Thoughts on Monoculture and Privacy

Environmental science and agriculture have concepts referred to as biodiversity and monoculture.

Biodiversity is the measurement of variation and complexity over a certain sample size. Within a species or within an environment. A one square acre of a rain forest, teaming with plants and animals has a lot of biodiversity. A field of cows all hailing from the same stock has very low biodiversity.

Monocultures arise when you have extremely low biodiversity in your environment. When say you have only one species of wheat in your field or worse all the wheat in your field is genetically identical.

Monocultures are fragile in a way. Should a single species or should a single genetic line prove susceptible to a particular virus, a single virus could wipe out the entire population.

Populations which are biodiverse are more robust.

Computer science has a very similar concept of monocultures. Clifford Stole wrote in 1989:

A computer virus is specialized: a virus that works on an IBM PC cannot do anything to a Macintosh or a Unix computer. Similarly, the Arpanet virus could only strike at systems running Berkeley Unix. Computers running other operating systems–like AT&T Unix, VMS, or DOS–were totally immune.

And it holds true today just as much as did in the late 80s.

But I think it’s worth wild to think of it too not in terms of our operating systems but in terms of the services we use.

Wikipedia’s numbers are fuzzy and it looks like in some cases conservative and out of date, but let’s use them.

There are more than 1 billion users on Gmail as of last year.

There are three quarters of that on Apple’s iCloud.

There might be a little under half a billion on

A quarter billion on Yahoo Mail?

That is what 2.5 billion email accounts? As of this past April world population is estimated at 7.5 Billion. Thats one in three people world wide. With only four email systems to compromise?

In fact if we count the Snowden revelations; or the inherent privacy concerns with capitalism and big data; there is a very real sense they already are.

Social networking is even bleaker. Facebook is presiding over more than 2 billion users. More than most countries or continents.

We know what happens when a single genetic flaw exposes a monoculture to a vius. We know what happens when a monoculture of operating systems are attacked by malware. What happens when we have a monoculture safe guarding our private information?

It’s not the Facebook has my private information, its not that Gmail has your private information. This is about the sheer volume of information we are all putting into the same small number of buckets. We have what amounts to very low diversity in the small cabal of silos we are rapidly housing the world’s private information in.

This makes it easier for corporations to compromise us, it makes it easier for governments to compromise us, it makes it easier for hackers to compromise us.

Time and time again, poll after poll, study after study we rediscover that people are actually concerned about their privacy; but they either don’t know what to do about it, or don’t feel they have any control over it.

I feel like in IT we place a lot of emphasis on specific solutions. Is your email privacy a concern? Use GnuPG. Is Facebook evil? Leave it. Afraid someone will search your laptop? Encrypt the hard drive.

I don’t know that these tactics move the dial.

Public private key encryption might never be sexy or easy to use. GNU Social or Mastodon may never get the critical mass it needs to dethrone Facebook. Etc, etc.

But I can’t help but wonder if making the imperative to increase the diversity amongst the services we use might be a more attainable mark.

It feels more attractive somehow, more marketable to the average user. You don’t have to leave Google, just switch your Google calendar over to caldav. You don’t have to leave Facebook, but you should really use Signal instead of Facebook messenger.

Even swapping out one proprietary service for another, has the virtue of disrupting the single vendor’s vertical integration, no matter how slight. Buying your eBooks from Barnes and Nobles in lieu of Amazon? Then at least Amazon can’t stitch together your video library viewing habits with your book reading habits.

I think its an idea with potential. How to package it and sell the concept to users? That is the bigger question.