I knew it all that time. Everyone knew it. First it was ECHELON, then Windows backdoors, buildup of communication capacity used for intelligence, Debian RNG bug, and now Snowden's NSA story. It was so easy to forget about it and just go on with one's life.
The focus these days is on US, but US is not the only government engaging in massive spying. Private companies as well as criminal groups collect private data for financial gain. Every other startup is selling customer data to whoever is willing to pay for it.
Loss of privacy is not the only reason to distrust software and online services. There are other hidden costs caused by low reliability, low performance, limited compatibility, and other effects of poor engineering. This is accompanied by a whole slew of dirty marketing and business practices.
Customers are taking risks when they download software or use an online service. Risk-encumbered buying is not isolated to software business. Other industries have accustomed buyers to crappy products and complete ripoffs a long time ago.
The NSA scandal merely shows that hidden cost of software increases somewhat with geographical distance between software company and its customers. It makes sense to favor local vendors to some degree. Again, this is not specific to software industry.
I don't see customers switching vendors because of privacy concerns. They are lazy to switch for much more obvious reasons. The lesson for businesses is that being an asshole pays off. Customers are stupid.
Governments could simply force vendors to deliver quality, including privacy, and to stop most of the dirty practices, but the larger governments instead chose to use their influence to get their share of private data and to help their local monopolies to conquer the rest of the world.
Nevertheless, I am not an average customer. Being a developer, I have responsibility to keep my own software free of malware. I therefore have an increased need for security. I don't have any solution at the moment, but I can at least list the most pressing security problems, so that I can address them later.
Okay, enough caveats, here's my list of software I want to replace:
- GMail - #1 on the list. I only use it for the automated spam filter. Many passwords get sent through the account. It's also linked to accounts on other sites in a way that allows hijacking of these other accounts. All my private emails are there as well.
- Skype - Often used to transmit sensitive information, mostly at work. It has been shown that Microsoft monitors all Skype communications. It is a poor way to communicate within one business and within family circle.
- Windows - It used to be the best platform for malware. With Windows 8, malware threat is limited, but all data is stored in the cloud, which is in many ways much worse. Drive encryption is a premium feature unavailable to mere mortals.
- Android - Designed to provide Google with tons of private data for marketing purposes, this software also automatically uploads WiFi passwords to Google servers as well as application data that includes stored passwords. It has no built-in drive encryption that would be easy to use and secure at the same time.
- DropBox - While free and simple, this software uploads unencrypted data to the cloud.
Last time I checked, the encrypted alternatives didn't work well for me. I hope things will be better in the next round. UPDATE: I am using Wuala and eyeing Tresorit.
- DigitalOcean - I run a VPS. It's located in Europe, but it's operated by company headquartered in the US. Next time I upgrade my VPS, I am choosing EU-based company for my hosting needs.
- Firefox - I am not sure about this one. It's opensource, so it's easy to audit. On the other hand, Opera, for example, is headquartered in Europe, which could be a significant advantage.
It takes time to switch. I am stuck with the above crap for some time.