Privacy vs Convenience
As much as I despise most modern tech companies for being invasive data hungry monsters, I have to admit, they do offer a lot of features that make life better. Luckily, there are a lot of FOSS alternatives that can replace their counterparts and actually respect your privacy. However, I’ve come to realize that this isn’t as straightforward as it seems, and having tried to live with more privacy respecting software, its abundantly clear to me that there are many downsides to doing so.
RCS
If you somehow haven’t noticed, but it feels like half my posts are about secure messaging. Its an important topic to me precisely because of how much of our modern lives are lived through messaging. I probably send hundreds of messages a day to friends, family, and coworkers. Some of these are not much more than casual small talk, but often times they contain more sensitive information I don’t want to publish to the world. Sure, most messages may be trivial, like a photo of my lunch or some remark on a piece of media, but I still want control over who gets to see it and who doesn’t. Encrypted messaging ensures that no third party can be snooping around the contents of my messages.
And while I’ve talked about some possible messaging services that could act as better alternatives to whatever is popular these days, they all fail in one regard: nobody uses them. Well, not that no one uses them, its more so they haven’t penetrated the general population. And frankly, that sucks. It turns out, its really hard to convince someone to download an encrypted messaging app. Often times, you just come off as a nut case for caring about your privacy. I can’t comprehend why people seem to not care, but its the world we live in. Somewhat luckily, encryption is now becoming more standardized. Introducing RCS, the not so new replacement for SMS. RCS has actually been available for a few years now, but the reason its relevant today is that with the new iOS 18 update, RCS support is now built into iMessage. This is a huge deal because (a least where I live) iPhones dominate the phone market. Now I can get private messaging with anyone without having to get them to download another app.
But, of course, there is a catch. The only apps that support RCS on Android are Google Messages and Samsung Messages. There are no alternatives, proprietary or open source. This really doesn’t thrill me, because despite having contents encrypted, the creators of these apps still have access to all the metadata behind your messages. Things like who you’re talking to, when you’re sending it, and things like if attachments are present are all visible to these companies. And you may think that its minuscule compared to the actual contents, but let me remind you of this quote by Michael Hayden, former director of the NSA:
We kill people based on metadata
If its important enough for the NSA to make such heavy decisions on, then it must have similar value to companies invested in selling your personal data. Its part of the reason why I’ve grown to like Signal so much, they don’t collect or store any metadata. It leaves me in this conflict, part of me wants to be as private as possible, I don’t want to have to compromise on my privacy to talk to people in my life. But if I take the more convenient option, sure I get access to RCS, which is still better than SMS, but I still have to compromise on privacy, which doesn’t feel so great.
Mobile Wallets
Somewhat recently I was having a casual conversation with someone. The topic shifted to public transit and then they were showing me their expansive collection of transit cards. Very cool. But then they took out their phone and opened a mobile wallet app to show me they had virtual cards on there. The first thing out of my mouth was “Why?”. I simply didn’t understand why you’d want that. It wasn’t just transit passes, it was credit cards and state identification. They simply shrugged and replied “Its more convenient” before shifting to another topic.
Even now, I still sit here and scratch my head. I looked up the whole state identification thing and apparently its only used with the TSA. I suppose if you fly a lot within the USA it could be convenient, but it seems like a lot of sensitive data to just have at a moments notice. To be fair, the physical identification card is in a similar predicament, given its just some thing most people always carry with them, but to me it feels less secure kept on a mobile device. Same goes for adding payment methods. I get the appeal, but having the physical thing seems just more practical. Maybe its also just a segmentation thing; Having things separated keeps the attack surface down and reduces complexity.
I can’t deny the appeal though. The minimalist in me wants less, so moving to a digital wallet would mean I have one less thing to carry. Never mind that I still have cards that cannot be put into one, such as my cards for the arcades I frequent. I like the idea of the convenience, it just seems like a privacy nightmare. These apps can hold all this sensitive data, how can I trust them to be secure when I only have their word? Why should I trust a company like Google with not only my card data, but also all the metadata created whenever I use it from the mobile wallet? To me, it doesn’t make any sense to use for the important things, and yet that is precisely where the most convenience can be gained from such a thing. However, it does mean for more simple things, like loyalty or gift cards, it makes more sense to use. Especially when you consider privacy respecting wallet alternatives exist for such cards.
Social Media
Alright, yeah, this is a bit of a cop out. Social media is one of the worst things in terms of user privacy. Its designed to learn everything about you so the algorithm can best exploit your time and show you invasive ads. But I’m not here to talk about that, as much as I think its bad. I’m more so here to talk about how social media isn’t an open platform, its closed off to the world at large.
Consider the following: have you tried using any major social media platform without an account? Its impossible. Maybe at best you can view a post if you have a link to it, but god forbid you see any replies or view a profile. Navigating these sites become impossible for someone who doesn’t want to give up their privacy, and normal people seemingly cannot wrap their heads around this. If your aim is to distribute information to the masses, say as some sort of organization, you cannot put something like “See our Instagram for more details”. You inherently exclude everyone who doesn’t have an Instagram account from participating. The exclusion of outsiders forces you to sell your privacy for information that was intent ended to be free. Its a bad decision.
The other thing I want to complain about is how they lock people into platforms. I’ve touched on this a bit with my rambling on RSS and the fediverse, but if you build any sort of following or network of relationships on a social media platform, they only exist on that platform. They’re closed in. If you needed to migrate platforms for whatever reason, say the social media site was becoming blocked in your country, you have to abandon everyone on that old platform and rebuild any connections on the new platform. Its this intentional lock in designed to remove your freedom. I don’t want to forfeit that, but because major social media platforms don’t offer more open ways of interacting with them, you have to give up your privacy to have the convenience of using them.