my passwords to their servers, and customers (who would otherwise be helped by the OSS community) wouldn't be any the wiser. Now, I guess I trust Enpass, but I'm thinking:
    • Is there in 2019 a password manager that is (1) easy to use (has autofill capabilities in browsers, at least computer browsers), (2) open source, and (3) allows me to sync my passwords across iPhone and two Ubuntu computers (using WebDAV)? I haven't taken the time to look into Bitwarden yet.
    • I have inadvertently saved a few passwords in my browser. Gotta delete them.
    • I am still using old, insecure passwords on many minor accounts I haven't opened in years. I should at least do an audit of the most important accounts I haven't touched in a while (that could pose a danger) and change those passwords.
    • I have to get my wife and younger son using password managers, both for their sake and because *ahem* it's possible they could be a backdoor into my systems.
    • WebDav is a secure protocol, right?
  4. Stop using gmail. Well, I'm mostly done with this; I pay for my own hosting, although the data itself is on somebody else's server, and I use my own domain name (sanger.io). But I still have a Gmail account, and that simple fact is still bothering me. Part of the reason for this is that there are still some accounts I made that made use of my Gmail account, and I might lose control of them if I delete my address. The other problem is YouTube. In sum:
    • Is it adequately secure that I host my own email? I've protected my privacy against incursions by Gmail (as long as there isn't a Gmail user in the thread...), but shouldn't I be using a service that provides zero-knowledge encryption? That would be quite a bit more expensive, I think.
    • Again, I need to review all my old accounts for importance, and switch the email address and passwords from Gmail to my personal email address.
    • Probably, I should turn on a vacation message for a couple of months, just on general principles, before permanently deleting.
    • Wait, is it possible to delete my Gmail account without entirely removing my Google account? Oh good, yes it is.
    • I still haven't downloaded and started separately maintaining my own address book (this is a huge oversight on my part). I think I should do that before deleting Gmail.
  5. Stop using iCloud to sync your iPhone data with your desktop and laptop data; replace it with wi-fi sync. This is mostly done. I mean, I flipped some switches, but completely extricating yourself from iCloud if you've been actively using it isn't simple. I went through a bunch of different menus on my phone. On the other hand, I think my son is still using my account's free iCloud space on the MacBook I gave him (that was when I switched to Ubuntu). So I'm not sure.
    • Investigate thoroughly how to ensure that I'm no longer using iCloud and whether I really for any purpose must use it if I'm going to keep using my iPhone. Pretty sure I don't.
    • Discuss with/negotiate with/frown sternly at son to determine whether he really needs to use iCloud. He likes the "find my iPhone" feature. Ugh.
  6. Subscribe to a VPN. Done! But:
    • Look again into my choice of VPN now that I've been using it for a few months.
    • Should I not perhaps give myself another option? Other people switch between VPNs. I haven't had a need to yet.
    • VPNs might protect you from being protected from unsophisticated identification tactics, but they don't protect you from malicious/tracking cookies (see above), digital fingerprinting, or VPNs who lie and/or collude with governments or criminal organizations about whether they keep logs. What really is the best way?
  7. Get identity theft protection. Done; this is one area where I have nothing further in mind to do.
  8. Switch to Linux. Yeah, baby! Ubuntu installed on my desktop and laptop. Very happy with it. So much nicer in many ways than both Windows and Mac. Not looking back. I very much recommend it. But:
    • I'm not sure I've optimized my systems for security adequately. Need to do an audit.
    • First, I need to do research on what such an audit would look like. Maybe this, maybe more.
    • Ugh, if I'm going to do this right, I need to study Bash more so I can really understand networking (like iptables) better.
    • And then I need to study infosec properly. Something like this?
  9. Quit social media, or at least nail down a sensible social media use policy. I quit and have nothing left to do (as far as I know) with Facebook, Instagram, Quora, and Medium (at least). This is still, however—it turns out—is a huge pain point for me. I'll just dive into the individual issues:
    • I said I'd stay in touch with family and friends via a mailing list. I haven't been doing that. I'm sorry. But there's a huge difference between interacting randomly with people I know and pushing out my personal news to a bunch of people's email inbox.
    • Hence I'm inclined to think I need to start interacting a lot more on some alternative social network. But none seem to be "happening" yet, although there are some. We're getting there; we're getting closer.
    • So maybe I should organized another strike or a mass try-out as I said. But ugh. Both of those are a lot of work and distract from other important priorities. I'm not trying to be a rabble-rouser except to solve my own problem here, honest.
    • YouTube is increasingly problematic. But I still use it. BitChute and others have some copies of videos I want to see, but definitely not all of it. Maybe I should use a proxy/republisher/search provider of some sort, but wouldn't that still enable Google/YT to track me? Well, how would I use it without being tracked—like an anon account I use only behind Tor or something? Is that even feasible? Could I live without it? Should I? (I would be cutting myself off from a lot of stuff I want to keep up with. Are there other ways to keep up with it?)
    • Twitter: well, OK, just in the last few weeks I've started posting more randomly as I used to, not just in promotion of my blog and Everipedia and programming. Again, I'm sorry. I've been a bad boy. I think I should rein myself in. Right? No doubt. I should probably just re-read this. Maybe update it.
    • I gotta think about installing my very own Mastodon instance. It could get big. I have a friend (several friends) who could help. Hmm. This might be a good idea for me. My friends would join. Then I'd just have to get them to interact with me and each other there. Could work!
  10. Stop using public cloud storage. This is 90% done! I installed a NAS, all my files are on it. But:
    • I need to do a proper sync with my desktop instead of accessing via the (convenient, but slow and not right for daily workstation use) browser and mobile apps. (You'd know what I meant if you had a NAS. This is a problem you want to have. You just want a NAS. You will thank me.)
  11. Nail down a backup plan. I have a zero-knowledge encryption service...but in the cloud. So it's done and I think it's secure, but I'm not that happy about it. For backup, I'll switch to another less centralized solution when I am convinced that one works properly with all the features I need; I'm pretty confident that none do yet, but there are plenty of people working on such.) Issues:
    • All righty then, how are those decentralized alternatives coming along?
    • Is zero-knowledge encryption backup really secure? Come on, really? And the service I'm using isn't open source, is it? That sucks.
    • I haven't organized my old backup files (which used to live on a large old external drive) and investigated them generally. I did back them up, right? Surely I did. Need to triple-check.
  12. Take control of my contact and friend lists. Well, I don't store my active contacts in iCloud, so that's a start. The most up-to-date database is the one that is local to my iPhone. I really haven't made much a start on this:
    • I don't use my Gmail address book, but Google still has access to it, so that sucks. Really need to finally delete Gmail so I can delete those contacts. I feel like I'm letting my friends down by letting them keep that data.
    • Pretty sure Microsoft still has some contact data in the cloud as well. Looks like I'll have to fire up the crappy old Windows partition, investigate, and nuke.
  13. Stop using Google Calendar. So here is a way in which I am cooler than you. (There aren't many ways, but this is one.) My calendar works via my NAS. I set it up using CalDAV, which frankly I wouldn't have been able to do if I weren't comfortable with rather geeky stuff. That isn't to say you couldn't engage your geeky friends or family members to set your NAS up with this functionality. I still use the Apple app but they don't have my data; it updates directly with my NAS via CalDAV. I even gave an associate of mine an account for updating my calendar directly, something I wouldn't feel so comfortable doing on gCal. Anyway, no adjustments needed at this time.
  14. Study and make use of website/service/device privacy options. OK, so now this is a bit of a problem. I never really did this properly. I spent many hours, but I was haphazard and I left out a lot of important sites. Indeed there are some sites that perhaps I shouldn't be using at all if I really want to be hardcore about privacy. Let me give a partial list, with notes:
    • Amazon: They're pretty goddamn evil. They do store a hell of a lot of data about you. But I should check them out some more and make sure of my harsh judgment, because just getting rid of them would be pretty difficult. They're so convenient. But the rest of the Internet is very big, you know. I could look stuff up on Amazon without logging in and not using cookies, and then buy elsewhere (e.g., books from Powell's in Portland, or whatever).
    • Netflix: It (like Prime Video, which we ditched) is becoming more like TV used to be, as someone predicted not too long ago. As these services proliferate, you'll have to subscribe to many if you want to have good access. Well, my family went without any access (just DVDs) for years. Didn't do us harm. I know my wife wouldn't complain, except insofar as the boys would complain. And is it really necessary to get rid of a big source of entertainment just to secure your privacy?
    • Expedia: Do they sell my travel data? Well...so should I buy direct from the airlines? Are they any better?
    • Etc. I need to go through assorted other apps I have installed and accounts I have opened, which I have ignored but which might find ways to track me, and which it might actually benefit me to uninstall/remove account. This could extend this to do list very long indeed.
  15. Also study the security and privacy of other categories of data. I haven't done this at all. Another long list, in each case asking: well, what are my risks to security and privacy, and how can I mitigate them?
    • banking data
    • medical data
    • automobile data
    • telephone/cell data
    • credit card (including shopping) data: Is it getting quite unreasonable to make a regular habit of buying gift cards and using them to avoid putting all that shopping data out there? Well folks, I'm not afraid to admit that I'm thinking: maybe.
  16. Figure out how to change my passwords regularly, maybe. I've been thinking about this one and I'm fairly sure I'm not going to bother with most, but I do have more refined ideas about how to approach this. I think this is reasonable (comments welcome):
    • Make a list of unusually sensitive passwords. Not too many (maybe 5-10) or you won't do the next step:
    • Change those ones quarterly.
  17. Consider using PGP, the old encryption protocol (or an updated version, like GNU Privacy Guard) with work colleagues and family who are into it. I looked into this but never followed through. Won't take long. Just need to take the time, and then start using it with those very few people who are geeky enough to use it as well.
  18. Moar privacy thangs. None of these are done.
    • Buy a Purism Librem 5 phone. Just to support the cause. I might actually do this, but I've been waiting for more evidence that I'd actually, you know, want to use the damn thing. But I sometimes think I'm morally obligated to spend the money anyway, because the thing so badly needs to exist.
    • Physical security key. Maybe just for the laptop, when I'm traveling. I have one. I might get a different one (since this one was given to me, and so...). The biggest trouble is to pick one out and then learn how to use it.
    • Encrypt my drives. Is that even possible after I've started using them? No idea. Is it really worth it? Don't know. Need to investigate.
    • Credit card use for shopping. I could buy some prepaid credit cards or gift cards; this is a Kevin Mitnick suggestion, which he goes into in great detail in The Art of Invisibility. I might not go into all of that as I am not a federal criminal. My wife, who is also not a federal criminal, might go in for this as she is soo private. "How private is she?" you ask. She's so private, she would probably not want me to say that she's very private. True!

