Why is a Centralized Internet a Bad Idea?#

The Internet was not meant to look like we know it today. Originally, it was much more decentralized. The inventor of the world wide web, Sir Tim Berners-Lee did not intend to have a few tech company giants controlling all our data.

How did we get to this point and why is centralized Internet bad?

Let’s explore how the Internet became centralized (or how we allowed Google, Facebook and other big tech companies to control our data) and what we, as netizens, can do about it.

From Decentralized to Centralized: How the Internet Became Like This?#

The Internet traces its origins to the ARPANET network, which was initially created in the 1960s to connect academic and military networks in the United States. However, widespread use was not really possible until much later, in the 1990s, when Tim Berners-Lee built five crucial tools for the web:

1. Hyper-Text Transfer Protocol (HTTP)
2. Hyper-Text Markup Language (HTML)
3. The first web browser
4. The first HTTP server software
5. And the first web page

Back then, the Internet was a bit of a wild west. Anyone could publish anything and you didn’t have to rely on a single company or service to do anything.

However, soon this became too chaotic and most users started looking for what looked like a more organized Internet. This allowed companies like Google and Facebook to start dominating vital Internet services like email, search and social media by getting more and more control over users’ data.

Soon, this data control became so big that, if you ran a company and wanted to have a presence online, you had to play by their rules. Otherwise, your content stood no chance of being discovered.

What’s Wrong with the Centralized Internet?#

No doubt that, for an average Internet user, the Internet as it is today is perfect. Google, in particular, with its many interconnected services such as email, search engine, calendar, drive storage, etc. has made it all incredibly convenient and easy to use.

That said, there are many more flaws to the centralized Internet than there are for a decentralized one.

We’ll name just the biggest 3.

1. Single Point of Failure#

What would happen to your data if Google suddenly stopped working?

This seems highly unlikely from our perspective today, but is it impossible?

For example, Google officially left Russia after the government there had frozen its bank account.

Google had issued a statement about the situation:

“The Russian authorities’ seizure of Google Russia’s bank account has made it untenable for our Russia office to function, including employing and paying Russia-based employees, paying suppliers and vendors, and meeting other financial obligations.”

Up until that point, Google was the second largest search engine by market share in the Russian Federation, behind YANDEX with 47.23% market share versus YANDEX’s 50.18% in April 2022, according to figures by StatCounter.

At the same time, when it came to search engine traffic distribution, in Q1, 2022, Google was also second with 37.79%, behind YANDEX with 60.98%, according to Statista.

2. Single Source of Information#

The centralized Internet doesn’t just give you a single point of failure, but also a single source of information.

We believe that we are much better informed today than our fathers and mothers or our grandparents before them thanks to the Internet. But if you have to use Google to search for information and then rely on whatever they deem fitting to be on the top (which will always be some large website), how much of a choice there you really got?

In fact, according to estimates, Google handles around 8 billion searchesevery day and 77% of users check Google at least 3 times per day to search online.

The bottom line is this - if you have a question, Google will pick an answer for you.

And that answer may not always be accurate.

For instance, in 2017, Google News cited fake news from a popular imageboard site 4chan in relation to a shooting at the Route 91 Harvest music festival In Las Vegas, Nevada.

Namely, six 4chan threads “identified” the shooter as Geary Danley and Google picked this as “Top Stories”, when the real shooter was a man named Stephen Paddock.

And that wasn’t even the end of it. Two trending stories regarding the shooting on Facebook came from the Russian government news agency “Sputnik”, which falsely claimed that the FBI had linked the shooter to a terrorist organization.

Another situation that showed that Google shouldn’t always be trusted could be found in its featured snippet.

If you’re unaware of what a “featured snippet” is, it is basically a highlighted excerpt from a text at the top of Google’s search results page. In other words, this is “Position 0”.

Technically, this position is reserved for the most accurate information on Google on a certain topic, but that’s not always the case.

In 2017, for instance, if you googled “presidents in the klan”, you would get this result in your featured snippet:

Then, another search, this one for “presidents in the Ku Klux Klan”, served a slightly different featured snippet, with some different names:

Of course, there is zero evidence that any of these presidents were ever in the KKK, but this only shows that Google search can be manipulated to spread false information.

The reason for this is that Google uses several different signals to determine what will end up on top of its search results. In the case of the Las Vegas 2017 shooting, the fact that there were very few searches for Danley's name meant that Google News would pick this news as “fresh” and put it under “Top Stories”.

