AXEL.org

big tech

Devastating Data Breaches – Part 1: The Hard Fall of Yahoo

Data breaches can affect any business. It’s an unfortunate fact, but in today’s digital world, there are so many technologically savvy criminals who seek to make money and wreak havoc upon millions. Cyberattacks can affect anyone, from the smallest neighborhood shop to the largest multinational corporations. However, while small businesses are affected constantly, the data breaches that affect large corporations are the ones that receive the most news coverage. And while the number of cyberattacks has risen in recent years, no incident comes close to the number of victims as the back-to-back data breaches Yahoo faced in 2013 and 2014.

In honor of Cybersecurity Awareness Month, AXEL is writing about some of the worst leaks, data breaches, and ransomware attacks in history. Follow along all October long to learn about what went wrong, what could’ve been done, and how companies responded to devastating data breaches. 

The History of Yahoo

From the late 1990s until the late 2000s, Yahoo was among the giants of Silicon Valley. Although the company never dabbled in hardware, it focused on one utility: Web services. And in the early years of the Internet, no one did web services better than Yahoo. Following in the footsteps of AOL, Yahoo’s first business model was organizing new web pages into categories in the early 1990s. When this proved successful, Yahoo quickly expanded into other web services, including email, instant messaging, news, and games [1]. With these services, Yahoo truly hit the mainstream. Throughout the 2000s, Yahoo remained popular, but began to lag behind tech newcomers like Google, Facebook, and their suites of web services. Following years of underperformance, Yahoo was struggling in the early 2010s. Unfortunately, Yahoo’s problems were only just beginning.

The Breach(es)

In August 2013, an unknown third party gained access to Yahoo data, making away with names, birth dates, phone numbers, and poorly encrypted passwords [2]. For three years following the breach, Yahoo was unaware of this unauthorized digital theft. However, in August 2016, Yahoo accounts were seen for sale on the dark web. Later, three separate buyers bought this stolen data for USD $300,000. To this day, Yahoo and federal investigators do not know the culprit of the 2013 hack [2].

In addition to the 2013 breach, Yahoo faced another cybersecurity crisis just a year later. In December 2014, Yahoo fell victim to another data breach, losing usernames, phone numbers, passwords, and security question answers to at least 500 million Yahoo accounts [3]. It was later revealed that the hack was the responsibility of four men hired by Russia, who sought the personal information of American intelligence officers [3]

In contrast to the 2013 breach, however, Yahoo executives were made aware of the hack soon after it occurred. Even when Yahoo was set to be acquired by Verizon in 2016, the company stated that it was aware of only four minor breaches [4]. Even in June 2016, Yahoo’s security team was aware that hundreds of millions of accounts were compromised, yet the company failed to inform Verizon or the public until September 2016.

The Fallout

Finally, in September 2016, Yahoo announced to Verizon and the public its knowledge of the 2014 breach. At the time, Yahoo estimated that 500 million accounts were compromised in the attack. In December 2016, Yahoo became aware of the 2013 attack and announced that an estimated one billion accounts were affected by the incident. While an estimated 1.5 billion compromised accounts is a nightmare for any business, the hacks and fallout occurred during a time of turmoil and transition for Yahoo. In fact, after the announcement of the 2014 hack, Yahoo lowered its purchase price to Verizon by $350 million [4]. Unfortunately, the news soon got worse for Yahoo. The company’s initial estimate of affected accounts was far from the true scale of the breaches.

In October 2017, Yahoo announced that all of its accounts were compromised in the two hacks. Over 3 billion accounts were ultimately affected by the breaches. Following the public reveal of the 2013 hack, Yahoo forced all of its users to change their passwords [5]. While this was a smart, necessary step, much of the damage had already been done. Usernames, phone numbers and birthdates were, unfortunately, already vulnerable.

Following the revelations of the breaches, Yahoo faced serious scrutiny from consumers and investigators alike. Following investigations, Yahoo was fined USD $35 million by the Securities and Exchange Commission (SEC) not for the breaches themselves, but for failing to disclose its knowledge of the 2014 breach until two years later [4]. In fact, this was the first time the SEC ever fined a public company for failure to disclose knowledge of data breaches. Additionally, Yahoo settled a class-action lawsuit for USD $80 million. Ultimately, Yahoo was punished for the cover-up, rather than the actual breaches. Unfortunately, the steep punishment simply did not outweigh the damage done to Yahoo and its customers.

Protecting Your Data

Although October is designated as Cybersecurity Awareness Month, true protection from data breaches and cyberattacks requires a year-long commitment. That’s where AXEL Go comes in. AXEL Go is a secure file-sharing and storage software that prioritizes data protection. Offering military-grade encryption and decentralized blockchain technology, AXEL Go is the best way to protect yourself or your business from cybercriminals. Put simply, your vital information deserves the best protection. If you’re ready to try the best protection, get two free weeks of AXEL Go here

[1] Greenberg, Julia. “Once Upon a Time, Yahoo Was the Most Important Internet Company. Now It’s Struggling.” Wired. November 23, 2015. https://www.wired.com/2015/11/once-upon-a-time-yahoo-was-the-most-important-internet-company/.

