DEV Community

Cover image for OpenSource and Data Privacy.
V. Rohan Rao for GNU/Linux Users' Group, NIT Durgapur

Posted on • Updated on

OpenSource and Data Privacy.

Let's face it. Each and everyone of us have heard that Big Tech is "stealing" our data, and misusing it. We've heard of anti-trust lawsuits, hearings, everything. But have we ever wondered what exactly is this "data" which they steal?

And yes, why is it that big of a deal anyway?

Let's see why it is.

A lot of things come under the aegis of valuable data. If you're on your phone right now, and use Google Photos, open it up, there will be a mapping feature, which condenses your memories as heat signatures over a map for you to explore.

Alt Text

Pretty cool, right?

NO.

Not only is this the biggest ad company out there, but it knows the exact time, date, location and the nature of your activity, the people there with you, what sort of a phone you were using, and can use all this data individually and together to build a profile on your food, travel, socialising habits, interests and even financial and political beliefs.

And this is possible because most smartphone cameras store basic metadata about the photograph in your camera roll. There are ways to strip the metadata off of your photos, but by default this is how the system works.

And this is just your gallery.

Alt Text

Whatsapp and Signal.

Whatsapp uses the open-source Signal Protocol for it's messaging end to end encryption. Well, it claims to, anyway. That often gives users the idea that all their data is secure on Whatsapp, as no one, not even Whatsapp, can read your messages. True.

Completely honest? No.

The message's metadata, like the sender's and receiver's mobile numbers, the time of the message, and the IP addresses of the devices involved in the transmission, are still stored and recorded by Whatsapp.

This is still very much power in the hands of a Facebook owned company whose business model is based on completely closed source.

This is again, the same company, which only recently has become transparent on the "off Facebook" activity which it logs. Basically all your other apps which you use on your phone.

A very viable solution to the Whatsapp situation is Signal itself, as it strips all messages of the message metadata, and removes location/time/device metadata from any messages, by default.

We must Onion-ise 🧅

Alt Text

TOR, The Onion Router, is a name you might have already heard, most probably in the context of the deep/dark web. In the words of the great Wikipedia,

"Tor is a free and open-source software for enabling anonymous communication."

Chrome is also built upon the open-source browser Chromium developed by Google.

GitHub logo chromium / chromium

The official GitHub mirror of the Chromium source

However, it comes with minimal privacy protection measures, and if you think about it, Google being the largest online advertising firm (with Google Ads), it's against their interest to stop websites from collecting your data.

So they don't. Cookies persist on your machine unless you manually clear them, a simple browser scrape will dump every-single info about your local PC configuration( including IPs), its literally an open-for-all data buffet.

This is where TOR differs from Chrome.

The internal workings of TOR are beyond the scope of this article, yet its implications are not.

TOR's data encryption at every step throughout its global network relay keeps your identity hidden, thus making it almost impossible for any meaningful data to be extracted from your online activity.

No IPs, no locations, your online identity remains protected.

And it being open-source drastically reduces the time of the feedback-patch loop, as vulnerabilities are detected and patched super quick. The amount of data collection that occurs even at the smallest of websites when using something like Chrome is almost mind-numbing. Use TOR, get some peace of mind.

Here's the code for it

However, there is a caveat to all this power. Websites can detect when you are using TOR, and may choose to restrict access to some content, or even the site itself. Wikipedia, for example, does not let you edit articles if you are using TOR.

This is where we suggest another, much more robust solution to the online privacy problem.

VPNs

Ah yes, Virtual Private Networks.

The magical thing every single one of your favourite Youtubers seem to be advertising these days.

All your data encrypted, access to location restricted content, it all sounds magical indeed. But it comes at a price, literally.

VPNs, at least the ones you should trust, are usually subscription based services. VPNs are the best solution we have to this online privacy problem.

Popular VPNs include ExpressVPN and NordVPN (yes, I only know two of these, I watch the same Youtubers as you) provide you privacy in exchange for a premium price tag.

However there is a potential catch to this as well. Encryption occurs before data is sent out on the web, but how can you be sure that your VPN itself is not collecting your data prior to encryption?

Again, a classic

"Who shall watch the watchers?"

scenario.

This privacy business really is a pain in the compiler. Well I may still have and option for you.

ProtonVPN

Alt Text

You may have heard of Proton before, they provide the secure email service ProtonMail as well. ProtonVPN is also a premium service, although it does have a free tier.

ProtonVPN is different from the other services owing to the fact that its client applications are all open-source

GitHub logo ProtonVPN / linux-cli

Linux command-line client for ProtonVPN. Written in Python.

Any data collection that may occur has to take place at the client level itself. Having the client source code open source means we can easily go through it and check for shenanigans anytime we want.

This is a huge power move on the part of ProtonVPN to prove their stand on the no-data-collection policy.

Privacy, ground up.

Windows, remains by far, the most popular consumer desktop operating system. As an open-source club, the fact that Windows is completely proprietary, raises a lot of issues, but a few recent developments, have made the case very weak for Team Redmond.

Windows shows ads for various services, directly baked into the Start menu, Lock Screen, Action Center and Notifications even.

This is an operating system, which still sells licenses for it's real, fully-fledged copies. Forget safer networking, if advertisement APIs are baked into the very core of your OS, how can you ever be certain of their intentions?

Add to that DLL hell and Registry hell in Windows, and even third party applications can access sensitive permissions and data on a very trivial basis.

Let's see open source solutions to this.

Alt Text

This is Tails OS. Tails is an operating system which can be run in it's complete form from a thumb-drive, and has default network configuration to use Tor in all it's networking functions. It wipes all files, passwords applications as a part of it's amnesic approach, and doesn't interact with the hard disk of the system you're using as a system for it's Live system.

You can check out their code here.

There a lot of other privacy focused Linux distributions, like Qubes OS, which containerizes all applications to run independently, disallowing Read-Write access and network permissions on a granular level.

GitHub logo QubesOS / qubes-core-agent-linux

Qubes component: core-agent-linux

These are a few of the many, many technologies out there which promise internet anonymity. This might seem like a small deal, but in a world where companies like Cambridge Analytica try to influence global elections with news and counter fake news, wherein activists and journalists are hunted down for telling the truth, small steps, that's all we can take.

Data privacy being an actual issue might seem like some paranoid dystopia,but with us being at cusp of the AR/VR boom, wherein, wearable cameras will become a part of daily lives, it is important to take a step back, and look at where are we heading.

Until then, we must persevere.


We hope you found this insightful.
Do visit our website to know more about us and also follow us on :

Also do not forget to like and comment.

Until then,
stay safe, and May the Source Be With You!

Star Wars Who?

This article was co-written by

knightvertrag image

AND

vrohan image

Top comments (0)