Blog

Today we entrust our information to more stewards than ever before. From notebooks to cloud storage, our secrets, personal information, and mundane data are all open to an invasion of privacy in some form or another. It shouldn’t matter how crucial or personal our documents are. We should feel entitled to the dignity of privacy, especially when we’re asking a third party to hold on to our information in exchange for modern conveniences. A doorbell shouldn’t become a vector for surveillance, and crucial tools like our phones should not be subject to unreasonable search via a series of loopholes. Where do we see alarming boundary crossings, and what can we improve before it’s too late? These are the questions we should ask as responsible technology and internet users. 

Supreme Court Phone Faux Pas

The United States Supreme Court has recently been on the receiving end of what can be considered a socially engineered data breach if we look at the news coming out of the court from a certain angle. In response, clerks in the courts have had to contend with having to play defense to keep, what should be, their civil liberties intact^[1].

This push into the lives and phones of the Supreme Court’s clerks comes as a bit of a surprise. Wired sometimes calls this a “disturbing about-face” ^[1]. Particularly this about-face comes from Justice John Roberts. In the past, Justice Roberts and his court protected digital rights more than many of his contemporaries. For example, in 2014, the Roberts Court ruled in the case of Riley v. California. This decision protected cellphones at the time from warrantless searches similar to the way we look at vehicles, personal, or searches of the home. They’ve also ruled that the police violated the Fourth Amendment when they obtained and acted on cellphone location data for over a week without a warrant. 

Today, these courts that once fought for reasonable cell phone privacy laws are pulling some of the same stunts to pick apart their staff without fear of any repercussion. The clerks are being asked “lawfully” to hand over their devices. The courts claim that there is no coercion taking place, and their phones are not technically being seized. This immediately rings alarm bells. At best, this is an employer weaponizing their employee’s careers to pick through their personal data. At worst, this sets a precedent for other leaders who feel like their clerks or staff have overstepped a boundary. While, in this instance, it could be argued that the court document leak is an egregious enough professional failure to warrant the phone affidavit, we can also see from statements released by the Justices that this cellphone deep dive comes from a place of personal anger. Words like “betrayal” crop up in quotes from Cheif Justice Roberts.

These calls for the personal phones of their clerks set an example for the American people. While the courts are, in some ways, different from a workplace or a police investigation (it should be noted that this is considered an internal investigation), we should also remember that choices that one of the primary checks and balances in the American government make are not often taken lightly. There may not be any broken laws in the wake of this internal investigation, but it should, at the very least, raise some eyebrows when we think about our digital privacy.

Police Privacy Problems

What do your doorbell, your fingerprint, and your cellphone have in common? The police can extract information from them without obtaining a warrant in a perfectly legal capacity. This may surprise many, especially after learning that the Supreme court has ruled more than once that your personal phone and its data should be considered private in some capacity. 

Ring doorbells work closely with local police, giving them nearly unlimited access to your doorbell’s footage, and in the event that their access is limited by a time gate or a similar sanction, they can circumvent the rules by downloading all of your footage ahead of time to watch at a later date^[2]. Phone location data and fingerprint lock screens are simply laid at the feet of law enforcement. Ideally, these technological affordances are given to the police with the understanding that they will stop crime faster and bring to justice those that have done wrong. Still, in practice, these are no more than an extension of the government’s access to your location and privacy.

This information is troubling, not simply because it flies in the face of our common sense expectation of privacy, but because of the ways these oversights have been and will continue to be weaponized against citizens^[3]. There is a well-documented issue within the justice system of innocent suspects taking plea bargains simply because a narrative could be constructed out of tenuous circumstantial evidence^[4] or because they don’t understand the extent of their rights. The more we allow law enforcement unfettered access to personal data, the more we allow shortcuts in due process.

