Hot off the heels of the 533 million account Facebook data breach, LinkedIn just had 500 million accounts compromised, new social media darling Clubhouse had 1.3 million users scraped for personal information, and “Internet of Things” providers Ubiquiti and Verkada were both hit with “catastrophic” data breaches. Yikes!
Why so many data breaches?
Should we just accept this as the new normal?
How can we protect ourselves?
With data breaches on the rise, it’s time to stop trusting our data with cloud providers. It’s time to Decentralize.
Hot off the heels of the 533 million account Facebook data breach, LinkedIn just had 500 million accounts compromised, new social media darling Clubhouse had 1.3 million users scraped for personal information, and “Internet of Things” providers Ubiquiti and Verkada were both hit with “catastrophic” data breaches. Yikes!
Why so many data breaches?
Should we just accept this as the new normal?
How can we protect ourselves?
With data breaches on the rise, it’s time to stop trusting our data with cloud providers. It’s time to Decentralize.
Henry : Hey everyone, it's Henry, Mike, and Chris of The Decentralists, now hot off the heels of the Facebook data breach is a cascade of similar breaches. Linkedin had 500 million accounts compromised; the new social media darling Clubhouse had 1.3 million users scraped, ouch, for personal information; internet of things providers, Ubiquity, and Verkada were both hit with catastrophic data breaches. Now, even more absurd and this is serious, a casino got hacked through their fish thermometer.
Mike : Oh my God. Well, of course, doesn't everybody's fish thermometer talk to the internet? How do I know when my soul is poached?
Henry : Okay, that's enough. Listen, at a certain point, we have to ask ourselves why so many data breaches, the culprit is always the same and its centralization. With everything and everyone having their data sent to the same few cloud providers, well, maybe it's time we rethink our security and we know what the answer is and I think that the world is turning onto it as well, decentralization. Mike, what do you think? I know what you think about fish but go ahead.
Mike : It's easy guys to almost take these breaches almost too lightly, it's crazy, we've been talking about this stuff for three years, this is why you hear about fish thermometers attached to the internet and you just start to wonder what kind of world are we living in? And I think that when you're getting to the point where everything that you buy right down to the thermometer in your fish tank, comes with some kind of connectivity to your mobile device, that's the big selling point now. If you're sofa, can't be adjusted by your iPhone, you don't buy it.
Henry : No, seriously, we're doing a renovation right now, Mike and every appliance wants to connect to the internet, so I bought other ones that don't.
Mike : Well, this is what I'm saying and this is the thing that's getting crazy, people need to be concerned about these breaches and for a bunch of different reasons, but I'll tell you the first two primary that I see. So, the first thing is that you start to see semantics in the way that the big tech companies deal with these breaches, so for example, Facebook kind of said nothing said, they aren't going to tell these 533 million people whether they've been breached or not. And in fact, it was just announced that there's a class-action lawsuit coming, which could really hurt but the idea is, so they're saying, no, no, they're just trying to sweep it under the rug, it was a breach and a breach is quite literally a hacker.
And depending on the breach, it could be a really skilled hacker, like a state-sponsored person, or it could just be somebody who has decent computer skills because some of these hacks aren't all that complicated. They go in, they take this data and now all of a sudden 553 million people are talking about getting new cell phones, having to get credit monitoring, having to worry about every other website they've used the same password and username on. Now, the second part is that a lot of times what some of these folks will do is that they talk about this idea of scraping, and so what is scraping?
So, scraping basically is taking a little automated program that just goes all over the net and what these programs do is that just anything that you can read on a webpage, they can copy.
Henry : Oh, they can read it themselves, like a little bot.
Mike : Exactly. And so, it's not like there's a sweatshop somewhere in some banana republic where there are a million people at the site of computers, cutting and pasting things from websites, this is easy stuff; this is press a button and it just literally runs and does this scraping thing. And so, what this shows, Henry, is that you don't only have to be worried about the data that you have behind a username and password at Facebook, you need to be worried about all of the little bits and pieces of personal information in varying forms.
Henry : That's displayed.
Mike : That is displayed in, let's say right now it's not Facebook's breach but they go to Facebook and they know your name, where you live, your birthdate, your phone number. Now, they take that information and this bot crawls out and looks for anything, any site that has the same data, so they go, oh, Henry has a subscription at the Pizza Pizza website. And on the pizza, pizza website, they get your address and maybe some other piece of information, then they get your phone number from WhatsApp, then they get something from somewhere else.
So, it's at the point now where we all might as well just write our numbers down and our addresses and everything, and just post them and say, you know what, here you go guys, there are 7 billion people on the planet, here are 20 billion profiles, pick which ones are real and which ones aren't, it's completely out of control. Oh, and by the way, now you know that I have a fish thermometer that I can access by my phone. It should, really, really, really scare everybody, it should scare all of us, and it’s not a joking matter truly.
