site logo

About Backlit

By Bob Leggitt  |  25 February 2022

"This has long gone past "but we're just interested in your shopping preferences". This is now about controlling the world."

It's become commonplace for online privacy advice to read like a marketing pitch for alternative services or products... "Use GNU/Linux instead of Windows, Mastodon instead of Twitter, DuckDuckGo instead of Google search, Tutanota instead of Outlook/Gmail, Firefox instead of Chrome..." and so on.

If only gaining freedom from the cyber age's glut of megalomanic corporations were that simple.

BACKGROUND

Whilst it's wise in privacy terms for us to distance ourselves from services or products whose business models are built around aggressive surveillance, it's becoming near-impossible.

We've entered a game in which privacy is no longer even widely expected, and our agency to disconsent to Orwellian systems of surveillance and control is quickly being eroded. At the top end of cybertech we've seen a shift in focus from direct courting of the public, to gatekeeping strategies in which digital highways are steadily sucked into the control of surveillance giants, making a cartel of predatory corporate stalkers unavoidable.

The cartel's gameplan is no longer to entice, but to infiltrate, to gatekeep, to insert themselves between us and our life-essentials. We end up with no realistic escape from a digital mafia of lawbreaking, market-strangling, thieving, speech-gagging, pathologically-lying surveillance giants. It's not about consent. It's about submission.

We can't escape to Mastodon if our boss demands we use Facebook. We can't use Linux for mandatory two-factor authentication that demands the use of an Android or iOS phone. We can't use Tutanota for a communication process that demands we use Skype. We can't use Firefox for a utility interface that was developed only for Chrome and Safari, and won't function with another rendering engine. And these relatively trivial mandates eventually scale up into far more impactive strangleholds. Like mandatory biometric identification, in which the monitoring conditions we face are no different from those faced by a convict on release.

"Google filmed your home and put it on the internet for burglars to check out. They don't give a shit whether you're safe or secure."

Already, the health system, the education system and government interfaces - things we can't avoid - are integrating Big Tech creepware into their public doorways as a norm. Here in the UK, under what people consider to be tough privacy law, the 2021 government census was invisibly backseated by Google Tag Manager - a tool that's recently been described as a weapon against privacy because it circumvents user-side script-blocking technology. Let's remember that refusal to complete the census carries a jail term. And it was not made known to the public in official notification letters that the 2021 census could be completed offline by making a special request for a paper form. So being subjected to Google in this instance could not be considered either a free or an informed choice.

Why was it deemed okay for a government to subject the public - essentially by force and without disclosure - to the tentacles of an Orwellian pred that's hatched more nefarious plots than Doctor Evil?

Because Google - a world-renowned pathological liar - claims it doesn't collect the bulk of the data it can access through the tool. Just like it claimed to respect location data settings. Just like it claimed it never used human intervention to rig the search results. Just like it claimed not to be harvesting illegal personal data on its Streetview missions. Just like it claimed not to be developing a censorship machine for China. Just like... I'm gonna stop there for sanity's sake, but there are endless examples of Google habitually telling the world what it wants to hear, then doing the exact opposite in private.

The fact that anyone can subject us by force to Microsoft, Google, Facebook, or whichever other proven, lawbreaking predator you care to cite, shows us that even the toughest privacy regulations are in truth a sham. Privacy regulation, dreamed up by people who are permanently ten years behind the technological curve and are so open to bribery that some of the statute was literally written by Amazon, does not remotely protect us.

And even within a regulatory system that doesn't prohibit the majority of current privacy abuse, cybertech still won't do business without persistently breaking the law. Indeed, breaking the law is part of the business model. The regulatory "punishments" are just a taxation system with a deterrent factor of nil. So the whole system of privacy regulation is a charade. We have to fight this ourselves.

HOW THIS HAPPENED

We could attribute much of the current realm of forced privacy violation to individual providers. And that's what the real overlords want us to do - blame the bosses, the service providers, the authorities. But all of this is really down to Big Tech's steady and calculated destruction of the web's original universal-access protocols, and its replacement of unconditional access with gatekept alternatives. Alternatives it can, and does, make as conditional as it wishes.

So this did not happen by accident. And neither did it happen overnight. Big Tech planned to obstruct and ultimately destroy the free internet, and has been busy doing exactly that since the 2000s.

Over many years, we have been duped, through a combination of convenience-whipping, security-scaremongering, ego-baiting and other psychological standards, into accepting all kinds of restrictions on how we are allowed to access the simplest of resources: a web page.

