Sometimes, Money Really Is the Explanation

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity. We appreciate the opportunity to republish them here as a series. Last week we looked at the fact that the cybercriminal isn’t necessarily the weirdo in the hoodie. He could just a boring corporate bureaucrat collecting data on you that his boss plans to use later.

Now we look at where the money in the business is:

David Kruger

It’s All About the Benjamins

Why are HDCs [human data collectors] so willing to abuse their own users? For the money and the power that comes from having lots of it. In 2002, Google discovered that the raw human data it was collecting from its users to increase the quality of the user experience could be repurposed to deliver targeted ads, that is, ads delivered to an individual’s screen in real time based on what the individual was currently searching for, and those ads could be repeated, called ad retargeting. That capability turned out to be astoundingly lucrative. As of February 2021, Google’s market capitalization was approximately 1.4 trillion US dollars, and about 85% of their revenue comes from advertising. About 95% of Facebook’s revenue comes from selling ads.

That’s No Moon

Knowledge really is power, and HDCs act as gatekeepers to the sum of all digitized surface web content plus the sum of all the digitized human data they have collected to date. That’s a concentration of power never before seen in human history. Let’s take a closer look at current preventable harms enabled by that concentration.

Spilt Milk

HDCs are creatures of open data; they could not have come into existence, or continue to exist in their current form, without it. Their internal use of open data and dependence on symptomatic point solutions have resulted in multiple preventable harmful breaches of user personal information, and it is unreasonable to project that such breaches have come to an end.  Future preventable breach harms are expected.

Free Spirit

In the list of cybersecurity failure types described previously, impeding the flow of data, is not well understood. Usually, it’s defined only as…