Yesterday @liberosist had an excellent post about the GDPR compliance of the Steem blockchain. While that post is mostly a topic for the witnesses since many use servers hosted in the EU, I wish to reiterated and emphasize another point liberosist made.
Something all Steemians should be aware, especially when they think that Steem is Social media done right. Not only Steemians should think about this though, this applies to any public blockchain.
The Blockchain is NOT Tracking-Free
We often see the claim that the (Steem) blockchain doesn’t track its users, but while that MAY be true that claim often relies on a poor understanding of the blockchain technology.
In its most simplified explanation most blockchain, and that includes the Steem blockchain, are open for people to set up so-called nodes and help hosting the blockchain. The core of the blockchain’s decentralized element.
What does this involve?
Setting up a node, or a witness, means that somebody has a server and syncs their server with the blockchain. They can do that because the blockchain is public, the blockchain is a transparent ledger and most blockchains are configured to be decentralized.
When somebody spins up a node, or a Steem witness, they gain access to ALL data (all blocks) in the blockchain and often even host these blocks too on their node (server). At that point they basically have all your data, all your posts, comments, votes and whatnots on their computer.
From here on it doesn’t take much imagination anymore to think that anybody can start to mine all that data and build profiles for each account. Pretty much like Cambridge Analytica did, like many advertising agencies do when building Facebook and mobile apps for their clients(*), and like many a startup can do when they offer account signup with Facebook.
Now the Steem blockchain may not hold that much data about you but who says that is to stay? Who says that one of the dApps built on the Steem blockchain won’t have scripts integrated in their code which request your location via browser, read out your IP, your ISP, your modem’s MAC address and even fingerprint your device? Pretty much like Facebook does. And the BBC.
If you follow me you know that I care about my privacy and your privacy. I regularly promote privacy aware apps, news and more.
I use DuckDuckGo Mobile browser, I use Signal Messenger for encrypted messaging, I use ublock Origin adblocker when I for whichever reason need to use Google’s Chrome browser, my connection uses a private VPN which doesn’t log the sites I visit (unlike your ISP does).
Am I paranoid? No, I’m not but I just don’t like to be THE PRODUCT... and nor should you.
The reason why I resort to those tools is because I know what any webmaster, server admin can achieve. You may think that you blocked your browser access to your location but anybody can still request your (estimated) location via other ways and I am aware of that. Ever wondered why the Guardian shows the weather forecast for your location on its homepage despite you having blocked location access for your browser? BINGO!
Things aren’t different on the blockchain. On the blockchain everyone can become a Cambridge Analytica. On the blockchain professional data resellers like Nielsen, and its ilk, can spin up their own node and mine all that data for the mere sake of profiling everyone. Anything you post to the blockchain, or Steem, will be put in siloes which subsequently can be targeted by advertisers.
Ever linked from your Steem to your Facebook account? Sorry, your Steem account is now linked to your Facebook profile. Your anonymous profile is no more.
Did you know that currently almost every Steem interface, this includes Steemit and busy.org, uses Google Analytics and thus indirectly contributes to the revenue of Google AdWords and Doubleclick? Google Analytics registers and logs your IP, your location, your estimated age and estimated earnings. If you happen to be logged in to your main Google Account, Google AdWords’ CFO thanks you. Google Analytics can also track you across devices.
Google’s Analytics tracker is basically as creepy as Facebook’s tracking.
And on the blockchain things are even worse. Because anybody has access to ALL data hosted on the blockchain. On the Steem blockchain you even don’t need to spin up a public node: you can just grab @gtg’s always “up-to-date” file. This isn’t unique to Steem either, many blockchains will have node operators who offer an (almost) up-to-date file/dump for faster download and setup when configuring a new node/witness.
Why Does It Matter?
All this doesn’t matter as long as you are aware of that possibility and post accordingly. If you wish to feed companies all data they can use, be free. If you care about your privacy... think what you post. The blockchain is immutable and on the blockchain there’s no right to forget, unlike EU citizens benefit.
Your stupidity is immortalized (after 7 days) on the Steem blockchain.
And that stupidity, as @liberosist correctly highlighted in a response to a comment by me, that stupidity is available to anybody:
But it goes deeper than just some data mining company. All governments, all corporations, all advertisers, all underworld, all stalkers, serial killers, sexual predators - everyone has all access to all your data. And there's not a damn thing you can do about it.
Even Orwell didn't see this coming.
Indeed, even George Orwell’s 1984 is child’s play compared with the access to data anybody has on the blockchain.
The other side of the transparency coin.
Remember this each time you post to ANY blockchain. The blockchain isn’t tracking-free... tracking is FREE TO ANYBODY on the blockchain.
Don’t be paranoid but use that highly efficient body item we have and which sets us apart from other beings: your brain.
(*) Around half a decade ago I worked for a top 10 worldwide advertising agency as Entrepreneur in Residence and you bet that data mining and tracking was a central point as CRM programs and program development were top of the agenda in that era.