AXEL.org

Tech

How to Rebuild Trust in Tech

It’s safe to say that reality has not lived up to the utopian vision of a highly advanced technological society. The optimism present in the 80s during the microchip boom and again in the 90s with the internet revolution has given way to a rather dreary outlook. This pessimistic view has various causes, including the proliferation of mass surveillance systems and the overall erosion of fundamental privacy rights. Can this be fixed? AXEL believes it can, but tech corporations will have to pursue alternative business models and practices for it to happen.  Let’s look at how we got into this mess and how we can get out of it.

Initial promise leads to technocratic dystopia?

So, where did this pessimism come from recently? After all, it was only a decade ago that Facebook CEO Mark Zuckerberg was touting his social media platform as a way for people all over the world to connect meaningfully. Social media and the convenience of Big Tech services were supposed to advance the human race. And, for a while, it appeared like they might. Social media sites such as Facebook and Twitter helped facilitate significant historical events, such as the 2010 Arab Spring[1]. However, as the years passed, it became apparent that these services had a darker side.

The Cambridge Analytica scandal first reported on in 2015 was the tipping point. It’s where Facebook got caught selling vast amounts of its users’ personal information to the data analytics firm Cambridge Analytica. This firm used the data in an attempt to influence the outcome of the 2016 United States elections. While it is unknown exactly how successful this was (after all, Ted Cruz’s ill-fated campaign was the first to use this data), what was obvious is that Facebook collected and sold an alarming amount of information without consent.

Looking back, people should have known all along. Enormous tech platforms require thousands of skilled employees and significant backend infrastructure to maintain. Since they are typically free to use, how do they make money? Personalized advertising due to mass surveillance.

Trust in Big Tech hits all-time lows

Since the Cambridge Analytica scandal, education regarding how Big Tech analyzes and sells data has improved. The average consumer now understands that there shouldn’t be an expectation of privacy when using these services. In fact, according to a 2020 survey, over 85% of people are “very concerned” about how companies like Facebook and Google handle their personal data[2]. We feel this is a great trend, but there will need to be an aggressive demand from consumers for better privacy protections for any actual progress. The unfortunate truth is that even if there is a tacit understanding of the current reality, consumers either feel trapped in the situation or are otherwise willing to put up with the status quo.

This is evidenced by a 2019 panel discussion where business leaders and academics talked about the ethics of data collection[3]. Throughout the roundtable, the majority of the audience and the panel itself agreed to give up their privacy for small monetary benefits.

We believe this line of thinking is short-sighted and naïve. One point that kept coming up was that most trusted the firms collecting their data not to misuse it and to protect it. We know from countless stories that neither of these assumptions is prudent. Not only will companies sell data without consent, but they can’t guarantee hackers won’t pilfer it illicitly. Even organizations spending adequate resources on cybersecurity get compromised routinely. Many of the largest businesses in the world have had terrible breaches. Putting that kind of faith in Big Tech’s trustworthiness will only end in disappointment.

The way forward

As a company that values user privacy, here are our tips for ushering in a new era of tech that delivers on the optimistic vision of previous generations:

Opt-in for advertising rather than opt-out. So far, organizations attempting to remedy privacy concerns have relied on providing opt-out clauses for data collection. We feel this puts the burden on the consumers, who tend to be busy. Most people don’t read privacy policies or want to click through a maze of links to get to the opt-out page. Privacy should be the default. If there really are benefits worthy of people giving up their personal info, the company should state their case clearly and provide a link to opt-in to the advertising.

Move away from free-to-use business models. We’ve covered this topic in a previous blog, but it’s a necessary shift if people truly value privacy. Free software and services create bad incentives to misuse data because it’s the only way to monetize users. This can be alleviated by normalizing paid software again. Consumers didn’t always have the expectation of free software. With a coordinated education outreach, paid software may make a comeback.

Transparency. One of the most disturbing aspects of the Cambridge Analytica scandal was that Facebook sold information without consent. If an organization wants to offer free services to those who opt-in to personalized advertising, it should go the extra mile and be transparent about how it uses that data. This would lead to fewer surprises and major scandals. Users could make informed decisions and weigh the tradeoffs accordingly.

AXEL leads the way

At AXEL, we provide data storage and sharing solutions that prioritize privacy and security. Not only is our leading platform, AXEL Go, built with secure implementations of blockchain technology, decentralized servers, and robust encryption, but our entire data collection policy centers around the philosophy that less is more. Just take a look at AXEL Go compared to other popular cloud drives. AXEL does not collect data linked to your identity. Period.

You can sign up for a free trial of our Premium AXEL Go service today and get the peace of mind that nobody is mining your content or selling your data. We can bring about change together. Join the privacy revolution.

Jose Antonio Vargas, “How an Egyptian Revolution Began on Facebook”, The New York Times, Feb. 17, 2012, https://www.nytimes.com/2012/02/19/books/review/how-an-egyptian-revolution-began-on-facebook.html

[2] Allen Bernard, “Most consumers do not trust big tech with their privacy”, TechRepublic, July 29, 2020,  https://www.techrepublic.com/article/most-consumers-do-not-trust-big-tech-with-their-privacy/

[3] “How can we rebuild trust in the digital world? A discussion with Professor Michael Sandel”, Fujitsu.com, May 16,2019, https://www.fujitsu.com/global/vision/insights/201905event/

Encryption: The Past, Present, and Future

Encryption is a hot topic these days. Governments worldwide are attempting to control it via legislation like the United States’ EARN IT Act, and it is the bane of law enforcement agencies everywhere. But, what’s the big deal about it? In this blog, we look to go over a brief history of the subject, the current state of affairs, and what the future holds.

