The most (un)realistic story about privacy
So, today’s article is going to be a little different. Something nice for the upcoming weekend. It’s a bit of an experiment. A form of storytelling where we’ll go through a bit unrealistic story about certain aspects of the modern world. Of course, everything is connected with tech, our favorite web & programming! Hope you’ll enjoy it!
In this post, I would like to talk a bit about privacy and personal data. I think we can all agree that it’s a hot topic right now. There were lately many privacy issues, leaks, and other problems, most of which were center around some particular data-collection giants. Also, the number of people both affected and aware of the problem grew exponentially. But, naturally, there are some people who still don’t know or care much about the problem, thinking that it’s isn’t their concern. Of course, they’re all wrong. And here we can see just how much by following the story of Mr. X, whose name was chosen specifically for ease of our storytelling. Let’s see just how bad things can get…
Disclaimer: The story below isn’t real or based on any kind of facts. It’s just the worst possible combination of some privacy issues of the modern world that I’m aware of and took place in different periods of time. Beyond that, it’s just for the purpose of this article and also for fun.
Let’s say that our Mr. X is an everyday citizen of the USA, living somewhere in NYC. He’s an all-in social guy. He has full-blown Twitter, Facebook, Google+ (RIP 2019), and all these kinds of stuff. And with more than a few thousand followers on each of these social media, so we can safely assume that he’s quite active there. He definitely uses all of these services extensively. All the private data he provided to different services was completely real. He uses 3rd party service (like through FB or Google Account) authentication wherever possible. He also doesn’t read much about data policies he agrees to whenever authenticating, accepting cookies, or signing up. Finally, he isn’t any kind of tech guy and his platform of choice is Windows in combination with an Android phone. Seems like an everyday user doesn’t he?
Some trouble first…
Our story starts in a day like any other. After a day full of work… and social media, Mr. X finally takes a rest and proceeds to read his emails. While reading, he suddenly stumbles upon an intriguing title: Huge data leak at XYZ company. Interested, he starts reading the mail instead of trashing it just like all other spam (he gradually enlist himself on more and more services, newsletter, etc.). Having a quick look at the content of the email, he makes up a brief summary of around 2K words — “A service which I, don’t really know when I sign up for had a problem and roughly 1M emails and corresponding passwords has been stolen by hackers, so the guys are really sorry.” He thinks for a moment, trying to contemplate on everything he just read through — “It’s just an email, nothing important really. I don’t know why they make huge such problems around something so tiny.” Then he trashes the email like every else and continues doing other stuff. Sadly he forgot that passwords have been leaked too… and he uses the same password in almost all places… But this mistake was meant to soon become something bigger!
There’s one more thing you didn’t know about Mr. X — he’s a big fan of gaming. He plays both the well-known titles through Steam, but also some more sketchy ones, by just downloading them from the internet. Quite frankly, he doesn’t have any professional antivirus software installed on his PC for this purpose. He says that Windows has something similar built-in and additional software not only means additional costs. Also, some performance degradation… and he doesn’t like dismissing virus-attack pop-ups which genuinely show up few times a day. Yeah, in fact, as he’s not any kind of tech guy, he was repairing and changing his PC several times a year. He says that he doesn’t have much data on his computer as all his data and files are stored in the cloud services, so the state of his computer doesn’t interest him much. He just thinks of it as an access key, that can be changed at any time. Kind of nice to keep things simple… but is it?
It’s been a few days since then. It was time for another big online problem. This time it’s all about links! So, an old friend of Mr. X’s living abroad has contacted him on FB. And, surprisingly, it wasn’t any “Hello!” or “How are you?” message. Instead, it was a weird link with text saying — “You won’t believe what I’ve seen!”. Kinda suspicious, don’t you think? But Mr. X, being a quick-thinker he is, got triggered and simply clicked the link. To his surprise, the link brought him to a random Wikipedia page. As he didn’t believe what he saw, he returned to the link and clicked it a few times more. Every time a different Wikipedia page appeared. Nothing fancy. Thus, he finally got bored and wrote to his friend about how not funny his joke was. To his amusement, it took more than a week for his friend to answer. And guess what — it was a malicious link stealing the data and taking control of different FB accounts. How would think of such a possibility? But, as you might expect, Mr. X said that, as his account was working completely fine, there’s no reason to panic. In the end, it was just a Wikipedia page, wasn’t it?
At this point, you can say that Mr. X is a bit too stubborn to move our story forward. Well, with a big enough push… You guess what… after the last email, our main hero started to receive even more spam. That’s why he had to check it even faster. Just one email — this is what brought him the total disaster! An email that required him to log in to his bank account in the mean of resetting his password. Of course, we all know what happened next. It wasn’t really a complete disaster — it was only one of his many accounts… and around 5K worth of dollars. But that was it! It finally made Mr. X realize that he must be more thoughtful about his data and privacy. He realized that he has to do something, and he must do it now!