The Importance of Privacy

Privacy is a right that is hard to reclaim after it’s taken from us. The Patriot Act, for example, has famously overstayed its initial welcome^[5], and we feel those effects every single day. A polite society has a basic respect for the privacy of its citizens, and we’ve seen first-hand how quickly technology can find new and bizarre ways to pull information out of us. A trinket on your door is not worth having your front yard beamed directly into your local police precinct every time a squirrel runs across the lawn, and we should not be expected to shoulder that burden for modern conveniences.

It is for that reason and more that AXEL believes in the importance of privacy. A draft of your novel is just as personal and private as your tax information. Our commitment to the privacy of our users is the foundation of our business. You can sign up for a 14-day free trial of AXEL Go premium and experience convenient and secure file sharing, storage, and retrieval without sacrificing privacy or quality.

---

Citations

^[1] FOX CAHN, ALBERT. 2022. “The Supreme Court Is Building Its Own Surveillance State”. Wired. https://www.wired.com/story/the-supreme-court-is-building-its-own-surveillance-state

^[2] Wroclawski, Daniel. 2021. “What to Do If the Police Ask for Your Video Doorbell Recordings”. Consumer Reports. https://www.consumerreports.org/legal-rights/police-ask-for-video-doorbell-recordings-what-to-do-faq-a8950763605/.

^[3] Bambauer, Jane. 2022. “Letting police access Google location data can help solve crimes”. Washingtonpost.com. https://www.washingtonpost.com/outlook/2022/03/28/geofence-warrant-constitution-fourth-amendment/.

^[4] Redlich, A. D; Summers, A & Hoover, S. 2022. “APA PsycNet”. Doi.apa.org. https://doi.apa.org/doiLanding?doi=10.1007%2Fs10979-009-9194-8.

^[5] 2022. “Surveillance Under the Patriot Act”. American Civil Liberties Union. https://www.aclu.org/issues/national-security/privacy-and-surveillance/surveillance-under-patriot-act.

We all see massive cyber breaches in the news. When industry giants are the victims of a security breach, we typically first think about the customers and their personal data. News stories covering cyberattacks look at how many passwords were leaked or the number of lost credit card numbers. Still, there’s something we tend to overlook when hackers find an opening in a big business’s digital armor: small businesses. Vulnerabilities that are discovered by picking away at a major player’s security measures are immediately redirected to companies with fewer resources. Let’s take a look at some massive breaches and their secondary effects on the small businesses that support our daily lives.

Verizon’s Employee Breach

In May of 2022, Verizon was the victim of a data breach. In this data breach, the full names, email addresses, and other identifying information such as corporate ID numbers and phone numbers of Verizon employees were plucked from Verizion’s internal databases by hackers. A report from Motherboard, as well as a statement from Verizon themselves, have confirmed the data breach in question did indeed take place. Verizon claims that it will refuse to engage with the hacker because Verizon does not believe the information is sensitive enough to warrant any sort of worry^[1]. 

Motherboard reporters went the extra mile, however, and combed through the leaked database to confirm that the hackers were indeed genuine in their findings. Employees, both past and present, were contacted with phone numbers and other contact information found in the package shared with reporters. This alarming breach of privileged company data was executed by a surprisingly simple trick in the hacker’s toolbelt — they were welcomed in with open arms. 

According to the hacker, they simply posed as an internal employee and asked for remote assess to a corporate terminal. From there, they were able to root around for any information they could find. Now that they have their hands on a much more robust set of identifying credentials, the next attempt may be much easier and more effective. 

There were no lost social security or credit card numbers, and no passwords were leaked. Knowing that the hackers used a minimal amount of identifying credentials to gain access to Verizon’s corporate servers means that the information leaked could lead to a much more devastating breach next time. Even if the hackers don’t target Verizon headquarters again, they could very easily run a series of sophisticated scams now that they have internal names and ID numbers.

MGM’s Data Leak

On Telegram, the social messaging app, a rather hefty 8GB database stuffed to the brim with the personal information of around 30 million MGM Resort guests, was discovered by vpnMentor Research Team. vpnMentor Research Team can be thought of as digital volunteer firefighters. They tackle cybersecurity threats and spend their time teaching organizations how they can better protect their clients and their data. 