It should scare all of us that any person, regardless of their intention can get their hands on your personal data and it's literally as easy as sticking a USB stick into a computer. Here, I now walk around with a USB stick that I paid $1.99 for, and one of those fish bowls at the Staples counter, and I'm now able to go to some dark web website and download 533 million people's Facebook information and carry it around on my USB stick.
Henry : Yeah. Well, so Chris, do you think that we, as a society it's gotten so bad that we have become desensitized to all these breaches. Should everyone care? Well, of course, they should care, but what are your thoughts?
Chris : I think that there's such a thing as degrees of separation, I think that when it comes to security, it's very easy to kind of speak in abstract terms, oh, these accounts were scraped and we use these terms, hackers, scraped, data breaches, privacy so on and so forth. But none of it gets real until it gets real, none of it gets real until somebody that you don't want to have your data with has your data, it could be a whole lot of people who you might not want to have your data such as an ex, the tax man, an employer.
Even worse we could think about what happened last year on Twitter, where a hacker got a hold of a whole bunch of celebrities' accounts, including some high-level politicians and entrepreneurs and basically held them at ransom.
Henry : So, there's that.
Chris : There's that, I guess what I'm kind of getting at here is that the sheer fact that they only had to bust into one point of entry, which is a centralized service, should scare all of us.
Henry : So, let's talk about that. So, the way that the internet is organized now is centralized servers, now tell me, how did that occur? Why, and what can we do about it?
Mike : Basically, centralization stems from probably I'm going to say, Henry, around the same time as the internet kind of started to break out of universities.
Henry : Yeah, like 25 years ago or whatever.
Mike : Yeah, around that, around the time of coincidentally or un-coincidentally perhaps, the time that companies like Facebook, Google, Amazon, were starting to form themselves into tech companies, I think that Facebook was founded in 2004. And so, if you look in the early 2000s and things like this, the computing power, storage, were a premium, they weren't accessible and most importantly, bandwidth wasn't accessible. So, what they did is that they said, okay, if what we want to provide is an experience where people can connect to each other and all this stuff that the easiest and cheapest way to do it is to take everybody's records and keep them close.
So, it starts with Google, they have a huge server farm that all it's doing is indexing websites because, at that point, the web wasn't indexed, so indexing websites, and then attaching them through a search engine to a human being and that was what Google was at the beginning. But then all of a sudden, when you started getting into things like Google Drive and things, now you started to create accounts, so all of your information is now stored at Google so that when you search it's real close to where the search data is, and that means that they could offer robust results to all of us over a crappy dial-up connection and a crappy computer.
Henry : That's right because we didn't have proper connections half the time and also nobody had huge storage on their computers; it was tiny, it was barely enough to get it running.
Mike : That's exactly the point. And so, centralization is quite literally taking the user data, so I am Michael and I use Google Drive and storing it on the same place where all of Google's stuff is stored because it's convenient and it's cheap and it's Google's. Because it's their hardware, it's their bandwidth, it's their services, you are just a tenant.
Henry : It's the classic honey pot.
Mike : In the centralized world, an easy way to think about it, maybe this is an easy way for everybody to think about it, there's no such thing as owning a house on the centralized internet, there is no such thing as you having your own private place, Henry on your own stamp of land. You go to the locksmith, you buy a lock, you create the key and you live in that space by yourself, everybody in the centralized internet, it's like living in a dorm room at college, that's exactly what it is. We are all living in a dorm room full of, you know the old military movies where you had this dorm room where there are like stacked bunk beds like on Stripes, you know what I mean? And things like this but imagine that room 2 billion bunk beds long.
Henry : So, in other words, what's happened is the growth, the scale has become so huge and we haven't changed the infrastructure that centralized servers are obviously at risk of being hacked.
Mike : Well, exactly, like that's the point, to Chris' point, if you know that there are 2 billion people living in this dorm room and that they're all off running basic training exercises and you have the key to the one door at the end of the 2 billion person room, while they're all out, running around, getting muddy, you just walk in and take whatever you want. And that's the problem because it's not just you in your bunk bed wearing your army boots, ready to go out and do your thing, it's the fact that in your little, you have your bunk bed and you have your little box, your footlocker, and it has your identity and it has all your photos and it' has every single email that you've ever done.
It's got everything that you've ever done and by the way, Henry, you're not allowed to put a key on it, and so now, you're basically saying that my choice is that I can live in an apartment building or a barracks where I have no ownership over the access to that room. I have no control over what's in that room, I have no control, however, it's configured, how I go to bed, I don't even know if I have any control over the color of the sheets that are on the damn thing, so you need to think of it differently, you need to think about, I want my own house.
Chris : To put it even further, not only do these companies, Google and Microsoft and all of them, not only do they own the land, not only do they own the house and the keys to the house, they own your passport.
