But, this post isn’t really about any of that. While I wish the status quo were different, right now it isn’t. It probably won’t be different in the immediate future. The real answer to non-stop enshittification and abuse isn’t new laws, or, at least, the answer isn’t entirely new laws, it is self-reliance. Laws can change. Corporations can and do lobby for benefical (to them) laws the world over, but if your data is beyond their purview, it doesn’t matter nearly so much.
I’m not advocating going completely off the grid. I’ll gladly use corporate tools, even cloud tools, to achieve my goals, as long as I don’t have to compromise my principles. I want control of my information, not asceticism for asceticism’s sake.
So, if it isn’t all-or-nothing, what should I change? The biggest problem area – for me – is “cloud” services, much more so than “social media”. I’ve never been a big social media user, but I have adopted a bunch of “cloud services” over the past several years. Like a lot of people, I think I started with Evernote and Dropbox, and for a long time those services worked well for me. Over time, though, I mindlessly adopted more and more cloud services and now many of them aren’t working so well, or are one negative change on the part of the platform owner away from stealing or marooning my data.
Going a level deeper, I have three basic problems with cloud services as they currently exist:
- Users don’t own their data
- Users don’t own their identity
- Users lose control of their privacy
Users Don’t Own Their Data
In some cases, this is literally true, such as when Spotify unilaterally changed the terms of service on Findaway and claimed ownership of all user-content.. Or when Adobe decided they could do whatever they wanted with your data if you wanted to continue using their tools, then a few days later decided they didn’t really mean it after all
Crucially, I’ve never seen, and cannot imagine a service existing, where the contractual terms don’t allow the provider the right to make unilateral changes to the service’s EULA. So, even if you find something that is acceptable today, it might not be so acceptable tomorrow.
Other times, it is only figuratively true: you might own the data you submit, but if it gets locked in a proprietary format that can only be read by proprietary software, do you really own it?
I’ll go one step further: if the format your data is stored in is overly complex, even if the format is “open”, you have the same problem, practically speaking. Microsoft One Note, for instance, has an open file format, which Microsoft has exhaustively documented. At the time of this writing, the most recent specification is 108 pages long. For a note taking app. There are a few projects that attempt to export data from One Note, but to my knowledge, all work the same way: they use Power Shell to instrument One Note to scrape the data. There exists one, and only one, program that can read One Note files: Microsoft One Note.
Users Don’t Own Their Identity
The most obvious example of this is cloud email. Stories abound of people losing access to their cloud email accounts.
Or, the owner of a service you use could just decide to take your identity. You’ll have no recourse.
There are plenty of other problems in this area, like Social Login, where you rely on a third-party (the social login provider,) that might cancel your account at any time, usually without notice or recourse, to login to potentially hundreds of different services. There’s also the risk that the social login provider profiles your activity (i.e., collects the names of the sites you use their login service for to advertise to you) or that the social login process exposes some information about you to the service you’re connecting to. All in all, the convenience comes at a heavy price.
This is even worse for places where you publish content and and try to build a community: we can all be kicked off of these platforms at any time, for almost any reason. The Fediverse is conceptually a good response, but so is registering a domain and having your own email and web identity.
Users Lose Control of Their Privacy
This is closely related to not owning your data, but a bit different. With cloud services, you have no real control over how your data is used and misused to extract “value” from you, no real assurance that your data isn’t being sold or leased to third parties, or that you aren’t bombarded with ads to manipulate you.
The basic ads are creepy enough - if I search for something, my wife, who uses Facebook, will usually see ads for it, even if it is something like a BBQ grill that she has absolutely no interest in (or any plausible reason to show her the ad other than Facebook knew I was looking at BBQ grills.)
I don’t buy into the conspiracy theories that your phone is secretly recording your mic at all times and doing voice recognition to target ads at you, but I’ve seen some weird stuff first hand. I remember a dinner several years ago where a customer mentioned that he went to high school with a guy who got caught cheating on a game show. This dude apparently really wanted to be a millionaire. I didn’t search for this at the time or do anything related to it, and I didn’t have my customer’s phone number stored in my contacts (I don’t believe he had mine, either,) but that night when I got back to my hotel and opened Youtube, the very first recommended video was of the guy cheating on the game show. What I think happened is something like this: somebody else at that table searched for something related to that video and some adtech company acquired - by hook or crook - location data from our cell phone providers and used it to target other people nearby with a recommendation for that video. I can think of no other plausible explanation. Assuming that’s true, think about it: that data must be incredibly cheap and almost ubiquitously available for advertisers and social media platform owners in order to justify using it for something like recommending a stupid video on Youtube for me to watch. How much money could Google have possibly made off of that? Almost nothing.
Now, think about what cloud platform owners could do with data that you freely upload – your emails, documents, pictures, videos. How sure are you they aren’t processing your data to weaponize it against you? Or train their “AI” tools with your creative output to eliminate your livelihood? Because their terms and conditions say so? Or, rather, you think their terms and conditions say so.
Appropriate Technology
There’s an idea called appropriate technology that is common in sustainability and renewable energy communities. The idea is simple enough: rather than technology for technology’s sake, technology should be appropriately scaled to the task at hand. In particular, it should be affordable, simple, and decentralized so the people using it maintain control.
I think that’s a useful way to think about what technology to bring into your life. So, what’s appropriate? To me, appropriate (or good) technology is:
- Decentralized, whenever possible; appropriately end-to-end encrypted when not.
- Properly documented in all important respects, particularly data formats and APIs.
- Open, particularly as it relates to data ownership, extensibility, and having the option to self-host.
- Free of surveillance and ad-tech.
The opposite, in other words, of “the cloud” as it is currently envisioned.
Digging Out
Looking over my digital footprint, my biggest priority areas for moving to more appropriate services are:
- Cloud file storage (One Drive and iCloud Drive).
- Email (Protonmail)
- Photos (Apple Photos)
- Git Hosting (Github)
- Web Hosting (AWS S3)
- Backups (Synology Backup, targeting local disk and AWS S3)
- Spreadsheets (Microsoft Excel)
- Streaming video (Amazon Prime and Netflix)
- Streaming music (Apple Music)
- Home Automation (A mix of Hubitat, Philips Hue, Amazon Alexa, Simplisafe, and Synology (video cameras))
- VPN (Tailscale)
So, over the next six months, I plan to eliminate as many of these services as possible. Some, I’ve already migrated. A few others, I’ll keep in a limited capacity. Others, I have a good idea of what I will do. One (Microsoft Excel) I’m not sure I’ll be able to eliminate.
I’ll share what I learn here.