A statement from Google explains what went wrong here:

“We use a number of signals to determine the ranking of results - this includes both the authoritativeness of a site as well as how fresh it is. We’re constantly working to improve the balance and, in this case, did not get it right.”

3. Who Owns Your Data?#

Finally, we get to the biggest issue of centralized Internet and that is security and privacy.

If all your data is saved in a data center that is controlled by Google or another big tech company, can you say that you “own” your sensitive data?

This problem is two-pronged.

On one hand, there is nothing stopping Google, for instance, to deny you access to your own data. Since the data is stored in the data centers that they own and control, they can, technically, do just that and you wouldn’t have much say in the matter.

On the other hand, and this one is connected to a single point of failure that we mentioned earlier, having data from billions of users stored in one place will naturally attract bad actors like state-sponsored hackers, with the idea of stealing personal information from so many users.

Conclusion#

In a way, we’ve come full circle when the Internet is in question. In the early days of the net, there was very little order and even fewer rules. Everyone could post anything and things didn’t always run smoothly.

Over time, however, everything started becoming siloed through a handful of big players, including most importantly, our own data.

Well, it’s time to get your data back and decentralized Internet, using blockchain technology, looks to be the solution we’ve been waiting for so long.

Account Settings Page, Contact Page Redesign and Improved Network Stability#

Over the last couple of months, in between our weekly games of pickle ball and occasional Playstation FIFA breaks, we have been hard at work to bring stability to the Telios network, in the form of a faster app and more reliable email delivery.

Alongside we have also added an Account Settings page which will later house our paid tiers and we gave the contact page a much needed facelift.

We've put our blood sweat and tears into this release, we know there are still some bugs and area of improvements. More stability to be had, more features to develop and refine, and aspects of the UI/UX that aren't consistent across the board but we are freaking proud of what we have accomplished with our small team.

Building a fully encrypted and private decentralized email protocol/service is a tall order, and I'd be lying if I told you this is a walk in the park. Truth is, this project has tested our limits both mentally and emotionally but it'll all be worth it.

So if you're a beta tester and you're digging this project, let it be known it helps fuel our fire of innovation.

Enough of the ramblin'

You will find below a quick summary of has been done, broken up by section of the app.

Mailbox Page#

• Performance improvements on loading time and retrieving emails from data store
• Updated and moved the Sync Message notification. It will now appear at the bottom of the mailbox folder navigation.

Contact Page#

• Design update - check it out it looks completely different. Nicer to use I'd say.

Account Settings Page - NEW#

This is brand new and didn't exist before. It's just a humble beginning but eventually this section will house a lot of the control to customize your Telios experience. At the moment we have 3 tabs.

• General Settings: Add avatar, add display name (name that will be attached to your email when sending form primary account).
• Plan/Billing: Houses account limits and what plan you are on.
• Security: If you're curious about the keypair your device generated you can find them there.

The things that are important but can't see#

• We've started Mobile development and have a rough draft in testing. We were able to send and receive emails from it which is pretty amazing. It sounds trivial but don't forget we're on top of a decentralized peer to peer network.
• The backend was completely re-written and the hypercore updated to the latest version available.
• A migration script was develop to migrate existing user onto the latest core.
• We modified the architecture a little bit to allow password recovery, this isn't in the UI yet but will be soon.

What is the email metadata?#

Did you know that your email metadata might be even more relevant than the email body itself? This is the reason why encrypting it is key to maintaining your privacy.

But, first thing first, what is your email metadata? It is the bits of information contained in your email header:

• The sender
• The recipient
• The timestamp
• The location

That’s already quite a lot of data, and you know that when data is processed it becomes information! Almost a decade ago, the MIT Media Lab created an application that would allow users to track their own metadata from their Gmail emails. It revealed people’s personal networks and the frequency at which they would interact with them, thus exposing personal data and relationships.

How does Telios encrypt your metadata?#

This is why Telios decided to encrypt both your email content and metadata!

The way it works is by using the secret sealed box encryption method. Meaning this encrypts the sender’s metadata outer layer with the receiver’s public key and the sender’s metadata inner layer with a temporary key pair to preserve the sender’s anonymity.

With us, all contents and destinations of your email remain private!