According to reports from Hackread, the data had been obtained as early as July 2020. A group or perhaps an individual going by the name NightLion^[2] claims to have plucked the personal information from a data-leak monitoring service called DataViper. Part of the delayed response to the news was due to DataViper’s insistence that the breach had, in fact, not occurred and further asserted they had no access to MGM’s internal storage. The package’s release on Telegram and the statements from vpnMentor prove otherwise. 

The data leaked in the package, similar to Verizon’s leak, contain reams of identifying credentials. This data ranges from full names and dates of birth to postal addresses and over 24 million unique email addresses and accompanying phone numbers. This data is now in the hands of bad actors that can easily slot this database into one of their own. The names, numbers, and the mere fact that they have been proven customers of MGM Resorts^[3] can now be used in rather sophisticated phishing schemes and a bevy of other petty scams. The data can be weaponized against MGM Resorts themselves. Hackers and scam experts can use this data to convincingly pose as past customers to give themselves approximately 20 million attempts at a thriving racket of their own design.

How Does This Affect Small Businesses?

It’s easy to see the consumer-related consequences of these data breaches. In two attacks, a population the size of the state of Florida^[4] has been exposed to the whims of any hacker with access to the right Telegram channel. That data can easily be used for email scams, phishing calls, and anything else you can think of with a bit of creativity. What we often have a more challenging time seeing is how these breaches can be directed at small businesses.

As hackers land on breach methods that break through the sophisticated protection methods of large businesses and the resources they have available, they will use those methods to breach small businesses and their more limited defenses. Suppose a small business unwittingly allows remote access to one of its internal machines or their storage system is breached, and they lose their client data. In that case, their business could very easily buckle under a proposed ransom or a negligence claim. 

What Can AXEL Do?

Our storage methods and our security solutions are built to be people-proof in some respects. Documents stored with AXEL Go are digitally fragmented and stored separately across a number of independent servers. To supplement this, actions taken within AXEL’s infrastructure are encrypted from end to end with military-grade AES-256 technology. Any prying eyes that have wormed their way into a small business’s systems would need to break through billions of layers of encryption, and following documents to their destination quickly becomes a fool’s errand with decentralized storage. 

Best of all, AXEL Go never lays eyes on your data, meaning no stray unauthorized copies are floating around on the internet to be scraped by a clever bot, and AXEL Go doesn’t discriminate based on company size. Individuals getting their practice off the ground have the same protection as premium power users. Protection of small business with the zeal and professionalism normally reserved for big businesses creates a safer internet for all, and we intend to build it.

You can sign up for a 14-day trial of AXEL Go Premium with all of our features unlocked and see why AXEL Go is leading the future of file-storage

---

Citations

[1] Cantisano, Timi. 2022. . Xda-developers.com. https://www.xda-developers.com/verizon-data-breach-employees-data/.

[2] 2022. “Exclusive: What Happened? A dispute between NightLion Security and Astoria Company Escalates”. Databreaches.net. https://www.databreaches.net/exclusive-what-happened-a-dispute-between-nightlion-security-and-astoria-company-escalates/.

[3] Conneller, Philip. 2022. “MGM Resorts Data Hack: Customer Info Stolen in 2019 Now on Telegram”. Casino.org. https://www.casino.org/news/mgm-resorts-data-hack-customer-info-stolen-in-2019-now-on-telegram.

[4] WAQAS. 2022. “142 Million MGM Resorts Records Leaked on Telegram for Free Download”. HackRead | Latest Cyber Crime – InfoSec- Tech – Hacking News. https://www.hackread.com/142-million-mgm-resorts-records-leak-telegram-download/.