[2] Perlroth, Nicole. “All 3 Billion Yahoo Accounts Were Affected by 2013 Attack.” The New York Times. October 03, 2017. https://www.nytimes.com/2017/10/03/technology/yahoo-hack-3-billion-users.html.

[3] Goel, Vindu, and Eric Lichtblau. “Russian Agents Were Behind Yahoo Hack, U.S. Says.” The New York Times. March 15, 2017. https://www.nytimes.com/2017/03/15/technology/yahoo-hack-indictment.html?_r=0.

[4] “The Hacked & the Hacker-for-Hire: Lessons from the Yahoo Data Breaches (So Far).” The National Law Review. May 11, 2018. https://www.natlawreview.com/article/hacked-hacker-hire-lessons-yahoo-data-breaches-so-far.


[5] Goel, Vindu, and Nicole Perlroth. “Yahoo Says 1 Billion User Accounts Were Hacked.” The New York Times. December 14, 2016. https://www.nytimes.com/2016/12/14/technology/yahoo-hack.html.

Convenient or Monopolistic? Epic’s Challenge to Apple’s “Walled Garden”

On August 13, 2020, Epic Games, the developer and publisher of the massively popular online game Fortnite, tried something that most companies would be too scared to do. They picked a fight with Apple. On that day, Epic announced a 20% discount on “V-Bucks,” Fortnite’s in-game currency, but only if they purchase it directly from Epic, rather than through Apple’s App Store.

This was an intentional violation of Apple’s terms of service, as Apple takes a 30% commission of all in-app purchases, and Epic wanted that extra money for itself. Within hours, Apple took Fortnite off the App Store for violating its terms of service, with a lawsuit by Epic quickly following [1].

On September 10, 2021, that lawsuit received a ruling. The judge sided with Apple on nine of ten counts, but ordered Apple to loosen restrictions on alternative payment options [2]. However, Apple CEO Tim Cook still stated that, even if an app uses a non-Apple payment option, Apple would still invoice the 30% commission [3]. So, what’s next? Epic appealed the ruling, but for now, Apple still maintains tight control over the apps on its App Store. Ultimately, this case highlights the uniqueness of Apple’s software philosophy, and how its relationships with third-party developers frequently draw ire.

A Walled Garden

For years, Apple’s software philosophy has been described as a “walled garden.” This means that Apple’s software is simple, secure, and easy to use for the consumer. However, Apple also strongly dissuades or even forbids users and developers from leaving their walled garden. Apple states that this approach is necessary to protect its users, and also to differentiate itself from Android, a competitor with a more open ecosystem [4]. Ultimately, this leads to increased simplicity for the user, along with increased dependence on Apple software. So while this approach does protect users from dubious third parties, it also entraps users into Apple’s ecosystem as well.

While Apple claims that its walled garden approach is to offer increased security and simplicity for its users, there are other reasons why Apple uses this philosophy. Because Apple has full control of its ecosystem, it can enforce practically any rule it wants. This includes a 30% commission on in-app purchases. Unfortunately, for third-party developers, this means putting up with Apple’s demands or risk getting kicked out of the garden. And that’s exactly what happened with Epic Games.

The Legal Argument

The main conflict of Epic Games vs. Apple focused on whether Apple’s walled garden approach violates antitrust law. Specifically, Apple’s requirement to force users to only purchase in-game items through the App Store, rather than through another party, was used as evidence of monopolistic behavior [2]. On the other hand, Apple argued that they are free to do business (or not do business) with any other company, and that their restriction of third-party payment services was within their rights as a business. Simply put, this case pitted first-party hardware and third-party software developers against one another.

Ultimately, the court ruled with Apple on nine of ten counts, with Epic stating their intention to appeal their decision [2]. In the one ruling against Apple, Judge Yvonne Gonzalez Rogers stated that “Apple created a new and innovative platform which was also a black box. It enforced silence to control information and actively impede users from obtaining the knowledge to obtain digital goods on other platforms. Apple has used this lack of knowledge to exploit its position [2].” However, because the judge ruled in favor of Apple in the other nine counts, few changes are likely to occur.

While there was potential for a landmark ruling that would shake Apple to its core, the actual ruling that was handed down will likely not have a massive effect on either company. The only change Apple must make is to allow developers to use third-party payment services. However, nothing is stopping Apple from collecting the 30% commission from those third-party developers. Ultimately, while this court ruling had the potential for massive change, the judge’s ruling ensured that Apple’s walled garden philosophy will continue.

Security and Your Rights

While Apple argued that its App Store policies were there to protect users, we know that isn’t the main reason for those restrictive rules. Simply put, the purpose of Apple’s walled garden approach is to keep users locked into the Apple ecosystem. While some users do prefer this method, and it can protect users from unsavory third-party developers, it still infringes upon the rights of consumers.