What have I left out? A fair few of my readers know all this stuff better than I do. Can you answer my questions? Please do so below.


Toward a social contract for social media

Last week, I led a "strike," or boycott, associated with the hashtag #SocialMediaStrike, directed at the giant, centralized social media services. Though throttled by Twitter and no doubt by others, the brief campaign led to massive use of the hashtag, many people carrying out the strike, as well as dozens of news stories from around the world.

Here I will tell the story of what happened, make some observations about what we might do next, and then make a rather specific proposal, what we might call a "social contract" for social media companies.

What happened

Let me tell the story briefly, from the beginning.

I joined Facebook around 2006 and Twitter in 2008; I never felt quite right about them, and my objections piled up over the years. After I decided to lock down my cyber-life, I abandoned as much of social media as possible. Facebook was a challenge, but I permanently deleted my account, and haven't looked back. It wasn't hard to leave Quora, Medium, and Instagram. But I was still on Twitter for career reasons, and it bothered me that I had abandoned my Facebook friends. I thought, "There's got to be a way to get my friends to join me on some alternative social media network." But how? Then it occurred to me that if somebody made a browser plugin for my friends, that would insert my posts on Minds (for example) into their feeds on Facebook, and which would enable them to reply to me, that would go some way to making different social media networks interoperable. This idea got a lot of play on Twitter.

The more I thought about it, the more I decided that the lessons I had learned as part of a blockchain company since September 2017 (Everipedia) were applicable to social media as a whole: the whole social media system needs to be decentralized. What does that mean, exactly, though? There are several ways to think about it:

  • We should own (ultimately control the distribution of) our own data. Nobody should be able to shut us down, just as nobody can shut down our blogs.
  • We should have total control over our own feeds, i.e., our user experience as we use social media apps. This includes the sorting algorithms
  • Social media apps should not be "silos." They should share data; they should be interoperable; if you post on one, your data should be available on all the others (that do not specifically block you or your post).
  • More than just sharing data, the data they use should be entirely independent of the apps that contain them. That means social media apps become, essentially, social media readers analogous to blog/news readers.
  • To continue the analogy, just as blogs and blog readers exchange data via the common (practically universal) RSS standard, so social media readers should exchange data via a common social media standard.

My employer (Everipedia) kindly supported me as I spent some time developing this idea in speeches and a Wired article. In writing the latter article I hit upon the idea of using social media to organize—ironically, sure, why not?—a social media strike, and to write the Declaration. Whoever I talked to about it loved it. It resonated for people with both left politics and right. That's interesting and perhaps unexpected, because it is an idea that ultimate concerns Internet politics itself. It turns out that when it comes to Internet politics, almost everyone is still essentially "liberal": we all want to be free to publish and to be in control of our own experience. (Matters, of course, are different when we consider whether we want other people to be free to publish and to be in control of their experience. But when it comes to our own, we want to be in control.)

That was last March. I had several months to organize something bigger and more formally, by reaching out to a lot of influencers and get them on board as early signatories of a Declaration of Digital Independence, but whenever I started to make cursory movements in that direction, I frankly lost heart. The reason, as I eventually realized, was that the only way I was going to do this is by reaching out to regular people through normal channels, out in the open—you know, real grassroots organizing. Everything else felt (and might actually have been) philosophically inconsistent. So a little over a week before July 4, I got to work.

I cleaned up the various documents and started pushing them out on various channels, but especially on Twitter.

At first it looked like it was all going to be a dud. Then, slowly but surely, different "blue check marks" and then news outlets started showing interest. When the BBC and Fox News' Tucker Carlson took an early interest last Monday (July 1), that really opened the floodgates. Here's a list of coverage a colleague collected:

  1. https://www.youtube.com/watch?v=nK6BHGu9SD4 (Tucker Carlson interview)
  2. https://twitter.com/questCNN/status/1147240877892481031 (CNN interview)
  3. https://www.cnbc.com/2019/07/05/wikipedia-co-founder-larry-sanger-slams-facebook-twitter-social-media.html (widely distributed and discussed)
  4. https://finance.yahoo.com/news/wikipedia-founder-calls-for-social-media-strike-to-protest-power-of-giants-like-facebook-184501284.html
  5. https://www.bbc.com/news/technology-48825410 (ditto; first major coverage)
  6. https://www.newsweek.com/reddit-technology-social-media-strike-larry-sanger-facebook-twitter-1447549 (ditto)
  7. https://nypost.com/2019/07/02/wikipedia-co-founder-calls-for-social-media-strike-over-privacy-issues (ditto)
  8. https://www.zerohedge.com/news/2019-06-29/wikipedia-co-founder-unveils-declaration-digital-independence (first coverage by anyone, I believe)
  9. https://thenextweb.com/tech/2019/07/04/reddits-r-technology-goes-dark-as-part-of-socialmediastrike (/r/technology's blackout in support was widely reported)
  10. https://www.spiegel.de/netzwelt/web/larry-sanger-wikipedia-mitgruender-ruft-zu-social-media-streik-auf-a-1275236.html
  11. https://www.elpais.com.uy/vida-actual/motivos-cofundador-wikipedia-llama-huelga-redes-sociales.html
  12. https://www.repubblica.it/tecnologia/social-network/2019/07/01/news/wikipedia_lancia_sciopero_social_stop_il_4-5_luglio_per_un_sistema_piu_libero_-230074747
  13. https://thehill.com/homenews/451471-wikipedia-co-founder-wants-two-day-social-media-strike-to-highlight-privacy-issues
  14. https://www.theregister.co.uk/2019/07/01/wikipedia_founder_calls_for_social_media_strike
  15. https://observer.com/2019/07/wikipedia-founder-larry-sanger-july-4-social-media-strike
  16. https://www.salon.com/2019/07/03/wikepedia-co-founder-plans-social-media-strike-will-it-work
  17. https://www.marketwatch.com/amp/story/guid/D29FC838-9D0E-11E9-956A-E9AF1A718551
  18. https://www1.cbn.com/cbnnews/world/2019/july/wikipedia-co-founder-calls-for-social-media-strike-july-4-5
  19. https://siecledigital.fr/2019/07/01/le-cofondateur-de-wikipedia-invite-a-la-greve-des-reseaux-sociaux
  20. https://www.rp.pl/Spoleczenstwo/190709913-Tworca-Wikipedii-wzywa-do-strajku-w-mediach-spolecznosciowych.html
  21. https://fossbytes.com/wikipedia-co-founder-social-media-strike
  22. https://twitter.com/BBCTech/status/1145654230558134274
  23. https://ici.radio-canada.ca/nouvelle/1205730/greve-facebook-twitter-larry-sanger
  24. https://twitter.com/JeanneCBC/status/1145723863210352641
  25. https://twitter.com/GarethM/status/1145712804118351874
  26. https://pawoo.net/@masterq/102365444906120134
  27. https://gizmodo.com/wikipedia-co-founder-picks-a-nice-day-to-log-off-1836017140
  28. https://www.presse-citron.net/quand-le-cofondateur-de-wikipedia-appelle-a-la-greve-des-reseaux-sociaux
  29. https://libertysentinel.org/wikipedia-co-founder-boycott-social-media
  30. https://themerkle.com/can-a-social-media-strike-be-pulled-off-in-2019
  31. https://samnytt.se/social-media-strejk-utropat-den-den-4-och-5-juli
  32. https://www.reddit.com/r/technology/comments/c7g36c/social_media_strike_proposed_for_july_45_by
  33. http://mugayir.com/wikipedia-ceosundan-sosyal-medya-boykotu-icin-cagri
  34. https://actualidad.rt.com/actualidad/320005-cofundador-wikipedia-convocar-huelga-redes-sociales
  35. https://elpais.com/tecnologia/2019/07/03/actualidad/1562153010_528990.html
  36. https://www.commondreams.org/news/2019/07/01/demanding-users-fight-data-and-privacy-protections-wikipedia-co-founder-calls
  37. https://www.observalgerie.com/style-de-vie-et-loisirs/hitech/cofondateur-wikipedia-appelle-greve-reseaux-sociaux-4-5-juillet
  38. https://www.reddit.com/r/tech/comments/c7ipl7/social_media_strike_proposed_for_july_45_by
  39. https://twitter.com/thehill/status/1146384654578196481
  40. https://wnd.com/2019/07/wikipedia-co-founder-urges-social-media-strike
  41. https://www.numerama.com/politique/530423-le-cofondateur-de-wikipedia-vous-invite-a-faire-greve-avec-lui-contre-facebook-twitter-et-youtube.html
  42. https://www.reddit.com/r/IAmA/comments/c8s87d/im_larry_sanger_wikipedia_cofounder_everipedia/
  43. https://www.newsmax.com/newsfront/wikipedia-social-media-data-privacy/2019/07/03/id/923114/
  44. https://www.verdict.co.uk/decentralised-social-media
  45. https://twitter.com/PrisonPlanet/status/1147122675917185024
  46. https://summit.news/2019/07/05/wikipedia-co-founder-slams-zuckerberg-big-tech-for-appalling-internet
  47. https://twitter.com/bitchute/status/1147336649883283456
  48. https://reclaimthenet.org/larry-sanger-twitter-facebook
  49. https://reclaimthenet.org/larry-sanger-declaration-of-digital-independence
  50. https://twitter.com/svbizjournal/status/1147558662950592519
  51. https://www.bizjournals.com/sanjose/news/2019/07/05/larry-sanger-wikipedia-social-media-strike-fb-twtr.html
  52. https://www.standard.co.uk/tech/social-media-strike-larry-snager-internet-dark-a4183046.html
  53. https://www.cnet.com/news/reddits-rtechnology-goes-offline-for-july-4-social-media-strike
  54. https://www.curvearro.com/blog/why-social-media-is-ready-to-go-on-strike
  55. https://tribetica.com/can-a-social-media-strike-be-pulled-off-in-2019
  56. https://uk.news.yahoo.com/social-media-strike-why-favourite-083241784.html
  57. https://world.einnews.com/article/489949068/7umkU6G_w9ukLXsk
  58. https://inside.com/campaigns/inside-social-2019-07-05-1568KII3/sections/wikipedia-co-founder-calls-for-social-media-strike-121855