How can you securely communicate over the Internet?#

So much information is transmitted over the Internet. And even though you might not be planning the next money heist, I bet you would rather be confident that sending sensitive information such as your credit card, your social security number, or even your home address to a third party, happens securely. But what kind of magic allows you to securely communicate over the Internet?

It is called public key encryption.

Symmetric Encryption#

The way people used to do things before, was using a secret key that would modify the content of the message and make it unreadable for anyone not having the secret key. This method is called symmetric encryption

However, for this method to work you need both parties to exchange the key without risking having someone get a hold of it. We all have the image of spies meeting in a park to exchange a secret envelope to be able to access a piece of specific information. But, exchanging the secret key in person becomes very inconvenient if you're not in the same location. Plus, you might wanna send information over the Internet and you need a secure way to do so. But how can you send the unencrypted secret key over, without exposing it?

The solution is called asymmetric encryption.

Asymmetric Encryption#

The way asymmetric encryption works is by generating 2 keys. Let's call them key A & key B. They're linked in such a way that anything you encrypt with key A can be decrypted with key B but you cannot guess one key from the other. If Youri and Gareth want to securely communicate, both will generate a pair of keys, a private and a public one. The private key is to be kept private and the public one can be published pretty much anywhere over the internet. Because one key can decrypt the other Youri will encrypt his message with Gareth public key. And Gareth will be able to decrypt Youri's message using his own private key.

Once you understand the concept of public key cryptography. It will help you to better understand how we can securely communicate over the Internet by digital certificates and signatures. Cryptography is very powerful and is a requirement to guarantee more privacy for users!

P2P protocols to pave the way to decentralization#

Decentralization tends to be associated with blockchain. But blockchain is a distributed ledger powered by a peer-to-peer network. What it means is that decentralization is made possible by peer-to-peer protocols that allow multiple devices to receive and distribute information instead of relying on a central server. Decentralized protocols can be applied for different use cases: financial transactions, file sharing, social media platforms, and you guessed it, emailing. In a decentralized architecture, computers - also called peers - are equally privileged participants in the network. They are both clients and servers at the same time.

But what does it actually mean?

Instead of downloading a file from a central server, a peer can request the file from other peers connected to the network, while sending it to other devices asking for it. It's a two-way road! The advantages are:

• Equalitarian networks.
• No single point of failure
• Increases scalability

Telios uses a decentralized peer-to-peer network called Hypercore Protocol to send emails from one device to another without the need for a central server. This architecture gives users the peace of mind their data is private and only being read by the recipient. To ensure complete privacy, data needs to be encrypted when being sent over the network. Found more about it here (link).

The foundations of the Internet#

The Internet is currently undergoing massive change towards decentralization. Web 3.0 is coming and a lot of disruptions with it. Telios is a decentralized email service on the leading edge of this transformation to Web3.

But before diving more into the new era of the Internet, let's understand its foundations!

We tend to think that it happens in the cloud but in reality, the Internet is a wire buried in the ground. This wire allows computers connected to it to communicate together. These computers are called servers. They communicate using the Internet Protocol and each server has a unique Internet Protocol address that you probably know as “IP address”. IP addresses are logical numerical addresses that work as locators, letting other computers know where to send the message.

You’ve all heard of google.com or netflix.com but behind the names are IP addresses. Names were given to IP addresses to help us recognize them.

When you want to send an email to a friend. Your computer connects indirectly to the Internet by going through an ISP, an Internet Service Provider. You will log into your email and send your message using your friend’s email address who will be able to retrieve your message by connecting to his provider as well.

For your email to reach your friend, computers break down the messages into smaller pieces called packets. To make sure to get all the pieces together and in the right order, they go through routers. Routers also have IP addresses to locate them. The packets will go through every router which will add its own IP address like a stamp indicating the path of the packets. The server will send back the information removing one stamp after another until it finds its way back.

Centralized vs Decentralized Architecture#

This is how a classic client/server architecture, also called centralized architecture, works. With Telios your emails flow through a peer-to-peer network where your computer acts both like a client and server, hence no need for a central server. This is decentralization!

The meaning of an entrepreneur#

“I want to become an entrepreneur.” I always was fascinated by entrepreneurs and entrepreneurship. I would associate it with adventure, discovery, innovation, success… At first, I thought of being an entrepreneur as a job or a career - meaning some people were meant to become entrepreneurs. However, the more I thought about it, the more I saw it as a mindset and a way of navigating life. In each of us lies an entrepreneur, it is up to us to awaken its spirit.

