• Home
  • Blog
  • Contact
  • Projects
  • Content Mirror
  • Matrix Guide

  • We Can't Trust Tech

    March 26, 2022

    I've always pointed out to people that there tends to be a correlation between knowledge of how computers work, and trust of them. That correlation is this: the more you know about how computers work, the less you trust them. And I think it can be said that the correlation is indeed a causation in this case.

    Now let me make it clear that it is not the computers themselves that are untrustworthy, but the way they are used. The more I know about how they can be used, and the more I see how they are used, the less I trust using them. Our technology has gone from a helpful tool to make us more productive to a weapon of control and monitoring. The primary goal of technology companies is no longer to offer high-quality tech as a tool to get things done, but as a service that can be used to track and profile. Social media, and pretty much every online site tracks users, collects as much information as possible, and sells it to advertising companies, and this happens without much transparency, if any at all.

    The technology provided to us by large corporations is so messed up that your operating system itself—whether it is Windows or MacOS—is constantly reporting analytics detailing how you use your computer. And it would not be surprising to me in the slightest if Facebook or Google ended up obtaining this analytics data somehow or another. You see, these corporations make their money on user data. Have you ever wondered how Facebook can offer everyone an account for free? Likewise, have you ever wondered how you're able to make Google searches and use Google Mail without having a subscription? The answer is simple, and repeated often in privacy advocacy circles: you are not the customer, but the product. Both Google and Facebook are not primarily companies that provide a service, they are companies that harvest user data and sell it to third parties. That's why Google is "free" to use: because even though you aren't paying any money into it, you're handing over your personal information, and Google sells it and makes money that way.

    Most of the people that listen to me talk about technology are already familiar with this, because it is the main reason that I do all the things I do with computers. To the unsuspecting user (and I think most of them are), there is nothing wrong. Google, Microsoft, Facebook, and the other big tech companies have created an illusion, which is that they are providing helpful services out of their own good will. Google lets you make as many searches as you want, and it's not immediately obvious what they do with your searches. It offers nearly-unlimited email, and chat, and video calling now. All in a way that they make you think is free.

    But it is not free. Anything online that is offered without monetary cost actually has a greater cost: your privacy. And it isn't just websites. As I mentioned above, tracking and analytics is built in to your computer itself. Simply turning it on and logging in is all it takes for it to start sending data out to the company that provides your operating system. Smart home equipment is just as bad: cameras, thermostats, and lightbulbs now can connect to the internet and relay data about how you use them to a server out of your control. These are not created as a product that offers you convenience. But they do offer convenience: it is now easier than ever for tech companies to track and report on their users, because technology is reaching further and further into our lives.

    Voice assistants like those offered by Amazon, Google, and Apple are always listening. While you may be told that it is just so that you can say "Hey Siri" or "Okay Google" and thus invoke your assistant hands-free, you would be surprised at how often recordings are uploaded to servers. In fact, your phone doesn't do any processing of your voice commands at all: it simply passes a recording along to a powerful server that not only returns your results, but stores the recording as well.

    It would be foolish to think that the government is not in on this deal too. There have been more than a few instances in which any one of these companies has been forced to hand over sensitive user data—user data which they should not even have in the first place! The conspiracy theories about chips in vaccines and government drones always confuse me, not because they are outlandish, but because the truth is a lot more subtle. The government doesn't need to put a microchip in your vaccine or a camera and microphone in your house; they already have one, and you carry it in your pocket voluntarily. Your phone records you all the time: your GPS is always on, tracking your ever move. Or, if you do manage to turn your GPS off, your phone uses cell towers to know its location. And your phone is always connected to cell towers. That's how you send and receive text message, and take phone calls.

    There's speculation, and with good reason, given Snowden's leaks, that the government directly records every phone call and text message that passes through the network. They no doubt collect emails and other communications as well. And they do it legally under the Patriot Act, passed after 9/11. I have every reason to believe that every call I've made and text I've sent is stored somewhere.

    I think you get my point here. Everything you do on a computer or phone is recorded. You aren't sold a phone or a computer in the hopes that it will be useful to you, you're sold a computer so that you can be tracked and profiled, and that is something that should be absolutely terrifying to everyone.

    There are technologies that most users don't know or care about that aid in making tracking extremely easy, and that's why the more I learn about computers, the more terrified I am of them. I know all about browser user-agent strings and how JavaScript can be used to extract operating system information. I know that phone calls and text messages are extremely insecure and can be easily monitored by anyone with simple tools because they are not encrypted. I know how law enforcement intercepts phone signals, and I know how to brute-force wireless communications. I know how IP addresses are stored in geolocation databases. I know how public (and even private) WiFi networks can put you at risk of DNS and man-in-the-middle attacks both from malicious people and companies.

    I know how Apple and Google can push iOS and Android updates. I know how the update process works and what it does. I know how easy it is for them to remotely modify your settings and insert new backdoors into your phone. I know network traffic is monitored because I know how the underlying technologies work. I know that even VPNs, which are supposedly secure, store logs that can be requested by governments.

    I know that even TOR, which was developed with the intention of making tracking nearly impossible, can be exploited, because entry and exit nodes can store logs. Our computers themselves aren't even safe in the slightest if they are physically compromised. You may think that the password on your computer offers you some protection, but it does not. It is extremely easy to yank the hard drive and plug it into another computer. Even if Windows utilizes the TPM, I still know how to reset passwords without knowing them, effectively granting me access to every Windows machine there is.

