Within the past few months, big tech has reached way beyond what we’ve ever seen in terms of censorship in the United States. It’s disturbing to the point of horrifying for the “hardcore” free speechers so much so that even casual observers of all stripes have been stirred by big tech’s behavior. Because any violation of big tech’s malleable and dynamic terms of service get banned; people are adapting quickly. It’s time to get smart about new tech that circumvents big tech.
The Most Common Things We Do Online are Not Private or Secure
News has spread quickly that texting is not secure. I’ll try to avoid a JEB! “please clap” moment, but you were warned over a month ago. Last week WhatsApp changed it’s ToS, alerting users it will now share data with Facebook. This spurred a mass exodus to Signal and Telegram two supposedly secure, encrypted, chat platforms. It’s rumored Telegram saw a user increase of 59M and Signal 40M in a single day. Now that people are sensitized to privacy and censorship issues, many are not feeling sure about Signal or Telegram’s security. Those instincts are correct. Neither Signal or Telegram are as secure as most believe.
Most of us know that browsing the web is not secure. Our online behavior creates a profile about us that is used in a number of ways. Let’s call it our digital footprint. A few “privacy first” browsers e.g. Brave, DuckDuckGo have gained popularity given peoples’ awareness. However, these browsers have the same fundamental security flaws as Signal and Telegram.
The two concepts that are driving the conversation about true privacy and security are centralization and decentralization. Encryption and metadata are secondary topics in this overall discussion.
Encrypted Chat and Browser Breakdown
Signal is not as safe and as secure as most think for two reasons. First, it’s centrally owned/operated/and run. This means somebody or some entity controls and owns your data. Second, the notion of encryption doesn’t cover the data you generate as a Signal user. Signal offers encrypted messaging. What this means is the content of your messages cannot be seen or read. BUT, that data is only half the story. The other half of your digital footprint is made up of metadata. Metadata is the set of data that describes and gives information about other data. To illustrate, metadata is the information that can identify your IP address. Your IP address correlates to your physical location. Metadata also exposes who else you message, their IP address and by extension location, it exposes the times and frequency of your communication and more. Your metadata is not encrypted and is available for others to see, collect and use. The key flaw with encrypted platforms including Telegram and Signal is the entry point and exit point of the platform (where you “hop on and off” using the application). Those sessions are not encrypted or protected. So, the episodes before and after you use an encrypted app are places where your metadata is generated and remains unsecured. Metadata is a key component of your “digital footprint”. As you now know, your digital footprint gives a lot of information you may not want publicly available.
The same situation applies to encrypted browsers. It all boils down to every action you take online or in an app creates a chain of data. The issue is how much of the chain you create is protected. Even if an app, or platform boasts “end to end encryption” (e2ee) it’s important to know how the app or platform defines end-to-end. Does it include encrypting your whole data chain or does it only encrypt the part of the chain the app occupies?
Lucky for us, there are a lot of smart people who have anticipated the issues around privacy, and security when it comes to personal data. They’ve been working hard to innovate and stay ahead of the inevitable pitfalls we face as technology advances.
Decentralized vs Centralized Systems
To give you a mind map before we go into the tech, you already know what decentralization is and how it works. A current example is how our elections are run in the U.S. That’s a decentralized system. Each state operates on its own, yet cooperates in the end to get to a national result.
Technology can operate the same way. Decentralized technology means that whatever app or software is run on a network of computers, or servers. These computers can be located around the world, but still working in cooperation via an internet connection. Who owns and runs these servers? Anyone.
The question that’s probably on your mind is… How can this be safer and more secure than a company with IT experts protecting security and hacking? Their career expertise is to protect data centers, servers, and data. The answer is decentralization. No matter who owns the computers and where they’re located it is a much more secure architecture than a centralized system.
Without getting into too much detail, the way a decentralized system works is the data on these networks is encoded, chopped up into pieces (sometimes called sharding) and is routed through a network of computers. The computers know how to talk to each other and have been programmed to execute one task then pass the data to the next computer to do its task, then onto to the next computer and so on until the job is complete.