Mike : Correct.
Henry : Yes.
Chris : They own your driver's license, they own every means to get into your room and in the event that you decide to say to Google, Hey, Google, give me my passport back, give me my driver's license back; they go, well, you know what, we're going to make it a living hell for you to get your stuff out of your house.
Henry : Yeah.
Mike : Well, and more importantly, why do they even have it in the first place?
Henry : That's because we gave it to them and unfortunately, what we didn't realize is that all of our data became so incredibly valuable because people like Facebook and Google sell access to our data and ourselves to advertisers, so now, we're caught and there's no way out.
Mike : Oh, but there is, the first thing that everybody needs to do is wake up and take responsibility for the security of your own data. It's clear, we just talked about in the intro, Henry, 1 billion people's information, 1 billion that's like 10 or 20% of the world's population, is just basically free-for-all information for people. You can't just sit back and say, well, here's what I'm going to do, I'm just going to trust that Facebook's security's good and Google security's good and LinkedIn's security's good because it clearly isn't and I'm going to just absolve myself of the responsibility of taking my private life and security back under my own control.
Henry, you're talking about your new house, you wouldn't go out to your new house and let somebody else create a key for your lock and give it to you and say, yeah, but Henry tonight I changed the locks on you. So, people need to say, I'm going to take responsibility for it, that's the first step and then the second step is that they have to start saying, you don't need to know my name, my birthday and my friends and family and all of this stuff to be able to give me an algorithmically curated timeline of events, all that you need is my metadata, you don't need my personal info.
Henry : So, how liable should companies be for all these breaches that their own infrastructure has enabled?
Chris : Well, let's put it this way. So, the last time that Facebook had a penalty from the FTC, they were fined 5 billion dollars and we do the math, I looked it over and the breach was equal to around north of 80 million, I won't get too detailed in the math, but I calculated $50 per user.
Henry : I think that it was like 57 or 54 or something.
Chris : Something like that. So, if we're going to apply that math to every company, and we're going to say every account is worth 50 something dollars per privacy breach. Then both LinkedIn and Facebook should be liable for north of 30 billion dollars, which by the way, is still pocket change to them.
Mike : Well, and add on a class action lawsuit.
Chris : Absolutely.
Mike : Because remember that this is a different twist, Facebook pays a five billion dollar fine for, in effect allowing the 87 million records to be scraped by Cambridge Analytica and used to manipulate elections. They pay the fine, where does that fine go? To the FTC into the government's coffers, does it go to anybody that was breached? Nope, Nope, Nope, didn't go to me, no, I didn't get anything.
Did you get a check, Henry? Did you get a check from Zuckerberg? And so, it didn't go to anybody so it goes to the government, so now this idea of a class action lawsuit where basically people are saying like, from my understanding, if you get breached, it's funny I have lots of friends in the states, who've been breached like seven times like their identity stolen. And so, every time that they get their identity stolen they get these credit monitoring services, it's usually like, that's not even table stakes like that's just to sit in the chair, you're paying credit monitoring and it's like 200 bucks a year and you'll get like two years' worth.
So, now figure out, Chris, you have your mathematical calculator on, 2 billion users can now go after Facebook in a class action suit where the table stakes is Facebook paying 200 bucks a year for two years per 2 billion users.
Henry : No, my calculator doesn't go that big.
Mike : That's exactly right, I have to turn it sideways and I need to get one of those iPhone Max's or something because the screen isn't big enough. This is the type of thing and it's all because of an architectural fault.
Henry : It's a dinosaur; it's just not the way that things can be any longer, centralization. So, we have the answer, we've been talking about it before and we will continue to, and that is decentralization, so most people don't really understand decentralization. Mike, give us a little primer on that, would you?
Mike : Well, as I said, Henry, it's easiest to think about it in this where do you live analogy. The centralized internet is the 30-story apartment building that has 30 floors with 10 apartments each, not a single one of them has a door, basically, it's just a bunch of people and their identities and they're all living in their apartments. The decentralized internet is you living in a house on your own patch of land with your own key, your own password and your own ability to open and close your door and invite people in or out of your house whenever you want, that to me is the way that you need to think about it. Do you want to live in an apartment? Do you want to live in your own house?
Henry : So, translate that for us to actual tech, my phone, my computer, bring it down to that level.
Mike : Okay. So, right now, 99.99% of the applications that you use, regardless of whether they're on a phone or on your computer or a tablet, if you go into a service and there's a username and password, create the account and log in. Now, the moment that you've logged in, you are no longer in your house, you're in the apartment building.
Henry : Oh, you're on a centralized server.
Mike : That's exactly right, you're transported within Google's walled garden where you can now walk around, like in a mall or something and you can shop at YouTube or you can check out the AI and the maps and do all of these types of things, do a search. But it's all being done within Google's walled garden, so everything that you do is tracked and everything that you see is planned.