A “by the book” definition#

Economists have never had a consistent definition of "entrepreneur" or "entrepreneurship." Though the concept of an entrepreneur has existed for centuries, it wasn't until the middle of the 20th century that economists attempted to introduce it into their models. The classical and neoclassical economists considered risk-taking or discovery contradictory to their formal economy model, where actors were entirely rational and would know perfect information. It took hundreds of years and several innovative thinkers to include the term entrepreneur in later iterations of economics:

• 1734, Irish-French economist and author Richard Cantillon penned Essai (An Essai 0n Economic Theory). In Essai, the author depicted the entrepreneur as a risk-bearer: "Entrepreneurs are non-fixed income earners who pay known costs of production but earn uncertain incomes."
• 1803, Jean-Baptiste Say, a French classical liberal economist, coined the term entrepreneur from the French verb entreprendre (undertake). Say's vision described entrepreneurs with the ability to identify inefficient uses of resources and capital and reallocate them to increase efficiency and generate more profit. "By selling the product in the market, he pays rent of land, wages to labor, interest on capital and what remains is his profit."
• 1934, Joseph Schumpeter, an Austrian political economist, defined entrepreneurs as agents who take leadership roles in translating inventions into innovation. "Development in our sense is then defined by the carrying out of new combinations... The carrying out of new combinations we call 'enterprise;' the individuals whose function it is to carry them out we call “entrepreneurs."
• 1973, British-born American economist Israel Kirzner approached entrepreneurship as a process leading to the discovery. As we are "alert to opportunities" to challenge our individual status quo by looking for ways to better ourselves, our alertness can be used to make progress. According to Kizner, entrepreneurship is: "The job of correcting misallocations by specializing in the discovery of missed opportunity."

Based on the information above, an entrepreneur could be defined as a risk-bearer able to identify inefficient use of resources and capital while developing new combinations (innovation) to discover missed opportunities to generate profit.

Demystifying the word entrepreneur#

Simply put an entrepreneur = analysis + discovery + risk. My take is nobody is born an entrepreneur, you become one. Because the only way to better analyze, dare to discover, and mitigate risk is experimenting or undertaking to refer to Jean-Baptiste Say. You can’t run before learning how to walk.

But stepping into the unknown and wandering off the beaten track is easier said than done. So, how do you overcome the fear of failure, the uncertainty and doubts to start your journey of entrepreneurship?

The journey of entrepreneurship#

An entrepreneur needs to be fueled by a vision. It represents an ideal, an almost impossible mission to complete but it’ll give him a pole star to guide him through hardships and challenges. A vision is more abstract than a goal. It helps to focus on the journey, not the destination. Goals are here to breakdown the steps to achieve the vision and keep momentum. They are finite, whereas the vision is infinite.

Simon Sinek eloquently summarizes the entrepreneurial journey people set out on a journey to find the pot of gold at the end of the rainbow. However, he argues about the existence of the pot of gold and highlights the value of the journey itself. The adventure and the people you share the experiences with are what make entrepreneurship joyful and exciting. People sharing and working towards a common vision makes the venture worth it, whether it is successful or not.

Talking about the pot of gold at the end of the rainbow reminds me of the manga One Piece, a japanese comic novel. A story about Luffy and his pirate crew who set sail to find the legendary treasure left by the infamous Pirate, Gold Roger, the "One Piece". Like the pot of gold, nobody knows if the One Piece is even real. But, the adventure, friendships, excitement and stories to tell are what ignited the fire of Luffy and his crew to explore the world. Despite the challenges and obstacles paving the sea, the vision they share fuel them to achieve one milestone after another.

Whether it is a business endeavor, finding the pot of gold at the end of the rainbow or chasing the One Piece, it is about the vision and seeing what cannot be seen: the shared experiences and memories.

Long story short#

Envisioning what we want to become or achieve, setting goals and working towards our visions is the key to becoming the entrepreneurs of our own life. Call me an utopist, but I believe having dreams will always get you farther than having none, whether you achieve them or not. Entrepreneurship is an adventure to the unknown, and "You should enjoy the little detours to the fullest. Because that's where you'll find the things more important than what you want." Ging Freecss, HunterxHunter.