There was probably more. Despite this amount of coverage, I don't think the story ever trended on Twitter or Google News.

That the effort was throttled by Twitter is obvious. Tweets were placed behind "sensitive content" warnings—never with any explanation, but often with high irony—even when I merely shared one of Twitter's own memes with the #SocialMediaStrike hashtag. There also seemed to be games going on with the hashtag itself.

What inroads did the effort make? There were a few notable "blue checkmark" supporters, but on the whole the result was a creature of grassroots efforts and direct reporting on those efforts. No major politician supported it; no A-list conservative or libertarian YouTube star or pundits supported it; no high-ranking lefty, rightly complaining about "surveillance capitalism," joined; none of the leading Silicon Valley darlings, often critical of social media, joined; etc. In short, the Establishment pretty much uniformly took a pass—except, oddly, for the massive amount of news reporting as I said, and despite that reporting.

The lack of Establishment up-take I chalk up to the fact that it was started as a grass-roots effort and thus was beneath their notice; presumably, their support would need to be courted in advance. But as I said, I specifically decided not to court their support in advance. I'm not particularly sorry I didn't, even though clearly it would have been a bigger deal if I had. It would have been bigger, yes, but the rank and file would be wondering much less about the genuineness of the movement. Besides, I'd have to worry about movement politics and personalities. What we've demonstrated is that this movement has legs without any A-list endorsements. And I don't count myself in that group. I'm a B-lister at best. Heck, I've only got 6,000 followers and Twitter gave me my own blue checkmark only a couple months ago. My interest will continue to be that of a disgruntled social media user who also happens to be a casual Internet theorist.

Next steps: some notes

After announcing that they were back from the strike, many people asked what the next steps were. Some suggested we do another, longer strike; I'm not opposed to that. Many suggested that we start new social media networks; I think some of these people really didn't realize that there were plenty under development. Representatives of several alternative social media networks reached out to me, including CEOs of two or three well-known ones. It's all been quite confusing and so you'll have to give me time to get it sorted out, especially since I'd like to be doing other work too, of course. Helping to organize this effort is at best a temporary sideline for me.

First, then, let me make a few observations about future strikes:

  • We still haven't shown the whole world that there is a massive latent demand for decentralized social media and data self-ownership.
  • Simply doing another strike (perhaps a longer one) might be more effective than last week's strike.
  • But a similar strike anytime soon would almost certainly be ignored by the press and many potential participants. It would be better to plan any follow-up strike for some time months from now—even next year on the same days.
  • There doesn't have to be a centrally organized strike. You can declare yourself to be on strike on any social network you like, and maybe repeat the message daily or weekly, and then don't interact except to promote your strike.
  • Here's the thing. If there's going to be another big organized strike, I'm not going to be the one to organize it. I'm a reluctant organizer of this sort of thing, to be honest. As I said, I'm not a specialist or working full-time on this stuff. So someone else, or some other organization, would have to organize it. I might well participate, though, if someone else organizes it.
  • Another proposal I saw is to have regular planned strikes, like once a month. This strikes me as unlikely to make big inroads, but of course it all depends on execution.
  • There's a whole aspect of any such effort toward data ownership, privacy, and decentralization that might need special attention, I think: teaching the ignorant. A common reaction to the strike was, "Wait, why should we care about privacy again?" I explained that before, even why we should be hardcore about privacy, but much more needs to be done on this. Similarly with free speech. So many people, especially younger people, have never learned why free speech is so important.

But there are maybe more important issues aside from any strike:

  • I'm not aware of anything like an industry-wide agreement or commitment to interoperability and to settling on common standards. I'm interested in helping to broker that or to kick it off, although I probably wouldn't want to participate, as that is not my area.
  • I'm not interested in endorsing or joining any social media companies as an adviser. Though I am often asked, I am an adviser to almost no one. Thanks for asking.
  • In my Wired paper, I describe "mass try-outs," i.e., as many people as possible descends en masse on one particular social media alternative, then another one a week later (or whatever), for as long as necessary.
  • Here is a message for alternative social media CEOs: there is strength in numbers. If you fight each other for the giants' table scraps and leftovers, you'll get nowhere. If you join forces to make each other interoperable and to organize mass try-outs, you'll not only get a massive amount of publicity, you'll get a massive amount of new users. A rising tide lifts all boats. Please act on this observation.
  • I'm happy to try to bring you together for these purposes, if you're not already making satisfactory headway, but I don't want to be part of the organization. That's your business, not mine. I have no interest in being an interloper. This is not just because I don't like to be rude, it's because I don't know you or trust your organizations (yet), and I would like to stay independent of the fray.
  • I do have one piece of advice for such an organization: you can't include all alternative social media organizations in the biggest, most serious mass try-outs (I think), like every little Mastodon instance. Some will not make the cut, because they're not big enough.
  • That said, if you (social media companies wanting to organize mass try-outs) want massive grassroots support, the best way to organize which sites to follow is to use some objective and publicly-verifiable metrics of engagement, such as Alexa or Quantcast, number of social media mentions, or something else like that. Another option is to agree on a list of judges, and they democratically determine a list of n networks to do a "mass try-out" on.
  • Of course, the also-rans should also have their (perhaps briefer) day in the sun. But the main event will feature some of the unquestionably leading alternative social media networks and will have more days and more publicity, naturally.
  • That is, as long as they really are provably committed to decentralization, self-ownership of user data, and interoperability. But we would have to determine their bona fides.

So what should we do next?

Proposal: A social contract for social media

Here is a proposal that I would like your feedback on.

I'm thinking of trying to get the CEOs of alternative social media companies—and then, perhaps, the big ones—to agree to a set of principles.

Once agreed and signed, I would be happy to help broker an announcement that a deal, along these lines, had been reached.

And then we could do some "mass try-outs" of at least some signatories, in conjunction with a new social media strike. But I think the first step is to get the alternative networks on board.

