{"id":837,"date":"2022-06-14T13:18:49","date_gmt":"2022-06-14T13:18:49","guid":{"rendered":"http:\/\/blog.majeros.atthost24.pl\/?p=837"},"modified":"2023-12-05T14:23:15","modified_gmt":"2023-12-05T14:23:15","slug":"total-privacy-by-design","status":"publish","type":"post","link":"https:\/\/knowledgebase.privmx.com\/pl\/total-privacy-by-design\/","title":{"rendered":"Total Privacy-by-Design."},"content":{"rendered":"

In the previous, first text of this series Why PrivMX?<\/a> we have presented our motivation and our way of looking at one of the most burning questions of the 21st century. We have come to a conclusion that there is no time to waste and we have to start creating efficient mechanisms to protect the privacy of communication, focusing in particular on the results of teamwork, which is the most important source of innovation.<\/strong><\/p>\n

You might say: \u201cit\u2019s already happening!\u201d, probably having in mind the GDPR and similar, privacy-related legislation appearing in different parts of the world. Yes, we do agree that it\u2019s happening, but such regulations focus on and promote the protection of personal data, which is an important but fairly narrow category of content that we feed into the global network.<\/p>\n

Despite the huge importance of the new regulations, the clear benefits and the rapid growth of the discussion concerning digital privacy, there are reasons for concern that, in the long run, this is not going to be so rosy. The discussion itself seems to deepen the constant \u201edevaluation\u201d of the concept of privacy to the level of mere personal data protection and to disrupt the precision of the dialogue about the deeper aspects of our life and privacy in the digital world. One example of this is that people often confuse privacy and anonymity<\/a>, which are clearly not the same thing.<\/p>\n

If we take a broader perspective, we may conclude that due to the complexity of the network and its applications, the matter is so hard to change that not much can be done on the subject of \u201cgeneral privacy\u201d. We at PrivMX think it\u2019s true \u2013 although only to some extent. There are, however, some key areas, such as teamwork, that we can (and must!) take care of. Convincing people of that and offering specific solutions is our mission.<\/p>\n

Legal vs physical protection<\/strong><\/h2>\n

The distinction above is worth noting because it\u2019s crucial if we\u2019re thinking of specific solutions. Despite the fact that the new privacy protection legislation sets the right rules and guidelines or even ensures penalization, it doesn\u2019t make our (personal) data physically secured from being read \u2013 as well as the law concerning theft and its penalties don\u2019t prevent your bike from actually being stolen.<\/p>\n

In such situations, our thinking switches naturally from legal protection to physical security \u2013 you can, for example, hide the bike somewhere. Such actions usually protect us from losing the asset, although it makes life a little more complicated\u2026 Nevertheless, we usually tend to agree to that after a quick \u201cpros and cons\u201d calculation.<\/p>\n

The situation of you and your team sharing and storing the content online is similar \u2013 if you want to be the only people capable of accessing the content, you have to use physical protection, which (unfortunately) will also make your life a little bit more difficult.<\/p>\n

Zero knowledge on \u201cthe other side\u201d<\/strong><\/h2>\n

\u2026 meaning \u201cwe don\u2019t want anybody (or anything else than our computers) to be able to read our data!\u201d – such a conclusion is a starting point for fixing the situation. Such statements have probably already appeared in your company (congratulations!), but the important part is whether they have been implemented and how.<\/p>\n

The digital world in the 21st century is a very complex concept, both from the technical and marketing point of view. Currently, most of the digital services\u2019 providers mention \u201cincreased privacy\u201d or other similar features that build trust. It\u2019s easy to feel lost (especially as \u201cprivacy\u201d tends to be defined as \u201cGDPR compliance\u201d) and, in most cases, one ends up choosing the tools that seem most convenient\u2026 and that immediately contradicts the direction we have indicated above.<\/p>\n

It\u2019s not that we wish to start here a discussion about the available solutions (it will however be published soon, in the form of another blog post), so let\u2019s go straight to the conclusion: the most important and notable characteristic is whether the servers involved and their admins \u201ehave knowledge\u201d<\/strong> about the content of our data or not.<\/p>\n

Only \u201czero-knowledge servers\u201d<\/strong> can guarantee what we really want: they physically restrict the people and devices \u201con the other side\u201d from reading our data. The only sensible way to apply such a system is using end-to-end encryption, on the client\u2019s side<\/strong>. That means implementing an arrangement in which your data is available only for you, on your devices \u2013 and only these devices are able to encrypt and decrypt it. That way your content is hidden from \u201cthe other side\u201d \u2013 locked with a key, just like the bike we mentioned earlier.<\/p>\n

Such an approach is the appropriate physical protection of our data in the digital world, \u201ctotal privacy-by-design\u201d. It\u2019s being used in all parts of the PrivMX ecosystem, on all levels and within all tools \u2013 it\u2019s a decision we made at the very start of designing the architecture of PrivMX.<\/p>\n