One of the critical aspects of Web3 technology is the protective power of decentralization. By taking advantage of the unprecedented interconnectivity of the modern internet, we can arrive at previously unimaged storage solutions. While on the surface, storage had looked the same all these years, behind the scenes, we’ve made massive strides to build a more secure and accessible workplace online. Digital sharding is a technique in our toolbelt that has revitalized file storage security in ways that are both fascinating and revolutionary.

What is Digital Sharding?

To understand digital shards, we need first to understand decentralization. Currently, the internet lives on centralized structures. Think about some of your favorite websites. Say you’re a regular reader of a webcomic. That comic and website both live on a single server somewhere on the internet. All of its information, the comic itself, the layout, and the text on the site, sits in a relatively inaccessible hard drive segment silently providing access to its readers. This is what tech companies mean when they talk about centralization. The term references a storage system that relies on storing data in a single, centralized location. 

The opposite end of the spectrum then is decentralization. When we decentralize a storage system, what we’re doing is taking advantage of multiple servers across the planet. Instead of housing all of our information in a single place, we will create backups or secondary, identical access points. If your online comic in this example is decentralized, then the loss of a single server would no longer mean a loss of the comic. Hackers looking to pull a site from the internet in exchange for a ransom would have to track down and breach every iteration of the comic before they could successfully commandeer.

Digital shards are simply an expansion of the idea of decentralized backups. Instead of creating and saving several full versions of the same data, digital shards are packages that are separated from each other and stored across a series of different servers. These individualized packages can only be brought back together by authorized users, creating an infrastructure that’s much more difficult to breach. 

Digital sharding and database shards are an integral part of blockchain technology. They’re examples of what’s referred to as a shared-nothing architecture^[1]. Shared-nothing architectures are entirely autonomous, which means that each server participating in the decentralized system runs entirely on its own. This individualized participation bolsters the security and resilience of a decentralized system. Blockchains are “write-once” ledgers of actions that rely on sharing information with multiple servers. With servers to compare changes to, blockchains are able to cross-reference any changes written to weed out any false entries made by bad actors. By combining the decentralized self-referential aspects of the blockchain with digital sharding, we create a file-sharing and storage system that’s incredibly secure and resistant to cyber-attacks.

Why We Rely on Digital Sharding

Privacy on the internet is about more than simply keeping your information to yourself. It’s a delicate balancing act requiring robust security measures to protect you from bad actors online. Reclaiming privacy is a proactive process that requires maintenance and innovation because privacy online is constantly in flux.

Digital sharding combined with strong password hygiene and our robust end-to-end encryption gives file storage a plethora of advantages over centralized storage. For instance, if we think back to cyberattacks like the discovery of the Heartbleed exploit in 2014, we can see one of the most significant downsides of centralized online structures^[2].

Heartbleed, for those unfamiliar, was an exploit that took advantage of the communication between two systems. The handshake that takes place to confirm two systems exist and are speaking to each other was used to ask a system to over-share information it had tucked away. If that information was something like an encryption key or a database full of passwords, then those secrets were laid bare and used on the internet to pull even more data out of unsuspecting users. The layperson was totally helpless in this situation. Their only recourse was to react to their information bleeding out of servers they had trusted with their data. 

Imagine now, if a similar exploit were discovered in a decentralized storage system. A hacker would need to track down a network of systems that only communicate their data with each other in a set of particular circumstances, figure out how to decrypt and extract several fragments of information, and finally, they would need to understand how to reassemble the data they got their hands on without knowing what they even procured^[3]. 

More Than Security, Privacy

As digital sharding becomes a technology more accessible to the wider internet, we will see a drastic increase in the security floor of the internet. By creating a series of servers that house fractions of information, we are creating a network that is collaborative, private, and difficult to breach. 

We’re already creating creative solutions to early problems presented by this fundamental shift in how we think of file storage. For instance, redundancies are built into the sharding process in the form of backup shards. These backup shares are also split up into more pieces of varying sizes than needed for retrieval. Think of it as duplicating jigsaw puzzles with varying, overlapping solutions. If a few nodes have been knocked offline due to failure or malware, the data your clients have entrusted to you will always be easily retrievable.