The history

The word encryption derives from the Greek word kryptos,which means hidden. It is a way to store and share information privately so that only the intended recipient can understand its meaning.

Unsurprisingly, the need for discrete communication stretches far back into recorded history. To understand how the early forms of cryptography worked, first, we’ll define the most common methods ancient peoples used.

  • Transposition. A transposition cipher (code) is where the sender rearranges letters in a word to make them appear garbled to unknowing viewers. This rearrangement follows a predefined system only known to the sender and recipient. The recipient decodes the message using the predefined system and can then understand the message.
  • Substitution. A substitution cipher replaces characters with other characters according to predetermined rules. For example, all Es get turned into Rs, Ts into Bs, etc.

Ancient encryption

The most famous early form of encryption is used in the Old Testament of The Bible circa 500-600 B.C. Here the Hebrew writers use a substitution cipher known as Atbash[1]. Atbash simply reverses the order of the alphabet (A becomes Z and so on). The Book of Jeremiah contains passages where proper nouns are referred to only in Atbash.

Later, in 487 B.C., the Spartans used a transposition cipher called ‘scytale’ to communicate during military campaigns[2]. Here, they used a rod of a specific diameter and wrapped a piece of parchment with the encoded message around it. Once bound, it revealed the true meaning of the message.

Speaking of military operations, Julius Caesar favored a substitution cipher to give orders and receive updates from his generals in the field[3]. This method moved each letter three to the right (A becomes D, S becomes V, etc.)

These ciphers worked well until mathematicians began noticing patterns in the prevalence of certain characters in the 9th-century A.D[4]. They cracked the code, which resulted in the creation of more modern forms of cryptography.

From the 15th-century through WWII

Leon Battista created the first polyalphabetic cipher in Italy around 1467 A.D.[5]. Polyalphabetic ciphers use a combination of multiple alphabets, which dramatically increases encryption’s effectiveness. Batista also developed the cipher disc, a mechanical device that uses various concentric wheels with letters inscribed on them to encode and decode messages. It’s no wonder that he’s known as the ‘Father of Western Cryptology.’

Fast forward to the middle of the 19th century. Famous writer Edgar Allan Poe had readers send him ciphered messages, which he attempted to decode in a weekly paper[6]. It’s interesting to think about Poe sitting in his study taking a break from authoring classic tales to nerd out on some secret messages. Eventually, he even penned an essay on cryptography that the British Army used in World War I to break German ciphers. So, we’re lucky he had such a hobby!

World War II is when cryptography became a well-known issue. The Nazi Enigma machine was a highly complex encryption tool that used an electromechanical rotor system to scramble letter input by an attached keyboard.  Polish mathematicians had been able to replicate Enigma machines in 1932, but the British and French forces couldn’t decode German messages as late as 1939. The Allies brought in the Polish codebreakers, and by the time the war was in full effect, they could decipher the Nazi’s secret messages. Changes to the machine and codes throughout the war still made it very difficult, however. This led to Britain’s Alan Turing’s innovative decryption techniques[7] that may have shifted the war in the Allies’ favor.  

Modern encryption

That brings us to the modern era. Cryptography really matured as a field of study with the advent of computer technology. Instead of relying on complex mechanical devices, computers could use mathematical equations and algorithms to create better encryption. The two common algorithms used today are the Symmetric Key Algorithm and the Public Key Algorithm.

Symmetric Key Algorithm. In cryptography, keys are the mathematical parameters used to encrypt and decrypt data. The Symmetric Key Algorithm utilizes the same key for encoding and decoding. The method can encrypt information in chunks (called a block cipher) or by individual characters. Examples of the Symmetric Key Algorithm in practice include:

  • DES (Data Encryption Standard). Developed in 1975, DES became the Gold Standard in encryption for a period. It is a block cipher that uses a 56-bit key. While this was suitable in the 70s and 80s, it is not used anymore due to advancements in computer processing power. Computers today could brute force crack a 56-bit key in a matter of hours.
  • AES (Advanced Encryption Standard). AES builds off the DES algorithm and makes it significantly more secure. It has variants that feature 128-bit, 256-bit, and 512-bit keys. AES 256-bit encryption is the official standard for U.S. government agencies such as the NSA. Incidentally, it is the algorithm AXEL Go uses to encrypt file passwords. Experts estimate it would take billions of years to brute force crack[8].

Public Key Algorithm.  Public Key Algorithms, on the other hand, use two different keys for encryption and decryption. This provides even safer encryption and is used in the RSA token system, digital signatures, and blockchain technology.

The future of encryption

While modern encryption is fantastic at protecting data against commonly-used cracking methods, it isn’t completely future-proof. Analysts expect that if quantum computing becomes powerful enough, the algorithms used today could be easily cracked[9]. This is concerning, but it seems as if the industry is aware of the potential problem. First off, the prototype quantum computers of today aren’t capable of such feats, and the tech is tricky in general. It’s unknown if quantum computers will ever get to the point of being useful. Even if it happens, however, there are already quantum-safe encryption algorithms. Software developers will need to update their products accordingly before these quantum computers become commonplace and readily available.

