CIO

Privacy is the new killer app

Ello, Wiper, Anonabox and others prove that Apple, Facebook and the like can't rest on their laurels when it comes to security.

A funny thing is happening in the wake of the Edward Snowden NSA revelations, the infamous iCloud hack of celebrity nude photos, and the hit parade of customer data breaches at Target, Home Depot and the U.S. Postal Service. If it's not the government looking at your data, it's bored, lonely teenagers from the Internet or credit card fraudsters.

But there's a silver lining to the cloud: For probably the first time since the launch of Facebook, people are actually sitting down to think about their privacy and about who's doing what with our data -- specifically, what we're willing to share, and what we're willing to give up to advertisers in the name of easy sharing, constant communication and sweet, sweet validation.

And it's led to a new generation of apps where privacy is the feature. A report released by Forrester this week predicts that 2015 is the year when privacy becomes a competitive differentiator in technology, as users look for solutions that strike the right balance between secure and convenient.

In other words, privacy is the new killer app.

Cool or creepy?

"There is a maze of conflicting global privacy laws to address and business partner requirements to meet in today's data economy. There's also a fine line between cool and creepy, and often it's blurred," writes Forrester analyst Heidi Shey.

That Forrester report is backed by a Pew survey released this week indicates that 91% of all American adults feel like they don't have any control over their personal data, with 80% of social network users reporting that they're concerned about how advertisers use their data and another 70% saying they're at least somewhat concerned about government intrusion.

Now, there's just not much you can do about government intrusion -- thanks to surveillance-friendly legislation, if they want your stuff, they're pretty much going to get it, as evidenced by Dropbox CEO Drew Houston's infamous public admission that the platform is a "trade-off" between privacy and security.

But there's this concept in information security called the attack surface: The more code you run on more systems with more theoretical points of entry, the less secure you are, because a hypothetical attacker has more weak points to exploit. Similarly, the fewer places you put your stuff, and the tighter control you have over those places, the less likely you are to get snooped upon -- and the harder time advertisers are going to have to turn your personal life into monetized content.

Ello, or good-bye?

Which brings us to today, and a new breed of technology that's less about finding extra ways to share stuff on the Internet and more about helping us do so in private. Take, for example, Ello, the new social network that resonated briefly but brightly with the younger set for its commitment to never, ever selling user data -- backed up by the adoption of a pioneering Public Benefit Corporation business structure that legally forbids it from doing just that. Instead, Ello plans to make money with paid features on top of the free product.

It turns out that people liked Ello a lot more as a concept than as an actual product.  The site's one million users (with three million more waiting on an invitation as of the end of October) just don't post very much.

Speaking personally, my Ello news feed is a ghost town, and once the initial rush of a new social network with a high-minded philosophy died down, people noticed it just wasn't as good or as fully fleshed-out as Facebook or Twitter, and moved back, privacy be damned. As the New York Times put it in the headline of its report on that Pew survey, "Americans Say They Want Privacy, but Act as if They Don't."

So while there's not been a single app or product with as much buzz as Ello, we definitely see some success stories among products that enable users to communicate much as they do now, but more securely.

And then there's Wiper

Take, for example, Wiper, a messaging and video calling app that gives users control by never archiving anything on its own servers and actually letting them permanently delete content from a conversation -- not just from their devices, but from the devices of the people they're talking to. It's a handy escape hatch when you accidentally say the wrong thing (or send the wrong picture, nudge nudge, wink wink, say no more).

Wiper was born from a simple question, says founder Manlio Carrelli: "Why is everybody storing all my stuff?"

The standard approach is not only shady, Carrelli says. It's destructive to honest conversation, because everything you say ends up as a kind of permanent record. Trusting the wrong service or somehow getting the attention of an NSA analyst means that your private conversation isn't so private. And there's no going back from whatever you said. Which is why giving users control over what gets saved is so crucial, Carrelli says.

"It doesn't seem like a great way to live our lives," he says.

Wiper has found special success in the Middle East, where privacy and HD video calling are both killer features. The app is attempting to reach a broader audience by taking its core privacy-first philosophy and gradually expanding with more social features, starting with YouTube playlist sharing.

There are other approaches, too: The controversial Anonabox project, a teeny-tiny router that automatically shunts your web traffic through the TOR Internet anonymity portal, raised close to $600,000 on Kickstarter before getting shut down for violating the crowdfunding platform's rules -- it turns out the Anonabox isn't as "original" as the creators led funders to believe, based almost entirely on off-the-shelf parts running modified firmware. It's since found second life on the more lax IndieGoGo platform, where it successfully met its funding goal.

The big guys take the hint

Meanwhile, the big technology companies aren't sitting idle. While, again, no single startup even slightly poses a threat, the Ello phenomenon and the spotlight on Anonabox at least proved user unrest around privacy matters.

Facebook, in response to all of this, has hugely shortened and jazzed up its user data policy statements, making it something a real live person might actually read. It doesn't change the fact that they're selling data to advertisers, but at least it removes an element of paranoia and works to restore some confidence. Not to mention that it gives Facebook better leverage when trying to convince its users that stuff like location services fall closer to "cool" than "creepy."

Likewise, Apple got a much-needed vote of confidence from the Electronic Frontier Foundation in a report that its proprietary iMessage and FaceTime messaging tools were the most secure and strongly encrypted solutions of their kind, which helped ease concerns in the wake of iCloud hacks and the so-called Fappening.

The constant stings from apps and services that rightfully claim to be better than the Silicon Valley establishment about privacy and security may not kill them, but it keeps them from resting on their laurels. As Forrester says, expect 2015 to be the year when privacy becomes a competitive differentiator, as users expect better control over their data and a more public commitment to keeping it safe and the process it gets used transparent.

In other words: It's no longer enough to be good. You have to be secure, too.