Henry : And everything's recorded.
Mike : And everything’s recorded, so everything that you see has nothing to do with you, it's what Google wants you to see, that's centralization, that's it in a nutshell. In a decentralized world, and what we're talking about trying to kind of kick-off with Manyone as step one; if you want to send somebody a text message, for example, don't go from your phone into Facebook's walled garden, which includes WhatsApp and then let Facebook know that you're sending information to your friends and who your friends are.
Henry : Don't relay it through there, you mean.
Mike : Don't relay it through anything, take it from your device and send it directly to somebody else's just like mail used to work, Canada Post does not have a right to open my mail. If I write an address, Henry , and I write your address on an envelope and I put the proper postage on it, I have every right to believe that you're going to receive it and it's not going to be opened. And nobody else has any knowledge that you ever received that email, Henry, or that I ever sent it.
Henry : And that's the law simple.
Mike : Simple, right, it's the law and it's simple. But those rules don't even, there isn't even, I don't even know if there's like a single commandment for the centralized internet, let alone 10.
Henry : So, continue there, so messaging in a decentralized world in Manyone, go ahead.
Mike : Go from me to you, I dial your phone number and it goes from me to you, I send you mail and it goes from me to you, nobody in the middle gets to own it or control it. So, that's the way that you start and then what you start to do is you add other things, you start to say, okay, if I'm going to go and get a pizza from someplace, why can't I just give them my address and order the pizza, why do I need to give them a phone and a birthday and credit card numbers and all this type of stuff.
Take your interface and say, you know what, what I'm going to do is on my phone when I access things, I'm going to make sure that there's like a shield between me and my personal data and the service that I'm accessing on my phone or on my computer. And that's what you can do, where you insert your own decentralized house right in the middle of all the apartment buildings, and you say if you want to come and visit me, if you want to have a chat, feel free to knock on my door and I'll decide whether I want to answer or not.
Henry : Okay, great, so as a final thought, gentlemen, both of you, what do you think that people can do or need to do now to protect themselves in this out-of-control world of centralization? Let me start with you, Chris.
Chris : I think that the first thing that they need to do is buy their own piece of digital real estate; meaning, start investing in things that will protect you, not just antivirus stuff or VPNs but invest in getting your own server space, maybe get yourself a raspberry pie if you're technically inclined. But also look into alternative technologies that facilitate decentralization and allow you to own your own identity.
Henry : Sounds sensible to me, Mike, what do you think?
Mike : Well, of course, I agree with what Chris has to say, but I think that there's something a little bit more profound, I think that there's something a little bit simpler. I think that what people need to do is that they need to think twice or three times now about how much of their personal data they're giving out, to whom, and for what? If you have an option to pick up your telephone and dial a pizza place and order a pizza and pay cash at your door, rather than spending 10 minutes filling out some interface so that you can now point and click to order that pizza.
Start thinking about that because the key with all of this stuff, and we're picking on centralization because it's the easiest focus point but the key is if the internet was not decentralized as architecture and all of the customer data was residing with the service provider, regardless of the service. If the data did not exist, these breaches would not happen, people's identities would not be stolen and people would be able to do wonderful things, Henry, like speak freely to each other.
Because they would not have to rely on somebody else with a rule book saying if you want to come into my sandbox and use my service, because it's my service, Zuckerberg's Facebook is his as far as he's concerned and technically because he controls the vote, he owns all of his users’ data. If it was not there, his ownership position is now not tied to exploiting people and a bunch of user information, it's tied to something much more profound, which is providing a service that people want to use.
Henry : Yeah, and so you were even talking about things like, and I've experienced this before if I want to order something online if you can do it as a guest, do so.
Mike : Sure, absolutely. But know that when you do it as a guest, there's really the only difference between doing it as a guest often, Henry, is you don't create an account with a username, you still provide the same data.
Henry : Yeah, and the email and all of that.
Mike : You know what I mean, you still give your email, you still type in your credit card number, and they just don't save your pizza order for next time.
Henry : That's right, we have to just get away from centralization, it's just raining down on top of us, and it’s just a monster that's gotten out of control.
Mike : It has and it's time to put it under control and that's an individual decision, folks, individual decision. Nobody else is going to decentralize for you, that's one of the other key points; if you're going to decentralize, Henry, you're going to have to decide to do it on your own because none of these folks have any incentive to do it for you.
Henry : Absolutely, and we are going to make it easier, Peer Social and Manyone, by coming up with a messaging app that could be a game-changer.
Mike : Just a start, it's a start, it's just a toll in the pond, but that's the way that you learn how to swim.
Henry : Fantastic. Thank you so much, Mike, Chris, again, thank you for all your insights, gentlemen, bye-bye
Mike : Thank you, Henry.
Chris : Take care.