AXEL – At the cutting edge of technology

AXEL developers are at the forefront of the privacy technology movement. That’s why our secure, private file-sharing and cloud storage software AXEL Go already incorporates military-grade AES 256-Bit encryption and blockchain technology. Undoubtedly, we will keep up with the times and shift our encryption strategy as it becomes evident we need to upgrade. We’re always looking for new ways to improve the security and privacy of our platform.

Sign up for a free AXEL Go account today and receive a 14-day trial of our Premium Service with all features unlocked. You will love the peace of mind proper data security affords you. Join the privacy revolution today and download AXEL Go.

[1] Jenny Kile, “The Atbash Cipher and Jeremiah 51:1”, MysteriousWritings.com, https://mysteriouswritings.com/the-atbash-cipher-and-jeremiah-511/

[2] Milica Djekic, “Scytale – Cryptograph of the Ancient Sparta”, OzScience.com, Nov. 11, 2013, http://ozscience.com/technology/a-scytale-cryptography-of-the-ancient-sparta/

[3] Jason Andress, “The Basics of Information Security”, ScienceDirect.com, 2014, https://www.sciencedirect.com/topics/computer-science/caesar-cipher

[4] “Code Breaking a Thousand Years Ago”, 1001inventions.com, https://www.1001inventions.com/feature/code-breaking/

[5] William Servos, “The Alberti Cipher, trincoll.edu, April 25, 2010, http://www.cs.trincoll.edu/~crypto/historical/alberti.html

[6] R. Morelli, “Edgar Allan Poe and Cryptography”, trincoll.edu, May 3, 2018, http://www.cs.trincoll.edu/~crypto/historical/poe.html#:~:text=Like%20other%20literary%20figures%20of,application%20of%20reason%20and%20logic.

[7] “How Alan Turing Cracked The Enigma Code”, IWM.org.uk, https://www.iwm.org.uk/history/how-alan-turing-cracked-the-enigma-code

[8] Mohit Arora, “How secure is AES against brute force attacks?”, EETimes.com, May 7, 2012, https://www.eetimes.com/how-secure-is-aes-against-brute-force-attacks/

[9] Stephen Shankland, “Quantum computers could crack today’s encrypted messages. That’s a problem”, CNet.com, May 24, 2021, https://www.cnet.com/news/quantum-computers-could-crack-todays-encrypted-messages-thats-a-problem/

Common Pitfalls when Attorneys Adopt New Technology

The legal industry faces unique challenges to the adoption of new technology and digital transformation efforts. This article will discuss the most typical obstacles and introduce a framework that will help firms analyze whether a new tech solution is likely to integrate successfully.

Impediments to technological progress in the legal sector

Time investment. As you likely know, being an attorney isn’t a regular 9-5 job. A recent survey claims lawyers work an average of 66 hours per week[1]. That’s like a typical full-time and part-time job combined. So, all but the largest firms with dedicated IT teams can’t afford to spend too much time implementing new technology. Small firms and solo practitioners simply don’t have the resources to research, test, and deploy complex tech solutions.

Cybersecurity and confidentiality concerns. Legal professionals have needs that go above and beyond the average office worker when it comes to digitization. Due to attorney-client privilege and the ethical responsibility to maintain data security, attorneys need to be extra careful when upgrading their technology. They may have to look for approved ‘legal tech’ solutions when off-the-shelf consumer products don’t meet these standards.

The “billable hour” issue. Although there may be a shift in billing practices in a few firms, most still rely on the time-tested “billable hour” method. It may seem like a paradox, but the increase in efficiency new tech can bring might actually reduce a firm’s profitability due to fewer billable hours plus the cost (initial and ongoing) of the technology itself. While an increase in clients due to more free time could offset this problem, the demand for legal services, especially in less populated regions, probably won’t rise at the same rate.

The partnership model. The traditional hierarchy of law firms puts the “partners” at the top. Depending on the organization’s size, many decision-makers would need to approve any new legal tech initiative. This alone makes it an uphill battle, but add in the fact that partners tend to be older people who may not see technological advancement as a priority, and it becomes a serious deterrent. Obviously, this is a much more significant obstacle at larger firms, but any practice will multiple partners could face a difficult situation.

The “ignorance is bliss” dilemma. Solo practitioners and small firms don’t have the resources of their more massive brethren. This means that tech policies and solutions mega-firms implement have a hard time trickling down. Unfortunately, this can lead to solo practitioners developing an “ignorhttps://www.axel.org/the-10-worst-data-breaches-of-the-decade/ance is bliss” mantra, even if they don’t necessarily believe that to be the case.

For example, whereas large organizations may completely ban the use of insecure applications such as Dropbox for confidential file transfer or storage, smaller practices could still use them due to familiarity. They don’t search out current best practices for data storage because they may fear switching and disrupting their workflow.

While this is an understandable reaction, we urge attorneys to push through this bias for their own sake. After all, if a serious data breach occurs and the lawyer has not lived up to their ethical responsibilities, it becomes an even worse situation.

