Last week a mini scandal broke out when Pavel Durov the founder of Vkontakte Russia’s dominant social network fled Russia and made really disturbing statements about the Kremlin trying to coerce him into divulging information about Ukrainian citizens and anti-corruption activists. Already the Russian Government is the majority stockholder of Vkontakte and they are in full control of the company.
Today, Durov announced he has fled Russia, citing security concerns after resisting pressure from the Kremlin to share user information from the Vkontakte network. In his public statements he has said that, in particular, the Kremlin had tried to force him to turn over information about Ukrainian citizens and anti-corruption activists in Russia.
This fits perfectly with a concern I’ve had for a while now about the privacy and security of local products and services. In my opinion privacy laws implementation in our region isn’t sufficient to protect our data from preying eyes, especially if backed by the government. It is quite easy to subpoena the entire database of a social network company for instance, or even require direct live access to the service based on the telecom laws. It gets even more interesting when you think of all the different ways the government can use to
coerce “convince” the product founder to divulge the information he has about anonymous users he doesn’t know personally.
The concern here is not about technical security of the product as much as it is about the physical security of the founder and his family. Personally I don’t believe it’d take a lot of effort from the correct authority to extract all the info he has on any of the products users. After all such authorities have really convincing methods.
Another concern would be the political affiliation of the founder, since the product is local, his political affiliation may match or be quite different from yours. There is no guarantee that his access to your data wont be use either way. Again referring to our lax privacy laws implementation. Even if implemented without proper periodical auditing there is no way to be 100% sure no one is snooping on your data.
That is why I choose not to use local apps and services as much as possible. Most offer geo-services (cairo360-bey2ollak-wasalny-circle tie-etc…) and the last thing I want is for some entity to have real time access to my where abouts 24×7. Also their is that inherent risk associated with installing any mobile app on your phone, most request access to your contacts anyway (all android have access to all photos stored on device), just think about where your data may end up migrating to without your knowledge.
Naturally these risks are associated with almost any product you end up installing or using but I feel a lot more comfortable knowing that my data MAY end up getting exposed to some XYZ developer in some obscure country who knows nothing about me and has zero interest on our current local affairs. And knowing that it’d be quite hard to coerce someone that far away.