Tuesday, July 16, 2013

An Unmet Need: Privacy Integration on the PC Desktop

by Dietrich Schmitz

I had a nice chat (Google Plus) today with +Aaron Seigo regarding RetroShare.

He came to the realization as I have that really, thus far, there isn't any form of integrated privacy control built into any computing Desktop system.

Should there be?  We both agreed that the answer is a resounding 'YES'. (Image credit: Wikipedia.org)

It begs the question:

Should privacy software become an integrated feature, much as having a Microsoft Office or LibreOffice?

It also begs the follow-on question:

Is Internet Privacy-mandated software for general utilitarian email, chat, file sharing, voip, needed?

I submit that we are now confronted by the PRISM effect which has revealed that surveillance is ongoing with the assistance of ISPs, software vendors and the like.  Whether the assistance given to the U.S. government is voluntary or involuntary (National Security Letter) is a separate matter.

Has the government run 'rough-shod' over U.S. and foreign Internet users' privacy rights?

That question will be answered eventually and history will show whether privacy truly matters.

But in the meantime, the PRISM story has galvanized public reaction both domestically and internationally and spurred action by national concerns to begin moving their current tenancy on U.S. Cloud ISPs to off-shore safe-haven equivalents.  The general public are left without a solution to the dilemma that presents:

To what extent should I conduct my personal activities on the Internet?

This question will continue to linger and create fear, uncertainty and doubt unless an effort is undertaken to immediately shore up the general perception that Internet privacy is 'non-existent' with exception to a few limited use cases relegated to corporations and technology elite.

At least, with Federally mandated privacy laws in place, e.g., enacting an email encryption standard would have for example manifold benefits.

For one, folding the aged clear text MIME rfc standard into a layer of GPG encryption would ensure email is readable only by its intended recipient(s).  Email encryption is already being used by a small minority of corporations who must secure their correspondences.

But, there is nothing in the way of designing and implementing a 'turn key' drop-dead simple application to which the general public can avail themselves.  To date, the only application on the horizon which approaches the needed degree of usability I have found is RetroShare, and, it has the best opportunity for being further enhanced so as to become more user-friendly and a candidate for Desktop integration, since it is written in trending Qt and is ported to Windows, OSX, Linux and BSD versions.

If such a Federal mandate were legislated, it might also offer financial assistance to developers to defray their cost to create and/or modify software applications so as to become compliant.

Presumably, such a mandate would have to be on a phased schedule to come into full implementation over perhaps one or two years.  And with those dollars such software would be then made available as part of a larger privacy integration package on the Desktop.

The other perhaps as important benefit of such a mandate is that with open standard GPG keys for the sender and recipient, the currently abused/exploited MIME rfc spec sender id field could no longer be 'forged' by spammers.

ISPs could under Federal guidelines for handling email on Mailer daemon transfer agents shunt 'non-compliant' email off-line entirely if the sender's GPG key were not signed by the recipient.  The U.S. postal service could also have their own GPG postal key which by default all users would sign to receive USPS-routed email.  But as with ISPs, the USPS would also not forward email unless the sender's subkey was signed by the recipient.  That would result in a reduction of spam approaching zero and save billions of dollars spent annually on anti-spam software measures and labor expense.

Extending this idea further, having privacy integration in the Desktop ought to include support for other Internet-related activities:  Chat, file sharing, Voice over IP.

So, you begin to see that software such as RetroShare does have a large potential to be adapted for general public use to enforce mandated privacy measures for access to the Internet.

I hope that this post spurs additional feedback and moves the agenda forward for implementing standards of privacy for all who use the Internet.

-- Dietrich
Enhanced by Zemanta


Post a Comment