The innovation-decision process

We recommend running through the innovation-decision process before making conclusions about a particular technology’s viability for your firm. This process goes as follows:

  1. Assess comparative advantage. Does the new technology offer a substantial upgrade to your current systems? Define these advantages and review the overall impact they will have.
  2. Analyze compatibility. Does the solution fit into your existing workflow? If not, what resources will you need to allocate to adapt your business practices?
  3. Consider complexity. If you do need to adapt, calculate the cost-benefit analysis (not just financial, but also psychological) of doing so. Will it be a complicated endeavor? Do the results outweigh these complexities?
  4. Evaluate trialability. See if the vendor offers any sort of trial or demo. You can test out the solution, receive critical feedback and preliminary effectiveness metrics before committing to the entire project.

If you go through this process and discern that the tech is worth using, you will be much more confident in the solution and have a greater chance for success.

Your firm and AXEL Go

While the decision will still be challenging in many instances, sometimes the Universe serves up a no-brainer. AXEL Go is a secure, private file-sharing and cloud storage solution that overcomes the common obstacles and scores well on the innovation-decision process.

With the sudden shift toward working remotely, many attorneys find themselves in need of an easy-to-use file-sharing application that can fit seamlessly into their legacy workflow while providing more robust data security. AXEL Go is the perfect solution for any such lawyer. It has many innovative advantages, including:

  • Industry-leading security. AXEL Go runs on a secure, decentralized network that features blockchain integration and file encryption. Documents stored on the network go through a process of “digital shredding,” where only the uploader and recipient (if there is one) have access to the complete file.
  • Secure Fetch. Think of it as a digital courier. You send a secure, encrypted link to a recipient and request certain sensitive documents. They upload the necessary files, and you receive a notification for download. Recipients do not need AXEL Go accounts, meaning you don’t have to badger clients or colleagues to sign up for new services or software. You get to meet data security guidelines without any hassle or inconvenience.
  • Microsoft Outlook integration. You can now send confidential data via email without having to rely on insecure attachments. Using our Outlook plugin, you can send fortified AXEL Go links directly in an email with the click of a button. It’s a simple process that fits within traditional workflows.

With partnerships with the State Bars of states such as Connecticut, Florida, Nevada, and Georgia, it’s fair to say the legal community sees the unique value proposition AXEL Go offers.

According to a 2021 survey by ALM[2], 56% of legal teams consider “data privacy and security” as their primary focus for 2021. It makes sense when you understand the high probability of attempted hacks and data breaches every firm faces today. Don’t just wait around waiting for the inevitable. Be proactive and protect your most sensitive information with AXEL Go.

If you’re interested in seeing it in action, you can enjoy a completely unlocked trial of our Premium service for 14-days. Sign up today and see the AXEL Go difference for yourself.

[1] “How Many Hours A Week Does A Lawyer Work?”, careerigniter.com, https://www.careerigniter.com/questions/how-many-hours-a-week-does-a-lawyer-work/

[2] “What Do Legal Professionals Expect From 2021?”, Mitratech.com, 2021, https://mitratech.com/resource-hub/whitepapers/alm-survey-legal-tech-plans-2021/

Is High-Speed Fiber Coming to a Farm Near You?

Promises of blazing-fast fiberoptic internet throughout the United States have a long and disappointing history of being broken. With President Joe Biden’s recent $1.9 trillion stimulus bill and a $3 trillion infrastructure plan unveiling, the topic is back in the public discourse. However, telecoms like ATT are pushing back.

A brief history lesson

This isn’t the first time the telecoms and politicians discussed a widespread deployment of fiber internet. The first time it came up was back in the 1990s. One of the touted benefits of deregulating the telecommunications industry through the passage of the Telecommunications Act of 1996[1] was that companies agreed to lay fiber to supply millions of citizens with broadband internet. Unfortunately, it never materialized.

As of 2014, a researcher estimated that telecom corporations charged customers a collective $400 billion for the non-existent fiber network[2]. You can imagine how that number has ballooned in the eight years since.

To be fair, these sensationalized figures don’t tell the whole story. The massive increase in demand after the internet boom in the 90s and eliminating the profit cap meant that these businesses could and did charge more. This increased profits, which attracted significantly more outside capital investment than a profit-capped industry could expect.

While it didn’t result in the fiber networks promised, the telecoms did increase capital investments heavily over the past 25 years.  It just went in different directions, such as mobile wireless technology and cable broadband.

The United States is competitive with the world in average broadband speeds, currently ranking 12th[3], behind only much smaller countries. In fact, the countries ahead of the US average 100K square miles, while the United States covers nearly 4 million square miles. So, contrary to popular belief, it hasn’t been a disaster. Still, the speeds offered never hit the projections, and there is a vast divide between urban and rural residents.

 Green Acres isn’t the place to be for fast internet

The Federal Communications Commission (FCC) reports that, as of 2019, over 25% of people in rural areas don’t have access to broadband internet versus 1.7% of urban residents[4]. Since 2015, the FCC’s standard definition of broadband is 25Mbps download and 3Mbps upload speeds[5].

To put that into perspective, one feed of HD-quality Netflix video requires a 5Mbps download connection, and 4K Netflix video bumps the requirement up to 25Mbps. Furthermore, a Full-HD Zoom call requires a 3.8Mbps upload speed, meaning those only meeting the threshold of broadband couldn’t make a Zoom call at the highest quality. And over a quarter of the rural community doesn’t meet that threshold.

