There is an alarming lack of understanding of basic information hygiene among people at large. In the next decade, this is going to come back to bite quite a few people – but a better understanding of privacy is going to come from it. I sometimes explain the concept by thinking of credit cards, which mostly everybody has used and can relate to.
I sometimes ask people to visualize paying for something at a credit card terminal to introduce them to the concept of privacy. They see themselves inserting the credit card, entering the PIN, checking the amount on the display, and pressing the OK button to validate the transaction.
Then, I ask them, “Whom did you just give all your credit card details and PIN to?”
This question usually isn’t understood at all.
“Have you ever told your PIN to anybody?”, I ask them.
“No, never, nobody,” they usually say.
“But you just gave it to that terminal, along with your credit card details. Whom is the terminal transmitting your credit card details and PIN to right now?”, I follow up.
“You know, there’s no principal difference in telling it to me or to a credit card terminal. Once you give it up, once you enter it on a machine that not under your total control, it’s out there. You’re choosing to trust somebody to not abuse the full knowledge of your credit card details and PIN.”
“But who would –”
“You never know, right? That’s the whole point. The person who programmed that terminal is now in complete control of your credit card details and PIN. Only the person who wrote that code knows if somebody else knows about it, or if that person is choosing to keep that data, or if it was never kept. Therefore, you don’t know who else knows it. You can’t know. It’s gone. It’s out there. It’s not a secret anymore. This is the concept of information hygiene, and it has direct bearing on every aspect of privacy. Whenever you transmit or store something, you must ask yourself the question, who else can see this information? If the answer is anything else than nobody, for a reason you know rather than choosing to trust in something, then you’re effectively telling the whole world.”
That’s the question we must always ask. Who else can see the data I’m transmitting or storing right now?
For example, I never store anything on Dropbox that isn’t either heavily encrypted or is going to be published in a matter of days, because hundreds of thousands of people have full access to what’s on my Dropbox (the entire staff at Dropbox, the entire NSA, and every spy agency they work with). This is what I mean with knowing that nobody can access it – I am encrypting sensitive files before I’m putting them in my Dropbox folder, and absolutely not putting them there first and only then right-clicking and choosing “encrypt”, because if I do things in that order, it was published first for the world to see and then encrypted. Those small details don’t just matter, they are absolutely critical – sometimes a matter of life and death.
Now, compare the credit card scenario above with when I’m paying with bitcoin.
A merchant shows me a bitcoin QR code. I pick up my own terminal, my mobile phone, and scan it. The QR code contains the merchant’s bitcoin address and the amount to pay. I press “pay” on my own terminal, which is completely under my control, and the coin is transmitted to the merchant’s address by my mobile phone. No sensitive data ever leaves my control. I don’t tell anybody anything – neither human nor machine. Nobody knows my codes, keys, or PIN, and I still paid the money.
Information hygiene. Who can see your data? If you can’t answer that, you don’t know if you have privacy or not.
Privacy remains your own responsibility.