What can we do to avoid the privacy problems created by third-party storage? Ars Technica talked to Eben Moglen, a law professor at Columbia University and chairman of the Software Freedom Law Center. He argued the only way for users to truly safeguard their privacy is not to relinquish control of personal information in the first place.
The best approach, Moglen argued, is for "storage and sync service to be provided in a form which deliberately disables computation on that data on the storage provider." Under Moglen's preferred model, services like Amazon's S3 might help users store their data in encrypted form, but computation using unencrypted data would only occur on devices physically under the control of the data's owner.
Moglen is a driving force behind the FreedomBox, a project to build a user-friendly home server that would allow ordinary users to provide many of the computing and communications services currently offered by firms like Google and Facebook.
Moglen acknowledges it's a big technical challenge to make the FreedomBox a reality. Free Web servers, mail servers, content management systems, and other software exists, but currently requires far too much user configuration to provide a plausible alternative to managed services for the average user. Improvements in reliability are also needed. And even federated social networking services like identi.ca have failed to gain significant traction against centralized services like Twitter and Facebook.
But while progress has been relatively slow, Moglen believes his model will prevail eventually. "What we're talking about is what's going to affect the nature of humanity in the long run," he told us. "The important question is can we do it at all. We've never met a problem we can't solve"—given enough time.
A growing number of mobile devices have built-in cameras, microphones, and GPS sensors. This means law enforcement agents no longer have to take the risk of physically invading a suspect's property to install a bug or tracking device. They can simply order whichever company is in charge of the target device's software to modify it to enable remote surveillance and tracking. And because most mobile devices do not have hard-wired LED indicators like those on laptop cameras, the owners of these devices are none the wiser.
In repressive regimes, the danger of government spying is already considered severe. Removing batteries from cell phones is a common practice among dissidents. As the Washington Post reported last year, "The practice has become so routine that Western journalists sometimes begin meetings with Chinese dissidents by flashing their batteries—a knowing nod to the surveillance risk."
Lawsuit: Mobile apps accessing users' address books.
A class-action lawsuit filed this week in Austin alleges that makers of some of the world's most popular mobile apps routinely steal address book data such as names, phone numbers, email addresses, job titles and even birthdays from millions of users without their knowledge or consent.
In the filing in U.S. District Court in Travis County, attorneys representing 13 people — 12 of them Central Texans — claim almost 20 apps, including Facebook, Foursquare, Yelp and Twitter, continue to be available for download even though developers appear to be violating policies put in place by distributors such as Apple's App Store, Amazon's Appstore and Google Play, formerly known as the Android Market.
Makers of the popular Angry Birds and Cut the Rope games are also accused of possibly accessing personal information.