Google, for example, used puppets like the EFF and Mozilla to convince us that we need encrypted connections simply to read published information, and then it threatened every owner of a simple informational website with ejection from the search results if they didn't unnecessarily encrypt their pages.

"When it comes to commercial enterprise, telemetry is not about "improving products". If it were about improving products, the products would improve."

This has replaced entirely free access to websites with a gatekept protocol, policed by CeRtIfIcAtE aUtHoRiTiEs and stage managed by Google courtesy of the Chromium browser project's near monopoly outside the Apple ecosystem. By deprecating encryption protocols within Chromium, as and when it wishes, Google can isolate previous generations of browsers (and consequently operating systems and older hardware) from the internet. This forces the public to use newer generations of software and hardware with much more aggressive surveillance capabilities.

Another classic Big Tech brainwash has been the drive to convince us that passwords somehow can't protect a login. For anyone who's fallen for this scam, strong passwords are actually more safe than phone-based two-factor authentication, because more people are compromised in platformwide hacks than in individual hacks, and platformwide hackers end up with phone data as well as just an email address. Rest assured, no hacker is going to brute force 25 random characters with a limitation on failed attempts - which is a feature all logins should have. Implemented properly, password-only logins are unhackable. The only thing 2FA has ever been about for cybertech is scamming higher tiers of data out of the public.

The endgame of this is not "KeEpInG yOu SaFe AnD sEcUrE". Remember, Google filmed your home and put it on the internet for burglars to check out. They don't give a shit whether you're safe or secure. The endgame is a complete aboltion of passwords, and their ultimate replacement with a proprietary, gatekept login system that uses biometric data to verify your real identity at convict grade. That's what this is about.

Be it through these, or many other brainwashing schemes, time after time we have allowed Big Tech to substitute protocols it controls, for the independent protocols that gave us freedom. And now we're wondering why it's become almost impossible to escape Big Tech.

DOES THE ESCAPE ROUTE REALLY LEAD TO UTOPIA?

Indeed, even when we feasibly can reject a Big Tech service, the alternative options don't fulfil everyone's needs, and in some cases can be too convoluted for the average consumer.

There's also often a competitive and financial disadvantage that comes with ditching Big Tech. Using alternatives can mean we end up having to work harder, for less reach/connectivity/productivity, and/or have to pay for the privilege. Even if we have the integrity to shoulder these compromises in a bid to save humanity from 1984, our competitors almost certainly won't. So we lose ground, and we probably won't escape the hidden tentacles of Big Tech anyway. The majority of people who cease using Google products are still stalked by the dystopian behemoth - even if they use a "private browser" and a tracker-blocker.

But more centrally, we should not forget that even privacy-themed products have to fund themselves. Have to run their services both economically and competitively. As the old saying goes, if they're not user-funded (and sometimes even if they are), then the user is a product being sold to someone else. That's an economic inevitability, which applies to every seriously investing enterprise. It doesn't evaporate just because the CEO plays theatrical Punch & Judy with Google. And of course, the "someone else" is never a party who has our best interests at heart.

As we might expect, given this inevitability, there are glaring contradictions to the privacy narrative running through the alternative tech genre like Brighton through a stick of rock...

BEHIND THE FACADE

DuckDuckGo is hosted on Microsoft Azure, runs Microsoft ads, and sends its search queries to Microsoft. Much as DuckDuckGo has merits, it's certainly not per se an escape from Big Tech. And most other "private search engines" have similar issues. Brave Search runs on Amazon servers, Qwant Lite runs every search click through a tracker redirect, and Startpage is owned by the surveillance-crazed spytekker System1. That's before you add in their dependencies on Google or Microsoft for results and ads.

Meanwhile, Firefox is riddled to the core with data-harvesting processes, prefetches links and bookmarks by default, and even has a backdoor. With 'factory' settings, Mozilla's grandfatherly browser emits an absolute spew of invisible network connections which are completely unnecessary to the user.

Vivaldi browser phones Google, and comes with a raft of spyware features enabled by default - including third-party cookies, Google DNS monitoring, and proxied prefetching which sends a mass of your browsing data to Vivaldi. You can shut off most of this in the settings, but Vivaldi have themselves acknowledged that only a tiny fraction of tech product users ever change the default settings.

