Everything started with a whistleblower at Cambridge Analytica.

Not the privacy problems — those started over a decade before, as mass surveillance became a business model and a competitive advantage.

Not the real solutions — if you squint hard, you can make out their silhouettes somewhere on the horizon. For now we hazily mumble about vague regulations, ineffective boycotts, or the impossibility of tech abstinence.

But the public conversation did start — in the press, at water coolers, at family dinners. What was really happening behind the candy-colored veil of consumer applications? What were the consequences for companies who failed to secure data? What were the consequences for us, the consumers?

There were whispers of fines, of warnings, of new laws. Large numbers were proposed (but perhaps not nearly large enough). Would anyone go to jail? Would any companies collapse? Would fines just become another cost of doing business in the age of surveillance capitalism, like they have for banks?

Then something unexpected happened.

“When in doubt, we should assume that monopolistic practices are masquerading as security theater.”

Instead of being Big Tech’s Original Sin, “privacy” became a competitive differentiator. While Facebook and Google were raked in the press, Apple pushed out aggressive marketing campaigns. CEO Tim Cook blasted the “data-industrial complex” that stood in opposition to Apple’s own practices. Prominently-placed billboards proclaimed: “What Happens on Your iPhone, Stays On Your iPhone.” It felt like billions of thumbs shoved squarely into Mark Zuckerberg’s eyes.

But then Zuck shoved back. A rare blog post laid out his seemingly sincere vision for Facebook’s “privacy-focused” social networking platform. Later, without a shred of irony, the Facebook CEO stood on stage at F8 and declared the future to be “private” — while trying, and dramatically failing, to downplay his culpability for the present.

In his boldest move, Zuckerberg even openly called for regulation of Facebook in a Washington Post op-ed. “Lawmakers often tell me we have too much power over speech, and frankly I agree,” he wrote. He referenced other issues like data portability, election integrity, and global frameworks for legislation.

Even as Facebook took most of the heat in the press, Google was determined to add their voice to the privacy discussion. CEO Sundar Pichai penned his own conspicuous response to critics and competitors in the New York Times, aimed directly at Apple: “privacy cannot be a luxury good.”

We want to believe this is all good news — or at least, Big Tech certainly wants us to believe it, considering all the attention they’ve been determined to draw to their own proclamations. (None of these, by the way, seemed to take the form of an apology.) But the conversation about privacy is becoming very public, and it’s increasingly controlled by the very companies that by their own admission have too much power over speech. That tells us everything we need to know about their intentions.

We don’t have to do much work to figure out what might really be happening. In fact, it’s Zuckerberg himself that has given the game away.

Does Big Tech Dream of Regulatory Capture?

With Facebook’s public messages abruptly shifting away from the traditional Silicon Valley libertarian lean, we should certainly suspect opportunism. When companies call for regulation, it’s likely because they want to limit their liability and pass the buck to slow-moving governments. But, more diabolically, they understand regulation — especially “global frameworks” — can become a global company’s biggest moat.

How did Facebook build their empire? Aggressive, growth-at-all-costs business tactics and a willful disregard for protecting consumer data. Facebook’s motto? “Move fast and break things.” (At least, until 2014.) More descriptive might be how Facebook’s own growth team put it in 2008: “it’s fucking land grab time, so get all the fucking land you can get.”

Now it appears this truth, like so many other truths on Facebook, are being suppressed in favor of convenient and consoling fabrications. As Hela, colonialism-incarnate antagonist of Thor: Ragnarok, once said of an empire (though she was describing Odin, not Mark Zuckerberg): “Proud to have it. Ashamed of how he got it.”

Empires can be destroyed by fragmentation, especially ones secured by social economies of scale. Zuckerberg is rightfully afraid of antitrust proceedings. Forcing Facebook, Instagram, WhatsApp, and Messenger to become separate companies and ecosystems hurts their ad-targeting and ad-serving capabilities badly — a catastrophe, since over 90% of Facebook’s revenue comes from advertising.

Regulation of their existing practices, however, is really the best of all worlds for Facebook. The company has seemingly limitless capital to throw at lobbying, legal defenses, and government fines. Facebook has the resources to comply with (and influence) global standards as well as individual markets. Their smaller competitors, not so much.

It’s possible no one understands this better than Mark Zuckerberg, who recent testimony in front of Congress included this remark:

“I think a lot of times regulation puts in place rules that a large company like ours can easily comply with but that small start-ups can’t.”