You can sign up for a 14-day trial of AXEL Go Premium with all of our features unlocked and see why AXEL Go is leading the future of file-storage

---

Sources 

[1] Mark Drake. 2022. “Understanding Database Sharding | DigitalOcean”. Digitalocean.com. https://www.digitalocean.com/community/tutorials/understanding-database-sharding.

[2] Jake Frankenfield. 2022. “What Is Sharding?”. Investopedia. https://www.investopedia.com/terms/s/sharding.asp#:~:text=Sharding%20splits%20a%20blockchain%20company’s,when%20compared%20to%20other%20shards.

[3] Shawn Wilkinson. 2022. “Busting Five Common Myths about Decentralized Storage”. Storj.io. https://www.storj.io/blog/busting-five-common-myths-about-decentralized-storage.

You can’t spend fifteen minutes online without running into the phrase “Web 3.0.” Web 3.0 means many things to any number of people, it might look like an investment vehicle for some, for others, it’s a way to reclaim their financial security, for businesses it can be a tool for protecting and privatizing their data. With the big crypto crash shaking public confidence in the technologies of the future, let’s take a look at what Web 3.0 really is and how it can 

What is Web 3.0?

Web 3.0 is a term coined by Gavin Wood, one of the co-founders of Ethereum. He defined it as  a “decentralized online ecosystem based on blockchain.”^[1]  Understanding that requires a brief explanation of the blockchain. Often, definitions of the blockchain are mired in buzzwords and tech-talk, but it can most easily be understood as a public-facing, decentralized ledger. Blockchains are simply open books that have been backed up and verified by multiple sources. This is where the decentralization comes in. Decentralized technology is simply the act of eliminating a centralized hub for spaces on the internet. Blockchains, are naturally decentralized, everyone accessing the blockchain participates, in some form, in verifying and housing the most current state of the ledger, further reinforcing and solidifying its accuracy. 

This understanding of the basics of Web 3.0 is essential when considering the future of the internet. With two tools: blockchains and decentralization, we can rethink the way we work online.

Popular Misconceptions

Cryptocurrency, non-fungible tokens, and publicly facing ledgers have a chokehold on Web 3.0-related conversations. They are flashy and unique aspects of the future. These examples of Web 3.0 innovations are immediately able to showcase the unique aspects of a decentralized structure of the internet. These are, ironically, the least interesting uses of Web 3.0. Cryptocurrencies and NTFs are only as useful as their public perception, whereas the technologies backing them build a more robust internet.

Cryptocurrencies are simply a byproduct of Web 3.0, not a technology inherent to its structure. Cryptocurrencies are a clever way to monetize the immutable and decentralized aspects of this new generation of the internet. Blockchains require proof of work (essentially, solving complex calculations) and along with their public-facing nature, Web 3.0 can provide a relatively stable (outside of the speculative bubble) ecosystem for currencies or tokens of ownership. The unique immutability of a decentralized blockchain-based ownership token is an interesting draw for investors and speculators, but we’d like to stress how effective the underlying technology has been over the last few years at sustaining the rapid rise of crypto.

As digital inhabitants, we can dream bigger. The rise of web 3.0 is an exciting prospect, with incredible potential. Cryptocurrencies are exciting and interesting, but as they stand now, they’re also volatile and unreliable as a method of exchange^[2].

How We Can Use Web 3.0 

The strengths of Web 3.0 lie in creating a more secure and less ephemeral internet. Blockchain-backed storage systems and decentralized access points for websites and services. Web 3.0 aims to eliminate service blackouts by creating more frequent peer-to-peer connections, URL decay would become a thing of the past, and archival efforts would become more resilient and accessible to the layperson and library alike. 

