The world of technology cannot, and should not, stand apart from ethics and the norms of civil society. On the internet, one of the most central normative questions we have wrestled with is the relationship between software applications, derivative data stored and shared in the cloud, and privacy -- notably, consumer privacy.
Mosaic has already invested in technologies that decentralize systems to protect and empower the user (e.g. in crypto and privacy-preserving analytics), and our portfolio companies that capture sensitive data (e.g. Nexar) adhere to the strictest standards. Popular tools like ad-blocking software and VPNs indicate significant demand for certain kinds of consumer-focused privacy-preserving applications … Will it be one of these or something new that will be the “killer app”, that builds on the next generation of increasingly powerful and maturing technology? And what is the role of startups in a domain contested with increasing aggressiveness by governments and Big Tech alike?
Who cares? ... or rather, do enough people care ? is perhaps the biggest question of all
Much of leading edge privacy-focused technology thus far has emerged from a relatively small group of engineers descending from the cypherpunks mailing list of the early 90s. This tradition combines technological sophistication with political engagement into a point of view that is not necessarily front of mind for the average Jane and John Doe. Empirically, every time that claims around privacy violations, pervasive surveillance, and behaviour modification have been vindicated e.g. Snowden (actual), Cambridge Analytica (perceived), despite widespread media outrage, surprisingly little has actually changed in the patterns of usage of internet products. Benedict Evans wryly presents this as akin to the classic “false consciousness” problem in Marxism. It’s an indictment on us all, but perhaps the general population really just doesn’t care that much about privacy, and are happy enough to exchange it for services they value more like (free) social media.
But we postulate there is a difference between knowingly trading off privacy for valuable services, and passively resigning oneself to an unfair trade because there is no alternative. Recent surveys corroborate the anecdotal picture here. For citizens of countries living under authoritarian regimes (i.e. the majority of the planet), these concerns have been urgent for much longer and are increasingly existential. Younger internet users, “Gen Z” in particular, are much wiser to privacy than their predecessors, and already tend towards a culture of controlled access to sensitive personal information via multiple social media accounts for different audiences. (How technically “private” these are is a different question, of course). This swell of consumer interest in privacy is supported by increasingly aggressive regulation pioneered by the European Union, and more recently the state of California. Metaphorical language is also evolving to better affect: from assets, to power.
Adding more pressure to the advertising-based business models of Facebook, Google and their supplicants is Apple’s recent repositioning as a privacy company. It suits Apple’s strategy to give privacy away for free in the bundle as part of monetizing their (high gross margin) hardware. “Privacy is a fundamental human right”, reminds Tim Cook, and recent product announcements have supported this message across a range of vectors - most recently, Private Relay effectively renders IP addresses useless as a fingerprinting mechanism, on top of previous anti-cookie features. The extent to which this is a truly cypherpunk move is qualified by the fact that this feature is sadly not available in China (!), as well as Belarus, Colombia, Egypt, Kazakhstan, the Philippines, Saudi Arabia, South Africa, Turkmenistan, and Uganda. How radically these changes, extending the ravages of the “cookie apocalypse”, ultimately disrupt the central business model of the internet remains to be seen: “what happens next? No one in advertising quite knows”. It seems undeniable, though, that some version of “privacy” is emerging into the Zeitgeist, and that to be (seen to be) on the right side of history is becoming a branding competitive advantage.
Positive privacy
How can startups harness this new energy? We believe that privacy-preserving products selling to consumers need to go beyond defence. Beyond VPNs, current blockchain technologies, while predicated on cryptography, offer superficial privacy (as criminals are increasingly finding out); we are seeing exciting innovation here to unlock use cases that genuinely protect user identity, while simultaneously guarding against criminal activity.
Short of an unpredictable 9/11 type public trauma caused by privacy invasion -- and it’s hard to fathom something an order of magnitude worse than the narrow electoral wins catalysed by social media manipulation, arguably enabling the Trump ‘16 and Brexit plebiscites -- the weight of the evidence still suggests that most people will not become actively woke to privacy. (That’s not to say that the affluent segment of those who do care won’t be a valuable one - hundreds of millions of users, as enjoyed by products like Adblock Plus, Signal or DuckDuckGo, suggests a market exists). In the mid 90s, SSL enabled the commercial internet. The next generation of cryptographic technologies should have ambitions on a similar scale. Given the original sin of foundational internet protocols, that by design were naively open, fixing some of our problems might entail a return to the fundamental architecture of the internet. Watching an efflorescence of infrastructure projects, we eagerly await the new harvest of applications.