Unfortunately, this philosophy is all too common with Big Tech companies. Sacrificing privacy is a big win for Big Tech, but a huge loss for privacy rights. Corporations continue to collect hoards of personal data to sell to advertisers, while your privacy is violated. With Amazon, Google, and others offering endless new ways to collect your data, it’s fair to ask: Are you the customer, or the product?  

Thankfully, there are businesses that prioritize security and personal rights. That’s where AXEL comes in. AXEL believes that privacy is a human right. With this in mind, we created AXEL Go, a secure file-sharing and storage software. Offering industry-leading encryption and decentralized blockchain technology, AXEL Go is the best way to protect yourself or your business from unauthorized cybercriminals. With AXEL Go, there’s no compromise between security and privacy rights. After all, our business is protecting your data, not collecting it. If you’re ready to try the most secure file-sharing and storage software, get two free weeks of AXEL Go here

[1] Statt, Nick. “Apple Just Kicked Fortnite off the App Store.” The Verge. August 13, 2020. https://www.theverge.com/2020/8/13/21366438/apple-fortnite-ios-app-store-violations-epic-payments.

[2] Newman, Daniel. “Does The Epic Ruling Open The Door For Apple’s Competition?” Forbes. September 16, 2021. https://www.forbes.com/sites/danielnewman/2021/09/16/does-the-epic-ruling-open-the-door-for-apples-competition/.

[3] Adorno, José. “Apple Can Still Charge Its App Store 30% Fee Even after Epic Ruling, Analysts Say.” 9to5Mac. September 14, 2021. https://9to5mac.com/2021/09/14/apple-can-still-charge-its-app-store-30-fee-even-after-epic-ruling-analysts-say/.


[4] Beres, Damon. “All the New Ways Apple Is Trying to Take Over Your Life.” Slate Magazine. June 08, 2021. https://slate.com/technology/2021/06/apple-wwdc-ios15-new-features-walled-garden.html.

The State of Privacy Laws in the United States

In recent decades, privacy has become one of the most important issues on the minds of lawmakers. With the rise of digital devices that can track our every move, the desire for privacy is growing in an increasingly public society. And while many Americans have a general desire for “privacy,” the amount you receive is heavily dependent on where you live. While there are some federal privacy laws, most consumer privacy comes from state-level bills. And while some states have thorough, fair privacy laws on the books, the vast majority simply do not.

America’s focus on state-led privacy laws is in contrast to Europe’s lawmaking; the European Union’s main privacy law is the General Data Protection Regulation. Because of this, privacy in the E.U. is governed by this one law, and 92% of companies believe they can comply with every aspect of the law [1]. Because Europe has one overarching privacy law, it is much simpler to understand your privacy rights, whether as an individual or a business. Unfortunately, in the United States though, it is quite the opposite. Privacy laws in the country are currently a mishmash of federal and state laws that confuse and harm individuals simply trying to protect themselves.

A Barrage of State Bills

Simply put, U.S. privacy laws are so unorganized because there are so many of them. Even at the federal level, there isn’t an all-encompassing privacy law, but a collection of specialized laws. For example, the Health Insurance Portability and Accountability Act (HIPAA) protects medical privacy, and the Family Educational Rights and Privacy Act (FERPA) protects students, educators, and schools. When it comes to privacy rights, at least at the federal level, it really depends on your specific situation. Although laws such as HIPAA and FERPA do an adequate job of protecting privacy, they are far too specific to offer comprehensive privacy rights that extend to every facet of life.

While federal-level laws are specific to industries, some state-level laws provide all-encompassing privacy protections. Unfortunately, those state laws are few and far between. Only California, Colorado and Virginia have comprehensive data privacy laws [2]. These laws give consumers notice and choice regarding their data. For example, under these laws, a company must tell consumers if it is selling their data, and must allow consumers to access, move, or entirely delete that data. However, while these laws are certainly a good starting point for true consumer privacy, even these three bills are quite limited in effect.

Why are Privacy Protections so Poor?

While those three states have “all-encompassing” privacy laws, they still have glaring holes in protection. In every state except California, privacy laws specifically exclude a “private right of action,” or the ability to sue a business for privacy violations as an individual. Additionally, Virginia’s law has no civil rights protections and allows businesses to continue the status quo of collecting and selling consumer data [2]. It’s no wonder that Amazon lobbyists wrote the first draft of Virginia’s privacy bill [3].

For other states, the situation is even grimmer. States like Florida, Georgia, and others don’t allow consumers to opt out of data sharing. These two states also don’t even require government entities to ever dispose of your data [4]. Ultimately, most states have few genuine protections for consumers. For the most part, businesses can do whatever they please once they have your data. 