A technology that’s much more practical, if less flashy, than cryptocurrency is the Interplanetary File System (IPFS). IPFS works by creating a secure peer-to-peer connection all around the planet. By encrypting, dividing, and distributing data stored using IPFS, we can create a cloud that’s more secure while maintaining and improving our digital privacy.^[3] Think of the peace of mind you’d have using your iCloud service knowing that your data was encrypted end-to-end and backed up on a decentralized network of servers that couldn’t scan the contents of your storage.^[4]

What Does Web 3.0 Mean to Us?

AXEL Go is the file-sharing service of the Web 3.0 era. Our blockchain-backed service is based entirely on decentralization, security, and privacy. We believe in going the extra mile when it comes to data protection. We will never collect your data, peek into your files, or sell your information to a third party. The only thing we care about is security and service in the modern age. 

---

You can sign up for a 14-day trial of AXEL Go Premium with all of our features unlocked and see why AXEL Go is leading the Web 3.0 charge

[1] Edelman, Gilad. “What Is web3, Anyway?” Wired. Conde Nast, November 29, 2021. https://www.wired.com/story/web3-gavin-wood-interview/.

[2] “Opinion | Crashing Crypto: Is This Time Different? – the …” Accessed May 19, 2022. https://www.nytimes.com/2022/05/17/opinion/crypto-crash-bitcoin.html. 

[3] “# How IPFs Works.” IPFS Docs. Accessed May 19, 2022. https://docs.ipfs.io/concepts/how-ipfs-works/. 

[4] Orr, Andrew. “Apple Now Scans Uploaded Content for Child Abuse Imagery (Update).” The Mac Observer, August 9, 2021. https://www.macobserver.com/analysis/apple-scans-uploaded-content. 

In an increasingly digital world, we’re faced with a crisis of impermanence. Where once we had record collections, sprawling personal libraries, and a personal collection of magazines, we now rely on constantly changing websites and streaming services for our media and memories. As the internet strides ever closer to Web 3.0, we should be examining the benefits the InterPlanetary File System (IPFS) has in terms of preservation.

Digital Preservation Efforts

We, as humans, have yet to crack time travel. The closest we can come to turning back the clock is through careful study of artifacts left behind. We typically think of museums when we imagine preservation efforts, but non-profits, libraries, and Tech Giants like Google have all had their hand in collecting, digitizing, and redistributing media of days gone by. 

Archival in the sense most relevant to us is the process of accumulating primary source documents for the purpose of preservation or research. An archive can be made up of anything from legal documents that were used to launch a small business, personal art diligently scrawled in the comfort of your home, or faithful backups of films.

Sites like The Internet Archive^[1] dutifully track and preserve past iterations of websites, granting some degree of permanence and accountability to an internet that is otherwise ephemeral. Everyone from journalists tracking trends across the internet’s history to linguists^[2] dissecting the internet’s volatile changes to modern language rely on archival to make sense of the world as it whipsaws past us at the speed of history. In a less culturally romantic sense, we also rely on digital archives to keep business running in the modern world. Bank statements and phone records keep us honest, and if we’re not doing our best to secure and preserve them, we could be in a lot of trouble.

We’re also finding ourselves in a world where media companies would much rather rent a product or subscribe you to a streaming service. What happens to our media when these services decide it is not profitable enough to hang onto influential, if obscure art? Archival acts as a crucial solution to the plight of the hobbyist or the media critic.

The internet is a unique and indispensable tool when it comes to archival. When done with care, we have nearly infinite access to lossless music masters, pristine scans of literature, and faithfully recreated websites that offer insight into our past. Digital archival efforts require immense amounts of storage, security, and reliable backups. Currently, we tend to rely on centralized storage solutions paired with backups in the event of network blackouts or worse.

With the rise of IPFS, we’re beginning to see the birth of a more sensible archival solution.

IPFS is a decentralized method of storage. Rather than loading up a server or two with all of our most precious information and relying on its continued health, IPFS storage takes a more egalitarian and robust approach to storage.