Government-backed solutions

To remedy this situation, United States President Joe Biden unveiled a large-scale $3 trillion infrastructure proposal in late March with money set aside for rural broadband expansion[6]. Details are scarce, but the main talking points of the plan are:

  • 100% broadband coverage throughout America
  • “Future-proof” infrastructure built in underserved areas such as rural and tribal lands (many take this to mean fiber, specifically)
  • Prioritization of funds toward networks owned by or affiliated with local governments
  • Telecoms must disclose prices for services transparently
  • Subsidies for low-income people

The infrastructure proposal isn’t the only recent development on this front. Democrats in Congress introduced a $94 billion bill called the ‘Accessible, Affordable Internet for All Act’ on March 10[7]. Its goal is to impact rural communities in a similar way to the electrification efforts of the 20th century by building or modernizing its broadband infrastructure. So, why the big push? What are the potential benefits?

Benefits of rural broadband access

More educational opportunities. The COVID pandemic created problems for rural communities. Students that don’t have access to high-speed internet couldn’t participate in distance learning and are at risk of falling behind. Providing adequate broadband solutions ensures this isn’t a problem in the future.

Job creation. With the proliferation of remote work, high-speed fiber allows those in the country to have the same job opportunities as those in urban areas. This could lead to significant economic expansion in regions that haven’t yet benefited from the shift to knowledge-based industry.

Higher real estate values.  Access to broadband internet makes real estate more attractive to potential buyers. In fact, a 2016 study concluded that homes with fiber internet capability boost their value by over 3%[8].

More healthcare options. Telemedicine has become an important part of the healthcare industry that those without the internet can’t utilize. Fixing this reduces the burden on small local healthcare systems and provides more options to rural residents.

AT&T is not a fan

As you might expect, this focus on expanding broadband has corporate detractors. Telecom giant AT&T pushed back, releasing a critique of the plan in late March[9]. Here, the author argues that fiber isn’t necessary for the majority of use cases in rural America and that current subsidies couldn’t offset the price it would cost.

Another issue she raises is that many of the proposed solutions discussed above mandate “symmetrical” download and upload speeds. For instance, this means that if a home has a 100Mbps download speed, it would also need a 100Mbps upload speed. This would require fiber connections, as current cable and wireless technologies aren’t equipped to handle such large upload capacities. The author claims this is impractical and that most users wouldn’t need the additional upload speed.

AXEL’s take on the situation

Everyday users indeed download much more than they upload on average. However, more upload capacity could have beneficial results. Content creators, video streamers, and anyone uploading large documents regularly would see their capabilities increase significantly.

Small town lawyers, for example, could upload documents to clients and colleagues via secure file-transfer applications like AXEL Go faster. It would increase efficiency and work output to allow them to focus on more critical matters. It could allow for more robust services and provide a way to enhance digitization efforts. AXEL supports the ongoing push for rural access to fiber internet and hopes it continues to progress rapidly.

AXEL Go

Fiber internet connections combined with the high-performance, decentralized file-sharing network of AXEL Go would improve your productivity greatly. AXEL Go is backed by secure technology such as the InterPlanetary File System, blockchain, and military-grade encryption. Also, we never collect your personal data and sell it to shady third parties. Your data stays your private property at all times.

Sign up today and receive a free 14-day trial of our Premium service with all features unlocked. After the trial period, you can choose to continue with the Premium account for only $9.99/month or use our Basic service free of charge. Together, we can make the internet a better place for everyone.

[1] “Telecommunications Act of 1996”, FCC.gov, https://www.fcc.gov/general/telecommunications-act-1996#:~:text=The%20Telecommunications%20Act%20of%201996,any%20market%20against%20any%20other.

[2] Bruce Kushnick, “The Book Of Broken Promises: $400 Billion Broadband Scandal And Free The Net”, Huff Post, Sept. 9, 2014, https://www.huffpost.com/entry/the-book-of-broken-promis_b_5839394

[3] “Speedtest Global Index”, Speedtest.net, Feb. 2021, https://worldpopulationreview.com/country-rankings/internet-speeds-by-country

[4] FCC, “2019 Broadband Deployment Report”, FCC.gov, May 29, 2019, https://docs.fcc.gov/public/attachments/FCC-19-44A1.pdf

[5] Micah Singleton, “The FCC has changed the definition of broadband”, TheVerge.com, Jan. 29, 2015, https://www.theverge.com/2015/1/29/7932653/fcc-changed-definition-broadband-25mbps

[6] Jim Tankersley, “Biden Team Prepares $3 Trillion in New Spending for the Economy”, The New York Times, March 22, 2021, https://www.nytimes.com/2021/03/22/business/biden-infrastructure-spending.html

[7] Jon Brodkin, “Democratic-led Congress gets serious about universal broadband funding”, ArsTechnica.com, March 11, 2021, https://arstechnica.com/tech-policy/2021/03/democratic-led-congress-gets-serious-about-universal-broadband-funding/

[8] Ellen Satterwhite, “Study Shows Home Values Up 3.1% with Access to Fiber”, FiberBroadband.com, June 29, 2016, https://www.fiberbroadband.org/blog/study-shows-home-values-up-3.1-with-access-to-fiber

[9] Joan Marsh, “Definiing Broadband For the 21st Century”, ATTpublicPoliy.com, March 26, 2021, https://www.attpublicpolicy.com/wireless/defining-broadband-for-the-21st-century/

Privacy Labels Reveal Interesting Insights About Popular Cloud Drives

In late 2020, Apple launched its Privacy Label initiative[1]. Now, all apps sold through the App Store need to include a privacy label with future updates. These labels inform consumers about how the application collects and uses consumer data. Since millions of people use file-sharing and cloud storage platforms to transfer and store their personal content, we believed it’d be interesting to compare the privacy labels of the Big Tech offerings to AXEL Go.

