Can you use social media without exposing your personal data?
Originally published at: https://medium.com/coinmonks/protect-your-social-media-27d69d04fec2
Spoiler alert — social media companies sell your personal data!
But then, you already knew it. That information has been in the public domain since forever.
You probably accepted the cost of using social media some time ago. Many of us did. Over the last few years, the social media companies have been burgeoning, and are now giant corporations. For instance, here is an illustration of FaceBook activity over time:
Number of monthly active FaceBook users worldwide (millions) © Statista 2020
This graph illustrates the increase in FaceBook activity over the last decade. Other social media giants probably have similar increases in usage.
We were willing to sacrifice some access to our personal data, in exchange for the joyous service provided by the social media companies. After all, what harm could it do?
Well, if you have followed the press at all since those early, heady days, quite a lot actually. As well as using our personal data in new and unexpected ways (you did diligently read and understand all the “terms and conditions of use” didn’t you?), the terms and conditions may even have changed unbeknownst to us. The sacrifice of your personal data doesn’t just affect you either. Unfortunately, it also affects your friends and family as well, most probably without their permission and in fact, it affects all of us, and not in a good way.
There are many trends recording data abuse available on the internet. For instance, here is a graph of data breaches and data records exposed over time:
Annual number of data breaches and exposed records in the United States © Statista 2020
Note: there may be no correlation between the two graphs above.
And it’s getting worse. The social media companies can use your personal data to determine what kind of goods you purchase. Then they can show you an advertisement for some ‘special offers’ on those goods. So far, so innocuous. You may accept that. You may even want it. It may well seem a reasonable use of your personal data.
However, the same social media companies may also be distributing your personal data to other companies, some of whom intend to affect your autonomy. That’s right, they may affect what you read and subsequently the way you think, maybe even the way you vote. Or there may be other nefarious intentions. In addition to personal data being intentionally distributed, a vast amount has also been stolen, as indicated in the graph above. Just dip into “Privacy is Power” (cited above) for more evidence.
The problems come about because the social media companies are collecting all of our personal data onto central servers. This is centralisation of personal data, and it’s looking like a really bad thing for individuals.
Personal data on billions of individuals stored centrally by social media companies
This is such a large problem for individuals that nation states are concerned about personal data abuse and have introduced data protection legislation (such as GDPR) in an attempt to curb the abuse of our personal data.
So if the problem is centralisation of personal data by social media companies, how can we resolve that? If only there was some way to make a decentralised social media platform. But how would that work, surely a huge organisation would be needed to run the central server?
"Au contraire mes amis."
We can make a decentralised social media platform. We have the technology.
Here is one possible solution:
Each individuals’ personal data is stored in their own data vault
This diagram illustrates that I have my own data vault containing my own personal data which only Me, You and Him can access. Another person Heralso has her own data vault which only Her and Him can access.
Associated with our blogs will be lots of personal data: name, email address, telephone mobile, home and work addresses, relationships with friends and family. Even ‘likes’ and comments may contain personal data. Because all that data is stored on our own data vaults, it is not readily accessible to anyone else or to any organisations.
Indeed, after it is set up, no organisations at all are needed to service the platform. This is because the data is stored on our own data vaults, not a central server. That means that instead of one central server, there will be a multitude of individual data vaults, and that each individual will have to pay for their own data vault, but as I am sure you are aware, continually reducing storage costs mean that that will only cost a few dollars a year. For example, see Sia or FileBase.
Of course I need some method to control access to my data vault, so that whilst I have permission to append my blog, my friends only have permission to read, not edit it. Similarly, whilst my friends have permission to ‘like’ and add comments to my blog entries, I do not have permission to edit what they have written. Basically, all the things you would expect of a social media platform.
Although it may be possible to just use a decentralised service, which is safer than a centralised one, I’m proposing to use an even safer method, a so-called trust-less distributed ledger technology (a blockchain) to control access to my blog. Blockchains are famously employed to manage crypto-currencies such as Bitcoin, but that is just one of their possible uses. This is another one.
The advantage of using a blockchain is the decentralisation of the contract: two (or more) parties can deploy an agreed smart contract that is published and visible for scrutiny by any party at any time. The only data it contains are account addresses. Incidentally, a smart contract is able to do far more than simply control social media data and cannot be altered once it is published.
This particular flavour of smart contract is used to control data access to a data vault. Both the smart contract and the data vault must comply with an interface specification which dictates who does what, where and when.
Our case will involve deploying a smart contract on a blockchain which will provide decentralised data access control:
The blockchain controls read and write access to our personal data
This diagram illustrates that I have my own data vault on which I can append entries to the Me blog, and You my friend, can read, and ‘like’’ my blog entries if you wish. Comments could also be made.
Whenever someone attempts to read or write to the data vault, it checks with the smart contract deployed on the blockchain. The data operation will only be allowed to proceed if it is permitted on that particular data item for that particular individual. This is actually pretty secure. The personal data is only shared as permitted by the smart contract. No one else can get in on the act.
What’s more, I’ll only need to employ a decentralised data vault for a completely decentralised solution.
Wow! That does sound good. We can make a decentralised social media platform after all. Let’s build it!
We have. Well, a prototype at least. Its working title is Defaced Book.
Here are some example screenshots that illustrate typical use of Defaced Book.
Screenshots of Jules’ and Dave’s Defaced Book screens whilst chatting
The normal blog works as you expect, with new entries appearing at the top of each connected person’s screen.
It is possible to share links, videos and pictures as you may expect.
Screenshots of sharing images
Screenshots of sharing videos
Naturally it is possible to connect new friends, using the unique address automatically assigned to each individual when they create a data vault.
Screenshots of Jules’ and Seb’s Defaced Book screens whilst connecting
The app takes care of the unique addresses and invitation tokens.
Screenshot of Jules’s blog after connecting to Seb
All this is done without using a central server, instead each individual interacts with their own and their friends’ data vaults.
The data protection regulations (such as GDPR) are designed to stop organisations abusing your personal data.
In this case, no organisations will be holding your personal data!
Your personal data will be stored encrypted in your data vault, and only shared with your selected friends.
There is no doubt that this proposed solution will cost something to run. It is likely that there will be a cost for each friend you invite. There may also be a cost for each invitation you accept.
Companies may offer to post individual transactions for you at a one off cost per transaction. Or you may be able to subscribe to a service for a fixed monthly cost. It may cost a few dollars a month.
But that is cheap compared with the cost of the loss of privacy. Whether that is through the reduction in distribution of your personal data including data theft, or the reduction in how your autonomy is affected.
You can use paid-for decentralised social media without sacrificing the privacy of your personal data.
You can continue to use ‘free’ social media that you actually pay for by sacrificing the privacy of your personal data.
It’s your choice.