CCC – stuff to watch

Making Experts Makers and Makers Experts


Gamified Control?

China’s Social Credit Systems


Demystifying Network Cards

Things you always wanted to know about NIC drivers


Everything you want to know about x86 microcode, but might have been afraid to ask

An introduction into reverse-engineering x86 microcode and writing it yourself


Protecting Your Privacy at the Border

Traveling with Digital Devices in the Golden Age of Surveillance







Decrypting French encryption law


Financial surveillance

Exposing the global banking watchlist



Lets break modern binary code obfuscation

A semantics based approach



Opening Closed Systems with GlitchKit

‘Liberating’ Firmware from Closed Devices with Open Source Hardware



How Alice and Bob meet if they don’t like onions

Survey of Network Anonymisation Techniques



Catch me if you can: Internet Activism in Saudi Arabia



We should share our secrets

Shamir secret sharing: How it works and how to implement it



Regulating Autonomous Weapons

The time travelling android isn’t even our biggest problem



Italy’s surveillance toolbox

Research on Monitoring Italian Government Surveillance Capabilities by means of Transparency tools



History and implications of DRM

From tractors to Web standards




if it is free, you are [not] the product

“If it is free, you are the product” 

This statement is an easy shot.

Google, Facebook, Twitter, etc. are free because they use our data.

Therefore we are bound to agree to this fact or simply close our social account and disconnect from the rest of the world.

But is it really true?

Can we never see anything offered for free that is not perverted at its core?

It is not what you think

The usual argument says : “Free for the users, means that you have to pay with your privacy and the reason for it is that since you are not willing to pay for the service, then somebody has to – hence advertisers“.

But that is a bit simplistic.

It forces us to agree that privacy goes against the natural evolution of the world.

And this is reinforced by opinion pieces in the media and barely refuted by the same company we accuse of doing so.

Yet, it might be a bit more complex than that.

Derek Powazek has actually a good piece where he explains:

“I’ve worked for, and even run, many companies in the last 20 years with various business models. Some provided something free in an attempt to build an audience large enough to sell advertising, some charged customers directly, and some did a combination of both. All treated their users with varying levels of respect. There was no correlation between how much money users paid and how well they were treated.”

Which make sense, not everything free is evil .

“For example, at JPG Magazine we sold something to our audience (magazines, subscriptions, and ultimately other digital services) and we also sold ads and sponsorships (online and in print). We made it 100% clear to our members that their photos always belonged to them, and we had strict rules for what advertisers could do in the magazine.”

Transparency is the key


We also paid our members for the privilege of including their photos in the printed magazine (as opposed to Instagram’s new policy that they can use your photos however they want, even in ads, without paying you a dime).

Instagram is a part of Facebook (so is Whatsapp).

Have you ever read the terms and conditions?

This example is much more complicated than the black and white “you’re the product” logic allows. In some cases, users got the service for free. In others, they paid us to get the magazine. In still others, we paid them! So who/what is the product?

The devil is in the details.

Black  & white approach is usually an over simplistic way to look at a situation.

And just because you pay doesn’t mean you’re not the product. Cable TV companies take our money and sell us to the channels, magazines take our money and still sell ads, banks and credit cards charge us money for the service of having our money.

Any store that has a “loyalty card” takes our money for products but gives us a discount in exchange for the ability to monitor what we buy. In the real world, we routinely become “the product” even when we’re already paying

Companies have always collected data.

We just started to take notice.

Trust issues

The core of the problem is not really how much data is collected, but how this information is used and can we trust the company to be transparent about what they do or not.

In the end, it is all a questions of intent.

When it was revealed that snapchat never deleted the content even though they told their users they a snap disappeared after 24h, the lie became obvious.

When Facebook is accused of picking sides in US politics (and it is their right to do it, it is a private company) people start to be concerned one way or the other about the impact of the platform in the world.

When Google is meddling with UK NHS records of patients (while nobody really signed up for that) the question is not about whether or not the service is free or paid, it is whether or not we can trust these companies to act in our best interest at all.

The satirical following conversation give you an idea of what could happen in a big-data, no-privacy, AI-first world:


I am not 100% sure that if users would be paying for the service it would make such a big difference.

On the other hand, you have services like Mastodon, an open-source twitter clone, who also collect data  (since you need data to be collected for the service to work)but doesn’t try to hide anything about what is happening to the information you share, the general approach they took from the beginning is very transparent and upfront explanation of how things works.





  • Money you pay and how you are treated by a company are too separate things.
  • Free is no excuse to lie to you about what happens to your data
  • Free doesn’t mean you will be the product
  • It is all about the intent
  • Ask for transparency
  • if you don’t get it, probably assume the worse

How big is Google?

I was working earlier on a post on privacy, then realised I cannot even start to give a proper introduction to it without laying down some facts first.

So, there will be no jumping straight into the subject of privacy, centralisation of the internet, and how politics is affecting the internet as a whole.

Instead, we will take a couple of posts to really define the current state of the internet, also give an historical perspective, before diving into the core of the subject.

How big is Google?

Here is the first short documentary which I wanted to share – and summarise.

This is the work of  Dagogo Altraide, an australian film Maker.

(I will be using more of his materials in future post while digging on this topic.)



Very big.

Google owns :

  • Google : What you search
  • Gmail: What you say and to who
  • Android : Where you live (geo-localisation), what you say (remember “OK Google”?), what you do (which app you open).
  • Youtube : What you watch
  • Maps : Where you go
  • Google docs : What you are working on.

But also:

  • A couple of Artificial intelligence companies
  • A couple of robotic companies

And also:

  • Internet Ballons
  • Quantum computing
  • Some medical hardware products
  • More stuff we don’t even know enough details about

Why should you care?

Even if you don’t hold any Google stock, you should still care.

First, because centralisation and monopolies historically are never in the interest of the end-users. Less choice, less leverage.

Second, because decentralisation of Internet services is what has helped disruption and innovation online for the past 20 years.

Third, because while Google motto was once “Don’t be evil” (and still is part of Google code of conduct) – it has clearly demonstrated over the years that it is closer lip-service than to a real manifesto.

From harvesting your medical records to snooping on your wifi while taking picture of your street, or simply bypassing anti-tracking software without telling anybody, and since they can basically access all information they want on your Android, they do it : ever wonder who see your WiFi password when you save it?

So yeah, this whole “Don’t be evil” thing is more a myth than anything else.

Don’t be mistaken however, I am not ranting against Google here.

I am trying to get the fact – so I can get a better understand of privacy in the 21st century.

And so far, the facts say we have centralised a large part of the Internet into one company and it doesn’t look like a very good sign for the future of the Internet.

Where do we go from here?

In order to better understand the digital landscape as a whole I am going to add a couple of posts on Amazon, Apple and maybe a couple of other companies, and then see how much we can trust them with our data, and if we should even care what they do with this data, and finally see if we have even alternatives to these companies.


As usual, I’d love to hear what you think in the comments.