The Benefits of IPFS Archival

To simplify, allow us an analogy. The current model of digital archival is like saving all of your most important files to your desktop’s hard drive and backing them up on a thumb drive you keep in the office. If these are lost (like in a fire) or inaccessible because you’re away from the desk, then your archive will do you no good. IPFS in this analogy creates and maintains hard drives all over the world. Your “desktop” can be accessed from anywhere with an internet connection, and losing a single peer (or thumb drive to keep the analogy going) would not be enough to bring down your backups. 

IPFS as an archival platform is much more robust in every sense than our web 2.0 model of storage. Today, if your archival isn’t built with bespoke servers maintained and funded entirely by your own organization, you run the risk of losing everything with the flip of a single lever^[3]. 

Libraries, believe it or not, are more popular than they have ever been because of their ability to distribute digital copies of books^[4]. This is an institution that would benefit greatly from integrating IPFS infrastructure into its archival solution. It’s easy to underestimate the degree to which we should be protecting our libraries^[5], but IPFS storage would be a crucial step in ensuring the future of our literary archives, be it for the voracious amateur reader or the academic.  

AXEL’s Archive

AXEL Go is a file-sharing and storage solution that takes full advantage of IPFS storage. Our decentralized servers are encrypted with military-grade AES 256 encryption and designed to be easily accessible to the average user. 

Whether your storage purposes are archival or professional, we provide a simple and effective digital storage solution that’s robust and secure. Sign up for a 14-day trial of AXEL Go Premium with all of our features unlocked and see why AXEL Go is leading the Web 3.0 charge.

---

Citations

[1]  “Wayback Machine General Information.” Internet Archive Help Center. Accessed May 12, 2022. https://help.archive.org/help/wayback-machine-general-information/#:~:text=What%20is%20the%20Wayback%20Machine,archived%20version%20of%20the%20Web

[2] Grady, Constance. “The Internet Has Changed the Way We Talk. in Because Internet, a Linguist Shows Us How.” Vox. Vox, August 2, 2019. https://www.vox.com/culture/2019/8/2/20750773/because-internet-review-gretchen-mcculloch-linguistics

[3] Jensen, Kelly. “Libraries Are More Popular than Ever and Library Workers Don’t Earn Livable Wages: The State of U.S. Public Libraries.” BOOK RIOT, February 8, 2022. https://bookriot.com/libraries-are-more-popular-than-ever/

[4] “How Digital Storage Is Changing the Way We Preserve History.” VICE, February 19, 2016. https://www.vice.com/en/article/avypge/how-digital-storage-is-changing-the-way-we-preserve-history.

[5] “Bloomsbury Collections at the Heart of Research.” Bloomsbury Collections – Electronic Literature as Digital Humanities – Contexts, Forms, & Practices. Accessed May 12, 2022. https://www.bloomsburycollections.com/book/electronic-literature-as-digital-humanities-contexts-forms-practices/ch20-challenges-to-archiving-and-documenting-born-digital-literature-what-scholars-archivists-and-librarians-need-to-know

Virtual Private Networks (VPNs) are currently the premier strategy for disappearing on the internet. Users of VPNs take advantage of a secondary server that reroutes, disguises, and scrubs their internet activity. VPNs make their money by giving users the option to keep their information to themselves in a world that increasingly demands the right to peer over our shoulders. India has introduced legislation that, if adopted around the world, would deal a massive blow to the very concept of Web 2.0 privacy.

The Legislation

A national directive from India’s Computer Emergency Response Team (CERT-in) has demanded that VPNs collect and store customer data that would make their users easily identifiable and totally undermines the business model of these networks^[1]. The policy asks that VPNs store: validated customer names, physical addresses, IP addresses (including original, reissued, and any previous addresses), reasons for using their services, and dates. All of these are to be packaged together to create a sort of “ownership pattern.” CERT-in wants VPN companies to take all of this information and set it aside for a minimum of five years.