What principles? I don't think the Principles of Decentralized Social Networks is specific enough. What we really need to do is to operationalize those very general principles. So, something like this:

  1. We, representatives of social media networks agree to work with each other to adopt, adapt, or create a single, commonly-used, commonly-developed, and mutually satisfactory set of standards and protocols for making our networks interoperable, regardless of what other and underlying technologies we may use.
  2. "Interoperable" networks are those in which, at a minimum, posts that appear on one network can appear on other networks of a similar kind. Thus if one network supports microposts only, then microposts that originate on other networks can appear there. Similarly with longer posts, images, videos, and so forth.
  3. We will make diligent efforts support what might be called personal social media accounts as soon as available, so that there is support for peer-to-peer social media that does not require any networks or instances at all. In other words, these would be user-owned social media accounts, made according to standards that enable a person to post a social media feed entirely independently of any social media network. We will work diligently toward offering full technical support for users to post directly from feeds they directly and individually control onto our networks.
  4. As we become more fully decentralized, we will make user data fully portable. In other words, when a fully decentralized and interoperable network comes online, we will enable users to export their data in a format that allows them to host the "ur-version" of their data elsewhere.
  5. There is no requirement that our networks must carry all types of social media content; we may restrict what we carry by medium. Some networks may focus on microposts, others on blogs, and still others on photos or video. The standards and protocols should cover all uses of all these media, sufficient to specify how they are used by the big social media networks. As distinct new kinds of social media are invented, these too should be specified as well.
  6. It is also to be expected that we will support all features supported by the standards and protocols. For example, while some networks might support a wide variety of "reaction" features, others might have just "like" or "dislike," and some might have none at all.
  7. We, the social media networks that are party to this public pledge, each retain the right to moderate all content that appears on our networks. Neither any central body nor any specially commissioned organization has the right to determine what may and may not appear on our networks. We may be as open, or as restricted, as we wish.
  8. We acknowledge that there are other serious problems associated with decentralized networks—such as, perhaps especially, spam and problems associated with real-world identities. We will work diligently to solve these problems in a way that does not create a potentially corruptible system, or an ideologically-driven system of viewpoint-based censorship.
  9. Whether or not our own projects will support a private messaging service, the standards and protocols we support will include end-to-end, strong encryption for individual private messaging as well as private group chats.
  10. The only requirements for a network to be join this decentralized system are neutral technical protocols; the only requirement for a person to create an account will be purely technical ones. There will be no application or vetting process, any more than there is for the registration of a new domain name, blog, or email provider or address.
  11. The standards and protocols we adopt will be open source, not proprietary.
  12. We will create or place our trust into, and continue to support, an open and democratic organization that manages these standards and protocols. We may and should be expected to object if we notice that biased or corrupt procedures, particularly those operating behind the scenes, are shaping the development of these standards and protocols.
  13. We will particularly resist incursions by governments and giant corporations that attempt to hijack the standards and protocols for purposes of censorship, surveillance, or profit-making opportunities not open equally to all.
  14. We are committed to ease of use—so that people can enjoy the full benefits of owning their own data and participating in a decentralized social media system without installing their own server or doing anything else that requires technical skill beyond that of the plain non-technical person.

Please read that over and let me know what you think.

I propose that social media CEOs negotiate with each other on some such set of principles, then all agree upon them. The benefits of doing so would be tremendous:

First, this should light a fire underneath all and create a mutual, shared understanding about the ultimate goals of the new social media architecture. It would constitute a "Manhattan Project" for redesigning the Internet (or, as one organization has it, "redecentralizing" the Internet).

Second, it should also give users enthusiasm about alternative social media, by giving them some assurance that networks they reward with their participation today will remain true to certain basic principles. This is, as Internet entrepreneurs can surely agree, very important.

Third and finally, this will also give journalists, commentators, and technical professionals commonly-agreed grounds for criticizing the big social media networks. Perhaps they will want to claim to be moving toward decentralization; but if they cannot satisfy the requirements of this agreement, we can deny that they actually are decentralized. If the public shows tremendous support for decentralization in the sense that is agreed to, this will make it ever harder for social media giants to resist moving toward a decentralized future.

I know I haven't come to grips with all the issues involved here, and I know there are real experts who have. So help me to edit (or completely rewrite) the above so that it is something that we should expect social media networks to accept—assuming they really do take decentralization seriously.

The above is a very rough first draft at best. How should these principles read? Please discuss below.


Thanks for striking

Let me express my extreme gratitude to everyone who signed the Declaration of Digital Independence and went on social media strike July 4 and/or 5. I'd also like to thank the many reporters who picked up this story.

I'm cognizant that this attention represented some trust of me, i.e., that I wouldn't hijack this movement for selfish and profit-making ends. I've been a heavy social media user since the late 2000s and I'm basically just a disgruntled customer. Since from my small platform I can help organize people online, I thought it was my duty to try to do so. Let me reiterate that I don't want to start or join an organization or represent any social media company, etc. My interests lie 100% with the users. It is now easy to see the massive latent user demand for decentralized social media, and I want to keep pushing into motion its mass adoption.

Tomorrow or the next day I'll have a couple new posts for you with a more detailed debriefing and suggestions for next steps. If you want to give me (and everyone reading) some advice, please feel free to use the discussion below for that purpose!


How to write an app (that respects privacy and supports security)

Some difficult-to-meet requirements

  1. Be open source. Don't make users have to trust your black box. I don't want to have to trust you. I don't know you.
  2. Don't just release your in-house source code. Develop in public; practice outreach to OSS developers to loop in others; make distributed code reviews a standard practice.
  3. Be fully open source. Don't depend on proprietary vendors or use APIs that, for example, make sensitive user data open to systematic collection.
  4. If you must keep some of your server-side code private (it could happen), then hire a third party to do public, independent audits of security and user privacy issues. I don't want to take your word for it. The more often an audit is performed, the better.
  5. Don't use a business model based on selling or datamining user data. Prefer subscription, non-targeted ad, and other non-intrusive models. Maybe tokenize. Prove to your users that this is your business model, and go on the record loud and clear that it is.
  6. Have a clearly-worded privacy policy that (as much as possible) lacks vague language and is highly specific about exactly how user data is used. Make many clear positive assertions about what you do and don't do with user data, in various categories that users might worry about. Include a non-legalese gloss of both the main document and the latest updates.
  7. If you have a cloud app with any data that some users might reasonably want to be kept private (which is almost all cloud apps), store the data using zero-knowledge encryption or other similarly secure tech whenever possible.
  8. When private user data needs to be processed, do it client-side, not server-side, so that you don't need to see the data.
  9. Use strong, standard, end-to-end encryption for all user-to-user communication features.
  10. Obviously, follow best modern practices when it comes to user authentication. E.g., save hashes of user passwords.
  11. If you must make it easier for users to log in by using social media/OAuth logins, then at least give users the clear and prominent option of using their own password for your site. (I strongly advise users to use their own passwords, tracked with a modern, secure password manager. Social media logins are a backdoor for corporate surveillance.)
  12. Conspicuously distinguish between public and private data. Of course, sometimes users don't care about privacy; they want the widest possible exposure for a public post or profile. Just make it really, really clear what information is exposed to whom, and especially whenever anything is not 100% private (and kept that way through encryption).
  13. Support various kinds of two-factor authentication.
  14. Don't keep unnecessary logs of user/visitor data. Never use feckin' Google Analytics!
  15. Make it hard for governments to get user information out of you. The best way to respond to government information requests when you run a private service is with, "We do not have access to that information. It is never sent to or recorded on our servers, or if it is, it is done so in an encrypted format."
  16. Make your mailing lists and notifications opt-in, for the love of all that is holy.
  17. Don't force users to use your proprietary mobile app. Some of us like to use browser versions because we the user have more control and transparency about what the hell is going on.
  18. Speaking of transparency, be totally transparent to OSS devs and regular users alike about how your app works and allay any concerns they might have.
  19. Clarify where your management and developers live and where your offices are located. If we can't find out who you are, how can we trust anything you say about yourselves?
  20. All of the above goes double if you live in a country that is associated with hacking or a highly intrusive or totalitarian government, or if you have any other red flags that might make users worried about their privacy or security when using your app.

I've reviewed and installed a lot of software lately and have designed (if not coded) a lot over the years. As a consumer, this is the ideal I'm after. I'm not sure I know of many consumer web apps that satisfy all of these "requirements." But this is what we need if we want to respect privacy and help users with their security.

I might add more to this list as I think of more things. If you have additions you think I should make, please list them below.


How I got rid of Google calendar

It was about 2013 that my friend Terrence Yang told me I should be using Google Calendar, because everybody was using Google Calendar. So I did. And he was right: almost everyone else was using it, as far as I could tell. There was a period between approximately 2015 and 2017 when I was getting Gcal invites from all sorts of different people. You could just about assume that everyone was, indeed, using Gcal, and were happy to receive Gcal invites. I sent quite a few myself. For several years I was very impressed by the convenience of Gcal. Weren't we all?

But, as it became increasingly clear that Google simply doesn't care about my privacy, I grew less excited about its convenience. The fact that I could easily send an invite to someone else who probably also uses Gcal no longer seems so impressive.

Now, maybe it's just me, but in the last few years, the number of Gcal invites I received has dropped, and this is not been for lack of meetings. People just stopped sending me so many of them; I've frequently had to add meetings to my own calendar. But I found that it wasn't that hard. I had forgotten that it is pretty easy to do it yourself, even if you don't use Siri.

So, when I decided to lock down my cyber-life, I knew one thing I wanted to do was to stop using Gcal. Who really knows what Google does with this data? There were still people who sent me invites occasionally (I actually received one while writing this), but I didn't care about that; I could add the meeting info myself, or maybe make use of the .ics files that come with automatic meeting invitations.

But I couldn't just quit Gcal. It is a cloud-based service that makes it so easy to sync data across my devices; I need my phone and my laptop and my desktop to have all the same calendar data available all the time. But I decided I didn't want that data in the cloud—or rather, not in the public cloud. A few weeks ago, I set up a NAS, i.e., my own private cloud. The NAS vendor makes awesome software, including calendar software. I knew it was only a matter of time before I switched from Gcal, drawing data from Google servers, to Synology Calendar, drawing data from my own private NAS.

Recently, I made the plunge. Here's what I did.

