Practical privacy and simple cybersecurity.
TheNewOil.org

Disinformation, Part 1

Let's do this.

Since I started blogging in 2018 (or somewhere thereabouts) I've promised to write a blog about disinformation. I keep saying “eventually” and “someday” and “in time.” Well that time is now.

You need to start lying. Or at least telling half-truths. And I'm here to give you some pointers on how to do it in a smart, sustainable, and ethical way. In this post, I'm going to give you everything you need to know about disinformation, when to use it, how to use it, why to use it, and more. So let's get into it.

What is Disinformation (and Why Should You Use It)?

Disinformation is the act of intentionally lying to mislead someone. Generally speaking, this is not good. You shouldn't lie to your spouse, your boss, or the general public ([insert snide political opinion here]). But in the context of privacy, disinformation is not only ethical (I would argue) but it's often our only choice. Surveillance capitalism thrives on knowing your true identity – on being able to link every single step, click, view, like, and comment back to the source so they can improve their profiles about you and sell you more stuff. Sometimes “more stuff” means another pair of shoes or a new band. Sometimes it means a political ideology.

At very least, a pretty non-controversial definition of privacy is “the ability to control the flow of information.” Some people may prefer a more hardcore definition, but most people can agree that at a bare minimum privacy means having choice over what you disclose and to whom. This is why I find disinformation to be ethical: many companies and corporations do not give us meaningful consent. There's this idea that “if you don't like a product/service, just don't use it.” Ignoring the fact that they track you anyways, this doesn't account for things like signing up for financial aid for college and being tracked or the DMV selling your data. If you live in a town with poor public transit (which is most American towns), that basically means you have to pick between privacy or wasting hours of your life each week getting places that would otherwise take a fraction of the time. When your hands are so aggressively tied by the people above you and the “choices” given to you more closely resemble illusions and punishments, disinformation becomes the only ethical response.

Image

All things being equal, it's always better to not hand out a piece of information. But sometimes that’s not an option. Most online retailers won’t let you finish the purchase until you provide a phone number (even though they literally always email you rather than call you). You have to give a name at Starbuck’s (I guess you could try fighting this one, I never have but I assume they wouldn’t appreciate you coming back). You can’t always just not give out information. But not everyone deserves your true information.

The fact is that once you give out a piece of information, you’ve effectively lost control of it. Really think about that. Every single thing you share – even just venting to your closest friend – is a piece of information you lose control over. You have no say in who they share that information with, where they post it, or what they do with it. You’re trusting them to lock it up inside their head and never share it, but you can’t force them. Even if you’re able to pursue some sort of recourse – like suing them or exiling them from your life – you can’t undo the disclosure.

This goes a thousandfold for companies, who basically treat everything you tell them like it’s public record with their poor security and data handling practices. Once you disclose something, you can’t take it back, especially once a company has leaked your data and now it’s all over the internet. Therefore it’s important to decide up front if someone needs that information in the first place.

Order of Operations

Perhaps a template for decision-making is in order here before we move on so we know what constitutes a “need” and a legitimate interest.

First off, I never encourage doing anything illegal. Don’t give the cops a fake ID. Don’t put a fake name on your taxes. Don’t ever lie to the government. This extends to directly-related situations. For example, your boss has to file taxes so you need to give them a real name or else they’ll end up reporting bad information to the government who will then come after you for fraud.

Next, let’s talk about “people with a legitimate interest.” The most salient example here is your doctor. Your age is an important factor in many medical situations, so maybe don’t give the doctor a fake birthday. Do they really need the exact date of birth? Probably not, but also don’t lie to people trying to help you. I would terminate a consulting relationship with a client who was repeatedly lying to me. I’m not here to judge you, I’m here to help you, and if you won’t work with me you’re wasting both of our times. Same with doctors. If you don’t trust your doctor, request a new one.

Sometimes “legitimate interest” can be examined on a “piece by piece” basis. My employer has a legitimate interest in knowing my real name, social security number, and date of birth to verify tax records and identity comply with laws. My employer has no legitimate reason to know where I lay my head at my night, what I do on the weekends, or anything else about my personal life, really. Hence I have a strict policy about only giving employers a PO Box and VoIP phone number, never my true home address or SIM number.

Image

In my opinion, most “legitimate interest” needs for our real data are rare and relatively obvious. In most of our day-to-day lives, there is no “legitimate interest” for any data at all. A famous joke by comedian Mitch Hedberg states: “I bought a doughnut and they gave me a receipt for the doughnut; I don't need a receipt for the doughnut. I'll just give you the money, and you give me the doughnut, end of transaction. We don't need to bring ink and paper into this. I just can't imagine a scenario where I would have to prove that I bought a doughnut.” Truthfully this is how I feel about 99% of the transactions I participate in on daily basis. Getting a soda at the corner store: “do you have a phone number for the rewards program?” No. Here’s $2 in cash, give me a soda. “Would you like to add a photo to your online profile?” You mean the one to order a new microphone at work? How about no. Here’s the company card, the company address, and the company name. Send me a microphone. The other day I called the Department of Motor Vehicles and the automated phone tree asked me for a date of birth. Why? Are you going to hang up on me and refuse to answer my questions if I’m too young to drive?

Determining a legitimate need is really that simple: just ask “why”? When in doubt, ask the person making the request. I once went to a restaurant and there was a wait, so the server as for my phone number. All I said was “why?” She replied “we can text you when you’re table’s ready.” I claimed I left my phone at home and asked her to just call my name instead, and she wrote down my first name. Sometimes I ask why and get met with a legitimate answer: “the cable guy will call you when he arrives.” Fair enough. My home can be hard to find, he might need some help finding it. But most of the time, there’s no good reason to hand out data.

Pause

Perhaps this is a good place to stop this week. I like to keep my blog posts to around 1000 words, and we’ve passed that mark already with so much still to discuss. We’ve established, I think, a good foundation for what disinformation is, why we need it, and when to use it. Next time we’ll cover some examples of disinformation and how to come up with good, plausible disinformation. Until then, stay safe out there!

You can find more recommended services and programs at TheNewOil.org, and you can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...