A primer on terminology

Before getting into the comparison, it’s important to define the terms you’ll see often. Apple separated the data the apps collect into three different categories.

Data Used to Track You. This is the most troublesome category. It means that the app tracks personal information explicitly to form a coherent picture of your identity. This could stretch across your entire internet usage or even into your real-life shopping habits. It’s a tactic Facebook notoriously employs[2], and it’s by far the most invasive type of data collection.

Companies engaged in these activities link data generated from the app with information from third parties for targeted advertising or analytics. These organizations potentially even share their data sets (including your exact location) with shady data brokers. If possible, we recommend ditching apps that track you like this.

Data Linked to You. This includes much of the same types of data as the previous category, except it is not tracked across your full web experience. It’s still linked to your identity, however, and is still sold to third parties regularly. Avoid it when you can.

Data Not Linked to You. This is data that the company has explicitly anonymized. It could mean removing direct identifiers like user ID/Name/Device ID and data manipulation to prevent re-linkage or de-anonymization. To claim this, you must not ‘fingerprint’ or use other data sets to establish a potential identity.

Now, onto the comparison.

Dropbox

This image has an empty alt attribute; its file name is dropBox2-1.jpg

Source: https://apps.apple.com/us/app/dropbox-cloud-storage-backup/id327630330

DropBox comes out the worst in this comparison. It’s the only one with entries in the ‘Data Used to Track You’ category, making it a significant threat to the privacies of over 600 million users worldwide. It also collects a vast amount of data, including:

  • Contact Info (Name, email address, phone number, physical address, etc.)
  • Identifiers (Screen name, handle, account ID, etc.)
  • Purchases (Purchase history)
  • Contacts (List of your phone’s contacts, address books, social graphs, etc.)
  • Search History (information regarding searches you made in-app)
  • Usage Data (App launch info, taps, scrolling data, clicks, views, biometric eye data, etc.)
  • User Content (in this case, content stored on DropBox servers)
  • Diagnostics (crash logs, performance metrics, etc.)

Obviously, some of this data is more sensitive than other types. For instance, diagnostic information is potentially less harmful than giving up the contents of your cloud storage to what amounts to corporate surveillance. Regardless, it’s all info that they can link to you for identification purposes.

Google Drive

Source: https://apps.apple.com/us/app/google-drive/id507874739

Google isn’t known for its commitment to privacy. Although its cloud service, Google Drive, fares a bit better than Dropbox, there’s still not much to like. It collects the same types of data and adds “Location” into the mix. Why would a cloud storage application need to know your location? Unknown, but it likely isn’t a valid reason. It’s unspecified whether they monitor your ‘Precise Location’ or ‘Coarse Location,’ but Google doesn’t deserve the benefit of the doubt. Assume they know exactly where you are at all times when you’re using any of their services, including Drive. They also collect the nebulously-termed “Other” data, which Apple doesn’t define. If you’re one of the over one billion users[3] of Drive, consider alternatives.

Microsoft OneDrive

This image has an empty alt attribute; its file name is onedrive.jpg

Source: https://apps.apple.com/us/app/microsoft-onedrive/id477537958

Of the Big Tech offerings, Microsoft’s OneDrive is the least offensive. It collects the least amount of data and doesn’t track you across websites. However, the personal information it does collect is still sensitive—especially Contact Info, Identifiers, and User Content. So, Microsoft not only collects your personally identifying information but, like its major competitors, it still mines user content. It’s an inexcusable invasion of privacy that anyone who cares about such matters can’t look past.

AXEL Go

This image has an empty alt attribute; its file name is axelGo.jpg

Source: https://apps.apple.com/us/app/axel-go/id1462043114

The Silicon Valley mainstays don’t value your privacy. At the end of the day, they make a lot of money from your data alone. However, that doesn’t mean there aren’t any good options. Privacy-based alternatives like AXEL Go exist.

Our team designed the entire platform to promote privacy, security, and data custody.  And that starts with the fact that AXEL doesn’t collect any data linked to its users. In fact, AXEL is the only competitor in this comparison that doesn’t link data to your identity. Most of the information we manage is diagnostic, and usage data, which helps our developers see how you’re using the app to inform future improvements. Any contact info we store is sufficiently anonymized so that nobody can link it back to you. We respect everyone’s right to privacy.

Try AXEL Go

If you’re used to sharing and storing data online with platforms such as Google Drive or Dropbox, AXEL Go is a breath of fresh air. Our simple, intuitive user interface is a breeze to navigate while still offering industry-leading security and privacy features.