  1. Exported all my data from Gcal. Not hard. The data is exported in the standard .ics format, which any calendar app should be able to use.
  2. Imported my data into Synology Calendar, stored locally on my own machine. The data doesn't make any round trips to Synology servers, by the way. Why would it? It's my own server!
  3. Set up CalDAV on the NAS. CalDAV (an extension of the WebDAV protocol) is a calendar data protocol. So basically what this means is that I enabled the NAS to act as a server for the calendar data, i.e., so it can be edited by all my devices, and maybe most importantly, by my phone. This was maybe the most technically difficult part, but still not hard.
  4. Set up the Apple Calendar app (which doesn't send data to Apple, the privacy hounds on the privacy subreddit assured me; I checked) to get and send data from and to the NAS via the CalDAV protocol. In practical terms, this basically just meant putting in a server address, a username, and a password in the right places on my phone. Easy peasy.
  5. There was one person who depended on the fact that I was using Gcal, who made lots of appointments for me. I knew I was going to have to get her started using the NAS system. So I gave her detailed instructions (this took the longest out of everything), which must have been good because she had everything hooked up in 10 minutes.
  6. We did some testing to ensure that everything worked correctly on all devices, data was syncing, invites and alerts were being sent, etc.
  7. Finally, I deleted all my calendar data from Google servers. Yes, I stuck the knife in and twisted it in the heart of Gcal. So satisfying.

"But," you say, "surely the new system surely can't work as well as Gcal. You sacrifice convenience for privacy. I wouldn't want to do that."

Au contraire, dear reader, it works just as well as Gcal. I have pretty high standards and skills when it comes to software use. I'm quite happy with what I have. For one thing, I haven't switched apps on my iPhone. (I looked for an open source calendar app for the iPhone that supports CalDAV; I couldn't find one.) The data there looks and acts exactly the same as it did before.

Also, the Synology Calendar app for my browser is every bit as fully-functioned as Google's calendar app. Yes, I can have multiple calendars, e.g., one for work and one for personal stuff. Yes, I can make and send invites, and when someone accepts an invitation, my calendar shows that (we checked this out). Yes, optional alert emails are available. Yes, the UX of the Synology Calendar browser app is absolutely fine—no worse than Google's. In some ways, maybe better. Yes, get this, if I want Siri to make appointments for me, it will do so. (Of course, that means sending a sound file to Apple servers with private info about a meeting, which maybe I'd rather not do.)

So, are you jealous? My set-up does everything Gcal does, and it is 100% Google-free and runs on my own machines as well.

I know I'm privileged by having money, time, and technical sophistication to set up my own NAS to do this sort of thing. But you don't have to be rich, and you don't have to be a programmer or system administrator. For a NAS like I have, you just have to spend about as much money as you would on a new desktop, make configuring it your hobby for a while, and be a "power user," which I'm guessing most of the readers of this blog are. Or you know some geek you could impose on, or maybe you could hire someone.

The point is, probably, you, too, could escape the clutches of Google (or at least Google Calendar).

Here are the Google products I once did but no longer depend on: Search, Chrome, Gmail, Docs (for my personal documents; colleagues still use this so I have no choice in their case), Drive, Maps, News, Analytics (yes, I finally removed all traces of Analytics from this blog), Translate, ReCaptcha—and now, Calendar.

My de-Googlification task list now has only two more entries, I reckon:

  1. Delete all my contacts/address book info. I could probably do that right now, but I want to make sure I do it right. Synology has yet another WebDAV tool that enables me to sync my contacts via my browser. I don't want to delete my Google contacts until after I've set that up.
  2. Actually delete my gmail account. (I can do that without deleting my Google account.) I'm pretty sure there's nothing stopping me from doing this now, apart from transferring my contact info.

The one Google product that I'm not sure I'll be able to give up is YouTube. My channel has got almost 8000 followers and a lot of kids depend on that content. And I'm thinking of starting an interview series. Besides, insofar as my colleagues expect me to keep using Google Docs, I can't simply delete the account for good. I'm still trying to persuade them to install a NAS.


How I securely sync my passwords (and why you should, too)

With a uber-geeky bonus: How I synced my Enpass passwords over my Synology NAS using WebDAV

You need a password manager that syncs

Let's begin with what I hope will be a useful review.

You should be using a password manager. What's that, and why? A password manager simply holds all your passwords and makes them easily available to you. You need one because (a) you need to have strong passwords, or else your web accounts (which can contain really sensitive info) can be easily cracked; (b) passwords, to be strong, must be different on every site and very complex (and so hard to memorize); (c) you can't possibly memorize that many strong passwords; (d) copying and pasting passwords from some plain-text repository, let alone typing them in, is a pain nobody needs.

Password managers solve all these problems for you. They (a) check that your passwords are strong; (b) make it super-easy to generate strong new ones; (c) make them all available if you simply memorize one strong password; (d) auto-fill your passwords in forms on all your devices.

But in our multi-device lives, there's yet another problem: you need to sync your passwords across your desktop, laptop, and mobile devices. It's a royal pain, isn't it? Of course it is. How do you do it? Well, let's talk about some suboptimal solutions, to help explain why I went to some rather great lengths.

You could shuffle a document back and forth between devices, e.g., by email or a messenging app. But that's a royal pain.

If you're more clever, then you'll have a single document that is accessible using all devices. For example, maybe you keep yours in a Google Doc. That would be a bad idea, because Google employees could easily see your passwords, and if anybody else got a hold of the document, they can just make a copy and you'd be none the wiser. You really need an app, not a document.

This is why password managers apps work on computers as well as handheld devices, on multiple platforms. The one I use, Enpass, is open source software (UPDATE: oops, no it’s not: https://discussion.enpass.io/index.php?/topic/210-open-source/) that works on pretty much every consumer platform. But how do the passwords get synced? Each instance of the app, on your different devices, has its own copy of your password data. Well, the even cleverer solution then is to sync your passwords "in the cloud." The password manager software company will hold your passwords for you, as a service, on their servers. That's "the cloud" in action. Then, if you're on your desktop PC and you update your password manager with a new password, the change is quickly reflected on your phone, where you can use it quite easily. Neat!

Your password manager should use zero-knowledge encryption for syncing, at least

Here's the thing. The cloud is kinda evil. I know that's a cranky sort of thing to say, but I'm getting old and therefore I'm permitted to say cranky things.

I am only slightly joking. The evilness of the cloud is actually rather well demonstrated by the situation with password managers.

Suppose your passwords are sent, via an encrypted connection, to the company's servers. Suppose they're even encrypted there, making it especially difficult for anyone to hack your password collection. But you still have to trust two things: the honesty of the password management software company, and their own security practices, which ensure that external forces cannot hack into their (encrypted) database.

There's a very cool bit of tech you can look for in password managers that solves the latter problem very handily: zero-knowledge encryption. Basically, the company stores a completely encrypted copy of your passwords on their servers. They couldn't read it even if they wanted to, because they don't have the key to unlock it. Only you can unlock the data file, because only you have the key. Neat, huh?

(It's called "zero-knowledge," obviously, because the company doesn't know anything about the information stored on their servers. They know it belongs to your account, but that's it. All cloud services should use zero-knowledge encryption, but very few do. Ask yourself why they don't.)

Now, this is probably adequate security for most people. But it's not good enough for me. I don't want the password manager company to touch my passwords. They're very valuable, right? You still have to trust the company; there's all sorts of things that could go awry, or they could intentionally update the software in a way that would undo the encryption. (Or maybe just for select users that the government asks to spy on. If I lived in China or Saudi Arabia or were a spy or government whistleblower, I'd worry a lot about this.)

Use FOSS and self-host, if you want to be an uber-geek

One of the great things about FOSS (that's geek-speak for "free, open source software") is that nobody has ultimate control over it, because anybody can fork it, i.e., make their own copy and take development in a different direction. That's because the license specifically permits that, and the development happens all out in the open. If the project is big enough, then there are at least several (sometimes, hundreds of) developers looking at new code being checked in. If somebody checks in something that's dangerous or privacy-violating, the FOSS developers (a notoriously privacy-jealous bunch) will put a stop to that noise in short order.

So if you want to use zero-knowledge encryption in your password manager, great, but make sure the software is FOSS, because then it becomes even harder for people to play tricks with the software.

You know what would be even better, though? If you never have to transfer your encrypted password file to somebody else's server in the first place. In other words, host it your own damn self.

But how, you ask? Well, there aren't very many solutions that are available to the non-geeky. In fact, I'm fairly sure all of the self-hosting solutions push the needle fairly high on the geekometer.

If you want to self-host and you want your password database to be accessible to all your devices, regardless of where you are, what does that mean you have? A server. There are a couple ways to set up your own server.

One is to use your desktop computer (or even an old laptop) and plan on leaving it on all the time. You could install NextCloud on the machine, which transforms it into a server. Like, wow, that's cool. If you're a geek. But because geeky things are now cool, that's just cool, period.

Another is to use a NAS, or some other dedicated server, i.e., a computer that is specifically set up to talk to other computers over your LAN (local-area network; your home or office network) and over a WAN (wide-area network; here, the Internet).

Bonus: How I set up my Enpass passwords to sync over my Synology NAS using WebDAV

I ended up choosing a NAS over installing NextCloud on my desktop. I further chose a Synology NAS. This evening I finally decided to sit down and start hosting my passwords on my NAS. How?

I'm not going to give you all the steps in detail.

(1) You need to get an SSL certificate for your server, i.e., the thing that allows you to use https: and not just http:. Why? Because you'll be using WebDAV to update information on your NAS, and WebDAV (being an Internet protocol) needs to be made more secure by encryption. While your data should be encrypted by your password manager, another layer of encryption is important. So get this done. By the way, Synology comes with a self-signed certificate, which will make Enpass complain. You'll have to check a box saying that you want to ignore this complaint. But you shouldn't do that.