Think of it like this. Decentralized networks create a “net”. At each juncture of the net is a node. That node is a computer/server. At any given time each one of these servers gets the assignment to jump in and do their task of running the code for your app or routing your data. The path is different every time (also known as ‘hops’).
The system protects data, making it inherently secure due to the idea of “sharding”. At no point does a single node (computer or server) have all the information it needs to identify you, your data, who you’re communicating with, your location or the entire chain of tasks needed to complete the entire job. The computer network knows how to shard your data, move it around, and then put it back together again automatically without knowing the whole chain of events. All this happens behind the scenes, you are none-the-wiser when you’re using one of these decentralized applications (or networks).
To help cement this idea of decentralization, the opposite of a decentralized system is a centralized system. Let’s reference politics again. Communism is a centralized system. The Government owns everything (property, businesses, supply chains etc). It runs or administers every aspect of society. All government functions are directed by the people in charge, basically out of a centralized location. It’s a completely controlled system.
Let’s play this out to explain how centralized technology works. To help visualize this, think of a centralized tech system set up like a wheel. A spoke and hub model. You are a spoke. At the hub are the computers or servers which run the code for the app you’re using. You generate the data and feed it into the hub and the hub performs its duties, then passes data or information back to you. The centralized system manages your data, scrapes your data, stores your data, knows where you are, who you’re talking to, your IP address, physical location etc. That’s the general concept. In reality it’s more complicated, but that detail isn’t relevant to this article.
This centralized model is how most social networks, centralized databases, e-commerce stores, and banks are set up and function. In a centralized system an entity owns your data. You do not control or own your data when you’re using a centralized system. Hopefully I’ve explained this well enough that you can easily imagine the dangers and pitfalls of centralized systems.
So, getting back to decentralized systems. This is one of the main reasons why everyone goes so bananas about the potential and future for blockchain technologies. They’re decentralized (Bitcoin is a cryptocurrency that is built on a blockchain). Nobody owns it and its decentralization inherently makes it private and secure (bitcoin has never been hacked).
The whole idea of blockchain technology is that apps and platforms can be built on them. Anything from ticketing, to banking, to communications, to gaming… all of these applications can be built on blockchain technology. Sometimes there’s a good reason to build on this tech layer, sometimes it doesn’t make sense. (that’s a discussion for another article).
How Does All of This Apply to You, Today?
There are two new decentralized apps I highly recommend. One is for chat and one is for web browsing. I’ve tested these and have found they’re easy enough to use, so I’m recommending them to anyone who can install an application on their computer or phone.
Full End-to-End Encrypted, Decentralized Messaging App: SESSION
It’s called Session. It’s the replacement for Signal, (the messaging app that works like text messaging). Intuitive to start using without any instructions, easy to share with others, and is the most secure and private messaging solution I’ve found to date.
Full End-to-End Encrypted, Decentralized Secure Web Browsing: LOKINET
How Lokinet works is that you run all your web browsing through the Lokinet “app”. First, you download Lokinet, install it like a normal app, turn it on and browse like you always do using your chosen browser (DuckDuckGo, Brave, Chrome etc.) What Lokinet does is protects not only your entry point to the web, what you search, your IP address etc. It protects your exit point, too. So when you’re using Lokinet, you basically access the entire internet through a secure portal that protects your data. When Lokinet is “off”, it’s business as usual. As a user, your online experience is no different, you can’t even tell you have Lokinet running. Remember the issue around your metadata and privacy we talked about earlier? Lokinet takes care of securing all that metadata. Your entire data chain is protected from end-to-end.
These applications and others have existed for a while, they just haven’t totally hit mainstream. As a blockchain fanatic, Lokinet and Session marks an amazing milestone that I’ve been anxiously awaiting. Usable, customer friendly applications that leverage new inherently secure and private technology. There are other e2ee, decentralized applications for web browsing, and most likely chat. I haven’t found any that I like more than Session and Lokinet.
We all need to get up to speed on this to protect ourselves, family, friends, and organizations from censorship and persecution.
Leave a comment below or contact me. If there’s enough interest, I would be happy to do a live chat to explain blockchain technology, decentralization, privacy, and security. I certainly don’t have all the answers, but am happy to share what I do know!