Posted on May 7, 2014 by Rick Falkvinge

Credit Cards, Bitcoin, And Understanding Of Information Hygiene

There is an alarming lack of understanding of basic information hygiene among people at large. In the next decade, this is going to come back to bite quite a few people – but a better understanding of privacy is going to come from it. I sometimes explain the concept by thinking of credit cards, which mostly everybody has used and can relate to.

I sometimes ask people to visualize paying for something at a credit card terminal to introduce them to the concept of privacy. They see themselves inserting the credit card, entering the PIN, checking the amount on the display, and pressing the OK button to validate the transaction.

Then, I ask them, “Whom did you just give all your credit card details and PIN to?”

This question usually isn’t understood at all.

“Have you ever told your PIN to anybody?”, I ask them.

“No, never, nobody,” they usually say.

“But you just gave it to that terminal, along with your credit card details. Whom is the terminal transmitting your credit card details and PIN to right now?”, I follow up.

“I –”

“You know, there’s no principal difference in telling it to me or to a credit card terminal. Once you give it up, once you enter it on a machine that not under your total control, it’s out there. You’re choosing to trust somebody to not abuse the full knowledge of your credit card details and PIN.”

“But who would –”

“You never know, right? That’s the whole point. The person who programmed that terminal is now in complete control of your credit card details and PIN. Only the person who wrote that code knows if somebody else knows about it, or if that person is choosing to keep that data, or if it was never kept. Therefore, you don’t know who else knows it. You can’t know. It’s gone. It’s out there. It’s not a secret anymore. This is the concept of information hygiene, and it has direct bearing on every aspect of privacy. Whenever you transmit or store something, you must ask yourself the question, who else can see this information? If the answer is anything else than nobody, for a reason you know rather than choosing to trust in something, then you’re effectively telling the whole world.”

That’s the question we must always ask. Who else can see the data I’m transmitting or storing right now?

For example, I never store anything on Dropbox that isn’t either heavily encrypted or is going to be published in a matter of days, because hundreds of thousands of people have full access to what’s on my Dropbox (the entire staff at Dropbox, the entire NSA, and every spy agency they work with). This is what I mean with knowing that nobody can access it – I am encrypting sensitive files before I’m putting them in my Dropbox folder, and absolutely not putting them there first and only then right-clicking and choosing “encrypt”, because if I do things in that order, it was published first for the world to see and then encrypted. Those small details don’t just matter, they are absolutely critical – sometimes a matter of life and death.

Now, compare the credit card scenario above with when I’m paying with bitcoin.

A merchant shows me a bitcoin QR code. I pick up my own terminal, my mobile phone, and scan it. The QR code contains the merchant’s bitcoin address and the amount to pay. I press “pay” on my own terminal, which is completely under my control, and the coin is transmitted to the merchant’s address by my mobile phone. No sensitive data ever leaves my control. I don’t tell anybody anything – neither human nor machine. Nobody knows my codes, keys, or PIN, and I still paid the money.

Information hygiene. Who can see your data? If you can’t answer that, you don’t know if you have privacy or not.

Privacy remains your own responsibility.

About Rick Falkvinge

Rick is Head of Privacy at Private Internet Access. He is also the founder of the first Pirate Party and is a political evangelist, traveling around Europe and the world to talk and write about ideas of a sensible information policy. Additionally, he has a tech entrepreneur background and loves good whisky and fast motorcycles.


VPN Service

Leave a Reply

Your email address will not be published. Required fields are marked *

1 Comments

  1. Austerus

    mainly reasonable argument. But if we’re talking payment, the circle of trust is extended.
    Nevermind that you are starting by trusting a bank to hold the object of your payment (presumably national currency). They (whoever programmed the bank’s system) has access to your money and your CC info.

    In order to get bitcoin, you need to turn currency into virtual currency. Somewhere along the way there’s a step requiring you to trust that info to whoever makes the exchange for you. That’s the bitcoin exchange for one and whoever happens to be along the way (to get to bitcoin there’s no straightforward, you need to either find an exchange that connects to your bank account or use a payment provider who holds an account in your name through which you pass the money – you are passing information in trust as well as your money, always losing as you convert a currency in another).

    And while the bitcoin transfer itself is anonymous, you are paying for something. Service or goods, doesn’t matter. To get a receipt to use as proof of purchase or for warranty, you will need to disclose personal information – again, in trust.

    You are focusing too much on the act of paying without noticing that the trail of getting there entails often more loss of privacy than it’s worth.

    4 years ago
    Reply