By the way, if you don't have a permanent URL for your NAS (for this, you'll have to use DDNS), you'll have to solve that problem first. You can't use an IP address.

2. Set up a WebDAV server on your NAS. In other words, a server process on your server device. WebDAV, as Everipedia puts it, "is an extension of...HTTP that allows clients to perform remote Web content authoring operations." In other words, it allows software to update data files remotely, if the software is given permission and the data files are set up to be updated using the protocol.

On my Synology device, the steps I followed are these (great tutorial here):

  • Install the WebDAV Server package, located in the Package Center.
  • Open the WebDAV Server interface, enable both HTTP and HTTPS, and assign them the ports 5005 and 5006, respectively.
  • Create a 'webdav' user (see the above-linked tutorial for important details; make sure you get the permissions stuff right).
  • Create a 'webdav' group as well (ditto).
  • Create a 'webdav' or 'upload' (or whatever) folder. You'll specifically need to grant read/write permissions to the 'webdav' user for that folder.
  • To confirm that your new webdav user can use the folder, drop a picture, say kitten.jpg, into the webdav folder. Then go to https://your.nas.address:5006/webdav/kitten.jpg. Note: use https, not http, use the '5006' port number, and use the name for the directory you created before. If, when you try to pull that address up in a browser and you're prompted to log in, groovy, you're halfway there. Then put in your webdav user credentials (not your admin credentials), and you should be able to see the picture. If you can, coooooool. Again, the above-linked tutorial has other things you can try to confirm your connection.
  • Next, open Enpass (or another password manager that supports WebDAV). In Enpass, go under the gear menu > Vaults > Primary (or whatever you want to sync via the NAS). Then you'll be able to choose from a number of sync options. Choose "WebDAV". You'll next have to put in your 'webdav' user authentication info, and for the address, you'll want to use the address given above. I further made an Enpass directory inside that, and tacked that onto the end of the URL, so I got something like this: https://your.nas.address:5006/webdav/Enpass/. This is important to get right. Then press "Connect" try it out. With luck, you'll be connected.
  • To test that things are syncing, open a copy of the password manager on a different device and repeat the previous step. Make a small change in one copy, press the sync button/icon in the upper left (which has changed to a "server" icon, which I thought was a nice touch), go to the other copy, press the sync button there too (because you're impatient), and then see if the change is reflected in the second copy. If it is, you're done.

That's how I got it to work. And now...all my password info (and a lot of other data) is out of the public cloud, in a private cloud consisting just of my family's devices. Pretty freaking awesome.


The NAS revolution: Get your data out of the cloud

It turns out the cloud is kind of evil. We blithely put all our data online, right in the hands of giant corporations (and by extension, hackers and governments) who only too happily control, sell, datamine, steal, and spy on it. But you can take control of your data. Now. Here's how.

When most people hear "the cloud," if they have any inkling of what it means, they think of Dropbox, Google Drive, and other file storage and synchronization services of that sort. But if you're hip to the scene, "the cloud" extends to any service that manages your personal data online. The emphasis is on personal data. The cloud, rather than a device of yours, stores data like your calendar (as hosted by, say, Google Calendar) and contacts (as hosted by, say, Apple's iCloud) as well.

If you're a typical plugged-in Internet user, "the cloud" in general manages a stunning amount of your data:

  • Document storage and sync: this includes all the files you might have put in Dropbox, Google Drive, Google Documents, iCloud, Box, Amazon Drive, or Microsoft's OneDrive.
  • Email: Gmail is the 800-pound gorilla, of course.
  • Calendar: Google Calendar and iCloud storage dominate here.
  • Contacts and address books: Google, Microsoft, and iCloud.
  • Online photos: Instagram, Facebook, Google Photos, Flickr, iCloud, and Dropbox all have cloud solutions for sharing your pictures with friends and family.
  • Home video: Facebook and YouTube are probably the main ways we have of storing and sharing our videos with family and friends. There are other options, of course.
  • Movies/TV shows: If you paid for commercially-produced videos that you own the digital rights to, they're in the cloud. This is the direction Apple, Amazon, and YouTube, for example, want you to move in.
  • Notes: Your phone's note-taking app, etc.: iCloud, Evernote, OneNote. The home of your note data is in the cloud, not on your machine.
  • Password apps: Your browser's password saving + sync feature uses the cloud, as do Dashlane, LastPass, 1Password, Enpass, etc.
  • Bookmarks: Your browser (Chrome, Firefox, others) probably syncs your bookmarks for you; the bookmark data is in the cloud.
  • Chat: Yes, chat isn't just a social media type of app. It's also a cloud app for use by private consumers dealing in small groups or one-on-one. If you're like me, you have private chats not just with random strangers, but also with family and friends. Insofar as this data can be presumed to be highly private, it's also "in the cloud" and not just "online."
  • Your blog: If you used to host your own blog, but now write for Medium, Quora, Blogger, Tumblr, WordPress.com, or some other blogging platform, then your blog is now "in the cloud," hosted alongside a zillion other blogs. That goes for web hosting in general, too.
  • Code hosting platforms: If you check your code in on Github or Gitlab, or run it on Digital Ocean or Heroku, your code is in the cloud.

Look at that list, and consider: an amazing amount of our computing is out of our immediate control.

There are two perfectly good reasons for this. First, we own multiple devices and we need to share and sync data among them. We also want to be able to share data with friends and family more easily. But, because this involves networking, it is a much more technically difficult problem for programmers to solve than simply writing desktop software. Since networking and sharing are already done via the Internet, it just makes sense for sharing and syncing services to be coordinated by Internet companies.

Second, simply letting centralized corporate services handle this data coordination is terribly convenient—that's hard to deny.

The necessity of sharing our data, coupled the undeniable convenience of the cloud, sure make it look like the cloud is going nowhere. I mean, what are you going to do, host your own calendar, home videos, and chat apps? How will you sync the data? That's a non-starter for non-technical people. Why not just let the professionals handle it?

But it so happens that, now, you can host your own stuff. How? I'll explain. But first, let's talk a bit about why you might want to host your own stuff.


We are increasingly suspicious of various cloud services, and we should be. It's not just Facebook selling your private chats with Netflix and Spotify, or Medium dictating what you can write in your blog, or Google datamining student data in the cloud—to take a few rather random examples. The events of the last couple years have brought home to many of us some truths we simply didn't want to believe.

What kind of truths?

The vast majority of the cloud services listed above are run by for-profit businesses who naturally place their profits above your interests.

Your data, for them, is an asset. Many cloud companies crucially depend on the ability to exploit data assets. They will sell your data if they can. If they can't, they'll datamine it and sell information about you.

You agreed to that.

You are, like it or not, a participant in many large, standarized systems. Therefore, even though you simply want to use a basic service, if you don't play by their rules, they can control or even block you. Moreover, you probably can't customize the service too much for your own uses. The service providers make the choices for you. You have to go with the flow.

Search and subpoena laws, censorship laws, and government regulations apply to corporations that do not apply to you, the individual. That means information you put in corporate clouds is under the watchful gaze not just of those corporations but also of governments. If you're lucky, you live in a country that respects privacy and free speech even when your data is on a corporate server. But don't count on it.

The reason so many violations of your privacy (something most of us should be a lot more hardcore about) have come to light is that so much of our data is in the cloud now, and a lot of people in business just don't care very much about your privacy. When will Google start using zero-knowledge encryption for all your data that they store? Never. They want access to your data. They need access to your data. It's their business.

Sorry, but them's the facts.

What can we possibly do? Are we at their mercy? Should we, perhaps, trust governments—who also want access to all your data, for your safety—to monitor, regulate, and improve the situation?

But you can take back your data. Now. And if this is news to you, let me admit to you that it was news to me a few months ago when I first heard about it: you can install and manage your very own personal cloud for every single one of the cloud services listed above. And it's not expensive. And it's not that hard to do.

I know it sounds bizarre. It is bizarre, but it's true.


A NAS, or network-attached storage device, was once thought of mainly as a hard drive (or several) attached to your network. But as NAS vendors began selling devices with their own operating systems and Internet connections, the term was repurposed to mean your very own turn-key server. Turn it on, put your stuff on it, and you can access your personal data from anywhere.

NASes are easy to use, but "turn-key" is not quite right. No NAS on the market, that I know of, is as easy to start using as a regular computer is. Getting one up and running takes some time; there is, as they say, a learning curve. But "turn-key" does get the flavor of the most popular NAS brands. The NAS devices for sale by Synology and QNAP especially, and others to a lesser extent, are intended to make it easy to have your own server, or your own "cloud." In fact, Western Digital (WD) sells NASes under the brand name "My Cloud" and markets them as "personal clouds." There's a bit of challenge, but it's not that hard to set these things up (more details below).

The reason to get a NAS, for me—or to get any personal server—is to replace all the software that has moved to the cloud. In case you're skeptical, let me give you a rundown. While I'll be talking about the NAS I just installed for myself and my family, which happens to be from Synology, there's an equally well-reviewed NAS system available from QNAP, and for those who have more technical skill, NextCloud (perhaps on a FreeNAS machine you set up) does many of the same things.

Let's just go down the list I gave above.

