Spyware 2.0

22 Aug, 2014 It’s time we evolved the meaning of a familiar term from the personal computer era to tackle the challenges of the Internet era.

Spyware 2.0 ♥ you!

Cute and colourful, the friendly façade of ‘free’ service providers like Google and Facebook belie a darker underbelly.

It might be hard to believe if you’re a child of the Internet but there was once a time when private was the default. In the pre-networked days of the personal computer, we took for granted that any data that was on our computers was ours and ours alone and that no one else could or should access it without our permission. Sure, we shared things (on floppy little magnetic disks like animals, no less) but it was us who decided what we shared and when and with whom.

We were in control.

If any piece of software acted against this implicit contract, we knew what to call it: malware.

Specifically, spyware.

Spyware [1.0] (noun): computer software that secretly records information about the way you use your computer. — Merriam Webster

Spyware 1.0

The initial definition of spyware, in the era of personal computers, was software that spied on you without your knowledge. Software like keyloggers fell into this category even in the pre-Internet days. In the early days of the Internet, we evolved the definition slightly to include software that surreptitiously phoned home to snitch you. We called spyware spyware and we knew to be watchful about such malware and to protect ourselves from it.

This definition of spyware served us well in an era where private was the default and expecting privacy from the tools that we owned and controlled was the norm.

Then the topology of consumer technology changed and we found ourselves living in the brave new world of the World Wide Web.

The Weary Winding Way back to centralisation

The topology of computer technology has undergone three major shifts since its inception and it is due a fourth one any day now. It goes in cycles, drifting from centralised to distributed and back. The birth of mainstream computing sported a centralised topology with mainframe computers, shifted to a distributed topology with personal computing, and has now shifted back again to a centralised topology with the World Wide Web.

The World Wide Web initially began as a decentralised system with many centers. However, since its inception and initial proliferation, we have witnessed a gradual yet accelerating consolidation of those centers. So much so that today we live in a world where the Internet is dominated by a handful of publicly-traded transnational companies.

A decentralised system, when cultured in an unregulated enzymatic pool of private subsidy, will naturally coalesce by opportunistically exploiting inherent economies of scale until all that is left are a handful of gargantuan tumours. Today, we call these tumours Google, Facebook, Yahoo, and so on. And we are what they feed on.

We find ourselves living in a topological context similar to the days of mainframe computers. The difference is that our mainframe computers (we call them ‘clouds’ today) have ubiquitous reach.

The monopolistic structure of the Internet today is a reflection of the monopoly of the business model that is common to these cancerous growths. This monopoly spies on us, mines us for information, and experiments on us with the goal of translating this insight into revenue. Being a monopoly, it leaves ordinary consumers without access to alternatives that don’t spy on them.

The lack of viable alternatives to this monopoly fundamentally threatens our civil liberties and, ultimately, democracy itself.

And we need to call this practice something.

Spyware 2.0

Last month, during the second day of the ind.ie/summit, Doug Belshaw ran a session to try and name the problem. Although there was much valuable conversation, to the best of my knowledge, no consensus was reached. It is clear that we are all aware that there is a problem but we are not sure what to call it. If we are to be effective in identifying, cataloguing, discussing, and fixing this problem, we must have a name by which we can all agree to call it.

I’ve so far been calling it corporate surveillance (in part to differentiate it from government surveillance). But corporate surveillance is unnecessarily verbose. It is also not an accessible term. It is the sort of term that makes your eyes glaze over by the time you get to the fifth syllable.

Needless to say, I’ve been giving this quite a bit of thought and I’ve reached the conclusion that it is simply unnecessary to come up with a new term. Because we already have a term that works. A term that beautifully describes what the wares of companies like Google and Facebook are. We just need to update its definition to meet the needs of the Internet era.

That word is spyware.

Let me state it plainly: Google is a spyware company. Facebook is a spyware company. Any company whose products spy on you is a spyware company.

To spy on: observe (someone) furtively. Middle English: shortening of Old French espie 'espying', espier 'espy', of Germanic origin, from an Indo-European root shared by Latin specere 'behold, look'. — Oxford Dictionary

Kittens and rainbows

Spyware 2.0 is not cloak and dagger. It’s not hiding in the shadows; it’s hiding out in plain sight like some saccharine Ronald McDonald statue. Spyware 2.0 is all cute doodles and loveable dinosaurs. It’s all the colours of the rainbow. Spyware 2.0 is so damn adorable that you just want to hug it as tightly as you can and never let it go. Spyware 2.0 loves you like a kitten.

The only difference between Spyware 1.0 and Spyware 2.0 is that the purveyors of spyware in the Internet era are not doing it entirely in secret.

I say entirely because they are not completely transparent either. Privacy policies spell out general usage but omit granular, comprehensive use cases. What analysis and experiments do they perform on you and your behaviour? How is the data you provide combined with other third-party data and what additional insights about you does this provide? Given the myriad of applications for your personal information, some of which haven’t been dreamed up yet, I would argue that is it impossible for spyware vendors to be entirely transparent and comprehensive in their disclosures even if they wanted to be.

Spyware: the dominant business on the Internet

Whereas Spyware 1.0 was an anomaly — easily-identified as malware — Spyware 2.0 is the hegemonic norm of the Internet era; rendered invisible by its very ubiquity.

The purveyors of Spyware 2.0 tell us that we have the choice to not use their services; that we volunteer our data willingly. But do we really have a choice when the business model of spyware itself is a monopoly on the Internet today?

Say I choose not to use Google and use Yahoo instead. What is Yahoo’s business model? Oh, it’s the same: to spy on me. If I drop Flickr for Instagram, what is Instagram’s business model? Yep, you guessed it! As the business of spyware is a monopoly on the Internet today, the choice we’re actually being presented with is this: either accept being spied on or go disconnect yourself from modern life.

Spyware is the perfect term to call the services, devices, and connectivity offered by companies whose business model it is to observe and study us in order to manipulate our behaviour for profit. It is the term that I will be using from now on and I invite you to do the same.