And due to strong lobbying by tech companies, it will likely remain this way in many states [2]. Big Tech companies pay millions each year to lobby lawmakers to write and support laws favorable to them. For example, Facebook spent nearly USD $20 million in lobbying in 2020, while Amazon spent USD $18 million [5]. And while this lobbying doesn’t come cheap, it’s a lot cheaper than allowing consumers to opt out of data sales. Ultimately, the reason why so many states don’t offer comprehensive privacy laws is because Big Tech doesn’t want them. Put simply, Big Tech is willing to pay big money to keep strong privacy laws off the books. 

So, What Can We Do?

In most states, it’s now up to individual businesses and firms to protect consumer data. And while Big Tech is unlikely to change any time soon, other businesses can still fight for consumer privacy. Taking simple steps like encrypting documents and backing up your data offline can substantially better protect your clients’ data. After all, Americans want privacy. By taking steps to protect customers and their data, businesses and firms can offer what Big Tech can’t: True privacy protections for their customers.

At an individual level, supporting businesses and firms that prioritize privacy is the best way to show support for strong privacy laws. Additionally, simply supporting federal or state laws that give genuine privacy rights to consumers is another great way to stand up for privacy rights. Since Big Tech wants to continue the status quo of endless data collection and sales, it’s up to individuals to support businesses and firms that offer what Big Tech can’t.

AXEL Supports Your Privacy

At AXEL, we believe privacy is a right. And unlike the Big Tech companies, we’ll never sell your data to third parties, ensuring your data is only yours. Our file-sharing and storage application, AXEL Go, uses blockchain technology and AES 256-bit encryption to provide the most secure file-sharing system in the industry. Whether for business or personal use, AXEL Go helps protect your (and your clients’) most important files.

Sign up here to receive a free 14-day trial of AXEL Go Premium. After the trial period, you can choose to continue your Premium account for just $9.99/month or use our Basic service free of charge. After all, our business is protecting your data, not collecting it. Together, we can help prioritize privacy rights across the country.

[1] Gooch, Peter. “A New Era for Privacy GDPR Six Months on.” Deloitte. 2018. https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/risk/deloitte-uk-risk-gdpr-six-months-on.pdf.

[2] Klosowski, Thorin. “The State of Consumer Data Privacy Laws in the US (And Why It Matters).” The New York Times. September 06, 2021. https://www.nytimes.com/wirecutter/blog/state-of-privacy-laws-in-us/.

[3] Birnbaum, Emily. “From Washington to Florida, Here Are Big Tech’s Biggest Threats from States.” Protocol. February 19, 2021. https://www.protocol.com/policy/virginia-maryland-washington-big-tech.

[4] McNabb, Joanne, and Paul Bischoff. “Internet Privacy Laws by US State: Does Yours Protect Online Privacy?” Comparitech. July 29, 2021.  https://www.comparitech.com/blog/vpn-privacy/which-us-states-best-protect-online-privacy/.

[5] Tracy, Ryan, Chad Day, and Anthony DeBarros. “Facebook and Amazon Boosted Lobbying Spending in 2020.” The Wall Street Journal. January 24, 2021. https://www.wsj.com/articles/facebook-and-amazon-boosted-lobbying-spending-in-2020-11611500400.

Apple and Facebook Fight Over Privacy

Apple and Facebook are currently ranked 1 and 6 respectively in the list of biggest companies by market cap[1]. These tech behemoths wield immense influence in both the business and social spheres. They also have different, seemingly opposing views on the nature of privacy in today’s society. These disparate philosophies have increased tensions between the two tech giants, and recently it’s escalated. We’ll break down the history and the sources of the standoff.

A brief history

Things weren’t always so frosty between the organizations. In fact, according to a 2012 biography, Apple CEO Steve Jobs admired Facebook CEO, Mark Zuckerberg[2]. So much so, it was a driving force in the reluctance of Apple to start a competing social network. However, after the death of Jobs in 2011, things cooled off considerably when current CEO Tim Cook took over.

Perhaps sensing the way things were going in the industry, Cook came out in 2014 with an open letter that took indirect jabs at Facebook and Google[3]. In it, he claimed Apple was not in the business of creating detailed user profiles on individuals through the use of data mining. While he did not mention his competitors directly, it was obvious who he was denouncing.

That same year, Zuckerberg fired back in an interview with TIME Magazine[4], stating

“A frustration I have is that a lot of people increasingly seem to equate an advertising business model with somehow being out of alignment with you customers. I think it’s the most ridiculous concept. What, you think because you’re paying Apple that you’re somehow in alignment with them? If you were in alignment with them, then they’d make their products a lot cheaper!”

We’d recommend reading this article. Perhaps everyone was a bit naïve at the time, but re-reading it through the lens of 2021 with an understanding of the path Facebook took, the plan Zuckerberg outlined seems much more nefarious and a good example of real-life supervillainy. What could go wrong with the CEO of the world’s most invasive social platform wanting to bring internet connection to the entirety of the world?

