Category: Privacy

For the past 25 years, I’ve watched the digital world evolve from the early days of the Internet to the behemoth it is today.

Related: Self-healing devices on the horizon

What started as a decentralized, open platform for innovation has slowly but surely been carved up, controlled, and monetized by a handful of tech giants.

Now, a new wave of technological development—edge computing, decentralized identity, and privacy-first networking—is promising to reverse that trend. Companies like Muchich-based semi-conductor manufacturer Infineon Technologies are embedding intelligence directly into sensors and controllers, giving devices the ability to process data locally instead of shipping everything off to centralized cloud servers.

Meanwhile, privacy-focused projects like Session and Veilid are pushing for decentralized communication networks that don’t rely on Big Tech.

On the surface, this all sounds like a step in the right direction. But I can’t help but ask: Does any of this actually change the power dynamics of the digital world? Or will decentralization, like so many tech revolutions before it, just get absorbed into the existing system?

Disrupting business as usual

The move toward decentralized control at the edge is more than just hype. Companies like Infineon are developing zonal computing architectures in modern vehicles, where instead of having a single central control unit, intelligence is distributed throughout the car. This makes the system more responsive, more efficient, and less dependent on a cloud connection.

In smart cities, factories, and even consumer devices, similar trends are taking shape. Edge AI chips, secure microcontrollers, and embedded processors are allowing real-time decision-making without needing to send every bit of data to a distant data center.

Less data movement means fewer security risks, lower latency, and—potentially—less corporate control over user data.

But here’s the catch: technology alone doesn’t change who profits. The entire economic foundation of Big Tech is built on centralization, data extraction, and monetization. And unless that changes, decentralized infrastructure will just be a more sophisticated way for companies to keep controlling users.

We’ve seen this play out before. Apple, for instance, touts privacy as a key feature—offering on-device encryption, Secure Enclave, and privacy-first AI processing. Yet Apple’s actual business model still locks users into its ecosystem and rakes in billions through services, cloud storage, and app store commissions.

The same thing could happen with decentralization—Big Tech could give us just enough edge computing to improve efficiency while still keeping all the real control.

Needed change

For decentralization to actually shift power back to users, we need more than just technical advancements. We need a fundamental shift in the way digital businesses make money.

Right now, most of Big Tech runs on:

•Data extraction (Google, Meta, OpenAI) – AI models are hungry for data, and companies will keep finding ways to feed them, whether through search history, chat inputs, or enterprise contracts.

•Subscription lock-in (Microsoft, Adobe, Amazon AWS) – Even as infrastructure becomes more decentralized, companies still design services that tether users to their ecosystem through proprietary features and recurring fees.

•Cloud dependency (IoT, Smart Devices, Enterprise AI) – Even if devices get smarter at the edge, they’re still linked back to centralized platforms that dictate the rules.

So how do we break that cycle?

Reversing the pendulum

There are a handful of efforts trying to disrupt the status quo. Some of the more promising ones include:

Decentralized identity (DID) – Projects like DXC Technology’s decentralized identity initiatives allow users to control their own authentication credentials, instead of relying on Google, Apple, or Microsoft to log into everything.

•Privacy-first communication – Apps like Session (a decentralized, onion-routed messaging service) and Secure Scuttlebutt (a peer-to-peer social network) are proving that people don’t need to rely on Big Tech to communicate securely.

•Distributed storage and compute – Technologies like IPFS (InterPlanetary File System) and Urbit are moving away from cloud-based storage in favor of fully decentralized data ownership.

But there’s a problem: most people still opt for convenience over privacy. That’s why Facebook survived the Cambridge Analytica privacy debacle. That’s why people still use Gmail despite deep-rooted privacy concerns. That’s why Amazon’s smart home ecosystem remains dominant, even though it’s clear that users are giving up control to a monetization-obsessed corporation.

Role, limits of regulation

Regulators—particularly in Europe—are trying to push back.