Vivaldi also have a webmail service which demands phone numbers as a condition of use then hands them straight to surveillance capitalists. That a self-styled "privacy" brand would be complicit in normalising forced 2FA encapsulates the extent of the problem. It's like being in one of those cult movies where everyone in the village is working for the villain, except for one trusted ally. Then three quarters of the way through, the trusted ally pulls off a mask and... Well, you know the rest... Except in our real-life story, there is no last minute escape.

"The regulatory "punishments" are just a taxation system with a deterrent factor of nil. The whole system of privacy regulation is a charade. We have to fight this ourselves."

Then there's the alt social platform MeWe, which has for long led its marketing on privacy. Behind the blurb, however, lies a full-on walled garden which cannot be accessed at all without user identification, forced JavaScript and an agreement to third-party user-vetting processes.

Many alternative tech products that run on the client side - very notably browsers, but also some operating systems - aggressively collect "telemetry". Telemetry has become an urgent problem in the battle for privacy. It's specifically focused on collecting anonymised data - a fact which is often used by brands to dismiss it as a privacy threat. What they're not so quick to reveal is that anonymised data is exempt from data protection law - including both GDPR and CCPA - and can accordingly be sold to literally anyone without the need for disclosure. Neither will they reveal that in a major study, anonymised data was shown to have a 99.98% potential of being de-anonymised after sale.

Let's make no mistake. When it comes to commercial enterprise, telemetry is not about "improving products". If it were about improving products, the products would improve. Commercial enterprise collects telemetry data as a marketable commodity, as Mozilla even hints in this tweet.

These are just some of the "headline" contradictions to the narrative of angelic innocence that exists in the alternative tech genre. It's not the utopia it would like to be seen as. And these "headlines" only represent the tip of a huge iceberg. But we should not be mad about the existence of the iceberg. We should expect it. Our reaction should be to ask ourselves how it formed, how we stop it getting bigger, and how we sail around it.

WHY MORE AGGRESSIVE REGULATION IS NOT THE ANSWER

The great irony of privacy law is the way in which it impacts the market. The more lawmakers tighten privacy regulations, the harder data will be to buy, the more its value will rise, and thus the greater the incentive will be for surveillance capitalists to obtain it.

GDPR has encapsulated this effect, driving up the value of data and intensifying, rather than dampening, the quest to grab it. Google even took to the streets to scam high value data out of the public. If, in that story, the lengths to which Google was prepared to go to build a system of mass oppression do not strike fear into you, I'm going to categorise you as a bot. This has long gone past "but we're just interested in your shopping preferences". This is now about controlling the world. When the stakes are that high, you need bigger and better ways of bringing things under control.

MOVING FORWARD

Most people believe that the number one problem with Big Tech is its attitude to consent and people's rights. There is, however, a considerably bigger problem...

Its power.

So are there any ways in which that power could be redistributed?

One of the concepts that could start to do just that has come from "Father of the Web" Tim Berners-Lee. Berners-Lee recognised that the only way to fight capitalism within a capitalist system, is with a more enticing brand of capitalism. I'll come back to this shortly.

"GDPR has driven up the value of data and intensified, rather than dampened, the quest to grab it."

In the current data economy, the product (data) is acquired for free, and then sold or exploited over and over again, netting essentially unlimited profit for the market. Data is pitched to the public as a near-worthless disposable, but once in the hands of the surveillance trade it becomes the opposite. A highly profitable commodity that sits on a roundabout of basically unregulated third-party exchange, to evade deletion. Forever.

The reason cybertech can exploit this gravy-train of basically free money is that the system is invisible to us - deliberately so. We don't see the data changing hands. We don't see the money being handed over in return. If we could actuially see that process, we would instantly perceive ourselves as being mugged, stolen from, and defrauded.

In the public domain, the data companies try to trivialise the value of our data, linking it only to online shopping and telling us we don't often click ads so they can't really make any money out of it. But Big Tech's obscene profits didn't drop out of thin air. We don't necessarily have to click an ad in order for the ad service provider to get paid. And less visibly, our data is sold to brokers, governments, police forces, pharma, research facilities, investigative bodies... Then at the low end of the scale (especially after platformwide hacks), sold to spammers, scammers, etc. It's a long list, and the payouts for a high value dataset can top seven digits. Our data is worth a huge amount of money.

Furthermore, the burden of consequence in this transaction always falls on us. If hackers do attack a cybertech giant and steal our data, or if a "carefully selected partner" turns out to be bent, we are the ones left fighting the battle against ID fraud.