We digress. Throughout the next seven years, the two CEOs traded barbs on issues such as the Cambridge Analytica scandal and Apple’s monopolistic control of its App Store. In the end, the arguments usually boiled down to Tim Cook accusing Facebook of invading users’ privacies and Zuckerberg saying Apple products cost too much or that the company is an unfair gatekeeper.

We tend to fall on Cook’s side of the argument. It’s true Apple products cost significantly more than competing hardware solutions. But, as we outlined in a previous blog about free software, trading privacy for free or cheap products has serious drawbacks. Now, back to the feud.  

Tensions boil over

Fast-forward to today. In late 2020, Apple started requiring software on the App Store to come with informative “privacy labels” that clearly state the data the app collects on its users. This was great news for AXEL, but not so much for Facebook. Facebook Messenger alone has a privacy label that reads more like a novel than a brief overview[5].

The labels, combined with the most recent update, have sent Facebook reeling for solutions. The latest update goes a step farther than labels and provides users with the oft-talked-about ‘Opt-In’ scenario regarding data collection[6]. ‘Opt-In’ is a concept that requires users to agree to corporate data collection formally. This is a major step forward in the fight for digital privacy rights. It’s much better than current United States privacy regulations in states such as California and Virginia. Those pieces of legislation mandate companies provide an ‘Opt-Out’ option. While better than nothing, the fact is that consumers are busy. They don’t have the knowledge or desire to scroll through layers of confusing websites to exercise their right to opt-out.

This makes Opt-In the preferred way to offer privacy. It makes privacy the default, which will vastly increase the number of people exiting the corporate surveillance scheme. Unsurprisingly, companies like Facebook are not happy about this! Personalized advertising is the company’s lifeblood, and without user data to gather and analyze, ad revenues will likely fall.

Facebook’s response

Facebook hasn’t taken these changes lying down. Their argument centers around the effects felt by small businesses due to Apple’s changes. Facebook frames its data collection around its usefulness to small businesses. Without the ability to target people most likely to buy, these companies will feel the brunt of the impact, causing many of them to close.

Facebook started a public relations blitz, using television commercials and full-page ads in popular newspapers[7] to drive home the point. It has received some mockery for this in the mainstream media. It certainly does appear to be a rather transparent way to further its own goals while seeming to have more profound principles.

Facebook also raised another issue, and though it didn’t receive as much attention from the media, it probably has more merit. They claim that Apple’s recent privacy push isn’t out of any benevolent intentions for consumers but rather greed. Apple receives anywhere from 15-30% of App Store sales, depending on the developers’ overall revenue. By giving consumers the choice to opt into data collection, they must know that most users will decline. This could cause a shift from free apps that generate revenue based on advertising to more paid apps. In turn, Apple receives more money from downloads since more of them are paid. If true, it’s a very sneaky way for the tech manufacturer to make more money while playing the good guy.

The reality is that both Facebook and Apple are profit-driven mega-corporations looking to protect their businesses. You can’t blame either of them for this feud, although it seems obvious that Apple comes out ahead from a public utility perspective. Whatever the root cause, any initiative to substantially increase digital privacy is a good thing in our book.

AXEL’s commitment

AXEL is dedicated to fighting for digital privacy rights for everyone. The concept of data custody and forging lasting trust between consumers and technology is embedded into our corporate philosophy. We develop our products and services to live up to these lofty ideals.

If you are looking for a privacy-focused cloud storage and file-sharing platform, try AXEL Go free for 14-days. During the trial period, you receive all Premium features, including removing file-size restrictions, Secure Fetch functionality, and storage encryption. AXEL never collects personal information to sell to third parties or mines your content for advertising. We’re an alternative tech company you can trust. Secure your files. Secure your digital future with AXEL.

[1] “Largest Companies by Market Cap”, CompaniesMarketCap.com, April 30, 2021, https://companiesmarketcap.com/

[2] Emil Protalinski, “Steve Jobs admired Zuckerberg too much to compete with him”, CNET.com, July 17, 2012, https://www.cnet.com/news/steve-jobs-admired-zuckerberg-too-much-to-compete-with-him/

[3] Steve Musil, “Tim Cook explains Apple’s privacy policies in open letter”, CNET.com, Sept. 17, 2014, https://www.cnet.com/news/tim-cook-explains-apples-privacy-policies-in-open-letter/

[4] Lev Grossman, “Inside Facebook’s Plan to Wire the World”, Time.com, Dec. 15, 2014, https://time.com/facebook-world-plan/

[5] Ben Lovejoy, “App privacy labels show stark contrasts among messaging apps”, 9to5mac.com, Jan. 4, 2021, https://9to5mac.com/2021/01/04/app-privacy-labels-messaging-apps/

[6] Ian Sherr, “Apple’s privacy battle with Facebook just became all-out war”, CNET.com, April 26, 2021, https://www.cnet.com/news/apples-privacy-battle-with-facebook-just-became-all-out-war/

[7] Megan Graham, “Facebook blasts Apple in new ads over iPhone privacy change”, CNBC, Dec. 16, 2020, https://www.cnbc.com/2020/12/16/facebook-blasts-apple-in-new-ads-over-iphone-privacy-change-.html

A Breakdown of Google’s Alternative to the Third-Party Cookie

In an effort to distance itself from its less-than-stellar reputation on privacy, Google is developing and testing an alternative to third-party tracking cookies. It’s called the Federated Learning of Cohorts (FLoC), and the company claims it solves commonly-cited privacy issues with personalized advertising. Skeptical?

