Privacy is the new killer app

Ello, Wiper, Anonabox and others prove that Apple, Facebook and the like can't rest on their laurels when it comes to security.

A funny thing is happening in the wake of the Edward Snowden NSA revelations, the infamous iCloud hack of celebrity nude photos, and the hit parade of customer data breaches at Target, Home Depot and the U.S. Postal Service. If it's not the government looking at your data, it's bored, lonely teenagers from the Internet or credit card fraudsters.

But there's a silver lining to the cloud: For probably the first time since the launch of Facebook, people are actually sitting down to think about their privacy and about who's doing what with our data -- specifically, what we're willing to share, and what we're willing to give up to advertisers in the name of easy sharing, constant communication and sweet, sweet validation.

And it's led to a new generation of apps where privacy is the feature. A report released by Forrester this week predicts that 2015 is the year when privacy becomes a competitive differentiator in technology, as users look for solutions that strike the right balance between secure and convenient.

In other words, privacy is the new killer app.

Cool or creepy?

"There is a maze of conflicting global privacy laws to address and business partner requirements to meet in today's data economy. There's also a fine line between cool and creepy, and often it's blurred," writes Forrester analyst Heidi Shey.

That Forrester report is backed by a Pew survey released this week indicates that 91% of all American adults feel like they don't have any control over their personal data, with 80% of social network users reporting that they're concerned about how advertisers use their data and another 70% saying they're at least somewhat concerned about government intrusion.

Now, there's just not much you can do about government intrusion -- thanks to surveillance-friendly legislation, if they want your stuff, they're pretty much going to get it, as evidenced by Dropbox CEO Drew Houston's infamous public admission that the platform is a "trade-off" between privacy and security.

But there's this concept in information security called the attack surface: The more code you run on more systems with more theoretical points of entry, the less secure you are, because a hypothetical attacker has more weak points to exploit. Similarly, the fewer places you put your stuff, and the tighter control you have over those places, the less likely you are to get snooped upon -- and the harder time advertisers are going to have to turn your personal life into monetized content.

Ello, or good-bye?

Which brings us to today, and a new breed of technology that's less about finding extra ways to share stuff on the Internet and more about helping us do so in private. Take, for example, Ello, the new social network that resonated briefly but brightly with the younger set for its commitment to never, ever selling user data -- backed up by the adoption of a pioneering Public Benefit Corporation business structure that legally forbids it from doing just that. Instead, Ello plans to make money with paid features on top of the free product.

It turns out that people liked Ello a lot more as a concept than as an actual product.  The site's one million users (with three million more waiting on an invitation as of the end of October) just don't post very much.

Speaking personally, my Ello news feed is a ghost town, and once the initial rush of a new social network with a high-minded philosophy died down, people noticed it just wasn't as good or as fully fleshed-out as Facebook or Twitter, and moved back, privacy be damned. As the New York Times put it in the headline of its report on that Pew survey, "Americans Say They Want Privacy, but Act as if They Don't."

So while there's not been a single app or product with as much buzz as Ello, we definitely see some success stories among products that enable users to communicate much as they do now, but more securely.

And then there's Wiper

Take, for example, Wiper, a messaging and video calling app that gives users control by never archiving anything on its own servers and actually letting them permanently delete content from a conversation -- not just from their devices, but from the devices of the people they're talking to. It's a handy escape hatch when you accidentally say the wrong thing (or send the wrong picture, nudge nudge, wink wink, say no more).

Wiper was born from a simple question, says founder Manlio Carrelli: "Why is everybody storing all my stuff?"

The standard approach is not only shady, Carrelli says. It's destructive to honest conversation, because everything you say ends up as a kind of permanent record. Trusting the wrong service or somehow getting the attention of an NSA analyst means that your private conversation isn't so private. And there's no going back from whatever you said. Which is why giving users control over what gets saved is so crucial, Carrelli says.

"It doesn't seem like a great way to live our lives," he says.

Wiper has found special success in the Middle East, where privacy and HD video calling are both killer features. The app is attempting to reach a broader audience by taking its core privacy-first philosophy and gradually expanding with more social features, starting with YouTube playlist sharing.

There are other approaches, too: The controversial Anonabox project, a teeny-tiny router that automatically shunts your web traffic through the TOR Internet anonymity portal, raised close to $600,000 on Kickstarter before getting shut down for violating the crowdfunding platform's rules -- it turns out the Anonabox isn't as "original" as the creators led funders to believe, based almost entirely on off-the-shelf parts running modified firmware. It's since found second life on the more lax IndieGoGo platform, where it successfully met its funding goal.

The big guys take the hint

Meanwhile, the big technology companies aren't sitting idle. While, again, no single startup even slightly poses a threat, the Ello phenomenon and the spotlight on Anonabox at least proved user unrest around privacy matters.

Facebook, in response to all of this, has hugely shortened and jazzed up its user data policy statements, making it something a real live person might actually read. It doesn't change the fact that they're selling data to advertisers, but at least it removes an element of paranoia and works to restore some confidence. Not to mention that it gives Facebook better leverage when trying to convince its users that stuff like location services fall closer to "cool" than "creepy."

Likewise, Apple got a much-needed vote of confidence from the Electronic Frontier Foundation in a report that its proprietary iMessage and FaceTime messaging tools were the most secure and strongly encrypted solutions of their kind, which helped ease concerns in the wake of iCloud hacks and the so-called Fappening.

The constant stings from apps and services that rightfully claim to be better than the Silicon Valley establishment about privacy and security may not kill them, but it keeps them from resting on their laurels. As Forrester says, expect 2015 to be the year when privacy becomes a competitive differentiator, as users expect better control over their data and a more public commitment to keeping it safe and the process it gets used transparent.

In other words: It's no longer enough to be good. You have to be secure, too.

Join the CSO newsletter!

Error: Please check your email address.

Tags Targetsecuritynsadata privacyHome DepotU.S. Postal ServiceprivacyFacebook

More about AppleDropboxElectronic Frontier FoundationFacebookFaceTimeHome DepotNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Matt Weinberger

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place