In 2017, I was a digital "Ad Man". I had participated in the Ad Tech industry virtually from its birth and was an original customer of Atlas, Yahoo, and many of the early digital advertising platforms in the early 2000s. I was an early customer (2003) of Google when they launched its new AdWords program, first opening to businesses and then later, to anyone who had $5 to spend.
Years had passed. I had founded a company from my living room, sold it, wrote a few books and went on to become the Head of Innovation for the ad intelligence division of a global ad company. The role involved considerable future scenario planning (advertising in autonomous vehicles or digital signs triggered by cell phones and facial recognition, for a couple examples). It also gave me the opportunity to interact with the best and brightest companies throughout the world in advertising.
What I saw one day floored me. I sat in on a demo of not one, but two companies showing off platforms which had done away with any pretense of "anonymity". One of these platforms collected the various digital bread crumbs we drop every day into a modern surveillance equivalent of a credit report. He showed me the accuracy of his record and how it correctly identified him as a craft brewer. The other showed a "day in the life" map of a woman as she traveled throughout San Francisco, visiting schools, coffee shops and yoga studios.
I remember the alarm and discomfort I felt. I don't know if it was that day or shortly after when I made the decision that this was not the world I wanted my kids growing up in.
The advertising snake had eaten its own tail. Hundreds of companies competing for a slight advantages had given rise to a surveillance machine that can likely never be dismantled.
So down the privacy rabbit hole I went. I had used a PiHole in the past but I knew that it wasn't a great solution for tracking. VPNs were useless as well... the VPN companies generally provided us with better quality data than anyone else. Smart TVs and set top boxes were not only sharing data, you could even target individual homes through them. One of the cellular companies was freely selling location data at the time. And the apps... oh my god, the countless mobile apps that monetized by promiscuously sharing data with third parties. Maybe there was a chance of breaking free of Facebook but forget escaping from Google.
Twenty years of privacy software and ad blockers had barely made a dent in any of it. Why?
I conducted a lot of research to answer this question. Long story short: privacy was just too hard. Privacy was widely thought of as a chain of links... break one and the whole proposition fails. Fine if you're Edward Snowden but is that really true for most of us?
We sought to get away from this limited use case. It seemed nobody cared about the folks who have "nothing to hide, but nothing to share".
Privacy advocates are often hopelessly out of touch with everyday people. VPNs, encrypted drives, PGP keys, cookie blockers, anti-fingerprinters... useful technologies but too much work for what most people perceive as little benefit.
The real privacy problem for the other 97.5% of us boils down to "death by a thousand cuts". We leave an incredible volume of digital footprints behind as we use the web. These are harvested freely by hundreds (thousands?) of companies. The more you eliminate of it, the harder it becomes to correlate them with their source.
We started by putting all of these things together into a privacy "super technology". Highly effective... and highly useless. Or rather, it made the internet useless because it broke most websites, devices and apps. It made Amazon Echos stutter. And Google devices simply flat out refused to connect to the internet.
As a result, we realized pretty early on that not only did these technologies need to work together, they couldn't break the internet. And that's another place where "privacy purism" falls apart.
And about those VPNs. We started off going down that road as well but when we saw what was visible on a hijacked network connection, it made us cringe. Have you ever wondered why DNS is still largely unencrypted and any mass scale effort to change that is met with resistance? It's because that data is a treasure trove for ISPs and state entities. 30% of VPNs are owned by just 6 Chinese companies. Keep that in mind the next time you hear advice to use one.
This led us down a 14 month journey to create a better networking technology. We studied various approaches used to evade the Great Firewall but most proved to be too onerous, slow or unreliable for everyday use. Eventually, we arrived at a distributed low-latency approach that would not require any traffic to traverse our servers (so much for logging). Various technical difficulties were overcome (some remain) but to date, this has proven to be highly efficacious at not only disguising one's real internet destinations but also replacing them with false streams of real human generated data. That's an important point because it's an almost trivial exercise in machine learning to filter out machine generated traffic.
Here we are nearly three years later with the first workable product for privacy realists. There are thousands of happy Winston customers (and yes, some unhappy ones, too... developing a new technology is not easy and many lessons have been learned along the way). I'm proud of what we've built and it is incredibly motivating to hear kind words of support from our users.
Please support us in our mission to get the word out!
Note: This blog post was written by Richard Stokes, founder of Winston Privacy