What is a cookie?

While most people know the term “cookie,” they might not understand precisely what they do. Before getting into Google’s replacement, here’s s a brief synopsis:

A cookie is a small file that stores pieces of user data to improve their web browsing experience. Each web server collects visitors’ browsing history, settings, or preferences and saves the data in a file. The next time the user visits that site, the server pulls the cookie’s information and provides a customized experience. This can manifest in several ways, such as saving:

  • Display language preferences.
  • Shopping carts between sessions.
  • Login information.
  • Authentication data so that users don’t have to enter a CAPTCHA.

These are examples of first-party cookies. The website you visit actually collects the data. It is difficult to imagine an internet without first-party cookies. Nobody wants to input all of their information every time they view a site. However, there is another type called third-party cookies.

Third-party cookies

Unaffiliated domains create third-party cookies, which track users across multiple sites. They use this data for retargeting campaigns and personalized advertising. Third-party cookies are receiving backlash from consumers and privacy advocates alike.

These are unlikely to be anonymized in any meaningful way, which leads to persistent tracking. So, unknown to the end-user, advertisers can craft detailed profiles on individuals and market directly to them across the entire internet. Not only is this a blatant invasion of privacy, but it is also susceptible to abuse from predatory companies.

Google’s response to the cookie crumbling

Google recently decided to ban third-party cookies across its ad platform and block them by default on its popular Chrome browser[1]. So, has the search giant finally seen the light and found a newfound commitment to privacy? One peek at their advertising revenues should tell you all you need to know (over $37 billion in Q3 2020[2] alone). Google will not stop tracking people through mobile devices and will still target individuals with ads based on user behavior on their first-party application. Google is large and diverse enough that even first-party cookies pose a problem.

But at least they won’t be sharing individuals’ data with third-party advertising companies anymore, right? The technical answer is “right,” but it’s a bit more complicated. What they’ve really done is create a different way to track people for personalized ads. They have many projects aiming to replace the functionality of third-party cookies under a less toxic name.  The proposals seem to follow an avian theme for some reason, such as PIGINTURTLEDOVESPARROWSWANSPURFOWLPELICANPARROT, PARAKEET, and so on. But one idea has really taken flight…

Enter the FLoC

The FLoC project is deep into its testing phase and has been already delivered tangible results to advertisers (approximately 95% return on ad spend compared to third-party cookies[3]). FLoC stands for Federated Learning of Cohorts. A name that not only rolls right off the tongue but is also definitely not confusing and immediately makes its meaning known.

Snark aside, a FLoC clusters larger groups of people with similar interests together under a shared ID number (their “cohort”) and serves those within the group personalized ads. It uses sophisticated Machine Learning algorithms to analyze variables like the URLs visited, website content, and the typically nebulous “other factors.” So, Google still pulls this data from browsing history, but the information gets calculated on the user’s device rather than sent back to a Google server. This local data gets compiled with thousands of other users to remain private.

Privacy advocates, however, don’t see this as a suitable solution.

Issues with FLoC

Even looking past Google’s dubious past (and present) regarding privacy, the FLoC project raises concerns.

  • Fingerprinting. Millions of websites use hidden code to pull details about their visitors’ computers, and therefore, identities. With FLoC, Instead of distinguishing an individual’s browser from hundreds of millions of others, advertisers only have to worry about how many reside in a particular cohort (thousands?). Google is trying to mitigate this, but there’s no solution coming soon, and the project is already rolling out. Evidently, it’s not a top priority.
  • Contextual identification. Companies could combine a cohort ID with other information, such as data obtained from having a ‘Login with your Google account’ option to identify people. Furthermore,  advertisers can infer demographics from a particular Cohort since people with similar browsing interests can likely be siloed into fairly accurate groups. Google claims it will protect ‘sensitive info’ like race and sexual preference, but its effectiveness is unknown. There’s less recourse for this when it does happen, too, because they’ll have plausible deniability about targeting these ‘protected’ entities.
  • Exploitation. FLoCs could result in the proliferation of exploitative practices. For instance, a cohort of people visiting sites about credit repair could receive ads for payday loans or other manipulative products and services.

