Now that our worst wiretapping fears have been confirmed, millions of people are realizing that we need to start using decentralized, encrypted communication yesterday. Unfortunately, with the state these tools are in, billions of people are still going to choose convenience over security. The open source community has made amazing progress with crypto tools’ user-friendliness recently, but there’s still more work to be done before they can go mainstream.
Even if you’re savvy enough to comfortably use the most secure and decentralized technology, you should still care about mainstream adoption. Being the one of the few people in the world sending encrypted messages could make you more conspicuous, not less. This is why we need to make communicating securely as easy as using Facebook. You don’t get to 1 billion friends without having a damn good user experience.
So here’s what we need to work on. Some of these may be software engineering challenges, some of them social. Perhaps a little of both. Share your favorite solutions in the comments.
1. People Forget Passwords
Everyone forgets passwords from time to time. Then we forget where we wrote them down. Or our password manager didn’t save them for whatever reason. With centralized services, that’s generally okay: you can just click “forgot my password,” open an email or answer some questions, and you’re good to go.
With encrypted services, if you forget your password, all of your stuff is gone. Forever.
There’s (probably) no way to create a secure system that can tolerate you forgetting your password, though it’s certainly been tried. For OS X’s FileVault, Apple operates a service which will store your encryption key on their servers, in case you forget the password for your Mac. I hope I don’t have to explain why this isn’t a real solution.
This one could be as simple as a cultural shift in which people start taking their passwords more seriously. Alternatively, we might see hardware solutions — literal crypto “keys,” or maybe biometrics — becoming more popular.
2. Hosting A Home Server Isn’t Easy
This site is hosted right out of Rick’s flat. He’s fortunate enough to have the technical skills to do so. And the free time to set it up and maintain it. And high-speed Internet. And an ISP that allows home servers. And a home.
For the rest of us, having an always-online box to host our own personal mail server, Diaspora node, SparkleShare box, VPN, and everything else, can be problematic. This is why hosting services in datacenters are so popular: because somebody else can handle the technical stuff.
For those of us with homes, we need plug-and-play home servers which can configure themselves automatically. They should come with a package manager that’s as easy to use as the iPhone App Store. Open and hackable? Yes, definitely, but still usable by someone who doesn’t know what an operating system is. An Ouya for decentralized communications and storage.
People who move around a lot — students, traveling professionals, couchsurfers, homeless people — might be able to do something similar on their mobile devices. They can host the services right from their phone or tablet.
3. The “Cloud” Is Really Useful
Datacenters are really fantastic things, though. They can back up your hard drive in case your computer gets fried. They can host your website in case your electricity cuts out. In fact, the only real problem with datacenters is that we have to trust them not to hand over or destroy our data, or perform a man-in-the-middle attack with decryption.
Freenet stores all data by encrypting it, breaking it up into chunks, and randomly giving different chunks to different peers. Nobody knows whose data or what data they’re hosting. What if this idea could be expanded into a massive, global, completely anonymous and distributed “cloud”? Chunks of your encrypted private data would be hidden in plain sight on hundreds of different servers, computers, tablets, phones, and game consoles. There would be no need to trust a hosting company; neither of you would even know that you were a customer.
4. Some Things Won’t Work Without Sharing Data
To use DuckDuckGo, the favorite search engine of privacy advocates, you have to take the word of some guy in Pennsylvania that you’re not being tracked. To be fair, I do trust DuckDuckGo, but I trusted Google once too. Good news: right now, there’s a decentralized, P2P search engine called YaCy. Bad news: it kind of sucks.
The reason Google — and Bing, which is one of DuckDuckGo’s data sources — have such good search algorithms is because they can track a whole bunch of stuff. They collect a tremendous amount of data from their users, analyze it, and use it to make their search engines smarter.
Other Google services do this too. Google Voice’s transcription algorithm learns by analyzing millions of voice messages, getting better and better as it goes. Google Now on Android phones keeps track of everything you do on your phone to predict what you might want to know or do next, and it learns from everyone else’s phone too. Data from billions of Internet users does amazing things for AI research.
But that data — even when “anonymized” — can be used to find out very specific things about very specific people. Facebook can tell your sexual orientation based on your ‘likes’, for example. Combine that by getting a rough idea of where you live, who you’ve contacted, and a clever detective (or algorithm) can figure out who you are. This is the reason why many people want to keep their data private in the first place.
So the question is: can we have some of these wonderful things without giving up our privacy? Is there a way that encrypted, decentralized systems can replicate some of the spectacular results of Google, the suggestion features of Facebook, the recommendations of Netflix, and other very nice, very useful things?