Social software (like Facebook or LinkedIn) has a data privacy issue as its core: they save a user’s personal information and social graph, but accessing them is a privacy breach.
Like a bank’s safe box: they are granted -by users- to save personal data and provide a key but don’t suppose to look at what’s inside.
Companies like Signal are building social graphs with privacy in mind. Their application access your phone address book, hash your contacts and compares the hashes with existing Singal users hashes.
To make the validation more secure, they’ve built a Contact Discovery Service that uses SGX (which is not as secure as we think it is)
GDPR and CCPA are trying to guide social tech CEOs to prevent data misuse.
The tension lies in is that they are making money off of what’s on the user’s safe boxes: they can anonymize it, aggregated it, but they need to access it somehow.
There is no clear distinction on what’s public data vs. private data, and until we give the user this decision power, lawmakers and social tech CEOs won’t be able to solve this problem.
