Rebellion by Obfuscation
In the wake of this Cambridge Analytica affair, we are once again confronted with the reality of just how much information we leak to the world, how much data companies generate about us, and how far entities are willing to go to exploit them to pursue pernicious ends.
And to think it happened against the backdrop of a growing number of data protection laws and ongoing efforts of data protection authorities to band together towards a more coordinated regulatory approach to data privacy.
You have to ask: is there nothing we can do to stop this barrage of privacy intrusions? Do we simply wait for our governments to get their act together, or for companies like Facebook or Google to overhaul their business models in ways that afford our information the protection they deserve (if that’s even possible)?
For many of us, the answer to these questions is a resounding “No”. Data privacy, after all, is about taking control of our personal data.
These days, though, the more common recommendations offered by privacy advocates and so-called privacy experts revolve mainly around the idea of abstinence, or giving less or no information. A sound approach to be sure, but one that is gradually losing teeth as technological advancements make data collection and generation easier and their regulation harder to implement. For this reason, another method is starting to gain ground within privacy circles: obfuscation.
Obfuscation is explained extensively by Brunton and Nissenbaum in their book, “Obfuscation: A User’s Guide for Privacy and Protest”. They define it as the “production of noise modeled on an existing signal in order to make a collection of data more ambiguous, confusing, hard to exploit, more difficult to act on, and therefore less valuable”. In other words, instead of developing ways to eliminate or minimize data collection, the objective is shifted towards making such collection futile or useless. Get things overlooked by producing more data—not less. In the process, we not only increase the chance of hiding the real and accurate data, we also make their collection costlier in terms of time, effort, and resources.
Resorting to obfuscation makes sense if one considers five (5) key realities about data collection today:
- Our data is valuable. This explains why many companies allow us to use their services and products for “free”—because they make money off our data, in return.
- We regularly produce a lot of data. We volunteer our information in many of our daily activities. At the same time, the organizations we deal with also generate plenty of data about us, whether we are aware of it or not. The data stay around indefinitely, too.
- We have an asymmetrical power relationship with the entities that collect our data. We rarely have a choice when it comes to the data collection we are often subject to. Most of the time, we are also left clueless as to what happens to our data—where they go, what is done to them, with whom they are shared, how long they are stored, etc.
- We live in a Big Data world. Governments and companies are relying more and more on big data—data aggregation, analytics, and predictive modeling. Today and more so in the near future, companies are making decisions about us based on inferences and correlations determined by algorithms and automated processes. Machines are beginning to determine our fates based on things we haven’t even said or done yet.
- Opting out is a pipe dream. While in theory, opting out is still possible, the costs of doing so is high and is getting higher still. This is because practically everything we do today require us to give up some or all control over our personal data. We either have to fill up a form in order to receive resources, or we need to agree to onerous terms to enjoy a service. Sometimes, data about us are gathered, by default. We have truly put ourselves in a prison with no walls, bars, or jail guards, and yet it is one that is extremely difficult to escape from.
Taking these factors together, obfuscation as an approach actually makes perfect sense. It’s almost impossible today to not give off information and to not be affected by the processes they trigger and set into motion. Thus, if we can’t stop them, we might as well confuse them.
Now, there are many ways to carry out obfuscation activities both online and offline. They are as varied as their ultimate ends. For now, let’s highlight at least three (3) online tools that showcase the kind of tactics some privacy advocates are now promoting:
- Ad Nauseam. It’s a free browser plug-in that resists online surveillance for purposes of behavioral advertising, by clicking on all the banner ads in all the websites that you visit. Armed also with an ad blocking function, it can actually block an ad while clicking on it at the same time. To the trackers and advertisers, you don’t just like some things—you like them all! It works in the background so you won’t even notice it’s there. Although it’s been banned by Google from its web store, you can still install it by following the instructions on its website.
- Tor. It’s an online browser that facilitates anonymous internet use by combining encryption and obfuscation techniques. Every time you visit a page using Tor, that website will not detect your IP address, but someone else’s (that of another Tor user somewhere in the globe). Other websites will trace a lot of other visits from that IP address, even if none of them were actually sent out by the user of that IP address. You being a Tor user, the same thing is happening to your actual IP address. Websites will be tracing certain web traffic to your IP address, even if you yourself are actually not trying to visit them.
- TrackMeNot. Another free browser extension, TrackMeNot offers protection to web searchers from surveillance and data-profiling carried out by search engines. It does this by running in the background periodic and randomized queries to popular search engines. By doing so, it successfully hides a user's actual search history in a sea of fake queries. Whoever is trying to create a profile of you as a web searcher will arrive at a fundamentally flawed and inaccurate picture of you.
These obfuscation tools and many more are constantly being developed by privacy advocates to help establish a credible resistance in a tug-of-war over data that is overwhelmingly lopsided—with the individual on the losing end, of course. Should you wish to try them out, make sure you read their terms and conditions and the Privacy Policies they have put in place. Remember, too, that for some privacy problems, obfuscation is a plausible solution, while for others, a different tool may be necessary.
Whatever the case, though, the writing on the wall is clear: it simply isn’t possible for us to live on (data privacy) principles alone and wait for others to act on our behalf or to look after our interests. While companies go about their businesses and data protection authorities like the National Privacy Commission pursue their priorities, most of us will continue to make compromises with entities under terms that are inherently tilted in their favor. It is in these situations that obfuscation presents itself as a sound solution. In the direst of circumstances, it is our collective way of raising a clenched fist against the hungry data gods that be.
Jamael Jacob is a lawyer specializing in the field of law, ICT, and human rights. He is currently the Director of the University Data Protection Office of the Ateneo de Manila University, and Policy and Legal Advisor to the Foundation for Media Alternatives. The views expressed herein do not necessarily represent or reflect the views of the organizations he is currently affiliated with.