  • Document storage and sync. I now have an app that can sync documents on at least eight of my family's devices. I can update the document on my desktop, and if I save it in the Synology's office format, I can edit it directly in the browser, with changes showing up for other users in real time, just like Google Docs. There are documents, spreadsheets, and slides. Chat with other user accounts on your NAS (for me, my family members) is available in every document. This is available everywhere, because it's truly in the cloud. It's just that it's your cloud.
  • Email: You can host your own email on a NAS, if you want to go to heroic lengths that I don't recommend. Like web hosting, this is something you probably should leave to the professionals, for now. I have a feeling this is going to change in coming years, though.
  • Calendar: There's a rather nice app for that.
  • Contacts and address books: It's not "turnkey" yet. But something is available.
  • Online photos: Synology's Moments app automatically syncs your pictures with your camera, identifies people (without sharing data with Synology), uses (stand-alone) sophisticated algorithms to put pictures into categories, etc. Again, the pictures are available for quick and easy download from anywhere, and you don't have to worry about Dropbox or Google or whatever snooping.
  • Home video: Ditto—Moments works fine for this, but so does Video Station. Easily share your home movies with grandma, right from your own machine.
  • Movies/TV shows: Rip all your DVDs and Blu-Rays, then stream them anywhere (to your phone, tablet, computer, or TV) with an interface that looks a lot like Netflix. No need to rely on Apple or Amazon to keep digital copies of your movies for you. Wouldn't you much rather own and serve your own copies? I know I would.
  • Notes: There's an app for that, both for browsers and for your phone.
  • Password apps: Use your NAS's WebDAV server to sync your password data on your own machine; WebDAV is something that Enpass, for example, supports.
  • Bookmarks: Synology and QNAP offer no solution yet, but Nextcloud (which can be run on both) does.
  • Chat: There's a pretty awesome app for that; it closely resembles Slack. There are decent clients for browser, desktop, and mobile, again just like Slack.
  • Your blog: NASes allow you to host blogs and simple websites using your choice of platforms, such as WordPress, Drupal, and Joomla. I'm not saying I recommend this, though; your machine would have to be pretty beefy to handle the traffic you want to get. Server hosting for your blog is another thing that's best left to the professionals. But it's pretty damn cool that you could use a NAS for this.
  • Code hosting platforms: Would you rather not check in your code publicly or on an external server at all? Want to keep it to yourself but continue to be able to share it with people and use Git? There's an app for that. You can also host more advanced websites with many popular programming languages (including Ruby, which I use).

A NAS (which, again, comes in many brands, not just the one I happened to buy) can do all that for you. It's pretty awesome.

But maybe this shouldn't be surprising. After all, a NAS is a fully-functional server, and web hosts now bundle all sorts of turn-key (that word again) software solutions and make it available to their clients. So if you go to GoDaddy or Inmotion Hosting or whatever, they offer all sorts of complex software available to install at the press of a button. Why not slap similar software bundles on a server and sell it to the ordinary consumer? That's what NASes do. (And again, for reasonably skilled IT professionals with time on their hands, they can more easily than ever create their own real servers, which are typically much more powerful and cheaper than NASes. With a proprietary NAS system like Synology, you pay a lot for integrated software, ease of use, and support.) Then just think: insofar as cloud services are, essentially, just putting formerly private data online in the context of a server someone else manages, as soon as consumer web servers became feasible, it makes total sense that you could move your data back to a server you manage.

What do we have to thank for this? The years of fantastic labor by programmers to build and refine all the necessary software layers and scaffolding needed to create something like a "turnkey" solution to running your own server, complete with multiple, ready-made software packages—even if you are nowhere near a professional server administrator.

Put even more simply, a NAS device gives you the power to take control of your own data in your own home. It used to be that we had to rely on the Apples, Googles, and Microsofts of the world in order to connect all the devices we own together, share data with friends, and get the use of common Internet services. With the advent of increasingly easy-to-use NASes, we don't have to. We can declare our independence from Big Tech.


But, you ask, doesn't all this rather awesome software power cost a lot of money? Well, entry-level NAS devices (like this from Synology and this from QNAP) cost less than $200, plus another $80 (say) each for a couple of hard drives. I'm not saying I recommend buying a cheap machine like this, any more than I would recommend buying a cheap laptop. But that might serve your purposes just fine. The point is that these machines are basically computers, so they cost about as much as a computer. The Synology NAS and three drives I got (with space for two more drives whenever I want), together with my fancy new router and modem, cost a little more than my new laptop. (By the way, if you have the time and technical chops to able to set up and maintain a web server with less support, it's easier than ever to do so, and for the same amount of money, you could get a machine that would be much faster and better than my NAS.)

"OK," you say, "maybe it's possible to set up. But how good could it be? I mean, you really think I'll be able to replace my family's Slack group with Synology's chat app? It must be inadequate. Or replace Google Docs with their Office app? That seems unlikely."

Before I saw the capabilities of the systems, that's what I thought, too. Then when I got my own, and started using it (several days ago), the proverbial scales fell from my eyes, and I'm a believer. This is surprisingly solid software. It might have been "bleeding edge" a few years ago, but it's excellent today. The functionality is all accessible via the browser, but there are also a few good desktop apps. It also comes with a lot of excellent iOS apps that you can use to access your NAS's functionality. So far I've installed the photo app (replaces whatever you used to upload your pix to permanent storage and gives you access to all of your pictures, not just the ones currently on your phone), the chat app, the drive app (which is a replacement for both Google Docs and Dropbox), the video app (which allows me to stream videos my boys are ripping from our DVD collection), the notes app (replaces iOS Notes), and the calendar app. So far, I don't see any advantages Slack has over the chat app (just for example). Their collaborative document editing app Synology (Office, installed when you install Drive) is excellent for basic editing, and it seems to be just as good as Google Docs.

"OK," you say, "maybe it's not that expensive, and maybe it's decent quality software. But isn't this a lot of work to install?"

Less than you might think. But it depends on what you mean by "a lot." It takes a few hours, maybe, to turn the thing on, network it with your devices, and get the first services up and running. You'll probably spend more time actually picking the thing out and upgrading your Internet speed as well as modem and router (which is something you'll need to do if you have old equipment). It takes more hours (depending on how much of the functionality of the thing you use) to get the full range of functionality set up—anywhere from ten minutes to several hours, depending on the app. Getting started with Synology's chat app is dead simple, for example, but importing all your pictures might take serious time. A lot of the time I've spent so far has been in migrating data from the Internet and my desktop and backup drives to the NAS.

So, sure, it takes a reasonable time investment. But it is so worth it.

"But," you say, "I'm not a terribly technical person. I can run all the software of the sort you mention if somebody has set it up for me in the cloud, but I can't imagine running my own server."

It's not that bad. Let's just say you need to be a "power user" if you want to do it all yourself. If you have ever set up your own WordPress website, or installed Linux, or registered and pointed a domain name (without help), or done basic programming, then you're up to the task of installing one of these devices without too much help. If you're just a regular computer user, but you have never done anything like that, then installing a NAS might be a bit beyond you. You still might be able to handle it, though.

In any case, I'll bet you know someone who could install one for you if you bought them dinner, or paid them a little. It's not a huge deal. It's not like "setting up your own web server." It's more like "setting up your own home network." It's easy enough for the local geeks to handle.

If you don't have access to a geek, you can hire one.Here's a service, Amazon does it more cheaply, probably Best Buy would do it, some of these guys could do it, etc.


In short, installing and running your own server is today approximately as difficult as computer installation was in 1985, or home networking in 1995, or home theater today. (As it happens, NASes are often purchased as a component in a home theater system.)

The low price and high value of NAS devices, together with their ease of installation, makes me think they're ready to take over the world. I for one am never going back to centralized cloud corporations. I hate them (yes, even Apple), and a growing number of people share my feelings: we absolutely despise the encroachments of those corporations on our privacy and liberty.

Many of us are looking for answers. Many are already doing the sorts of things I listed back in January in "How I'm locking down my cyber-life." In their responses to me there, a few people mentioned they were using their own cloud servers. (Those mentions are what first introduced me to NASes, so please keep up the excellent blog comments!) That struck me at first as being a little too hardcore. Having actually bought and installed a NAS, though, I don't think so. Getting your first NAS is like getting your first computer back in the 80s, or your first smartphone in the 00s. You might have had to wrap your mind around it. It causes a bit of trouble. It requires some getting used to. But probably, you'll forevermore have a computer and a smart phone.

The consumer potential of NAS devices strikes me as being potentially similar. Maybe it will become the sort of device that will seem indispensable in 10 or 20 years. I imagine a conversation with a future child, looking back at the cloud era of 2005-2025:

Child: "How could we ever choose to just give all our data to giant corporations? It was so insecure and allowed mass surveillance by government. Were people crazy?"

Greybeard: "Sort of, but you can't really blame us. During that time, the software for NASes wasn't developed well enough yet for ordinary people to run their own servers. But once a few companies started really nailing it, everybody started buying their own NASes, because it was easy. The people who kept using Gcal, Dropbox, Google Docs, Instagram, etc.—well, if you were as old as I am, you'd know what these are—those people started looking uncool. All the cool kids were serving their data themselves."

Child: "Like everybody does now?"

Greybeard: "Yes, like everybody does now."

