I've long been interested in digital rights and how they can be protected and strengthed through regulatory and technical means.
Digital privacy
I believe that people should have a right to control their privacy online.
Australia has various information privacy laws which regulate different areas. The Privacy Act 1988 (Cth) enacts a regulator called the Privacy Commissioner (or rather now, the Australian Information Commissioner) with powers to regulate Commonwealth agencies and companies, and the Information Privacy Act 2009 (Qld) enacts a Privacy Commissioner with powers to regulate Qld agencies.
If you read the Australian Privacy Principals (APPs) from the Privacy Act, and then read about data brokers, one may be lead to believe that these are at odds with each other. Many data brokers claim to have data on millions, or even billions of inviduals, with hundreds to thousands of data points on the average individual such as interests and purchasing habits. Many of these data brokers are companies that most people have never heard of before. Generally speaking, the Privacy Act only permits collection "from the individual". The Australian Privacy Foundation provides a good write-up on this. It seems unlikely that millions and billions of people would hand over large amounts of their personal information to companies they've never heard of before. Large companies like Facebook (Meta) and Microsoft purchase data from these brokers, again, seemingly at odds with the Act.
Over the past few months I've been trying to exercise my rights under privacy laws to get access to my data, find out when and where the collections took place, from whom, and third party disclosures. APP 12, for example, requires that companies provide access to personal information on request. So far I have had limited success.
I have an outstanding case with the OAIC after requesting that Facebook delete an old account of mine. I only found out about this old account recently after Facebook notified me that it would begin processing my personal information with AI. I requested an account deletion, but they stalled and eventually stopped responding to me. Facebook has breached the Privacy Act in multiple ways, including not providing a refusal to correct (delete) my personal information under APP 13.3.
I have another unusual case where a data broker reached out to me to tell me that they had my information and would disclose it further. Based on the information they had, it would seem that the information came from a particular organisation, but when I reached out they said they had no relationship with the broker. I am currently seeking records about when the collections and disclosures have occurred and from whom.
Digital identity
Something that has been gaining traction amongst western countries is mainstream adoption of formal, government-issued digital identity. My views on digital identity are somewhat nuanced; on one hand it can empower individuals to interact with government digitally, on the other hand it can create privacy and digital rights issues.
One of my major concerns about digital identity is that many implementations involve an app, and that app probably only works on a Google-capable Android or Apple phone. You would need to have a Google or Apple account to interact with the government digitally, or alternatively access a government service centre in-person Monday-Friday during work hours. We can see this with Australia's myGovID and Australia Post's Digital iD apps which only support Google Play and Apple App Store.
Government really needs to make its services work in an interoperable way and provide interoperable alternatives to Google and Apple, like, a web interface plus MFA, or an app on F-Droid which functions on non-Google devices.
Australia, at the behest of the eSafety Commissioner, is investigating mandatory age verification (perhaps overlapping with digital identity) for social media. I recently wrote a submission to an inquiry into use of age verification for social media with privacy, security and anti-competition concerns.
Multi-factor authentication
Many website use multi-factor authentication (also known as two-factor authentication, SMS codes, security codes, out-of-band authentication, etc.). Did you know that many of these MFA methods are quite flawed in their approach? SMS codes are notoriously insecure as your phone number can be hijacked. For this reason, NIST designated SMS MFA as a "restricted" method in 2023, and it was recommended to avoid for much longer.
There are some really good alternatives to SMS as MFA, such as TOTP (commonly referred to as "Authenticator") and Passkeys. I believe that all organisations, especially financial institutions, must at least provide an opt-in for TOTP and/or Passkey. Longer term I would like to see it become opt out, and then eventually for SMS MFA to be phased out.
Social media
Social media and instant messengers (often intertwined) have become really important parts of people's lives. Facebook dominates both areas but I won't use it.
Facebook (and WhatsApp, Instagram and Messenger) collect information about people's internet browsing habits and offline purchasing habits. It uses dark patterns, uses psychology to keep people scrolling longer and bans third party apps, which are just a few points that are just the tip of the iceberg.
Mastodon and the fediverse are a little more like the email system, but social media. You choose a provider and you can interact with social media users both within and external to your provider.
Importantly, Mastodon allows third party clients/apps and is FOSS. Most providers don't collect information about people's internet browsing habits and offline purchasing habits. Most providers don't display ads. Mastodon is basically social media without the bad parts.
Currently Signal is my messaging app of choice. It has FOSS apps available on pretty much any phone/device and can also be run from a PC. It can do video and audio calls, GIFs and other nice-to-have features making it very comparable to Messenger and others. The Signal Technology Foundation is a 501c3 non-profit organisation and relies on donations to stay afloat.
I also use Matrix.org, which shows promise as a federated messaging system but doesn't have widespread adoption.
Social media for groups
For a long time many organisations recognised the need to have multiple public social media accounts, which were usually Facebook, Twitter and Instagram. Being on multiple sites maximises engagement as users were spread across multiple sites. Since X (formerly Twitter) has fallen out of mainstream adoption many organisations solely rely on Facebook and Instagram (owned by the same company).
I believe that Mastodon and the Fediverse fills the gap provided by Twitter, and perhaps more. In 2023 the BBC launched their social.bbc Mastodon site initially as an experiment. Many organisations have Mastodon accounts, some use a third party like mastodon.social and others host themselves like the BBC does.
Facebook Groups and Messenger group chats are popular ways to organise groups, both exclusive to Facebook users. Signal group chats, Matrix.org group chats, email, Mailman-style mailing lists are currently the best alternatives I can think of to using Facebook for organising groups.
FOSS
I'm a big supporter of free and open-source software (FOSS) and the various projects that make up the FOSS community like GNU, Linux, LibreOffice, Mozilla (mostly), KDE and many others.
I use Debian distro as the operating system for my computer.
I use LineageOS on my phone which is effectively FOSS Android without any Google Play components.
In my personal life I largely unsubscribe from anything Microsoft, Google, Apple etc. As a technologist I think they are headed in the wrong direction. Big tech has been moving away from the self-determined computing model to a vertically-integrated, walled-garden model that is nigh impossible to escape. Sci-fi author and writer Cory Doctorow aptly calls this enshittification.
FOSS often implies interoperatility which means the software that you use will work with other software. Proprietary software, like most software produced by Microsoft, does the opposite, where the software and file formats are designed to not work on systems except the one they intend it to.