The platform is backed by secure technology like the InterPlanetary File System, blockchain, and military-grade encryption. Together with the fact that only AXEL emphasizes users take control of their personal information, you’ve got an application that stands above the competition. Try it out today and see the AXEL difference. Basic accounts are free, and you can upgrade to a Premium account with all features for only $9.99/month. Help usher in a better internet. Join the AXEL Revolution.

 

[1] Nick Statt. “Apple launches new App Store privacy labels so you can see how iOS apps use your data”, The Verge, Dec. 14, 2020, https://www.theverge.com/2020/12/14/22174017/apple-app-store-new-privacy-labels-ios-apps-public

[2] Aaron Holmes, “Facebook knows what you’re doing on other sites and in real life. This tool lets you see what it knows about you.”, Business Insider, Mar. 17, 2020, https://www.businessinsider.com/facebook-clear-history-offline-activity-tracker-tool-how-to-use-2020-1

[3] Shoshana Wodinsky, “Google Drive is about to hit 1 billion users”, The Verge, Jul. 25, 2018, https://www.theverge.com/2018/7/25/17613442/google-drive-one-billion-users

Here’s Why Free Software Can Be a Poison Pill

There was a time when consumer expectations did not demand software be free. Sure, there has always been freeware, but it wasn’t the norm. If someone in the 1980s wanted a word processor, they expected to pay for it!

Today, these expectations have flipped. Why would someone pay for software or web services? Social media platforms are free. Big Tech companies like Google offer free alternatives to traditionally-paid programs such as word processors, spreadsheets, and visual presentation software. What’s the harm? The services are high-quality and users aren’t out a dime. It’s a win-win, right? Well, much like your relationship status during college, it’s complicated.

A costly endeavor

The truth is, software development is expensive. It’s always been expensive. And, even with the proliferation of outsourcing, it remains so today. It is a highly specialized skill requiring considerable knowledge and continued education. The median pay for a developer in the United States was over $107,000 in 2019[1]. Prices for outsourced developers vary by country but expect to pay around $30,000 a year for quality work[2]. Many development teams employ a mixture of domestic and foreign help.

Unlike the 80s, where a small team could complete programs in a basement, now larger units are necessary to deal with the complexities of modern computing. Big Tech’s full-featured products certainly require these sizeable teams of high-cost developers. Their offerings also typically need massive investments in physical infrastructure to keep the services running for millions of potential users. Knowing all this, how do they provide the end products for free? Out of the goodness of the shareholders’ hearts?

The tradeoff

Unsurprisingly, no. Big Tech companies are some of the largest businesses in the world, with billions in yearly revenue. The “free” apps and services they provide do require a form of payment. Your personal data. As the saying goes,” If you aren’t paying for the product, you are the product.”

Today, tech megacorporations collect an absurd amount of data on their users (and in Facebook’s case, even non-users[3].)  The data they find most useful usually falls into the following categories:

  • Email receipts. Who people email consistently can be a wealth of information for data miners.
  • Web activity. Big Tech wants to know which sites everyone visits, how long they stay there, and a host of other browsing metrics. They track across websites, analyze likes and dislikes, and even assess mouse cursor movement.
  • Geolocation. When tracking internet activity isn’t invasive enough, many companies evaluate where people go in the real world. Most don’t understand that their phones’ GPS sensors aren’t strictly used for directions to their Aunt’s new house.
  • Credit card transactions. Purchase records outline a person’s spending habits. Since the entire point of collecting all of this data is to squeeze money out of the user in other ways, this info is extremely valuable.

Imagine the models companies can create of their users, given all of that information. They use these models to personalize advertisements across their platforms. Advertisements more likely to result in sales mean more revenue, so they have an incentive to collect as much data as possible. But that’s not the only way they monetize personal information. Many sell it to third-parties too. Are you creeped out yet?

Alternative data providers

Organizations called ‘alternative data providers’ buy up all of this information, repackage it, and sell it off to whoever wants it (usually financial institutions looking to gain broad insights about the direction of a given market.)

As of 2020, there are over 450 alternative data providers[4], and what happens to your information after they get their hands on it is about as opaque as it gets. This is especially the case in the United States, as there are no federal privacy laws that set clear expectations regarding personal data sales and stewardship. However, there is hope with the passing of California’s new privacy law that Congress will finally tackle the subject.

Privacy policies

One way consumers can stay informed about an organization’s data collection guidelines is to read through its privacy policy and terms of service agreement. There, they can find general information about their practices. Unfortunately, organizations seldom list the specifics (i.e., which companies do they share with or sell the data to, etc.) These documents also tend to be excessively long and filled with confusing legalese. It makes it difficult to extract even basic information and leads to a frustrating user experience.

It’s no wonder that according to a Pew Research survey, only 22% of Americans read privacy policies “always” or “often” before agreeing to them[5]. Most just hit accept without a second thought. We recommend always looking into a company’s privacy policy and terms of service before using their products. If you don’t want to slog through the jargon, try out ToS;dr, a website that breaks down these documents into readable summaries. They also give Big Tech companies “privacy grades” based on what they find. A few examples include: (note: “E” is the lowest grade)

  • Facebook – E. Big surprise here. The company that stores data, whether the person has an account or not, did not score well.
  • Amazon – E. Although online retail is their bread and butter, Amazon also dabbles in providing free apps and services such as the Kindle App. They track people across websites and sell consumer data to third parties, among other egregious tactics.
  • Google – E. Google collects biometric data, shares info with third parties, retains data after erasure requests, and much more.