After everything that happened to him, Mr. X started to broaden his knowledge about privacy and data. He specifically wanted to know about recent issues and data leaks… especially the ones similar to his own. He didn’t find anything more than that it was really bad and etc. But, while searching for this and related stuff, he became more and more interested in keeping his data and privacy safe and secure.
While reading, he was having a flashback about all the data he has given away, all by himself. He wasn’t forced to do anything, he just didn’t know at all what he was doing at that time. That’s why, after the lecture about the latest privacy scandals, he decided to read a bit more about the privacy rules of companies he shared his private data with.
Facebook came first. Reading about the so-called Cambridge Analytics scandal, and remembering his vote for D. Trump, he felt a bit suspicious. He wanted to read everything line by line, but, as soon as he got bored (after around 2 paragraphs), he changed his mind and just jumped all over the text, searching for keywords. There was nothing interesting in his opinion. Everything came down to the simple fact that data can be used and shared in one or different ways. He decided to limit the availability of the provided data as much as possible. He changed a setting or two and requested his data to download in a bundle (a function FB graciously provides). He was blown away by the compressed file download size — more than 10 GB! How is that possible?! What’s in there?!
After a while, he finally was able to access the data from the bundle. To his surprise, he saw… records of his own SMS chats and phone calls details! “Just how do they…?!” — he didn’t know what to say. He searched the web and found that it was the result of him allowing the FB Messenger app to access the above data… which FB then genuinely stored. In a matter of seconds, in a mix of emotions, anger, and amusement he proceeded to delete his FB account. “Now there’s no coming back (although FB waits 30 days before it actually removes your account)!” “No more social stuff!” Mr. X was really mad and sad at the same time. With this move, he knew his life will never look the same. I will be… different. But, deep in his mind, a thought persisted — What’s once shared, stays shared… forever. Naturally, this internal split and change really affected his psychology. He started reading even more about privacy and greatly limited his social engagement. He was a different person now.
He didn’t want to stop there. After he calmed down, it was time to take care of Google. He found a website where he could see all the data that Google collects about his web activity. After all that FB mess, he was expecting either something equal or worse. You probably know the outcome. With more than 50 GB of data about his Google+ activity, search history (which he didn’t clean very often), YouTube history, location data, and even all recordings of his voice when interacting with Google Assistant. He wasn’t really surprised by all the kinds of data he saw about himself, rather than their amount. On the website, he could also see his profile, with data about his age and interests. He was amazed by how detailed and correct this data was. Of course, there were also a number of files he stored on his Google Drive. All to which, Google had access. He proceeded with the same schema and remove all his Google-related data. He changed his browser to Firefox and his search engine to DuckDuckGo. He also moved all his files and the backup of all Google-downloaded data to his portable drive, which was a close friend of his from now on. Lastly, he wanted to cut off Google’s access to his Android devices with no big success, so he left this for later.
You possibly cannot even imagine how big of a change this was for Mr. X. He literally turned his life upside-down in a matter of days. He had to find alternatives to almost all his everyday tools, some that you wouldn’t even think of, like email provider & client, browser, search engine, and storage, all of which came at a cost. And with the removal of most of his social accounts, he also removed himself from countless services he previously signed too. This included e.g. Steam, which he wanted to get rid of too! His entire collection of games was backed up and move to secure local storage. From this point on he was mostly gaming offline, on his console only.
What’s more, he became a little closer friend to his PC. He didn’t rely so much on clouds or other services and thus he had to take better care of his devices. What’s more, when reading all that privacy-related stuff, he became more and more interested in the topic. Even to the point where he decided to learn how it all works under the hood and started to learn programming, software engineering, and web development. It felt quite easy and soon it became his passion. But he wasn’t done just yet…
A worthy switch?
The last tech giant that had its grasp on Mr. X’s data, and also PC was no other than Microsoft. It was one of the hardest choices that Mr. X had to make. To change the platform he used for such a long time. He considered going with Linux, but after some playing with it, he decided that it’s a bit too much of a change. So, instead, he tried to believe all of Apple’s privacy claims and migrated to its ecosystem. This also let him change his Android phone, which Google and other companies could spy on, to an iPhone (where possibly only Apple could spy). He knew that it’s not the best choice, but also that’s it’s the required one… at least for now.