What is spam and where does it come from?#

You open your inbox and receive a $1,000,000 winning lottery ticket and a notice from the FBI for fraud. Well, your email just got spam! Ray Tomlinson created emailing to leave messages to people and not mailboxes, it also revealed itself to be very efficient to reach many people in the shortest amount of time. Like kudzu (Asian vines), spam can take control over your inbox and transform your email management into an absolute nightmare. The term "spam" was invented in the 1980s and came from a Monty Python sketch set in a cafeteria, where Vikings would sing at the top of their lungs the name of processed meat and drown out the rest of the conversation. The first unsolicited messages date back to 1864 when telegraph lines were used to send dubious investment offers to wealthy Americans. Gary Thuerk, a marketing manager for the now defunct company Digital Equipment Corporation, sent the first modern spam on the ARPANET (Advanced Research Projects Agency Network) in 1978. He used an email to solicit 400 people to advertise his line of new computers - Pandora box was open!

Email remains the leading communication tool and shows growth potential despite the rise of chat apps and social media platforms:

• 90% of Internet users (4.03 billion worldwide)
• 306.4 billion emails were sent and received in 2020, with a forecast estimating an 18.6% increase by 2025 However, almost half of the email traffic (47.3%) accounts for spam. They come from advertisers and scammers.

How does spam impact your privacy?#

Email addresses often represent the key to unlock access to online services. The tradeoff for opening a direct line to your inbox is the tsunami of marketing emails now flooding your inbox.

Yet, you have to give up your key to access them and brace yourself to face the tsunami of marketing communications flooding your inbox. Advertisement emails contain hidden pixel trackers. These trackers are images invisible to the naked eye. Every image on the internet is stored on a server and is automatically downloaded by your computer browser. The computer’s image request let the server know when the image was downloaded. Therefore, when you open your email the hidden pixel tracker is downloaded and reveals to the sender:

• The time you opened the email
• Your location (IP address)
• Your device data

The sender receives the data every time you open the email. In 2017, a study from One More Company (OMC), a computer software startup focused on improving email intelligence, revealed that 40.6% of the total number of emails (269 billion daily that year) sent were tracked. The harvested data is turned into marketing insight and sold to third parties. According to Richard Sierra, an American artist known for his minimalist sculptures, “The product of television. Commercial television is the audience”. When it comes to marketing companies, we are the product. Additionally, scammers actively target your personal email addresses with malicious emails to obtain your private data to steal your identity or money. They find your email addresses using different tactics:

• A company sold your email without your knowledge
• Purchasing email lists
• Email harvesting using bots to scour the Internet
• Data breaches

FBI's Internet Crime Complaint Center (IC3) reported a loss of $57 million to fishing schemes for individuals in 2019 alone. Business Email Compromise (BEC) resulted in more than a $1.7 billion loss.

Take control of your inbox#

Spam is either clogging your inbox or a potential threat to your personal information. Enter Telios on the fly alias generator! Create your unique namespace, your alias(es) to better manage your inbox and keep it free from spam.

Learn more about how Telios protects you from spam with its alias feature.

Who are we?#

"Our mission is to unleash the potential of encryption & peer-to-peer technology to give you total ownership and control over your private data."#

Telios is a private email service that allows you to securely send and receive end-to-end encrypted emails over a peer-to-peer network. We give you complete ownership of your data by encrypting and storing everything on your local devices. No third party, government, or even Telios can read your unencrypted data. The only way to access your unencrypted data is by using a memorized master password on your physical device.The service was designed to use external servers as little as possible and know next to nothing about each user. Your devices have absolute control over how your data is shared, encrypted, and stored and will default to using the peer-to-peer network whenever possible.

Telios comes from the Greek word Telos, and according to Aristotle, Telos is the full potential of a person or an object. Our mission is to unleash the potential of encryption & peer-to-peer technology to give you total ownership and control over your private data. Let's redefine online privacy!

YOUR data, YOUR rules!#

Why should online and physical privacy be valued equally?#

"If you're going to trust one person, let it be yourself."#

Virtual privacy and privacy in the physical world respond to a different sentiment yet are equally crucial to respect individual freedom. $100 cash or in your digital bank account is of equal value , $100. Even though online privacy might be digital, it still responds to the very idea of privacy. We are aware of how our private data is used, however, we still give in our personal information because it has always been the way of using online services. Tailored customer advertisements bring value to users but building psychological profiles does not respond to customers' needs.