That could happen. But is it realistic? Time will tell. Sure, it's possible that owning your own cloud server will forever be the domain of geeks. But an industry analysis from a year ago says we're moving in that direction:

The NAS market is witnessing an accelerated growth and is projected to register robust [20%] growth over the forecast timeline [to 2024] due to the rapidly increasing applications of Big Data analytics & data mining, increasing popularity of NAS solutions in home/consumer applications, and the growing adoption of cloud-based network attached storage solutions.
Global Market Insights, May 2018


In the struggle against privacy incursions, we have tools beyond NASes, of course. In fact, I see two other, concurrent trends that will allow us to fight back. There is the growing demand to own your own data and decentralize social media. (I was writing and speaking a lot about that in the last few months, but don't think I've dropped the issue.) And there is, of course, the massive, revolutionary impact of blockchain, the essential effect of which is to disintermediate economic relationships. Being all about encryption, the blockchain world holds out the promise of a new kind of secure, private, encrypted cloud computing.

Allow me to speculate about how the Internet might work in ten or twenty years.

Many of us (I imagine someone saying, a few decades hence) have installed a NAS or, if we're geekier, have a server rack at home. Pretty much all small businesses run their own NASes as well. From these devices, we serve most of the data that was formerly held by Google, Apple, Microsoft, etc. Many of us even run our own mail servers, both because it's more secure and because the software and industry standards have improved so much that it became feasible. Our blogs are also hosted at home; the shift came with NAS tools that made it dead simple to transfer data and settings from remote servers to our local one.

Of course, some of us hit the big time with our blogs and websites. But they are still run from home. This is not something we could possibly have imagined in 2010. At that time, no one even imagined the implications of distributed computing on the blockchain, of which EOS was an early supporter. Whenever we update our NAS, it communicates with various blockchain services using zero-knowledge encryption. This shares out our data (and, when we choose, the keys to unlock it) among many other users who participate in the same system; thus our NASes are constantly working, supporting the whole tech ecosystem. We have no way of knowing which encrypted Internet services are being worked on in this decentralized cloud, which is much more of a "cloud" than the early Dropbox ever was. In any event, if a blog of ours gets a lot more traffic than our NAS can handle, then if we have turned on blockchain integration, the traffic is assembled and served using many other machines—and we, of course, have to pay more into the system or else our users will experience bad old-fashioned server lag.

In a similar way, our social media data is served, and locked down, using our own NASes. The days of Facebook selling our private, proprietary data are long over; social media companies still have dossiers on you, but they aren't as thick, and they aren't informed by any private information.

Perhaps what really got the ball rolling was Edward Snowden in 2013 and others revealing that the NSA (and other government agencies) were listening in on pretty much everything you do online. Once Facebook repeatedly made it clear that they don't care one little bit about your privacy, and people started moving their social media data to their NASes, the usual suspects in government began to complain loudly that encryption prevented them from their mass surveillance. They didn't put it that way, of course, but that's what they were upset about. They really didn't like it when NAS companies made easy, turnkey drive encryption standard and started pushing and teaching two-factor authentication.

In any event, now that social media content is served from our NASes—with support from blockchain networks—your feed is constructed by pulling your data from literally all over, but incredibly fast, because requests can be fulfilled from many different machines, some of which are bound to be nearby.

There was a time when IoT (the Internet of Things) was regarded as not very viable, because people didn't want to buy objects that could be used to spy on them. NASes and the blockchain, again, changed all that. When open source NAS software came into existence proving that your IoT data was stored on your NAS and unlikely to leak out (or, no more than any other of your data), and that it was always routed using encryption, and when this data became possible to sell on the blockchain without compromising your personal security, the whole ecosystem just took off: that's when "secure, monetizable IoT data" became a thing. Even data from your car is routed through your NAS (not through the NSA) if everything is set up properly, so that the NSA and automobile manufacturers can't spy on you. Of course, in an emergency, your data is sent by the fastest (and less secure) route possible, but you always get a notice in that case.

In a lot of ways, the Internet is the same as it was in the 1990s and 2000s. But most websites store your information encrypted in the blockchain, and they know they have to interact via blockchain services if they want to do work on it securely—because nobody is willing, any longer, to expose their data if they don't have to.


Well, we can dream.


Vendors must start adding physical on/off switches to devices that can spy on us

Update (May 15, 2019): This post was linked and its author quoted as a source in this Fast Company article on the same subject.

Where's my webcam's off switch?

Have you ever noticed that your webcam doesn't have an "off" switch? I looked on Amazon, and I couldn't find any webcams for sale that had a simple on/off switch. When I thought I found one, but it turned out just to have a light that turns on when the camera is in use, and off when not—not a physical switch you can press or slide.

The "clever" solution is supposed to be webcam covers (something Mark Zuckerberg had a hand in popularizing); you can even get a webcam (or a laptop) with such a cover built in. How convenient! I've used tape, which works fine.

But a cover doesn't cover up the microphone, which could be turned on without your knowledge. Oh, you think that's impossible? Here are some handy instructions. Or maybe you'll say you're not paranoid—it's not a serious problem? Don't be so naive, said the FBI seven years ago (they're worried about predators stalking children), and the Atlantic, and USA Today more recently. The issue isn't going away. With hacking skills growing more common, the problem has surely grown, if anything, more dire.

Another "clever" solution is to use a software off switch, like this (for Windows). But it simply turns your webcam's driver on and off. Of course, it's not too hard for a sufficiently skilled hacker to turn your driver back on and start recording you without your knowledge.

For USB devices, you can use a USB off switch like this, which seems like a good idea; but it doesn't solve the problem for devices with built-in cameras and microphones like laptops and smart phones.

The humble "off" switch is now high technology. It is a significant selling point for the single device that I could find that comes equipped with one.

Do any computer cameras with "off" switches (not just covers) exist? They seem to be very rare at best, but I was able to find one: the company building a Linux phone, Purism, has a whole page devoted to the joys and wonders of its off switch—which is kind of ridiculous, if you think about it. The humble "off" switch is now high technology. It is a significant selling point for the single device that I could find that comes equipped with one.

(By the way, I have absolutely no relationship to Purism. I write about them because their focus is privacy and I've been writing a lot about privacy.)

The kill switch on Purism's Librem laptop (c) Purism 2019

Your phone has the same problem, you know

Tape over the webcam? Covers to disable the functionality we paid for? Why on earth do we go to these lengths when hardware vendors could simply sell their products with off switches? The more I think about it, the more I find it utterly bizarre. Don't these companies care?

I've just been talking about webcams, but let's talk about the really horrible spy devices: your smart phone. Oh, your Android phone can't be hacked? Here are some handy video instructions, viewed over 300,000 times and upvoted 1,100 times. Surely not your iPhone? Don't be so confident; hackers are very creative, as (for example) the Daily Mail has reported, and besides, Apple is proud of its patent allowing remote control of iPhone cameras.

Besides, it's been known since at least 2014 that the NSA had developed, as early as 2008, software to remotely access anybody's phone.

And yet there isn't a hardware off switch for your phone's camera and microphone, short of turning the device entirely off (but there's an app to turn the camera off). A device equipped with a hardware "off" switch for the camera and microphone isn't yet on the market, as far as I know. Purism is making one.

It's not just your webcam and your phone that you need to worry about, by the way. Do you have a smart speaker? At least you can mute Amazon Echo's microphone, and it's apparently a hardware switch, too, so well done, Jeff Bezos. That's important, if true, because it prevents software exploits. I found no word on whether Google Home's and Apple HomePod's mute buttons are hardware switches; maybe not. How about a surveillance or doorbell camera? How about your smart TV? Those can be hacked too, of course, and some of them are always listening. Wouldn't it be nice to have the peace of mind that they aren't listening to you when you're not using the TV?

In short, what if you want to turn these devices' cameras and microphones off sometimes, for some perfectly legitimate reason? Can you do so in a trustworthy, hardware-based way? In most cases, for most devices, the answer is No.

Let's demand that hardware vendors build hardware "off" switches

It's almost as if the vendors of common, must-have devices want to make it possible to spy on us. An enterprising journalist should ask why they don't make such switches. They certainly have deliberately made it hard for us to stop being spied upon—even though we're their customers. Think about that. We're their bread and butter, and we're increasingly and rightly concerned about our security. Yet they keep selling us these insecure devices. That's just weird, isn't it? What the hell is going on?

But this, you might say, is both paranoid and unfair. Surely the vendors don't intend to spy on you. Why would they add an off switch when nobody will turn your camera and microphone on without your consent?

But, as I already said, it's a hard, cold fact that hackers and government and corporate spies can and sometimes do turn our cameras and microphones on without our consent. This isn't controversial and, for anybody who is slightly plugged-in, shouldn't be surprising. Security experts have known that, for many years, regardless of the intentions of hardware vendors like Logitech and Apple and large software vendors like Skype and Snapchat, the hardware, firmware, and software that run our devices just are susceptible to hacking. It's just a fact, and we are right to be concerned. So these companies are responsible for building and selling insecure systems. At a minimum, they could be made significantly more secure with a tiny bit of hardware: the humble "off" switch.

If your webcam, or your phone, or any other device with an Internet-connected camera or microphone (think about how many you own) has ever been hacked, these companies are partly to blame if it was always-on by design. They have a duty to worry about how their products make their users less secure. They haven't been doing this duty.

It starts with us. We the consumers need to care more about our privacy and security. We're not powerless here. In fact, we could demand that they give us an off switch.

I think we consumers should demand that webcams, smart phones, smart speakers, and laptop cameras and microphones—and any other devices with cameras and microphones that are connected to the Internet—be built with hardware "off" switches that make it impossible for the camera and microphone to be operated.

Do you agree?