January 09, 2013

The Great Data Privacy Battle of the 2010s

As the Internet wars of the 21st Century roll on, it's worth thinking about how to build systems in the new context. My ruminations follow.

The map has changed substantially from that of the 1990s, or the 20th century. In the last decade, 3 groups became paramount and are now battling it out: Apple, google and Facebook. That war isn't settled yet, which keeps the media hacks writing something vaguely wise and exciting, keeps our headlines breathless and tempting (as above :) .

Although no winner is declared, the protagonists have changed the privacy map. Before, it was about keeping ones data carefully partitioned, giving corporations only what they needed to know, leaning on them to at least try to protect it, and preserve some sense of privacy policy. And keep away from those who were just scarfing it up for sales.

Privacy used to be relatively simple, although we didn't know it then, nor appreciate it.

What we have now is cloud - all your data are being collected in one place by one person. To stress the positive, this works. At least, the sum total of apps and services offered by each of the behemoths seems to be better for us if we follow without question, and we carry the risk unknowingly. And, far better than previous models even dreamed of (here, I'm thinking of Microsoft's 1990s worldview).

But there are many negatives. Privacy is a total nightmare -- all our eggs are in their baskets.

Reliability seems to suffer too. The great migrations we have witnessed from client tools to cloud apps have seen many failures. We see reversals, costly absences, and drop-outs too. I personally no longer trust my Calendar - one of the earliest and simplest apps of all - because Apple's migration to cloud failed and I could not recover the data nor usability of same without just signing on completely and utterly. Most of you will have your own stories (I see them every day on the lists).

Worse, most users will not realise that it wasn't their fault, that they are victims of the slow suffocation of a vaporous white fluffy juggernaut. It isn't just Apple; there are so many insistent "offerings" in google's products that just by clicking NO so many times, by mistake you will end up in cloud 9 without intending, knowing, or any chance of redemption. I hear similar things about Facebook.

This is all by way of reaching the following question: what is a poor app designer supposed to do? My choice is to use google apps everywhere, or not. Or Apple, or Facebook.

I think I have to design my own version of a privacy model. And, I have to do it in such a fashion that it is both implementable without the resources of a major slice of the stock market, and in a fashion that delivers most of the benefits in a controllable way. OK, and it has to run seemlessly across platforms, not chew up bandwidth on the android, and make tea on demand.

I would rather trust Apple with my privacy, and the privacy of my customers. Honestly, they do a good job at most things. But somehow, the switch to cloud has stripped that very trust away. Google & Facebook the same - whatever one thought in the past, things have changed.

(For those hoping for the solution, sorry. I'm still thinking. :) Today's rambling is just about why I can't see how to place my customer's data in their hands.)

Posted by iang at January 9, 2013 05:02 AM | TrackBack
Comments

If you're talking about your customers' detailed demographic or billing info, I agree that it doesn't belong in any of these three systems. But why would it be there? Do you blog your customers' names, store their addresses on your iPhone, or email their credit card numbers? If so, fail. This data should be in isolated systems that are designed for the bare minimum required controlled access, if it should be anywhere in your organization. If you can't find a SaaS vendor that provides this in a form you can use, then you have to build your own at AWS, a shared host, a VPS, or something like that. These vendors have much better security stories.

Posted by: Jess at January 8, 2013 08:08 PM

I encourage you to look at rsync.net, if for no other reason than to see an example of an organization "doing it right".

I could give you a nice testimonial representing my own experiences there, but it's quicker to just show you:

http://www.rsync.net/philosophy.html

http://www.rsync.net/resources/notices/canary.txt

Posted by: Cloud User at February 19, 2013 06:24 PM
Post a comment









Remember personal info?






Hit preview to see your comment as it would be displayed.