a3nm's blog

Publishing the public details of your life

— updated

I recently wondered about what it would be like to learn your own life by heart. Let me now wonder about what it would be like to publish the public details of your life. But first, let me explain what I mean with this convoluted expression.

There is remarkably little in the life of most people which is "really" private. For most of what you do, there is at least one other person who knows about it. Some of these people are family members or friends, and you trust them and expect them to respect your privacy. But others are people you don't know and trust: all the strangers who saw you someday at some place, the cashier who knows what you bought last time you went to the supermarket, and so on. These aren't the worst, and I'll even forget about them and assume in the rest of this post that all of them are trustworthy. The things which aren't trustworthy are the information systems run by organizations which you have no reason at all to trust: public transportation companies, phone companies, banks, the State, and, last but not least, your Internet provider and the websites you visit and services you use online. (Maybe you trust these organizations, but, personally, I don't think that trust can apply to juristic persons.)

Now, we don't give much thought about this, because we assume that all these organizations aren't actively working together to stalk us. But this way of thinking gives a false sense of security. These people are untrusted, so good security practices should force us to assume that they did the worst possible thing--namely, that they collaborated and shared all the info they had to draw all possible conclusions. This is not that far-fetched if you keep in mind that most of the organizations I mentionned would problably gladly hand over any information they have about you to the police if they were asked for it (and probably wouldn't insist much if due process were bypassed).

Hence the idea I wish to develop here: what if you wanted to distinguish the private part of your life (ie. the "very private", namely things that no one but you knows about, and the "sort-of private", namely things that no one but you and trusted people know about) and the public part of your life (ie. things that at least one untrusted party knows about), and, to help your brain make that distinction, you assumed the worst-case scenario and started publishing all the public details of your life... (The rationale being the following: if this information is public, you might as well tell it to everybody rather than offering it specifically to the big organization who got the info in the first place.)

A thought experiment such as this one makes you realise the sheer quantity of things in your life which are public according to the above definition. Roughly speaking, you could probably publish:

Important parts of your medical history
Because even though your doctor may have a legal obligation to keep this secret, and even though you might trust him, lots of information about social security, prescriptions and the like are probably going through some electronic system leading to an untrusted party.
Everything you buy with a debit card
Your bank knows everything about that.
Everything you say over the phone
The phone company can hear it all. 'nuff said.
Your current precise location, 24-7
If you carry a mobile phone, the phone company knows where you are at any point in time. CCTV can add some precision in public places. If you travel using public transportation, the public transportation company usually knows where you go; if you drive, beware of CCTV and toll roads.
Everything you do on the Internet
It is possible to communicate privately (in the strict sense defined above) over the Internet, using end-to-end encryption (that is, encryption and decryption are performed on the trusted users' machines, which should be running a secure and open-source OS). However, unless you know you're doing that, you probably aren't, and, when you're using the Internet, you're either using encryption to talk to an untrusted big organization like Google (and they know about what you do) or no encryption at all (and the Internet provider knows about what you do).
comments welcome at a3nm<REMOVETHIS>@a3nm.net