And often, we give away that data in return for something extremely trivial, which may not fulfil its brief. The people with whom we're doing business are uncontactable, and even though we are paying with a commodity that converts directly into cash, we have no consumer protection at all. The industry can give us something that's not fit for purpose or doesn't even work, and still take our data, and sell it, and exploit it, and rinse and repeat ad infinitum, and there's zero chance of it being refunded to us, and there's nothing we can do about it.

"Knowledge is power. Remove the knowledge, remove the power."

Tearing away the shroud which conceals the value of our data would be a monumental step in changing the dynamics of how it's schemed out of us and then monetised. We all take steps to prevent people stealing our money, because we can see the value of that money, and we can therefore see the injustice of someone else getting hold of it unfairly.

We can also keep tabs on things like inflation, because we understand what our money is worth. In the data trade, the surveillance-sharpening of technology can mean the cost of using a service - in data - rising by 300%, 600%, 1,000% overnight. And no one has to inform us. We don't know that our submission to a social platform's phone-based 2FA login means we're now paying them three times the value of data that we were previously. We don't know that our submission to a biometric login means we're now paying them ten times the value. Most of us just think we're protecting our security. We don't consider the tiers of value that various data types have. We don't know that just enabling JavaScript on a site can mean we pay 2,000% more in value of data than we'd have paid without it.

So we have to start thinking of data as an equivalent to money. Recognise that we are paying for online services, then recognise how much we're paying, and then drive a much, much, much better bargain. Our awakening, and resistance to giving data companies a blank cheque, would make surveillance capitalism infinitely more difficult...

BERNERS-LEE PROPOSES "DATA PODS"

Starting in early 2017, Tim Berners-Lee proposed and then worked on a decentralised protocol (now called Solid), in which the public themselves become data brokers. The idea is that each member of the public possesses their own data pod, which controls the flow of their data, very much like a trad data broker does. Unfortunately, the protocol is as yet in no way packaged for mass adoption, and it does have flaws - the biggest of which is that it wouldn't actually prevent centralised data "middlemen" from playing the exact same tricks they play now.

"Someone telling you to quit YouTube because they got banned is trying to level up their competitive disadvantage - not protect your privacy."

Nevertheless, Berners-Lee has put his finger on something which would bring the value of data out from behind closed doors, and in conjunction with other measures, could diminsh the power of centralised data megacorps. Ultimately, our direct management of data could eventually lead to a full, legal redefinition of data as a commodity of defineable value. So instead of the unauthorised acquisition of data being considered a privacy issue, it would be considered a property issue. That would place unauthorised data grabs under the headings of theft or fraud, and those crimes can carry jail sentences. A real threat of imprisonment would erect a stop sign at headquarters like Facebook and Google, where it currently only says "go faster".

So whilst Berners-Lee's idea is currently at an inert stage, I believe it's something we should very much support - along with any other initiatives that allow us to regulate the data we give out.

So, I said "in conjunction with other measures". What other measures might we use to fight the surveillance machine?

STARVE OUT BIG TECH FROM THE BACK - NOT THE FRONT

One of the most disabling battlecries in the realm of privacy advocacy, is the one that advises us to starve out Big Tech from the front. What do I mean by that?

Ultimately, we are trying to fight an obscenely rich, mob-handed cartel that bribes, threatens and gang-lobbies governments directly, whilst that cartel pays two-faced lobbyists to brainwash us into supporting its wholly self-serving campaigns, and into giving up our rights, in order to serve a machine that wants to trample us. And the way we're trying to fight that is by joining smaller and smaller social networks, making our voices more and more obscure, chucking money at the lobbyists who basically hate us, and suggesting people use Bing instead of Bing... Sorry, did I say "Bing instead of Bing"? Meant "DuckDuckGo instead of Bing", obviously. To say that this is a futile strategy, is so far beyond understatement that it's dropped right off the horizon. We're labouring and paying for our own subjugation. We have to change this up.

We've been conditioned by "privacy campaigners" to quit using Google, or Twitter, or Facebook, or [insert other surveillance monolith here]. But most of the audible voices trying to condition us to do this have not quit these services themselves. Indeed, they're most often using these services to advise us to quit them. And more than likely collecting a pot of cash for their "impartial advice" in the process. Let's not confuse capitalism with activism. And let's not confuse being thrown off Twitter or Facebook with voluntarily quitting them. Someone telling you to quit YouTube because they got banned is trying to level up their competitive disadvantage - not protect your privacy.