At Telios, we redefine online privacy. We believe that YOU are the best suited to manage your private data. You should own YOUR private data. "If you're going to trust one person, let it be yourself." said former rugbyman Robert Tew.

Online Privacy must become the default#

"Telios sets privacy as the default, so you can share your private data as an option."#

Today, online privacy is optional; it must be the default. You can improve your privacy by changing your settings, yet 95% of people do not change their settings. Let's illustrate and emphasize the influence of default settings.

In 2007, cab drivers in New York City had to provide a credit card reader to enable contactless payments. The default tipping option was 20%, 25%, or 30%. Customers also could customize their tips. However, the majority selected one of the three default options resulting in a 120% increase for the average tip amount ($10 to $22). Users choose default settings out of convenience or because of a lack of knowledge.

Telios sets privacy as the default, so you can share your private data as an option. Telios peer-to-peer network (P2P) gives YOU control of what, how, and to what extent you share YOUR private data. We reshuffle the cards of data ownership. YOU become the primary decision-maker.

How does Telios put YOU in charge of YOUR data?#

What is a peer-to-peer network?#

Telios uses peer-to-peer (P2P) technology to enable its users to communicate. A P2P network is a decentralized network where individuals can share information without requiring a third party. Peers are equally privileged participants in the network and function as both "clients" (customers) and "servers" (suppliers). For example, online marketplaces are P2P services. They enable buyers and sellers to switch their position. A P2P network is formed by nodes or computers that interact with each other. The more nodes, the more powerful and resilient the network is. A serverless network rules out a single point of failure and prevents a complete shutdown of the network. In the case where several computers go down, communication is still possible between active peers.

Road to data ownership#

A P2P network brings a different meaning to users' private data ownership. It differs from client-server architecture, depending on servers (suppliers) to provide information to the requester (client/customer). An example of a client-server architecture is Google. Google services represent a server where a Google account is a client. Let's illustrate the difference of ownership between centralized (client-server architecture) and decentralized (P2P) models. When a user decides to store content such as photos on Google Drive, Google owns your content. In contrast, users can keep their content on their own devices on P2P communication, thus owning their information. However, even though you own and control your data, it still needs to be secure.

Telios' End-to-end encryption#

Telios security is cutting edge! We believe privacy and security are closely related. We use end-to-end encryption (E2EE) to protect your private data. E2EE makes your communication only readable by you and the person or the group of people you decide to communicate with. Telios differentiates itself by encrypting the metadata as well. In this case, the email headers. An email header contains information about:

• The sender
• The sender's local IP address
• The recipient
• The time the email was sent
• The email's route, which shows how the email got to the destination.

That’s already a lot of information and makes the body of the email not as relevant as we could think. “Metadata is what allows an actual enumerated understanding, a precise record of all the private activities in all of our lives. It shows our associations, our political affiliations and our actual activities.”. Edward Snowden

E2EE is similar to a treasure hunt in the physical world. Alice sends to Bob's address (Bob's public key) an encrypted treasure map. Only Bob can decrypt it using his private key. After authentication, thanks to Alices' signature (Alice's private key) on the map, Bob can retrieve the treasure (email). Technology is either beautiful or invisible, and Telios' encryption happens in the background to bring you the most user-friendly experience. Because we believe in transparency to build trust and long-lasting relationships, our code is open source.

"Trust, but verify." - Open Source Code#

Telios client codebase is open source. You can verify the encryption methods used and validate our privacy claims. We believe that feedback and transparency will help us grow to sharpen our product.

Telios' core values#

At Telios, we value:

• Privacy
• Security
• Data Ownership
• Transparency

Online privacy is at a tipping point. Join the new wave!#

Redefining the meaning of privacy#

The exponential increase of data transactions#

As of April 2020, 59% of the world's population uses The Internet, resulting in a 33% user growth between 2014 and 2020. Additionally, the amount of generated data per minute sheds light on the scale at which communication and data exchange keep on flourishing. In one minute:

• 41,666,667 messages exchanged by WhatsApp users.
• 319 new users on Twitter.
• 479,452 people engage with Reddit content.
• 150,000 messages were sent on Facebook. These numbers demonstrate how much data is exchanged in one minute.

On the Internet, data privacy refers to the protection of personal data from third parties. For years companies like Google, Facebook, or Yahoo have had access to our private data and used it as means of monetization. For example, Facebook's advertising revenue made up 98% of its total revenue in 2018. When it comes to Google and Yahoo, their advertising revenue represented between 80-90% of their total income.

