Privacy Needs Anonymity

2023-02-22

---

When you send a message to a friend on Facebook, Google, or other big messaging services, the company running the service often claims not to be able to read the contents of your messages. For the most part, I actually believe that to be true. But these days, they don't need to.

Suppose you send a message to your friend via the Facebook Messenger app. If Facebook are telling the truth, they don't know what you actually said to your friend. But they do know, among other things:

• who you are, if you gave them truthful information about yourself;
• who your friend is, if he gave them truthful information about himself;
• who your contacts are, via app permissions;
• who your friend's contacts are;
• what your interests are, based on your activity on the site and cross-site cookies if you remain logged in;
• what your friend's interests are, based on his activities on the site and cross-site cookies if he remains logged in;
• that you and your friend are connected in the first place;
• that you're sending a message to your friend;
• how frequently you've sent messages to your friend in the past;
• when you send the message;
• where you are when you send the message--either explicitly if you have location enabled, or inferred from the wireless network your device is communicating with;
• where your friend is when he receives the message;
• what people are near you when you send the message, if they have Facebook accounts or are accessing a site with a Facebook cookie;
• what people are near your friend when he receives the message, if they have Facebook accounts or are accessing a site with a Facebook cookie;
• what sites you visited before sending the message, if those sites have Facebook cookies;
• whether you're forwarding the message from someone else;
• how long it takes to type the message, via typing notifications;
• how long it takes for your friend to see the message after you send it, via seen notifications;
• how long your friend takes to read the message, by tracking in-app activity such as scrolls and taps;
• whether your friend saves any attachments;
• whether you friend forwards the message to someone else; and
• how long it takes for your friend to start typing a response after he's seen it.

This information is all considered metadata by tech companies, so for purposes of analysis, they're considered fair game and are collected without restriction.

Multiply this metadata across every single message you send to your friend or receive from him. Then multiply that across every single person with whom you ever have a conversation on Facebook. And finally, multiply that across every single platform that collects this kind of information, with or without your consent or knowledge. With the aid of big data analysis and algorithms, that amount of metadata is enough to determine with well over 99% probability what the actual contents of any given message are, without ever needing to decrypt a packet. Facebook and Google already do this publicly.

If privacy is keeping data away from prying eyes, then one might define anonymity as keeping metadata away from prying eyes. Unfortunately, the computing resources at the disposal of big corporations and government agencies are so vast that it's now a trivial exercise to construct data from metadata, and vice versa.

This is why I strongly believe that privacy and anonymity can no longer exist independently. Privacy needs anonymity.

---

Up One Level

Home

[Last updated: 2023-02-22]