June 15, 2020
Back when our lives were not dominated by digital communications, eavesdropping on someone was expensive because it required people to do it. Letters had to be opened and copied. Microphones and tape recorders had to be discretely installed to record conversations. In the past twenty years things have changed, however: the number of intermediaries we use to communicate with one another has exploded, and surveillance is now automated. Not a year goes by without headlines in the news reminding us how much the State or corporations take advantage of these technological developments (and related changes in society) to exploit the private data of citizens, human rights defenders, and journalists. Just a few months ago a whistleblower revealed that Siri (Apple’s vocal assistant) recorded private (and sometime intimate) conversations. People were even paid to listen in on these conversations and provide feedback to Apple for quality improvement.
The problem is so broad that solving it is a very ambitious undertaking. Even now, however, it is possible to take measures to significantly reduce one’s exposure to the automated eavesdropping that governments and corporations are engaging in. End-to-end encryption is the first efficient countermeasure, but it’s not (yet) a universal solution because some intermediaries - such as videoconference services - resist encryption by implementing it only partially. The second countermeasure is to simply eliminate the intermediaries by communicating without them.
Contrary to what spy movies suggest, the Electronic Frontier Foundation explains that “(e)ncryption is the best technology we have to protect information from bad actors, governments, and service providers, and it has developed to the point that it is virtually impossible to break — when used correctly”. Quantum computing may change this in the future but, for now, it is impossible to decrypt a message without guessing the associated password. This is a good thing when we remember that this is what banks rely on to protect online money transactions!
Encryption is so efficient that, in the 1990s, people were even sued by the U.S. government for creating cryptographic software. Even into the 2000s, encryption was an expensive proposition and, naturally, websites rarely used it. Mass surveillance programs were able to listen to over 60% of websites and record all information passing to and from websites and their users for the plain and simple reason that, without encryption, these communications could be read by anyone - similar to information written on a postcard and sent through the mail.
Nowadays, the trend is inverted: over 80% of the web sites are encrypted, with no significant additional cost. This change is primarily motivated by the security improvement it brings but it also protects the private data of millions of Internet users. You could say that security and privacy are two sides of the same coin.
Why not follow this trend and encrypt emails, text messages and documents on our mobile phones and computers? In some cases encryption is already there. In the past few years, Apple and Android mobile phones are delivered encrypted by default. Computers are not (yet) encrypted by default but the feature is (most of the time) easy to activate when it is installed or at a later time. However text messages (SMS) are not encrypted and will probably never be.
Encryption works and is becoming ubiquitous, but it will take some time before 100% of our data is protected. There are also cases where encryption does not protect as much as we think it does, as demonstrated by videoconference services. To protect the information we exchange by videoconference, we have no other option but to get rid of the intermediary, since that intermediary has access to the unencrypted communications and is in a position to take advantage of that access.
“Get rid of the intermediary” is easier said than done, though. How to proceed? In the early days of an organization, it gets by with what is available and with the advice of people who are available at the time. When special care is required to protect communications (organizations focusing on protecting whistleblowers, for instance), it makes sense to improve gradually as the organization grows. The following text describes some steps that can be taken, illustrated with concrete examples.
1. File sharing
Here is a typical example: an organization is drafting its bylaws. Several people are involved, and they each live in a different city. All communication between them takes place online. They draft the bylaws document collectively on Google Docs and the document is stored in a Dropbox folder which is automatically synchronized to the laptop of each person. This approach is handy, but a little invasive: Dropbox requires that software be installed on every machine and there is no guarantee that it does not contain spyware. And trusting Google with all our data from the beginning by using Google Docs is not a good first step. To address this, we replace Dropbox with Nextcloud and Google Docs with Collabora. Not because they offer more features or a smoother user experience, but primarily because it is possible to use them without relying on an intermediary.