Conclusion

This project is already well underway. The days of personalized advertising are here to stay. There’s simply too much money at stake for it to go away without explicit regulation. FLoC only applies to the Chrome browser, which happens to be by far the most popular web browser. If you don’t want to participate in these shenanigans, you’ll have to use a privacy-focused browser. FLoC seems like a step in the right direction over third-party cookies, but it’d be hard to be worse than them. Valid concerns still exist, and privacy-oriented people likely won’t celebrate this stopgap.

Stay private

AXEL promotes the concept of data custody and prioritizes keeping user data secure and private. If you don’t want Big Tech companies like Google mining your information and tracking you incessantly, break free from their hegemony. Share and store files online without anxiety. AXEL Go is a safe, privacy-focused platform that utilizes blockchain technology, the InterPlanetary File  System, and AES 256-Bit encryption. Take back control of your digital privacy. Try AXEL Go today. For $9.99, you can upgrade to a premium account and unlock all of its unique features.

[1] David Temkin, “Charting a course towards a more privacy-first web”, Blog.google, March 3, 2021, https://blog.google/products/ads-commerce/a-more-privacy-first-web/

[2] Kim Lyons, “YouTube brings in $5 billion in ad revenue as Alphabet and Google bounce back”, TheVerge.com, Oct.. 29, 2020, https://www.theverge.com/2020/10/29/21531711/google-alphabet-ad-revenue-youtube-waymo-cloud-search

[3] Chetna Bindra, “Building a privacy-first future for web advertising, Blog.google, Jan. 25, 2021, https://blog.google/products/ads-commerce/2021-01-privacy-sandbox/

Should Privacy be a Human Right?

With the advancements in the mass surveillance technology used by governments and corporations, maintaining individual privacy has never been more important. AXEL believes privacy is a fundamental human right that these powerful institutions need to acknowledge. Without a vigorous defense of this position, influential organizations will inevitably erode privacy protections and lead society down a dark, Orwellian path.

Privacy law – not a new thing

Citizens demanding basic privacy is not a new phenomenon. Formal privacy law goes all the way back to 1361 AD in England[1]. Nevermind modern accouterments like cellphones, back then niceties such as plumbing and an easily traversable road system weren’t fathomable. It was the time of King Edward the III, with England and France engaged in what was to be known as ‘The 100 Years War.’ In other words, a LONG time ago.

The Justices of the Peace Act outlawed peeping toms and eavesdroppers under the penalty of imprisonment. It was a way to stop the town weirdo from spying on neighbors from behind a cow or haycart.

Today these concerns seem quaint, as every computer, cellphone, smartwatch, digital assistant, or any other piece of internet-connected technology is the equivalent of an eavesdropping creep. On the plus side, medicine advanced past the practice of bloodletting as a cure-all. So, we’ve got that going for us.

A decree from the United Nations

Fast-forward over half a millennium to 1948. The newly-formed international coalition, the United Nations, released the United Nations Declaration of Human Rights[2]. This short document outlined various human rights for all people. Article 12 states, “No one shall be subjected to arbitrary interference with his privacy, family, home, or correspondence, nor to attack upon his honor and reputation. Everyone has the right to  the protection of the law against such interference or attack.”

While these UN guidelines are clear and concise, they lacked any true enforcement capabilities. Fantastic ideals in theory; often ignored in practice.

United States privacy law history

Unfortunately, The United States Constitution doesn’t explicitly guarantee privacy as a right. However, not all is lost. Throughout the years, there have been legal arguments that other liberties imply privacy rights. Examples include:

  • Stanford Law Review April 2010. A piece in the prestigious legal journal by Orin Kerr outlined an argument that sought to apply the Fourth Amendment to internet privacy[3]. The focus is on police-related intrusions, specifically dealing with warrant requirements for digital surveillance.
  • Griswold v. Connecticut. This 1965 case set the precedent that the Constitution grants privacy rights against government intrusion implicitly from other liberties established in the Bill of Rights[4]. While the case pertained to marital relations, the ruling set a precedent for the more general concept of implicit rights.

The current state of privacy

Two-thirds of countries have privacy regulations on the books[5]. So, everything’s all good, right? Time for privacy advocates to pack it up and celebrate their victory! No, things are not all rainbows and sunshine in this space. In fact, the situation is pretty bad.

Government privacy intrusions

The U.S. government spying on its citizens is nothing new. The practice dates back at least 70 years. Over this time, many groups (political activists, civil rights leaders, union participants, the far-Left, the far-Right, you name it) became surveillance targets of federal agencies like the FBI, CIA, and NSA. However, the devastating 9/11 attacks combined with advancing digital technology created a perfect storm for privacy intrusion at a scale never before seen.

The details of which were outlined by whistleblower Edward Snowden in 2013[6]. Here are a few significant revelations of the leaks:

  • The NSA collected millions of peoples’ cellphone metadata (i.e., when calls are made/to whom) and location information[7]. A federal appeals court finally ruled this tactic illegal in 2020[8].
  • The NSA can easily break internet standard encryption methods to view private emails, financial transactions, and other personal data[9].
  • The NSA implemented a program code-named PRISM where the Big Tech companies would mine user data and turn it over to the agency upon request[10].