Starving out Big Tech from the front (or trying to) means quitting services that can actually benefit us, and without which we become uncompetitive and disadvantaged. This might be a good multilateral strategy, but it does not work unilaterally, and it does not solve the surveillance issue. Surveillance companies are proactive stalkers. If you leave a stalker, they just come after you.

So rather than quitting the services that are actually useful to us, and then plodding around in some dark corner while the preds spy on us regardless, I advocate starving out Big Tech from the back. That is, blocking its invisible spyware as a first resort. That's where 99% of the danger is, and in blocking the invisible spyware we also punish providers who are complicit in driving its spread. I'll be exploring ways to starve out Big Tech from the back on this site. Keep an eye on the homepage.

RINGFENCE YOUR ACTIVITY

How many browsers do you use?

One?... Just one?... Why only one? Chances are because no one's ever suggested using more than one. And the reason no one's ever suggested using more than one is that it's not in the interests of the people who give advice on browsers for you to use more than one. Nearly all of the major outlets advising you on browsers want to track you, and they can't do that anywhere near as efficiently if you're using eight different browsers. Then they'll lose their cross-site ad commission, which is, let's face it, the only reason they're there.

How many operating systems do you use?

One?... Just one?... Why only one? Broadly the same dynamics as above. It's in most of the world's interests for you only to use one operating system, so that's what they suggest you do.

But even if you have just one PC or laptop, it's normally easy to set up a dual or even triple boot with an additional one or two Linux OSs. One of the things that prevented me from migrating to Linux for years was that I believed I'd lose the creative benefits of Windows. This is an absolute myth. You can run Windows and Linux alongside each other on the same PC, and indeed many Linux packages default to dual boot installation if you already have an OS on the system. Indeed, you can install a virtual machine into Linux and then run Windows and its programs from within Linux. Or even use an open source Linux translator package like Wine to run Windows programs directly from Linux itself. Migrating to Linux does not in any shape or form mean losing the benefits of Windows.

But the greater advantage of a dual boot is that you can isolate one of the operating systems from the web completely. I now do this with Windows. All the benefits of Big Tech's investment, without any of the spying. I can also keep an older and friendlier version of Windows without worrying about incompatitibilities with the web. If I want to go online, I just reboot to Linux. It takes less than a minute. In today's climate, a dual boot with one OS running offline-only should be normalised. You have a true private space, but you don't have to cut yourself off from the world.

In Linux, I'm the world's worst browser whore. Chromium (regular), Ungoogled Chromium, Pale Moon, Firefox, Librewolf, Waterfox, Icecat, Brave, Vivaldi, Slimjet, Seamonkey, Min, Tor... Each browser has its own policies.

The regular version of Chromium accesses logged in Google services, and nothing else. It phones Google, but I'm logged into Google anyway, and the browser's performance is exceptional for Google services, so it makes sense.

Pale Moon, conversely, can surf anywhere on the web, but I've set it up to block all JavaScript, and all cookies, and it has uBlock Origin custom-ruled to lock out ALL third-party content. So when I use Pale Moon I can't log into anything, and I will see a lot of pages either throw a layout tantrum or fail to load altogether. But the browser doesn't phone Google, and I can expect zero third-party tracking on all sites I visit. When I use Pale Moon I know that the usual suspects will struggle to log what I'm doing - unless I actually land on sites controlled by them.

Vivaldi is firewalled and is not allowed online at all. I know, super rad, right? A browser that's not allowed online. I use it to view projects that I create offline - like the page you're looking at now. And you may think this bizarre, but Vivaldi is actually my default browser. If you're into privacy, a fully-firewalled default browser is a great protection. If I happen to inadvertently hit something in a program that wants to surprise me with a trip to some data-mining hell-hole, it will open in a browser that can't get online. Awwww, such a tragedy for surveillance captialism.

Setting policies per browser, and rigidly sticking to them, means we can ringfence certain trackers. Effectively lock them into a set of rules that only applies to them. If this were normalised, and everyone ringfenced their activity with compartmentalisation and policies, Big Tech's control would slowly wither as its data banks dried up. Knowledge is power. Remove the knowledge, remove the power.

WRAPPING UP

I want to propose some more powerful ways to obstruct Big Tech than simply using centralised alternatives. I want to help raise awareness on the insidious methods cyber giants (and cyber not-so-giants) use to brainwash and control us. The more all of us share our findings, the better the picture we can build of what we're fighting against.


Bob Leggitt.