Several media outlets that major on investigative journalism provide special ways for people to communicate with them.
If someone has a story they want Motherboard’s journalists to look at they are invited to send it in. But Motherboard is aware that anonymity (for which also read “privacy” in this instance) may be a prerequisite for a whistleblower or someone with, er, delicate info.
The site therefore gives a would-be informant advice about how to go about concealing themselves. Or should I say “how to try to conceal themselves”? Read on. Or read this if you really want to do a deeper dive using a different source.
The first thing that strikes you about the advice Motherboard offers is how detailed, extensive and complicated some of it is.
All this actually does is remind us how flimsy or insubstantial the whole online privacy promise is in practice, at least for the overwhelming majority of internet users. Maybe the the uber techies didn’t need reminding, but then….
Here are some choice extracts from Motherboard’s suggestions about how to proceed
While it may sound old-fashioned, using postal mail is still one of the safest, most anonymous ways to send letters, documents or even thumb drives”. (emphasis added by me).
It goes on
“If you choose to send us postal mail, please do not include a return address and mail your letter in an envelope from a sidewalk mailbox, ideally on a corner you usually don’t go to often. Do not use a post office and don’t take your phone with you”.
Welcome back the Penny Post
So there you are. For all the technological progress we have made, sticking something in a pillar box is still highly commended. Perhaps it’s the best as long as you remember to leave your phone on the mantlepiece and btw keep an eye out for CCTV. Take care not to leave fingerprints or dna on the envelope or its contents.
Then Motherboard says this
(Our) SecureDrop can only be accessed through the Tor network, which allows you to surf the web without revealing your true location, IP address, or other information that could potentially reveal your identity. Your communications will be encrypted and using this system offers a higher degree of security over regular email” (ditto).
But be warned
Note that even when using SecureDrop, Motherboard nevertheless feels obliged to point out to the unwary
“this system offers (only) a higher degree of security over regular mail.”
Key point: Motherboard is not promising or guaranteeing privacy even this way.
In fact they go on to say
“no system or technology can provide perfect security”.
Mark those words.
What else does Motherboard have to say?
“Tor protects your identity from the sites you visit, but a powerful adversary might be able to correlate the timing of the source’s home usage of Tor, plus the timing of the leak” (ditto).
Who are these powerful adversaries? They are state actors and their security services, although several tech companies can match or outfox them as can a host of nerds and sophisticated hackers.
Citizens of North Korea, you have been warned. Put not your faith in Tor.
People’s lives have been destroyed by false promises of privacy
How many cases have we heard of where someone has committed suicide or cases where people’s lives were ruined because they believed the sloppy journalism of the early days – and the still continuing days – or they believed the carefully crafted marketing which promised or implied anonymity/privacy but never delivered? Too many.
If everyone understood the internet was and in many places remains as leaky as a household colander there might be a little less misery in the world.
It really comes down to whether or not a bad actor can be bothered to pursue you. If they do and they have the resources and determination they’ll get you. That’s how I read it.
So when companies bang on about introducing end to end encryption to improve privacy they risk creating or perpetuating a dangerous lie. A myth that can cost people their lives or their happiness.
Yes certain steps can make incremental improvements to privacy. End to end encryption may be one of them but this should be the advertising slogan
“Get a bit more privacy but don’t forget when you are online you are never really private anyway. You have been warned.”
That’s not going to help stampede people into buying the product.
The truth, the whole truth and nothing but the truth
So be clear: when Facebook and others talk about or imply there is a “trade off” between absolute, guaranteed, unbreakable privacy and protecting children, they are not telling the whole truth and nothing but the truth. They are doing something else.
Increasingly I believe the move towards end to end encryption, at least in part, is about Facebook’s and others’ desire to limit or reduce the costs of moderation and inspection and to limit or reduce liability risks, either strictly legal ones or pr ones.
Facebook believes it is so big and effective as an advertising platform, howsoever individuals might feel, businesses just cannot afford not to advertise with them so the company really couldn’t give a flying fandango about the rest, or if they do it is in a very minor key. Hubris beckons.
In the week of a major global outage and in which a very public whistleblower revealed so many more unsavoury things about how the company behaves, I would start selling stocks in Clegg and Zuckerberg. Facebook seems to have become a permanent disaster zone. And it’s hurting kids.
Enough already. Maybe those who are rallying behind Facebook’s plans and attacking Apple’s would like to think again. Or if that is asking too much, could they at least modify their language and abandon Manichean metaphors?