To be or not to be … paranoid.

:: musings

I wear my tinfoil hat proudly. I block ads, and JavaScript, and tracking cookies. I use HTTPS everywhere, I encrypt all my hard drives, I used randomly generated passwords, and I would encrypt all my emails if anyone else bothered to use GPG. I even run my own mail server, and have been considering running my own CalDAV and CardDAV server ...

But lately, I’ve been thinking maybe I should allow some ads and tracking, and let Google or Apple manage some of my data.

Let me think about ads and tracking first. Conceptually, I hate the idea of some souless, evil, corporation tracking my every move across the internet in order to learn as much as they can and advertise to me. Most of the time, I hate seeing ads, and maybe (I’ll never say) I visit sites I don’t want Google to know I visit. ...

On the other hand, sometimes I am looking for a product. Sometimes I want to shop around and see who offers widgets in a variety of flavors. For these products, I wouldn’t mind if Google knew what I was looking for them and helped me out by showing my ads for various widget sellers.

I even have a specific example. I recently bought an iPad (more on that some other time), and I haven’t setup ad blocking yet. I was looking for storage companies because I’ll be subletting my apartment this summer and need to put some things in storage. After a few minutes of browser, I gave up and went back to wasting time on the internet. Then I noticed an ad for a storage company on some totally random website. And it was a great deal, better than anything else I had found on my own. I was glad in that moment that I hadn’t setup ad blocking on my iPad.

However, in order to figure out that I was looking for storage, Google has a million machines crunching data from a million websites tracking what I’m doing just about everywhere on the internet. They are building a very exact profile of who I am and what I want. And people, like the NSA, have access to that data. I don’t know if I want the NSA, or a random hacker, to know I’m leaving for the summer and where I’m storing my belongings. If only the machine could use it, I might not be so paranoid, but until homomorphic encryption makes some serious strides, that just isn’t the case.

More pragmatically (since the NSA probably doesn’t care about me, and hackers probably aren’t breaking into Google’s database of user profiles to learn that I’m putting my personal crap storage), it’s weeks later and I’m still seeing the same ad for the same storage company. I seriously don’t care anymore, and I’m annoyed at seeing it all the time. And if I see a better deal, well, it’s too late. Besides, most of the time I spend on the internet, I don’t want to see ads.

In order to get even more information, Google et. al. offer lots of services for free, such as email, calendar and contact management, and cloud data storage. The paranoid in me doesn’t want Google reading my emails, and the tinkerer in me likes tinkering, so I setup my own mail server. It’s was fun to setup and manage, but it’s so much easier (and more sensible, in some ways) to let Google do it. But I really don’t want Google (and the NSA) reading my emails.

I’ve been thinking about setting up my own calendar and contact management servers, too. But these are even more difficult to setup, partly because everyone makes their own extensions to the CardDAV and CalDAV protocols. While I don’t really want Google knowing who I know, I do want to share my calendar with people sometimes. Setting up my own server makes that more difficult. Besides, if I want the calendar to be public, why should I care if Google can read it? So can the rest of the world. If I want it to be public, there’s no sensible way (I think) to encrypt it, so why should I care that Google doesn’t encrypt it?

I end up with a weird mix to try to maximize both privacy and convenience. I leave my calendar and contacts managed by Google, my email and various things managed on my own server, the files I want in the ‘Cloud’ on Dropbox but with an encrypted partition for the things I don’t want just anyone to see, and blocking ads pretty much everywhere, except on places like Amazon where I only visit because I’m shopping and want to see lots of products/ads.

There’s a irritating tug-of-war between convenience and privacy. I want to see relevant ads but I want my privacy. I want to share some of my calendar and some of my files but I want to hide lots of them. Currently cloud services don’t seem to handle this very well, and it leaves me spending too much time wondering what I should manage myself and what I shouldn’t.