Privacy as a Human Right#

"The use of collected information subtly reinforces or modifies individuals' behaviors and begs the question to what extent users have control over their own decisions?"#

Although these online services helped to disrupt and improve how we communicate, network, and develop ourselves, whether professionally or personally. The need to generate profit seems to have neglected the management of users' privacy and calls into question the very idea of individual freedom. According to Ithiel de Sola Pool, the Internet is a "Technology of freedom.". However, the ability to manage and control the disclosure of your personal information seems to be a forgotten right. 1984, a dystopian novel published by George Orwell, approaches the impact of mass surveillance and having a single source of truth on people’s behaviors. In today’s society, giving in personal information without self-analysis seems to appear as the norm. Consequently, it also introduces the concept of freedom of choice as individuals should decide whether or not to share their data. Besides, the collected data aims to address the user's needs and preferences as accurately as possible without their complete awareness. Thus, the use of collected information subtly reinforces or modifies individuals' behaviors and begs the question to what extent users have control over their own decisions? Some could argue that George Orwell was not too far from the truth...

Online privacy tends only to offer a single and simplistic opinion; privacy is for people with bad intentions, and if one has nothing to hide, there is no need to be private. This argument throws at people a binary judgment classifying them as a good or bad person, discouraging them from the desire to access more privacy. Consequently, taking away their right to state a contradictory opinion. The saying: "Not every bit of truth is fit to be told." also applies to personal information. Being a transparent individual does not mean being a constant open book. For example, when communicating with someone else, everyone selects chosen thoughts within their stream of thoughts to express themselves, whether it is a positive, neutral or negative statement. This intellectual privacy and property is fundamental to preserve the comfort and freedom of choice of each of us when interacting. Additionally, if we could read everyone’s thoughts, do you think our discussions would be as genuine and authentic? Would we feel comfortable and free to imagine a contradictory opinion? Whether it is physically or online, privacy is crucial to maintain liberty and authenticity in our way of communicating.

Is a monitored internet a threat to creativity and reassessment?#

"He who does not move, does not notice his chains."#

The invisibility of the data collection and storage process and the unconscious assumption that privacy is for bad people prevent individuals from imagining alternatives to the current system. Renowned activist and socialist Rosa Luxemburg said: "He who does not move, does not notice his chains.". Targeted advertisements result from "crawlers" going through your emails to provide better-personalized content to users. Although it helps people expand their product searches, it also reduces their ability to broaden their content access and explore new potential interests. Our online searches come from personal tastes, interests, and beliefs. The risk is to blind people's minds by nurturing them only with unconsciously already approved content. Being unable to imagine concepts, ideas, or visions that differ from our personal beliefs stir us away from questioning our status quo and making use of our creativity. Limiting people's creativity reduces their ability to think outside of the box, thus hindering their ability to reassess their rights, shared knowledge, and opportunities in their society. "Without freedom of choice, there is no creativity.", Benjamin Spock.

Collected and stored data, a threat to privacy#

An understated risk#

"Every 39 seconds, a cyber-attack attempt happens on the web. [...] 18,000 Solarwinds customers were compromised. [...] 5000 email servers contained web shells across 115 countries."#

Online interactions generate the exchange of data which, in most cases, are stored and saved in centralized databases and servers. Although these servers and databases are highly secure, they present 2 risks:

• The quantity of information at risk in case of a cyber-attack. Centralization gathers a sheer amount of data in one place.
• Decrypted data directly accessible to companies. It gives the opportunity to governments to use leverage against these companies to access their servers and retrieve data about its citizens without their knowledge.

During the past 18 months, two factors impacted the growth of data transactions, the expansion of Internet adoption and the recent COVID-19 pandemic (November 2020). Both factors disrupted society's habits by migrating from in-person to remote work (a 35% increase) and modifying purchasing and communication behaviors. Those behavioral changes have resulted in an increase in the average online time spent per day. Thus, directly impacting the total amount of stored data. Therefore, a successful attack on a targeted server represents a considerable threat for everyone having personal information on that server. Cyber-attacks have also risen since the beginning of the COVID-19 pandemic:

• A 150% ransomware spike in 2020.
• 94% of security incidents come from malware spread through emails.
• Every 39 seconds, a cyber-attack attempt happens on the web. Despite the technological progress in Security, recent events have proven that no system is flawless and unfailing.