Instead of installing Nextcloud ourselves, we could rely on an organization such as Indie.host who proposes to host it for us. Now, Indie.host is still an intermediary, but one with a better reputation than Google or Dropbox. But why replace one intermediary with another when we could install Nextcloud on servers we rent ourselves (at Hetzner, for instance)? Of course that’s assuming someone with the required technical skills is available. Finding a like-minded person with such a skillset may sound unrealistic, but it’s far from hopeless: movements such as CHATONS greatly facilitate meeting geeks willing to help.
Said geek would have noticed that by installing Nextcloud ourselves an intermediary was introduced although it is not visible to the user: Hetzner, the company leasing the servers. It is however less invasive than, for instance, Dropbox because it does not require the installation of software on each laptop. Also, crucially, we can encrypt the disks on the server, making it more difficult for the intermediary to read our data.
Step 1: exit Google Docs, exit Dropbox.
2. Hosting other services ourselves
Why stop at file sharing?
It should also be possible to replace Slack, our instant messenging service, with Mattermost or Rocket Chat. But money is tight so we need to be very careful about how much it costs. Since Slack is free at the beginning, it’s tough to beat. And since the overall bill increases with each service we add, it’s time to make a budget. The cheapest server rentals in France are OVH and Scaleway. Including backups and various service requirements, the average is around 5€ per month per service. It’s a reasonable price to get rid of an intermediary and when we take a look at their pricing policy, it’s even quite cheap in the long run.
In addition to instant messenging, we can start using a forum such as Discourse. Slack conversations are not easy to follow when they span multiple days. A lot of time is lost searching for past discussions. The problem is the same with Mattermost for a simple reason: it’s not designed for this purpose. Asynchronous communications - messages exchanged over a long period of time - require a different kind of user interface. So, we install this forum and, at the same time, discover a useful new service without adding a new intermediary.
And, while we’re at it, we replace a handful of other intermediaries: Nextcloud polls instead of Doodle, and Nextcloud calendar instead of Google Calendar. We can also install WordPress.org instead of using WordPress.com hosted at Automatic. And Jitsi instead of Zoom, etc.
Step 2: exit Slack, exit Doodle, exit Google calendar, exit Automatic, exit Zoom.
3. What about email?
Some intermediaries are less conveniently discarded - in particular, those involved in the routing of emails.
For emails that cannot be encrypted (most often because the recipient or the sender does not know how), we could attempt to host our own mail server instead of using, for instance, Gmail.com (so that Google does not keep a copy of our mails). However, this becomes a futile exercise if the people we communicate with stay on Gmail.com. And even if they started running their own mail servers, too, we should not forget that an email does not go directly from the sender to the recipient. It is stored on a number of intermediate mail servers and any or all of them might retain a copy. Here is a real example of an email related to BigBlueButton:
- Sent by Fred Dixon firstname.lastname@example.org
- Mail server 1: github-lowworker-0f7e7fd.ash1-iad.github.net
- Mail server 2: out-6.smtp.github.com
- Mail server 3: in13.mail.ovh.net
- Mail server 4: vr28.mail.ovh.net
- Mail server 5: output2.mail.ovh.net
- Received by Me email@example.com
It follows that if we host the mails received by myself.org, we’re only getting rid of one intermediary and there is nothing we can do about the other five.
Since email encryption is not a trivial problem and we can’t hope that it will be ubiquitous any time soon, the other option we have is to work around the problem by using a different communication channel in lieu of email. A forum has the same properties (Discourse, mentioned above for instance) and is suitable to discuss matters such as the agenda of the next general assembly. A topic is created via the web interface of the forum and every member can reply instead of exchanging emails.
Step 3: exit Gmail.com (almost)
The adventure does not stop here and there would be much to discuss about acquiring the proper hardware, software installed on mobile phones, etc. Fortunately, thanks to collectives like CHATONS, it is possible to meet friendly people who are willing to help us find creative solutions. Getting rid of intermediaries may seem like an attempt to live in isolation, refusing what the Internet promises to deliver. On the contrary, it is a collective adventure open to anyone who is not reluctant to use and facilitate end-to-end encryption. Once everyone is on board, all organizations - even those with high standards - will be protected. But this world does not yet exist: it falls on us to build it. In the end, it’s not that complicated and not that expensive, either.