People who care about privacy online are often frustrated by the inability of the masses, often including their friends and family, to see the importance of using privacy-preserving online services. But companies like Google and Facebook work very hard to make sure people reach the conclusion that online privacy simply isn’t that important. The first and most obvious way they do this is by offering genuinely good services. Millions if not billions of dollars are used to develop Google’s and Facebook’s products to make them as seamless and user-friendly as possible. A FOSS, privacy-preserving alternative to Gmail for example, will often have trouble raising even a fraction of the funds available to Gmail to develop their product. While some dedicated and talented developers can make up for some of the lack of funding, even FOSS developers need to eat and they are competing against Google’s engineers and developers, who are well-paid, well-organized, and well-funded. Meanwhile, Google funds its services from selling its users’ data, meaning it can offer these services to them at no (monetary) cost. The FOSS developer has to therefore find a way to fund their project without charging the user at risk of being even a less attractive alternative to Google. Sure, they can proudly claim that they don’t sell user data, but to the average user, that’s likely not enough of a reason to sacrifice features and usability and perhaps having to pay a fee to boot. Many privacy-preserving FOSS products and services overcome these challenges and manage to use innovative monetization to build a niche market for themselves, but these are relatively few and far-between and are constantly fighting an uphill battle in an attempt to compete with big tech.
Big companies also rely heavily on the network effect. How can a FOSS, privacy-preserving messenger beat out WhatsApp or iMessage when choosing the alternative messaging service will mean being unable communicate with the vast majority of people who still use the mainstream services? The decentralized nature of something like XMPP is certainly more the exception than the rule when it comes to modern messengers and even an open-source, private messenger like Signal locks its users into using its servers to communicate. Google’s integration into Android devices is another permutation of the same principle. Why should a user bother looking for a different cloud storage provider or local backup solution that they will then have to configure when Google Drive is already integrated with their Android device, no setup required?
So convenience and price are clearly big motivators when it comes to why people ignore the privacy-invasive practices of big tech. But perhaps the most common reason people give is that they simply don’t care. Mark Zuckerberg infamously said in 2010 that “privacy is no longer a social norm.” And many people are quick to agree. “I have nothing to hide.” “It’s impossible to be private nowadays anyway.” “I don’t really care if Google reads my search history.” These are refrains familiar to anyone who has tried to convince their friends and family of the value of digital privacy.
However, I would argue that most people do care about their privacy. Claiming they do not is only possible because of the siren song of convenient services that big tech offers and the ignorance of what digital privacy really means. One of the strongest weapons that Google and other surveillance companies have in their arsenal is tracking opacity, the opposite of transparency. My impression is that most people are aware that Google stores and sells their “data,” but very few people have a concrete idea of what that means. And that is just how Google likes it. It is very easy to use Google services and forget that they are observing everything you do. They don’t announce it, it happens silently. Even when you open Google Maps and see a list of all of the locations you previously searched for, it is easy to see that information as only available to you. It is only available on your device after all, or only when logged into your account. Google never openly claims that this information is only available to you, but it works very hard to make you feel that way. In the early days of tech, almost all of our personal data was stored locally. This very much habituated us to the idea that only we had access to our data. In the decades since, almost everything has moved to the cloud, but our mindsets have not changed. The obvious differences between writing a digital diary on Microsoft Word in 1995 and on Google Docs in 2022 are the better features Google Drive provides and the convenience of being able to access the file on almost any device. The fact that in 2022 the data is stored on Google’s servers where they are freely able to do what they wish with it doesn’t come to mind. giving its users the illusion of data sovereignty is very much a deliberate design choice on Google’s part.
Tracking opacity generally manifests in two ways: (1) opacity of what data is collected and (2) opacity of how that data is used. Most people don’t realize that their Android phones are nearly constantly sending their physical location to Google because Google makes it very difficult to see that they are in fact doing that. Occasionally, Google or Facebook will slip up and reveal to their users just how invasive their tracking is, but at any hint of outcry, they will claim it was a “mistake” and make superficial changes which make the tracking harder to see without actually getting rid of it. Even if you do realize that your location data is being sent to Google, you have no idea what its being used for. Google and other companies make sure to have long terms of service agreements and privacy policies filled with legalese that most people will not have the time or energy to read and would not be able to understand even if they did. Even after reading and understanding these policies, the exact way Google uses to data is still incredibly vague. Phrases like “improve services” and “shared with our partners” are extremely general and tells the user almost nothing about what their data will actually be used for.
Is it any wonder that so many people claim to not care about their privacy when companies like Google make it so hard to understand what data is being collected and how it’s used? As long as this is unclear, people have plausible deniability. Paranoid, privacy-conscious people will assume Google is collecting all the data it can and using it for whatever purposes make it the most money, while less paranoid people won’t pay the issue much mind at all. Google has specifically designed a system so that they don’t have to.
Unfortunately, I have no real solutions to offer here. The best solution would likely be some sort of privacy transparency law which would require companies to simply, clearly, and explicitly outline what data is collected and how it is used. This would be far better than the current system of dense and opaque privacy policies which are designed to be impossible to understand and impossible to opt out of. Given big tech’s lobbying power, this is a far-fetched solution and would require real thought to implement properly in any event. Many FOSS projects do have simple and easy-to-read privacy policies, but perhaps some kind of standard short-hand for letting users know what data is collected and how it is used could be developed in the FOSS world? At the very least this could provide a template for any potential future data tracking transparency law to use. In the meantime though, we are stuck with using our best guess for how tech companies track us and use our data, which is just how they like it.