🔗 Privacy and the Future of the Internet

The Internet is at a critical juncture. As it has been for the past decade or so, those who care about privacy and social morality are (practically) barred from participation in interest-based "focus groups", because most of them are still on Facebook, Twitter, YouTube and other anti-social networks. Even websites that have nothing to do with these networks have forgone self-management of user accounts in favor of "social logins," which are only useful until Facebook blocks your account and you realize you're now blocked from everything, and the only customer support available is provided by bots who were programmed to fix nothing and provide no information. Government-provided services around the world are becoming more and more difficult to receive without installing apps spyware on your smartphone. Search engines grow more and more unusable every day, and our ability to self-govern is being taken away by money-hungry startups and corporations who are looking to "make the world a better place." Finally, the Internet as a whole is now nothing more than a shopping mall, where visitors implicitly consent to being searched.

Privacy isn't the only thing we gave away in return for the ability to see videos of women twerking, read politician-driven flame wars, receive spam emails for free, and increase our credit card debts in one-click. Social networks have a tremendously negative effect on our mental and physical health. The Internet of the Apples and the Amazons has even destroyed the concept of ownership: buying something no longer implies ownership, and sellers are free to take your purchases away from you with no warning for any reason, and you may never be told that reason too. Small businesses that rely on for-business features provided by these platforms suddenly lose their livelihoods when their accounts are banned for unknown reasons.

There's a lot more that is wrong with the Internet, but I want to stay focused on privacy and social networking in this rant. When it comes to these two, things are beginning to change. Data and privacy regulations around the world are getting complex, and Facebook has finally started its long-awaited journey towards death. Yes, many people are arguing that this is not true, but I think it's quite clear that the people running Metabook have no idea what they're doing, and their chances of weathering the storms they've put the company through are not looking good. Privacy advocates actually owe a debt of gratitude to the Zuckerberg empire, as its unconscionable behavior and frequent scandals have made it clear even to the layperson that privacy actually is an important and basic human need; that our private data is being abused; and that privacy is not only meant for criminals and terrorists.

The data behemoths are finding themselves more and more tackling not with the complexities of scale, but the complexities of the law. Certain jurisdictions have enacted, or are currently in the process of enacting, laws that limit the ability of corporations to collect, store, transfer and share the private data of their citizens. These corporations have responded, as they always do, with the sending of lobbyists to convince lawmakers to cancel plans to enact these laws. Lobbyists with deep pockets aren't the only ones who are trying to destroy pro-privacy laws. Some governments are going the other direction and trying to pass anti-privacy laws, such as the UK's attempt to outlaw encryption, or the EU's proposed Digital Identity Framework, which will force browser makers to reduce security and self-governance for EU residents.

Some of these campaigns will succeed, some won't, but I believe the end result will be the same: these platforms will be forced to create different versions of their services for different jurisdictions (just as they currently do for different devices, but there are a lot more jurisdictions than there are devices), or drop some jurisdictions altogether (which is what they're threatening to do, or are doing, but they may find that the voids created by their absences are quickly filled). Some jurisdictions will require data to stay within their borders. Some will require encryption. Some will disallow it. Some will allow sharing data with advertisers, some will not. The revenues of our beloved corporations will suffer, something their CxOs will offset by downsizing, cutting wages, and buying more houses.

As for the people themselves, privacy-awareness is growing, and those who are aware are starting to take note of the Fediverse. Frustrated people who still remember the early days of the World Wide Web are now trying to recreate it. Things are indeed happening, but this won't be enough. Federated services are still too specialized and complex to be attractive and viable to the layperson, for whom the only real option is to use "public instances" whose existence relies on the goodwill of other people. While these are safer than the "normal" platforms—due to the open source and privacy-focused nature of their underlying software—they keep some of the issues and bring new ones to the mix:

1. Instance creators do not have the money to maintain scalable instances, so their performance is often bad.
2. Instance maintainers do not have the time nor resources to moderate them.
3. Public instances can disappear from the Internet at any point with no warning.
4. Your identity is still tied to the account you've created on the public instance^*.

And regardless of public instances, understanding how to integrate and synchronize with other instances (the idea behind federated services is that one can access content from any instance regardless of the instance they're actually using) is out of reach of the layperson, who will not read technical documentation in order to do this. I am not trying to take away from the goals, vision and work of protocols such as ActivityPub, or to say that they are bad/unfit, just that they cannot fix the problem by themselves.

As for point four above, IndieAuth looks promising, providing a facility to sign-in to various services using one's own domain name, but it remains to be seen to what extent it will be adopted, and like other parts of the Fediverse, it is too technical. You may say that it's fine: the more technically inclined people will use their own domains, and everyone else will use public instances. And maybe that makes sense, but it doesn't solve the aforementioned issues.

In the end, out of the ashes of Facebook's demise a new winner will rise, and I don't think it'll be one of the other mega-popular platforms that are already out there, not even Twitter, which is apparently where politicians work and run their countries these days. The mess that will be created by all the incompliable, incompatible and contradictory laws that are being enacted around the globe will also create a new giant. The incredible growth of the human population and the widespread availability of the Internet has made it more lucrative than ever to abuse people's rights and to abandon every modicum of moral code. The people of the world cannot afford to let that winner be another start up founded by another starry-eyed white boy hell bent on raising as much money as possible from a board of obscenely rich white men and reach that $1B valuation by any means necessary.

No, for privacy to prevail, the web needs to be prepared before the new Goliath rises. I can't claim to have the answer, it's a complex issue. Something that makes federation globally, easily, reliably, and potentially freely accessible will need to be created and adopted en masse. Current attempts are admirable, and have more potential to successfully navigate the complexities of worldwide laws and regulations, but the technical and financial barriers are currently too high.

Or maybe I'm reading the situation entirely wrong, and nothing will change, what the hell do I know.