SolarWinds#

SolarWinds, a US leader in information technology, was recently the subject of a cyber-attack last year in 2020. The company relies on Orion systems to manage its IT resources (network, IT operations, security). Hackers performed a Supply Chain Attack by infecting Orion's update system using a Remote Access Trojan (RAT). The malware provided unauthorized backdoor access to the compromised system. The danger is the capacity of RATs to remain hidden, blinding Solarwinds from realizing their update servers were compromised. It took the company months before taking action to react against the cyberattack. The consequences are alarming:

• 18,000 Solarwinds customers were compromised.
• US agencies, including Homeland security, the Pentagon, and the Treasury, were targeted.
• Fortune 500 companies such as Microsoft, Cisco, and AT&T were also vulnerable to the cyber-attack.

Additionally, the accuracy in determining the global impact and damages of a cyber-attack is often undermined. "The size of this breach is so massive and disparate, and we are still understanding it." declared Kiersten Todt, managing director of the Cyber Readiness Institute.

Microsoft Exchange#

On March 2nd, 2021, a Chinese group called Hafnium exploited four zero-day vulnerabilities to attack on-premises versions of Microsoft Exchange servers. The hackers were able to penetrate the system and created web shells to enable remote access from Microsoft servers to exfiltrate sensitive data. As for Solarwinds, the impact is tremendous:

• 5000 email servers contained web shells across 115 countries.
• Institutions such as the European Banking Authority suffered from this attack.
• Small Businesses were the object of ransomware attacks.

Despite the deployment of relevant patches by Microsoft, the damages were already done, resulting in thousands of stolen data.

Behind the curtains#

"There is a big difference between secrecy and privacy." Dick Durbin#

Decrypted data stored on companies’ servers offer the opportunity for governments to collect personal information about its citizens. The absence of law and regulations regarding online privacy prevent people from deciding the extent of their data disclosure. The ability for governments to select at will personal information is an intrusion of privacy. To make a comparison to the physical world, it is similar to a restaurant customer being able to directly access the kitchen and cook his own dinner instead of having to order his food through a predetermined menu.

In 2013, Edward Snowden released to the general public classified information from the National Security Agency (NSA). Snowden exposed government programs aiming to collect personal information and track individuals using data stored by online services. The PRISM program displays the timeline to when the data collection began for each provider. For example:

• Microsoft - September 2007
• Yahoo - December 2008
• Google - January 2009
• Facebook - March 2009
• Youtube - September 2010

Despite the willingness of these companies to put in place a lawful framework to limit the government leverage, the government can access the servers at will. The Bullrun program, named after a British civil war, has for purpose to maliciously mislead corporate partners. The NSA proclaimed to reinforce corporate partners' IT security but, in reality, built backdoors to facilitate their access to sensitive information. Additionally, the fast-growing expansion of technology considerably alleviates the ability of governmental institutions to monitor individuals. Based on the Bankston-Soltani principle: "If the cost of the surveillance using the new technique is an order of magnitude less than the cost of the surveillance without using the new technique, then the new technique violates a reasonable expectation of privacy." This principle aims to adjust the Fourth Amendment to adjust governments' ability to retrieve data about their citizens.

In 2018, the Cambridge Analytica story broke and revealed that Cambridge Analytica, a British consulting firm, harvested data from 87 million Facebook users without their consent. The company used an app called "This Is Your Digital Life", created by Aleksandr Kogan, a data scientist from the University of Cambridge. Cambridge Analytica offered Facebook users to complete a behavioral questionnaire to establish a psychological profile for academic research. Instead, the application collected personal Facebook information from respondents, including their private Facebook social connections. Politicians including Ted Cruz and Donald Trump utilized the harvested data to support their campaigns by tailoring targeted advertisements.

Breaches and government interventions demonstrate the vulnerability of our data stored online. It exposes the inability of individuals to control and manage personal information and deprives them of being the master of their online fate.

Conclusion#

Online privacy seems to have diminished for the use of comfort, the need to generate profit, and the monitoring of the masses. Even though we might feel secure while communicating from our home, the World Wide Web is far from offering the same security prerogative. Privacy is the right of each individual to define his/her boundaries in which he/she feels safe to think and explore who he/she is. "There is a big difference between secrecy and privacy." Dick Durbin.

But how can we better protect ourselves and regain control over our digital life?
Learn how Telios redefines online privacy!