    I could go on and on, but suffice it to say that we are not safe by default, either on the internet, or just on our computers. Given this information, however, I typically get the following response:

    "Well, I'm not doing anything wrong, so I have nothing to hide."

    The problem with this response is that it does not consider what happens if the government decides you are doing something wrong, even if you aren't. If you don't care about privacy, and just go on about your digital life normally, the government can see everything you do and at any point could cut you off. This is why privacy is so important: it denies the government the authority to decide what is right and wrong, and leaves it to individuals.

    This might be a rather drastic example, but a powerful one nonetheless: imagine you are a Christian in a very secular culture, say, the culture of the United States. While freedom of religion is clearly granted by the law, Christianity is rather unfavorable in the public eye. What happens when Christianity becomes so unfavorable that Christians lose access to the internet? Or what if servers that host Christian content like DesiringGod or Stand To Reason, get kicked off the internet?

    In a world with no privacy protections, this is likely to happen. Suddenly, simply watching a sermon can become a crime. You're not doing anything morally wrong, but because you're not hiding it, you are at risk of punishment. This is why privacy is so important, and this is why you have to care about it. It doesn't matter if you're doing something wrong or not, it is simply unacceptable for the government or any corporation to control what you do or don't have access to, or to control your phones and how they work.

    Granted, this example is a rather extreme one, but it demonstrates a fundamental flaw in the understanding that privacy doesn't matter as long as you follow the law. The real implications are likely to be much more subtle, like the de-prioritizing of certain news sources in search results, or the de-listing of people with unfavorable views on social media. And yes, both of those things are happening right now. We can't even trust our search engines because they most likely aren't showing us the full picture.

    So what are we to do? Is all lost? Should we abandon the technologies of the 21st century altogether and live as digital hermits? Not exactly, though the solution I propose is not far off:

    1. Delete all your social media accounts. Use something like Matrix, Mastadon, or some other federated social network. Even use email for communicating with people.
    2. Delete all your other online accounts, except for the crucial ones. This includes deleting your Google account. Google is not crucial. I currently only have two online accounts that belong to me: my bank account and my DNS provider account.
    3. Use a privacy-oriented search engine, like DuckDuckGo.
    4. Self host as much as possible, or use services hosted by people you personally know and trust.
    5. Encrypt everything. This includes your hard drives; almost all modern operating systems support full-disk encryption. Be sure to use a password or a key disk, not the TPM. Also make sure your network traffic is encrypted. Use a self-hosted VPN, or a Tor VPN. Don't settle for any consumer VPN, as these store logs and are under pressure from governments to block certain content.
    6. Don't use Windows, MacOS, or Ubuntu. Use a privacy-focused Linux, or use OpenBSD. Also don't use Android or iOS. Though iOS claims to be privacy-oriented, Apple still scans all your photos and probably does all kinds of other stuff that we don't know about due to the proprietary nature of the operating system. Android, at its heart, is open source, but Google also adds on a lot of proprietary bits, so if you can, use a fully open source Android distribution, such as LineageOS.

    These might seem like impractical things to do, but I already do all of them, and I don't have to sacrifice my digital life. I can still do everything I need to do. I have no social media and I rely on (encrypted) email to communicate with friends and family. I don't have a Google account, and I self host almost everything I need right from my own consumer broadband connection. If you need extra file storage, don't use Dropbox, Google Drive, or OneDrive. Buy a few hard drives and copy your stuff to each one. If you're worried about physical safety, have a friend or family member store a hard drive at their house for you. And obviously, it should go without saying that your hard drives should be encrypted so nobody but you can read its contents.

    My demand is a strong one that requires you to be rather tech-saavy, I do admit. But I hope that people that are tech-saavy are willing to help those that aren't. Even if you don't care about your privacy, you should implement as many of the above points as you can, and get someone to help you implement the ones you don't feel comfortable with on your own. And if you're going to use a computer, you should know how it works. You should know the risks when you type something into your web browser. I've always said something along the lines of this:

    "If you don't know how it works, you shouldn't be using it."

    And as Carl Sagan so famously said,

    "We live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology."

    This is a very real problem, because the technologically illiterate are being exploited by their technology without their knowledge or care, and I find this incredibly disturbing. That's why I do my best to help those around me. My home network, which my family depends on daily, is built to be as secure as possible. Likewise, my home server, which my family and friends also depend on, is run with the promise that the data on it is absolutely safe. I'm always explaining the things I do on computers to others as well, in the hopes of getting them to care, or at the very least, to raise awareness to the issues of technology in its current form.

    The best thing we can do to combat this corporate and government tracking is to use audited open-source software, and encrypt everything. We need to create a decentralized internet that no one party can control or monitor. I urge everyone that reads this post to consider their dependency on computers, because computers are becoming a means of control. People typically worry about artificial intelligence taking over the world or something, but the real concern is real, evil people taking over the world by controlling the information we see, and monitoring the information we produce.

    Implementing the privacy measures I have enumerated above has drastically reduced my dependency on third party services. I can now safely use my computers, because they are in my complete control. I don't have to worry about my data leaking, because all my data is safely on my own hardware. I believe that everyone should own their digital lives, and so I want to encourage everyone that it is possible. We don't have to continue feeding these corrupt organizations that seek to control us; we have alternatives.

    We should control our computers and the data we store on them, not the other way around. The only way to do this is with open-source encryption. If you are concerned about your digital security, feel free to reach out to me. I am more than willing to clarify anything I've said or offer advice.

    © 2019-2024 Jordan Bancino.