These only scratch the surface of the Snowden leaks. The story received enormous press coverage over the years, putting pressure on the federal agencies for more transparency. It is naive to think organizations like the NSA stopped using these tactics, though. After all, the courts didn’t ban illegal phone metadata collection until seven years after initial disclosure, after multiple other scandals[11].

Corporate intrusions

Of course, the government doesn’t have a monopoly on invading peoples’ privacy. Corporations are big players in the game, too (although, as seen in the PRISM program, the two entities can work together.)

Big Tech has a notorious reputation in this regard. Companies such as Facebook, Google, and Amazon collect so much personal data that their algorithms probably know people better than they know themselves.

The most known scandal involved Cambridge Analytica, a Big Data firm that bought user data from Facebook and used it to serve targeted political ads, allegedly resulting in a shift toward Donald Trump’s election[12].

Regardless of that hypothesis’s validity, data mining and selling are an everyday occurrence in Big Tech’s world. All one has to do is read the privacy policies or terms of service agreements the companies provide to get a glimpse at the breadth of knowledge they have about individuals. Easier said than done since those policies are thousands of words of legalese, but decipher them, and it becomes quite creepy.

Tougher legislation

Data privacy and protection are now mainstream topics. As such, some governments are enacting stronger legislation. The Gold Standard of these laws is the General Data Protection Regulation (GDPR) in the European Union. It is the most comprehensive data privacy law to date.

California took the main framework of the GDPR and passed a similar law called the California Privacy Rights Act (CPRA), which will take a few years to implement fully. While these are the best laws currently in effect, they still have loopholes that will undoubtedly lead to exploitation. Do they go far enough to protect everyone’s personal information? Only time will tell.

Be proactive

The GDPR and CPRA are much needed, but people should take matters into their own hands as well. Stop relying on “free” software from the megacorporations and search for privacy-based alternatives.

AXEL Go is the perfect solution for anyone looking for a private, secure file-sharing and storage platform. It has blockchain implementation, runs on the un-censorable InterPlanetary File System, and utilizes military-spec AES 256-bit encryption to ensure your files aren’t compromised. Sign up for a free Basic account and receive 2GB of online storage and enough network fuel for hundreds of typical shares. AXEL truly believes privacy is an inalienable human right. That’s why AXEL Go has industry-leading privacy features that will only get better. Download it today.

 

 

 

[1] English Parliament, “Justices of the Peace Act 1361”, legislation.gov.uk, https://www.legislation.gov.uk/aep/Edw3/34/1

[2] The United Nations, “The Universal Declaration of Human Rights”, un.org, 1948, https://www.un.org/en/universal-declaration-human-rights/#:~:text=Article%2012.,against%20such%20interference%20or%20attacks

[3] Kerr, Orin S. “Applying the Fourth Amendment to the Internet: A General Approach.” Stanford Law Review 62, no. 4 (2010): 1005-049. Accessed February 24, 2021. http://www.jstor.org/stable/40649623

[4] “Griswold v. Connecticut.” Oyez. Accessed February 24, 2021. https://www.oyez.org/cases/1964/496

[5] “Data Protection and Privacy Legislation Worldwide”, UNCTAD, Feb. 4, 2020, https://unctad.org/page/data-protection-and-privacy-legislation-worldwide

[6] Glen Greenwald, “Edward Snowden: the whistleblower behind the NSA surveillance revelations”, The Guardian, June 9, 2013, https://www.theguardian.com/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance

[7] Barton Gellman, Ashkan Soltani, “NSA tracking cellphone locations worldwide, Snowden documents show”, The Washington Post, Dec. 4, 2013, https://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html

[8] Josh Gerstein, “Court rules NSA phone snooping illegal -after 7-year delay”, Politico, Sept. 2, 2020, https://www.politico.com/news/2020/09/02/court-rules-nsa-phone-snooping-illegal-407727

[9] Joseph Menn, “New Snowden documents say NSA can break common Internet encryption”, Reuters, Sept. 5, 2016, https://www.reuters.com/article/net-us-usa-security-snowden-encryption/new-snowden-documents-say-nsa-can-break-common-internet-encryption-idUSBRE98413720130905

[10] Barton Gellman, Laura Poitras, “U.S., British intelligence mining data from nin U.S. Internet companies in broad secret program”, The Washington Post, June 7, 2013, https://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html

[11] Zack Whittaker, “NSA improperly collected Americans’ phone records for a second time, documents reveal”, Tech Crunch, June 26, 2019, https://techcrunch.com/2019/06/26/nsa-improper-phone-records-collection/

[12] Dan Patterson, “Facebook data privacy scandal: A cheat sheet”, Tech Republic, July 30, 2020, https://www.techrepublic.com/article/facebook-data-privacy-scandal-a-cheat-sheet/