The Digital Markets Act (DMA) and GDPR enforcement actions have forced some minor course corrections, and OpenAI, Google, and Meta have all faced scrutiny for how they handle personal data.

But is it enough? History suggests that Big Tech would rather pay fines than change its core business model. In the U.S., regulators have been even more reluctant to intervene, allowing tech companies to grow unchecked under the guise of “innovation.”

So while regulatory efforts help, they’re not the real solution. The real change will only happen if decentralized business models become financially competitive with centralized ones.

The wildcard may yet prove to be hardware-driven decentralization. One of the biggest reasons Big Tech has been able to maintain its grip is the cloud-based nature of digital services. But edge computing advancements could change that—not because of privacy concerns, but because they make devices cheaper, faster, and more resilient.

Infineon’s work on zonal computing in vehicles, for example, isn’t driven by ideology—it’s a practical, cost-saving innovation that also happens to decentralize control. If similar trends take hold in smart factories, industrial automation, and consumer electronics, companies may start decentralizing for efficiency reasons rather than because of user demand.

That could be the key. If decentralization delivers real cost, speed, and security benefits, businesses might start shifting in that direction—even if reluctantly.

Course change is possible

Where Does This Leave Us? We’re at a turning point. The technology for decentralization is here, but the business models haven’t caught up. If companies continue monetizing user control the way they always have, then decentralization will just be a buzzword—absorbed into the existing system without shifting power in any meaningful way.

For real change, we need:

•Economic incentives that make privacy-preserving, user-controlled services profitable.–Hardware-driven decentralization that forces change from the bottom up.

•Regulatory frameworks that go beyond fines and actually reshape the competitive landscape.

•Consumer awareness that demands real control, not just convenience.

The next few years will decide whether decentralization actually shifts power to users or just becomes another selling point for Big Tech.

The technical advancements in IoT infrastructure—decentralized control, edge computing, and embedded intelligence—are promising steps toward reducing reliance on centralized data processing and improving privacy, efficiency, and system resilience.

But without a corresponding shift in business models, these innovations could still end up reinforcing the same exploitative data practices we’ve seen in cloud computing and social media.

For decentralization to truly matter, companies need to rethink how they monetize technology. The entrenched tech giants will have to be forced to change; it’s going to require pressure from consumers and regulators – and competition from innovators with a different mindset.

Companies like Infineon are providing the technical foundation that could enable a different model—if startups, policymakers, and forward-thinking enterprises push in that direction.

So the key question is: Will the next wave of tech entrepreneurs build on this decentralized foundation, or will Big Tech co-opt it into another walled garden? Right now, it could go either way.

I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

 

 

The post My Take: Will decentralizing connected systems redistribute wealth or reinforce Big Tech’s grip? first appeared on The Last Watchdog.

The Washington Post is reporting that the UK government has served Apple with a “technical capability notice” as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement.

This is a big deal, and something we in the security community have worried was coming for a while now.

The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment.

Apple can appeal the U.K. capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs. But the law does not permit Apple to delay complying during an appeal.

In March, when the company was on notice that such a requirement might be coming, it told Parliament: “There is no reason why the U.K. [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.”

Apple is likely to turn the feature off for UK users rather than break it for everyone worldwide. Of course, UK users will be able to spoof their location. But this might not be enough. According to the law, Apple would not be able to offer the feature to anyone who is in the UK at any point: for example, a visitor from the US.

And what happens next? Australia has a law enabling it to ask for the same thing. Will it? Will even more countries follow?

This is madness.