Search for your favorite social media platform or Big Tech service and see how it stacks up. Spoiler alert: probably not very well.

Another consideration

Open source projects have a poor reputation for cybersecurity since the developers are unpaid and less motivated to provide reliable support. Conversely, free Big Tech products typically get a pass on those risks. After all, their software is well-funded and receives developer support throughout its entire lifespan. This minimizes a few crucial points, though.

First, large tech corporations benefit immensely from a built-in following and the integrated marketing apparatuses at their disposal. This attracts a significantly higher baseline of users for any given service than a startup’s equivalent solution.  These massive user bases attract cybercriminals.

This leads to the second point; while these companies support their products and offer cybersecurity patches regularly, there will always be vulnerabilities. The services almost always run on centralized server farms, making for an enormous attack surface. And the products with the most users will always be the primary targets for phishing scams. So, it’s kind of a paradox. More marketing, support, and users lead to more attacks.

File sharing app examples

There are countless examples of vulnerabilities found in Big Tech apps and services, but here are a few examples in the file-sharing sector:

Google Drive: In the Fall of 2020, threat actors exploited a flaw in Google Drive to send push notifications and emails to users[6]. The messages contained malicious links containing dangerous malware. The situation affected hundreds of thousands of users.

Microsoft OneDrive: Although not officially breached, in April 2020, Microsoft announced a critical vulnerability in their OneDrive cloud app[7]. They quickly released a security fix, but it is unknown if hackers knew about the vulnerability beforehand or if they breached unpatched systems after Microsoft disclosed it.

Dropbox. In 2012, a hacker stole login credentials to over 68 million Dropbox users and sold them on the Dark Web. As if this weren’t bad enough, it took Dropbox three years to disclose the breach! So, during that time, nearly 70 million users were in danger.

ShareIt. This platform may be lesser-known in the United States, but it has 1.8 billion users worldwide and is very popular throughout Asia and Russia. A recent security audit found crucial exploits that could result in hackers stealing sensitive data[8]. Its website doesn’t even default to HTTPS, meaning security doesn’t seem to be a priority for the development team.

In conclusion, free platforms from multibillion-dollar corporations can be dangerous from both data collection and cybersecurity standpoints. Consumers should do their research and consider paying a small fee for privacy and security-focused competitors.

AXEL Go

AXEL is dedicated to giving data custody back to the user. We never sell personal information to third parties or mine accounts. Our file-sharing application, AXEL Go, utilizes blockchain technology, the InterPlanetary File System, and AES 256-bit encryption to provide the most secure cloud-sharing experience in the industry.

Sign up for AXEL Go and receive a free 14-day trial of our Premium service. Premium accounts receive five times more online storage than the Basic account, along with more security options and no restrictions on file sizes. After the trial, users pay $9.99/month to continue the Premium service or downgrade to the Basic account. So, stop worrying and share your documents securely with AXEL Go.

 

 

 

[1] “Occupational Outlook Handbook: Software Developers”, U.S. Bureau of Labor Statistics, 2019, https://www.bls.gov/ooh/computer-and-information-technology/software-developers.htm

[2] Julia Kravchenko, “How Much Does It Cost to Hire Developers: Software Developer Salary Guide 2018”, Hackernoon.com, March 12, 2018, https://hackernoon.com/how-much-does-it-cost-to-hire-developer-software-developer-salary-guide-2018-590fb9e1af2d

[3] Kurt Wagner, “This is how Facebook collects data on you even if you don’t have an account”, Vox, April 20, 2018, https://www.vox.com/2018/4/20/17254312/facebook-shadow-profiles-data-collection-non-users-mark-zuckerberg

[4] Rani Molla, “Why your free software is never free”, Vox, Jan. 29, 2020, https://www.vox.com/recode/2020/1/29/21111848/free-software-privacy-alternative-data

[5] Brooke Auxier, Lee Rainie, Monica Anderson, Andrew Perrin, Madhu Kumar, Erica Turner, “Americans and Privacy: Concerned, Confused And Feeling Lack Of Control Over Their Personal Information”, Pew Research Center, Nov. 15, 2019, https://www.pewresearch.org/internet/2019/11/15/americans-attitudes-and-experiences-with-privacy-policies-and-laws/

[6] Lindsey O’Donnell, “Scammers Abuse Google Drive to Send Malicious Links”, threatpost, Nov. 2, 2020, https://threatpost.com/scammers-google-drive-malicious-links/160832/

[7] Davey Winder, “Windows OneDrive Security Vulnerability Confirmed: All You Need To Know”, Apr. 15, 2020, https://www.forbes.com/sites/daveywinder/2020/04/15/windows-onedrive-security-vulnerability-confirmed-all-you-need-to-know/?sh=517e144b6fa3

[8] Ron Amadeo, “’ShareIt’ Android app with over a billion downloads is a security nightmare”, ars Technica, Feb. 16, 2021, https://arstechnica.com/gadgets/2021/02/shareit-android-app-with-over-a-billion-downloads-is-a-security-nightmare/