Priv.ly Putting Privacy Back in User Hands, Making Communication on Social Media Encrypted and Private

When you message a friend on Facebook, post a tweet for all your followers on Twitter or send an email using Gmail, your communications are being recorded by these sites. But Sean McGregor, 26, doesn’t think they should be — if you don’t want — and he wants to give you back control over your privacy.

McGregor said in an interview with the Blaze that he believes right now there are two options. Option A) surrender your privacy in favor of continuing to use social media and other forms of online communication (most would probably choose this). Option B) abandon all online communication. McGregor is developing a middle ground. It’s a function he says will “only enhance the capabilities of the social web” by putting control of who sees what into your hands.

(Related: Here’s how to create an email that will ‘self-destruct’)

The function is called Priv.ly — short for Shared Priv(ate)ly — which was started by McGregor and other computer science PhD candidates at Oregon State University. The team is currently raising funds on a Kickstarter site to take the project to the next level. So far they have exceeded their goal with more than $17,000 raised. In nearly doubling their original goal of $10,000 and with five days left on the funding website, McGregor said he sees the support as “validation of the concept.”

“It’s a fairly technical concept to grasp,” McGregor said. “A lot of the support is a statement that people really care about privacy.”

Priv.ly would allow for you to:

  • Maintain control of your content wherever you post it
  • Delete emails after you send them (no more send regret)
  • Share content across social networks, email, blogs, and forums using the same privacy settings
  • Prevent governments from shutting down free speech
  • Prevent companies from selling and scanning your most private communications
  • Have easy use of modern encryption technologies

Priv.ly works by encrypting communications through a browser extension. Those with whom you are communicating can see your full text while the sites you are using to communicate only see a Priv.ly link. The Atlantic explains further:

Through browser extensions, Privly allows you to post to social networks and send email without letting those services see “into” your text. Instead, your actual words get encrypted and then routed to Privlys servers (or an eventual peer-to-peer network). What the social media site “sees” is merely a link that Privly expands in your browser into the full content. Of course, this requires that people who want to see your content also need Privly installed on their machines.

Priv.ly Putting Privacy Back in User Hands, Making Communication on Social Media Encrypted and Private

Example of how Priv.ly works. (Image: Priv.ly via Kickstarter)

“Encryption has been a round for a while but what we’re trying to do is bring encryption and privacy into an arena where you didn’t have control over your data before,” McGregor said.

Check out the site’s Kickstarter video to see demonstrations:

McGregor provides an example to explain privacy on communication sites now and what it would be like with Priv.ly enabled. “If Google were the U.S. Postal Service, Google would be opening every letter, reading them and sending you ads based on that. [With Priv.ly,] Google and Google+ won’t have access to personal communication.”

Using Facebook as another example, McGregor explains that what should be interesting to sites like this are semantics, not your personal communications. For sites like Facebook, they should want to know things like if you recently got engaged, what your favorite movies are, etc., and target ads based on that. McGregor says there is no real reason for your communications between one or more parties using the site to be recorded.

As for next steps, McGregor said the team will be moving forward with an open source encryption library, creating and refining a user interface and eventually conducting user studies to evaluate how to refine the product. But, for now, they have a proof of concept that works. McGregor said anyone can try it out but the final product will have more functionality built into it. Check it out here.

If Priv.ly does become mainstream, a timeline that McGregor said he is too unsure of to pinpoint, the Atlantic points out several important impacts it would have on the Web:

Privly could be a useful tool for activists who want to use social networking tools but don’t want their opponents to be able to see their posts. That its to say, it could provide a new avenue for free speech on the Internet. As noted earlier, we assume cloud-based email and applications to be durable records of communication. That would not longer be the case. And of course, this model runs directly against the standard social network business model of running ads against the specific type of content you’ve posted.

On an even more longer term vein, I asked McGregor how Priv.ly would impact law enforcement using social media at times in criminal investigations. McGregor said it hasn’t been a concern with the project yet but that they would “want to spell out in plain English where data is being stored; what the risks are;  and how we would respond to subpoena requests.” Social media sites like Facebook and Google notify the users when information is requested by the authorities when legally permissible.

(Related: We now know what Facebook turns over to the cops when subpoenaed)

With Priv.ly, McGregor said the court would have to issue subpoenas for information to Facebook, for example, Priv.ly, and the sender or receiver of the information to get a key to the unlock encrypted material.

McGregor is a PhD candidate in machine learning at Oregon State. The idea for Priv.ly originated in 2009.

Check out the Kickstarter site for more information on the project here.