Inconvenient consequences<\/strong><\/h2>\n

And this is when the above-mentioned inconveniences, resulting from using physical protection, start to appear. They all come down to this hypothetical situation: before you can use the data (the bicycle) you have to decrypt it (take it out of your bike locker). Though it sounds obvious when you imagine the bike situation, it\u2019s not that clear when it comes to digital services based on zero-knowledge servers.<\/p>\n

It is currently a common market practice that the servers making part of a digital service can process and analyze our data in various ways. It allows to easily create connected, complementary systems on \u201cthe other side\u201d that provide users with brand-new features based on increasingly deep analyses of their data. In our case, when the servers cannot read the data and cannot do anything with it, the situation significantly differs from the widely accepted technical standards.<\/p>\n

In the \u201cfully-fledged privacy-by-design\u201d arrangement, only the users\u2019 personal computers can operate on the data, because only they have access to it. This unusual situation sometimes makes it significantly harder to offer some features, which are obvious in other services. An example could be integrating services based on zero-knowledge servers \u2013 it is possible, of course, but it requires additional work, which most often involves setting up \u201ctrusted bridges\u201d between such services (that\u2019s why we have created the PrivMX Bot software).<\/p>\n

Any trade-offs?<\/strong><\/h2>\n

A different, much simpler example of inconvenient consequences of using the mentioned physical protection is the fact that forgetting your password (or losing a hardware key) in an end-to-end encrypted system results in a permanent loss of access to your account and to the data it contains.<\/p>\n

This situation is similar to forgetting a key to the place where we keep our bike. Then, a physical solution \u2013 clear and usually easily done in the physical world – is mostly impossible in the digital world, where an attempt to fit a password or find a decryption key can take thousands or millions of years, even with the fastest computers.<\/p>\n

As such consequences can be very inconvenient or even destructive for many users and their companies, it\u2019s a good topic for a trade-off and controlled loosening of our assumptions. In PrivMX, the main encryption key of selected users (labelled as \u201cmanaged\u201d) is kept among encrypted data of other users (Team Keepers) who can use it to reset the password of a person who forgot it. This is a tried and true method in teams with less experienced web users. The \u201cother side\u201d in this arrangement doesn\u2019t have access to any of the encryption keys, of course; they remain available only for the Team Members.<\/p>\n

By the way: there is another interesting fact that may surprise some of our readers: if a service you use offers a \u201creset\/recover password\u201d option, it means that in most cases its administrators, if necessary, are able to read the content you store. Your password serves there mostly only as a control of online access to the service and prevents other people from the open Internet from entering. Your password usually doesn\u2019t take part there in protecting your data from being accessed from \u201cthe other side\u201d, which is worth bearing in mind.<\/p>\n

To sum up, the issue of inconvenient consequences and trade-offs \u2013 it\u2019s all a matter of balance between the aspects of privacy and convenience. In our \u201cfull\u201d approach, it all comes down to implementing the privacy-by-default<\/strong> rule: initally we emphasise and implement privacy in all functions, but in some exceptional cases we soften the uncompromising approach and in a controlled way introduce some suitable yet convenient solutions.<\/p>\n

The most powerful force leading to softening the approach in the zero-knowledge servers case are the users\u2019 habits, gained by the years of using \u201cnormal\u201d services, providing \u201cnormal\u201d level of care about the data. An excellent example could be the issue that is currently the most often reported by the PrivMX Fusion users: the lack of possibility to share your own, encrypted, private calendars in services provided by Google, Apple or Microsoft. People are used to using only one calendar app, where they store all the interesting events, and calendars from the mentioned companies are the most popular. At the time of writing (May 2022) we are starting to work on changing the inner structure of the calendar and allow the users to make their own informed decision about some of the data in their private calendars. Probably in a suitable place in PrivMX there will be a button \u201cYes, I want to share my data with third-party companies\u201d\u2026 which, of course, will not be compulsory.<\/p>\n

The digital rule of limited trust<\/strong><\/h2>\n

At the end, let\u2019s get back to the general question of privacy \u2013 there is one more important aspect to discuss, which is connected to it: trust. In fact, you could say that in the digital world, everything is based on trust, because statistically, there are not many people who have full knowledge about the details of how internet services work. Although we do not know these people, we trust them and entrust them with our valuable content.<\/p>\n

In the 21st century, such a careless approach is starting to become outdated, what could be proven, for example, by the wide introduction of personal data protection law. The reason for the decreasing level of trust is the difference between the providers\u2019 declarations and the actual functionality of their services. In most cases, it\u2019s not a result of bad intentions, however it is a fact, since it has triggered such a reaction and a broad discussion.<\/p>\n