Most obviously, data like this can be used by the government to take a look directly at all of the internet activity of any user passing through the servers of these virtual networks. Any download, purchase, or stream could easily be laid bare at the feet of any official that signs off on the right paperwork. 

Secondly, we see how this invalidates the utility of a VPN. We turn to these services when we want to opt out of the ravenous cycle of scraping and selling our data. Private users of VPNs do so with the express purpose of keeping their data to themselves. When VPNs are forced to hold onto this information, private users might as well parade around the internet without a private network. Businesses and remote employees are a large constituency of the virtual private network. They depend on VPNs to do business online in a secure and confidential manner. 

What Happens to VPN Companies?

Companies that provide virtual private networks would find themselves on the hook for infrastructure they want no part of. Currently, VPNs are built with servers that use RAM disks rather than rewritable memory. This makes them much more nimble and they don’t have to dedicate resources to setting aside terabytes of information for half a decade (or longer if they want to err on the side of caution, as many companies do). 

Any VPN company operating in India either has to dump a significant portion of their revenue into refitting their facilities or they need to start looking into moving to another country entirely. There’s also the possibility of other governments following suit in the wake of CERT-in’s decision. 

VPN companies, while concerned with the privacy of their customers, will now be faced with the allure of selling their user’s data. After being asked to collect and collate it, they’ll be in the unique position of holding the exact information that was once off the market just a few short days prior. We’d love to remain optimistic in this case, but the financial gain would simply be too enticing for many companies to resist^[2].

Storage of your personal data also implies the potential that hackers will find a way to pry open whatever storage solution VPN companies settle on. We can see by looking through the directions CERT-in put forward that they don’t require any sort of standard of storage^[3], all they want is data that can be reconstructed and easily accessed in the event that a “cyber security incident” requires the information is recalled and presented. We can see in these directions that a “cyber security incident” can be as vague as it needs to be. VPNs in India will not only be at a distinct disadvantage after this takes effect — they’ll also be plump targets for hackers.

How does IPFS solve this

The InterPlanetary File System (IPFS) and the practical applications of Web 3.0 are on the rise, and they’re solutions that aim to create an internet where this sort of legislation can no longer extend its fingers into your personal data. IPFS and end-to-end encryption create an ecosystem where tracking, storing, and spying on personal data is effectively undoable. 

Unfortunately, early applications of Web 3.0 technology has been caught up in the frenzy of cryptocurrency and get-rich-quick schemes. The true potential of a decentralized internet lies in the security and freedom users can find by unchaining themselves from centralized authorities online. IPFS storage systems don’t rely on a single server to store your data, making it incredibly difficult for outside actors to access it — that includes providers of the storage service. The only person with the key to unencrypt your data is you, the only eyes on your decentralized data is you, and the only agency storing your data is you. IPFS obliterates the role of the central “middleman” when it comes to storage, creating an online collective that can’t simply be strong-armed into setting aside your private information for access by a government body.

AXEL Wants to Protect Your Privacy

AXEL is a decentralized storage solution for all of your storage and file-sharing needs. 

You can try AXEL Go Premium with all features unlocked free for 14 days. Sign up today and see how AXEL Go can improve your workflow and supplement your organization’s cybersecurity.

Citations 

[1] Hodge, Rae. “India Orders VPN Companies to Collect and Hand over User Data.” CNET. CNET, May 5, 2022. https://www.cnet.com/news/privacy/india-orders-vpn-companies-to-collect-and-hand-over-user-data/.

[2] Brown, Brad, Kumar Kanagasabai, Prashant Pant, and Gonçalo Serpa Pinto. “Capturing Value from Your Customer Data.” McKinsey & Company. McKinsey & Company, April 28, 2022. https://www.mckinsey.com/business-functions/quantumblack/our-insights/capturing-value-from-your-customer-data.

[3]  “No. 20(3)/2022-CERT-in Government of India Ministry of …” Accessed May 5, 2022. https://www.cert-in.org.in/PDF/CERT-In_Directions_70B_28.04.2022.pdf.