We can safely assume that Mr. X quickly started to enjoy his new environment. In these good conditions, he could freely learn and broaden his knowledge. He quickly became a kind-of privacy expert. He was a fast learner and easily understand all this new stuff. Of course, spending less time on social media, watching YouTube, or playing games let him having more free time to spend meeting with his friends, reading, and doing other things in real life. During that time Mr. X was gradually removing himself from the web. He knew that what happened couldn’t be simply undone just like that. He wanted for something similar to never happen again…
But after a while, this whole privacy and the data-related thing started to seem a little bit boring to Mr. X. The number of limitations his new life had was just too much. That’s why he slowly and pretty much unconsciously started to limit his privacy efforts. Even to the point where he almost started to use iCloud!
That’s why something was doomed to happen. And it came up in a form of some issues with his new Apple ecosystem. It wasn’t really that bad, in truth, this could be seen as a result of Mr. X’s privacy aspirations. We’re talking about the T-series chip. The microprocessor that Apple puts in their devices for additional security, data protection, and all that good stuff. The problem is… it’s sometimes doesn’t work properly and our hero repeatedly had some problems with the external devices and software. This felt a bit annoying, but not that bad considering the privacy gains. That’s why it was yet another, big privacy issue that caused Mr. X to switch again.
As much as Apple considers itself a privacy-first company, it had some problems in the past with different small issues or other software problems that could cause some real damage to the end-users. This time it was the problem with the new iOS release and FaceTime. The bug allowed you to hear the voice of people you were calling before they actually answer the call. Reading about that, Mr. X got really depressed. He tried this trick with two iPhones he had laying around and, when the issue was confirmed, he knew he had to act. Even with Apple quickly taking the right steps to combat the bug, Mr. X lost faith in the ecosystem he grew to like over the last couple of months and decided to leave it.
After a lot of preparations and learning, he finally decided to switch to open-source Linux. It wasn’t just some random 3rd-party distro, but one he built himself using OSS software from the ground-up. This not only increased and tested his skills but also made him confident of his new privacy-first OS. Of course, he also included must-have support for TOR. 🚀 Then, he needed to make some changes to his mobile devices. He simply switched back to Android, unlocked it, and installed simple, fresh pure OSS Android ROM. With all this effort, he finally felt satisfaction from his doings.
Naturally, our story wouldn’t be complete with such a mere happy ending. It’s time for Meltdown, Spectre, and Spoiler to come in, but in a bit more… unexpected way! When our hero learned about mentioned security breaches, he acted quickly. As a processor isn’t something that he could change (it was a problem for almost all CPUs) just like that, he needed to find some good software patches. But he didn’t want to wait for the official ones to come out. That’s why, without much thinking, he found some random patch on the web and applied it. And that was it. After the next restart, the computer threw a message: “Your computer has been hacked! Pay 1M$ or all your data will be stolen and lost!”. Mr. X was really mad! He started to cry as he didn’t really know what to do. Enraged, he threw his computer out of the window and simply went out for a breath of fresh air.
When walking, all kinds of thoughts were going through his mind. He was thinking about the data he just lost. About what’s next. About what should he do to be even more secure. He thought about making his own OS, his own antivirus, or any other piece of crap that could help him and other people be more secure in this uncertain world. But he knew this was just too much! He needed something easier… He started thinking about living in a forest and being a monk. But this idea didn’t seem real too! And so… he needed to turn his life upside-down one again…
Fast forward a few months and Mr. X seems to have made a final decision. He returned to his old life, just with a few small changes. He again became an active social-media member and gamer. He kept all Windows, Android, and Apple devices he previously owned. He used all of them for different purposes. Ones for entertainment and others for work. He didn’t have any problems with data migrations, as all of this stuff was once again in the clouds. He also renewed many of his previously trashed services. Generally, he’s just the same guy we met at the beginning of the story.
Oh, and one more thing… Mr. X got a new job — at Facebook’s data collection and analytics department.
Just a nice story
That’s all! Do you like the story? Again, this is something very much new on this blog and I would really, really love to see your opinion through a reaction or a comment below. Of course, everything written above is just a creation of my imagination, but it’s also based on some facts (throughout time and space 🛸). All the references could and can sadly be experienced in normal, day-to-day life. That’s why we should know about them and keep our stuff secure — whether it’s online or offline. But, after all, I hope you had fun reading this or that I at least managed to keep you interested for a tiny bit.
So, what do you think about such storytelling? Have you ever thought about your privacy and data while using any kind of web service? Have you ever experience any similar privacy problems that Mr. X had? Or do you think that the story above is completely unreal (cause it really is) and you just don’t agree with some statements that it makes? I hope that it made you reflect on all possible privacy and personal data-related problems that you may have had in the past.
As always, thank you for reading this story! Follow me on Twitter and on my Facebook page (privacy 👻), or right here on Medium for more content about web development and similar stuff. Thanks again and hope you’re having a wonderful privacy safe day!