The physical protection, mentioned earlier, based on depriving \u201cthe other side\u201d of the knowledge about the content of our data, provides us with a sort of shield, protecting us from the consequences of such a difference \u2013 that\u2019s clear. It can be more difficult to notice the fact that such shield might not be enough.<\/p>\n

In services based on the zero-knowledge rule, with end-to-end encryption, only the end computers (so the computers we use) have access to the content \u2013 to be more precise, only the client apps that we get from the service provider. According to \u201cthe digital rule of limited trust\u201d we should make sure whether the apps do only what they are supposed to do, encrypt our data properly and send it where we want.<\/p>\n

Aside from the obvious requirement of having programming knowledge, the main condition of being successful in this task is the ability to see what the program does, how it manages the data. It\u2019s possible only if the provider shares the full source code with the ability to independently build an app, which you can later run.<\/strong><\/p>\n

Open source code<\/a> is the feature, that completes our \u201cpuzzle\u201d \u2013 because of it, the eroding issue of trust in the digital world becomes no longer crucial for us. To put it simply: if we know what the program we use does and we know that it doesn\u2019t allow \u201cthe other side\u201d to see our data, the trust is not that important anymore. For us, the end users of the gigantic cyberspace, it\u2019s a perfect arrangement.<\/p>\n

Moreover, if the software (source code) license additionally lets us to modify it,<\/strong> we are provided with additional power to influence what happens to our data. Apart from the ability to independently add important functions, we can also make our own decisions about softening the uncompromising approach to data privacy \u2013 for example to limit the \u201cinconvenient consequences\u201d specific to our company.<\/p>\n

In PrivMX we try to consistently follow that path \u2013 PrivMX Team Server and PrivMX Fusion source codes are open and within your organization you can create and use their modified versions. We\u2019re glad that not only our team thinks alike \u2013 in the article about open-source tools for cooperation we present different examples of such an approach.<\/p>\n

Digital workspace<\/strong><\/h2>\n

In this blogpost we have described the most important factors, which are the ingredients of our \u201cfully fledged privacy-by-design\u201d approach:<\/p>\n

    \n
  • zero-knowledge servers, which are not able to read the users\u2019 content;<\/li>\n
  • full end-to-end encryption of all the content in all of the tools;<\/li>\n
  • integration with different systems using \u201ctrusted connectors\u201d such as our PrivMX Bot;<\/li>\n
  • privacy-by-default \u2013 full privacy as the starting point and softening this assumption on demand or through controlled workarounds \u2013 to provide the appropriate convenience and\/or functionality;<\/li>\n
  • open source code \u2013 as a completion regulating the question of trust and the ability to adjust the software according to personal needs.<\/li>\n<\/ul>\n

    A question could be asked: is it worth it to create and enter such an unusual digital workspace? It\u2019s difficult to answer on the go, having various habits and, on the other hand, lacking the time for such reflections.<\/p>\n

    It all becomes clear only later, during intensive online or hybrid work with your team, when new unique ideas suddenly appear in your notes and plans. When you need to store some test results or different important content, passwords or clients\u2019 data and share it with the company. When a casual video call with your Team Members turns out to be confidential or strategic. It\u2019s impossible to avoid such situations in the 21st century \u2013 we all know about that.<\/p>\n

    Then you really feel glad that you have chosen the right online collaboration tool, because you know, that you have taken care of yourselves.<\/p>\n

    The huge amount of data we generate, send and store is overwhelming: our team, only within one year, has created more than 75.000 messages, 9.000 files, 7.000 tasks and had 900 video calls \u2013 quite simply, all this while doing our job. Nobody in our team can precisely say what is among the gigabytes of data \u2013 it\u2019s natural and obvious. We know, however, that on \u201cthe other side\u201d there is also nobody who can and that our content is not abused by some algorithms or devices. We use PrivMX \ud83d\ude42<\/p>\n

    In the next text of the series we will try to explain the main tool of our ecosystem, PrivMX Fusion \u2013 how it was created and what the \u201cFusion of Tools\u201d is.<\/p>\n

    \n

    If you don\u2019t want to miss new posts, consider following us on social media.\nThanks!<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"Does privacy-by-design paradigm relate only to personal data? What is the most effective, simplest way to implement this important concept? Are any trade-offs necessary? What is the role of the open-source code?","protected":false},"author":7,"featured_media":838,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2,9],"tags":[],"class_list":["post-837","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-privmx-origins"],"jetpack_featured_media_url":"https:\/\/knowledgebase.privmx.com\/wp-content\/uploads\/2023\/05\/whyprivmx2eng-1.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/posts\/837","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/comments?post=837"}],"version-history":[{"count":4,"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/posts\/837\/revisions"}],"predecessor-version":[{"id":2399,"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/posts\/837\/revisions\/2399"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/media\/838"}],"wp:attachment":[{"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/media?parent=837"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/categories?post=837"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/tags?post=837"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}