If there is one dangerous misunderstanding in modern consumer technology it is the misunderstanding that privacy and security are synonymous. They’re not, here’s why.
What is privacy?
According to Merriam-Webster Privacy is:
1 a: the quality or state of being apart from company or observation : SECLUSION
b: freedom from unauthorized intrusionone’s right to privacy
2. a: SECRECY
3 _archaic _: a place of seclusion
From Merriam-Webster
This definition is good, but doesn’t really encapsulate the nuance of separating privacy from security. According to the IAPP, privacy, in relation to the data we generate, is focused on the use and governance of personal data.
One way to look at this is your privacy is the data you generate, knowingly or otherwise, and how it is used. This means that every app you open, website you visit and device you interact with collects data about you that can be combined to produce a very accurate profile of who you are. Just like anything else, this profile of you can be used to help you or to manipulate you into thoughts and actions that you wouldn’t otherwise have.
Historically secrets were pretty black and white. You could, for example, whisper a secret to a friend and reasonably expect them to keep it for you. On your computer that isn’t the case. Your devices and app, as well as the companies who provide service to them, know everything you do from the symptoms you searched for to where you searched for them and they aren’t keeping that secret. While individually much of this data isn’t worth much, together it can create a profile of you that might very well know you better than you know yourself.
What is security?
If privacy is the usage and governance of the data we generate then security is the mechanisms and tools we use to protect that data.
From antivirus to VPNs and from passwords to clearing our browser history these are all security mechanisms designed to keep our private data private.
Privacy vs Security
Some of the best security might not be private at all. For example, Google and Facebook have excellent security in place and are able to stop attacks and protect your accounts from unauthorized access better than most companies on the planet.
On the other hand, Google and Facebook are also some of the worst at collecting data about you and selling it to the highest bidder. Collectively these companies know who you are, what you do, who your friends are and so very much more.
We notice the effects of this data collection most when they fail. Just look online and you’ll see plenty of stories of people being shown completely inappropriate products and calling them out. As funny as this is, this is when the profile on you fails. What you don’t see getting called out is all the times it works.
Maybe it’s the $10 purchase you hadn’t been planning on, the book you hadn’t meant to start or even the political candidate you now fervently support. Over time these micro-nudges, as I like to call them, add up and contribute to our world views just as much if not more than any other more direct influence in our lives.
On the other hand, signing up for a fly-by-night email host or other site is dangerous as they don’t have the resources to protect your accounts like the Google’s or Facebooks of the world.
What does this mean for you?
When you read the news and a company is selling you privacy or security it pays to know what you’re getting. The best security available is often not the most private. Before you sign up for any service look at their privacy policy and settings to protect yourself and those around you. Better yet, decide if you even need that service in the first place. The best privacy you can get online is often not to be online at all.
Want to learn more?
There are two great documentaries that can expand on this topic. The Great Hack and The Social Dilemma, both are on Netflix and are absolutely worth your time.