FLOSS after Prism: Anonymity by default

In my last blog post I discussed that we have to protect the user’s privacy better by giving the user the choice to decide which data gets submitted to services. In this blog post I want to share some thoughts about the case that the data is submitted and how to protect the user in such a case.

There are of course many legit online communications done by our systems. They should check for security updates, a weather applet might want to check the latest weather for the place you live in and so on and on. While this is obviously data the user wants to be submitted, the process of submitting the data is concerning from a privacy point of view. While it is in fact just meta data, it is telling a lot about the person.

Let’s just look at system updates and what they tell us:

  • Unique identification of the user through IPv6
  • Location of the user through the IP address
  • Identification of the used operating system (e.g. asking debian for updates implies you use Debian)
  • Interval in which the system is used (e.g. daily updates)

This is a rather threatening set of data especially if I think about that some proprietary software installed additional sources.list entries on my system (Google and Steam) without ever asking me.

But there is an easy way to protect the user’s privacy in such cases through anonymity. With the help of the Tor project it is possible to completely hide the information listed above. If the user cannot be uniquely identified any more, the information which can be derived from that gets lost. And that is a good thing.

Of course any user could just install Tor. But let’s face it: it’s difficult and complex and the user needs to know that Tor exists in the first place. It’s a nice solution for informed people like me, but certainly not for the vast majority of people for whom we develop free software.

So it is up to us to improve the situation. Why not integrate Tor (or similar services) directly in our products? For data like the weather applet it could just sent all requests through Tor and by that help to protect the users. Yes it requires more work from us developers, but in the end we are the only ones who really can decide whether it’s useful to use Tor for a given service or not. Let’s face it: for a Facebook status update applet using Tor is rather pointless. So let’s use anonymity where it is possible, where it makes sense and let’s integrate this information into the privacy center I proposed in my last blog post.