Evolution of privacy protection over the coming years
The war over data privacy has been raging for 25 years and is far from over. Large corporations, states and criminal networks are improving tracking tools, trying to dictate their own rules, and control and manage people's need to protect their personal data. The issue of privacy is getting unbelievable traction on different levels, including the GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act).
The value of personal data is constantly increasing, as it's getting harder to collect, and the possibilities of making money on it are endless. Will users ever be able to decide for themselves what information they are willing to share? To address this question, let's move away from individual cases and look at how privacy protection technologies in general will develop in the coming years.
A perfect data protection service
First, let's picture it. In my view, a perfect data protection service should:
- Protect users from tracking on various devices;
- Block unsolicited advertisements and notifications;
- Safeguard against personal data theft;
- Monitor all accounts simultaneously, in all information sources, acting as discreetly as possible, but still be user-friendly;
- Run not only on smartphones, but on all types of devices we (will) use.
But most importantly, a perfect data protection service must give users full control of who they share their data with and what kind of data that is. Users should be able to track what data is aggregated with their approval from their information profiles and how the data is used. Even if people know that large companies collect their personal data, they have a poor or totally incorrect understanding of how, via which channels and, crucially, what risks they’re exposing themselves to.
In some respects, we've come close to the perfect model of privacy protection. It was a simple task at first: just block all known trackers on various websites. But now, ad blockers are able to "cut out" identifying parts of requests, if it's not possible to block them completely. They're also able to autodetect new trackers.
Privacy protection technologies don't just cover computers and browsers; they went beyond browsers long ago, and now protect virtually all electronic gadgets, though, with varying degrees of success.
Besides the obvious devices (phones and tablets), you can also protect your smart household appliances. Plus, some quite futuristic things have been appearing on the market, like masks, goggles, and clothes that hinder face recognition.
What can privacy protection services do now, and what do they still have to learn?
We are currently able to block web analytics, but we can't be held responsible for data and what happens to it.
Although the issue of tracking can't be completely eliminated yet (for example, people continue to use Facebook), privacy protection services can already reveal data leaks. Regrettably, we can't follow up on the way companies share your data once they’ve got it.
To some, it might seem that by prohibiting the transfer of personal data or tracking on their computer or phone, they've taken care of the privacy problem, but that's not true. Your data path is formed even by such minor details as "What web browser do you use?" and "Which sneakers do you prefer?". From small and seemingly insignificant pieces of information, a detailed profile can be put together which might help to de-anonymize a person.
Data leaks: how does it work?
Traditionally, users lose their data when accepting the conditions of an app, mobile phone service, or banking product. We know that in principle, but how many of us actually reads user agreements to the end? One Internet provider decided to check how carefully people read terms and conditions of a public wireless hotspot when connecting to the Internet in a cafe or a park. He included a paragraph on consent "to assign their first born child to us for the duration of eternity". And six people unknowingly agreed.
As a result, banks transmit data to other services (e.g., Apple Pay, Google Pay, Samsung Pay). Mobile operators sell users' data (including location) without batting an eye.
Personal data is shunted through web tools: web counters, advertising networks (especially RTB, where the auction principle is applied and the final destination of the data is entirely opaque). Not many people know how quickly data leaks via mobile and IOT-devices. The problem of privacy is exacerbated by IOT-devices: TVs, smart speakers, smart light bulbs etc. And, based on the level of detail provided, they are one of the most generous tracking channels for corporations.
Privacy protection technologies can already be integrated with mobile and smart gadgets, but it’s not possible to control the decisions of the mobile manufacturers themselves. Introducing their own mechanisms of "access", they limit the capabilities of third-party apps. Google has accepted the presence of ad blockers, but it's not prepared to allow them on mobile devices.
Personal data is actively collected via surveillance cameras (CCTV), and today, that happens in almost every country in the world. China has become a world leader in the application of face recognition. Two factors help to ensure its leadership:
- a large amount of data, which is necessary for developing AI and machine learning technology development, and
- the virtual absence of such a concept as protection of personal data.
Who will stay on the market?
I believe that in the coming years, the privacy protection industry will undergo major changes. For browsers, antivirus software, various paid Internet services, and other players, privacy will become a key topic in terms of positioning.
Browser developers (Firefox, Opera, etc) strive to make their products act as a full-fledged WebOS, including integrating ad blockers. The built-in ad blockers protect the user to some extent, but when it comes to tracking protection, they don't do it as seriously as necessary, and most likely will not be able to in the future.
The browser competition is trying to play on the weaknesses of Google Chrome; in particular, its lack of concern for privacy protection. The growth of ad blockers has slowed down and the number of users has stabilized at the level of 20-30 percent of Internet users. In general, the main threat to privacy in the coming years will be... Google and Facebook.
Although each player uses privacy as an argument for its policy, a common “protection service” simply will not appear. Instead, VPN services, browsers (Brave), ad blockers (AdGuard, uBlock Origin, AdBlock, Adblock Plus), specialized tracker blockers (Ghostery, Disconnect) and search engines (DuckDuckGo, Cliqz, etc.) will all be working independently.
Balance of interests
The ideal privacy protection service cannot work in a vacuum. By the way, security is a much simpler concept than privacy. There are already understandable threats to security, such as data or money theft, and there are means by which these threats are carried out: viruses, phishing, and social engineering. So it's obvious here which things are illegal and morally wrong.
But it's much more complicated with privacy. From a legal point of view, data theft does not occur, but the number of threats to privacy is constantly growing. Everyone is trying to get our data, whether on purpose or not. And here, legal norms should work effectively to protect users and regulate the relationship between them and the interests of corporations
From the point of view of legislation, in the short term, everything looks rather encouraging, which does not exclude potential excesses. For example, due to the coronavirus situation we have suddenly learned that many applications and services are ready to serve the state if necessary and track our every step. What these applications do with all that information about us in "peacetime" raises questions.
The trend towards the protection of personal data can be seen in almost every country, albeit at different speeds. This is a long journey full of conflict. For example, we witnessed the end of a real battle between ad blockers and corporations when the problem of the legality of ad blockers actually came to naught after the legal defeat of Axel Springer.
Plus, there are other positive examples where corporations are trying not to abuse their capabilities (e.g., Apple).
In the future, it will become possible to achieve a balance between user privacy and corporate business objectives. Most importantly, such regulations as the GDPR and others positively affect the way people think and form a correct understanding of the value of their own personal data.
An ideal unified privacy protection service will probably never be created, but we have already achieved a lot. In the coming years, we are unlikely to completely solve the problem of tracking. Many more stories and examples await us, as our data flows into the greedy clutches of applications, mobile services, banks and unreliable companies. But as the topic of privacy begins to seriously worry more and more active Internet users, it will be addressed in a more civilized manner.
Already, a user can get access to serious personal data control tools that were not there ten or twenty years ago. In fact, even though if we are not yet able to control everything, we can already choose what data we agree to share. Unfortunately, it's difficult for humans to take advantage of these disparate opportunities. But theoretically, ultimately everything lends itself to automation, and the means of protection of the future will be built on these automated capabilities.
Andrey Meshkov is a co-founder and CTO of AdGuard ad blocker. He's been working in IT for over 15 years and has accumulated tons of experience not just in his primary work area, but also in related ones, such as online privacy concerns. Sometimes the urge to share his thoughts becomes too unbearable and he takes a break from coding to write an article or two.