And as Roger McNamee put things in The Guardian, Facebook’s actual proposals for regulation are “transparently self-serving.” One example:

“Facebook’s proposal on data portability… [does not address] metadata, browsing history, and data about users acquired from third parties… [which] enable microtargeting and behavior modification.”

While Zuckerberg is desperate to keep his empire, Google (read: Alphabet) should be equally fearful of the antitrust threat. Security experts have a history of taking the company to task for their data collection practices and use of dark patterns. This has gotten plenty of attention from regulators, if not from the mainstream press. Google’s laundry list of money-losing businesses likely could not survive without its digital advertising cash cow.

Google has at least taken the step of building some of the things Facebook has simply paid lip service to. But tellingly, just like Facebook, Google’s own proposed solutions seem like they are less about being pro-consumer and more about being anti-competitive. This includes their new limits on ad-tracking just announced at their I/O developer conference, which has some notable exceptions. As one headline aptly put it, “Chrome will make it harder for companies to track you online — unless they’re Google.”

Even Apple’s aggressive marketing seems designed to ignore its own privacy struggles, as well as its absolute power over developers through its App Store — something that has already earned it a formal investigation in Europe.

When we allow large tech companies to be primarily responsible for educating lawmakers on privacy, we should not be surprised when the resulting legislation primarily benefits the companies with the most resources. When we allow the same companies to build their own solutions, we should not be surprised when those solutions are designed to lock out competition. And when in doubt, we should assume that monopolistic practices are masquerading as security theater.

But if you can’t trust Mark Zuckerberg, then who can you trust? Maybe the answer should be: no one.

Can Decentralization Help?

Decentralized technologies and systems like blockchain are designed to solve difficult coordination problems without the need for over-regulation and trust in centralized entities, helping avoid regulatory capture (and perhaps prevent bailouts). Ideally, these systems are sustainable. In some senses, they are trustless. And hopefully, they are secure.

However, for all their benefits, blockchains are anything but private. As I’ve written elsewhere:

Blockchains have their own challenges. And unfortunately, one of the largest is privacy. Storing data on the blockchain is public by design, meaning that transaction histories are traceable, balances knowable, and user data exposed.

Of course, I wrote this in the context of another major Facebook move: its embrace of blockchain and launch of its own cryptocurrency.

Without privacy protections, a Facebook cryptocurrency (I lean towards the term “Facebucks”) would compete more with Venmo than bitcoin — a potentially lucrative coup for Facebook’s payments business, but an extension of what is already a privacy nightmare for users.

Yet again, a Big Tech product that is plausibly pro-consumer on its face turns out to be anti-competitive in its nature. The pattern is not difficult to recognize. But it is very challenging to prevent.

As we’re seeing, leaving companies to their own devices is dangerous. They’ll build products that further centralize their power. They’ll fight for legislation that benefits the richest participants in the global data economy and that strangles innovation and new entrants. Just imagine if only the richest and riskiest banks had gotten bailed out in the financial crisis, while countless others were left to fail spectacularly due to their lack of influence! (Oh wait, that’s what happened.)

Part of our mission at Enigma is to build decentralized systems that can help solve the deep problems we face with data privacy, data silos, and sharing data. We’re using and building new kinds of privacy technologies that haven’t been deployed at scale.

Of course, we can’t fix all these problems on our own. We’re part of an ecosystem of incredible projects and people trying to build a more secure, decentralized internet. Blockchains alone aren’t enough, and neither are we. But Big Tech isn’t solving for privacy — it’s solving for dominance. We all need to build together so that we can build the right things.

The reason consumers haven’t left Big Tech in droves isn’t because we don’t care. It’s because we lack real alternatives. And if we allow Facebook, Google, and Apple to have their way, it is possible we’ll never have a choice.

What can you do?

You can fight. Get involved with organizations like the EFF or the Center for Democracy and Technology.

You can read. There’s lots of incredible articles and resources focused on the challenges facing us as consumers and facing the nascent decentralized web.

You can join us. Become a part of the Enigma community, and help us build and scale new types of privacy solutions. If you’re passionate about privacy and decentralization, you can become part of our core group of supporters in the Enigma Collective. Together we help produce educational materials for developers and students, as well as support other projects and companies in building and deploying privacy-first decentralized applications and systems.

Let’s work to build a better future together — one that will protect the privacy and the rights of people, and not the power of monopolies.