What happens when eager computer enthusiasts unknowingly download a trojanized hacking tool and find themselves on the wrong side of cybersecurity? A former employee's actions led to chaos and raise urgent questions about the security of cultural treasures. And join us as we explore the alarming trend of social media influencers staging fake kidnappings. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Lianne Potter from the "Compromising Positions" podcast.
The video game Path of Exile 2 suffers a security breach, we explore the issues of using predictive algorithms in travel surveillance systems, and the very worst IoT devices are put on show in Las Vegas. Oh, and has Elon Musk accidentally revealed he cheats at video games? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Ever wonder how those "free" browser extensions that promise to save you money actually work? We dive deep into the controversial world of Honey, the coupon-finding tool owned by PayPal, and uncover a scheme that might be leaving you with less savings and your favorite YouTubers with empty pockets. Plus, we take a look at Kagi, the search engine you pay not to show you adverts, and discuss what you should do with your old, no-longer-wanted technology. All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

In today’s hyper-connected world, mobile phones have become much more than just communication devices—they are personal hubs of information, storing everything from our financial details and social media activities to our most intimate conversations and health data. With the increasing amount of sensitive data stored on these devices, privacy concerns have emerged as one of the most pressing issues in the realm of mobile security.

While smartphones offer unprecedented convenience, they also expose users to a wide range of security threats that can compromise personal privacy. From spyware to malware, data breaches, and surveillance, the threats to mobile privacy have become increasingly sophisticat-
ed and pervasive, raising serious questions about the security of our digital lives.

The Growing Scope of Mobile Security Threats

Mobile phones have become the primary tool for managing nearly every aspect of our daily routines. Today, we use smartphones not only for communication but also for banking, shop-ping, navigation, and even healthcare management. As a result, these devices store highly sensitive personal information, making them prime targets for cybercriminals, hackers, and even government agencies.

The threats facing mobile devices are numerous and varied. Some of the most concerning privacy risks include:

1. Spyware and Malware: These malicious programs are designed to infiltrate mobile de-=vices, often without the user’s knowledge, and steal sensitive data such as login credentials, banking information, and private communications. For instance, Pegasus spyware, developed by NSO Group, can silently infiltrate a phone and record text messages, phone calls, emails, and even activate the device’s microphone and camera without the user’s consent. Such spyware can compromise the privacy of individuals, regardless of their status or position.

2. Phishing Attacks: Phishing attacks involve tricking users into revealing personal in-formation by pretending to be a trusted entity, such as a bank, online service, or even a friend. These attacks have become more sophisticated, with scammers using realistic fake websites or emails designed to capture users’ login credentials, credit card information, and more.

3. App Permissions and Data Harvesting: Many mobile apps request excessive permissions that go beyond their functionality. For example, an app might ask for access to contacts, camera, microphone, and location data, even when those features aren’t necessary for the app’s primary purpose. Once granted, these permissions can be exploited for purposes such as tracking a user’s movements, monitoring conversations, or collecting data for targeted advertising.

4. Data Breaches: Mobile devices are also vulnerable to data breaches, where sensitive information stored on the device or within apps can be exposed or stolen. In many cases, these breaches occur due to vulnerabilities in the mobile operating system or app soft-ware, leaving users’ data exposed to unauthorized access.

5. Mobile Tracking: GPS and location-tracking features built into smartphones provide convenience for users, but they also raise significant privacy concerns. Location-based tracking can be used to monitor an individual’s whereabouts, often without their knowledge, and can be exploited by both criminals and marketers. Data collected through mobile tracking can reveal intimate details of one’s daily routines and even expose them to risks such as stalking or identity theft.

The Impact of Mobile Security Threats on Privacy

The repercussions of these security threats can be far-reaching, affecting not only the individual but also organizations, governments, and societies at large. Here are some of the key privacy risks and consequences:

1.     Loss of Personal Privacy: Perhaps the most immediate impact is the loss of personal privacy. When a device is compromised, the attacker can gain access to highly personal data such as messages, photos, contacts, and browsing history. This loss of control over one’s personal information can have serious emotional and financial consequences, especially if the data is used for blackmail, identity theft, or fraud.

2.     Surveillance and Political Repression: In certain parts of the world, governments and law enforcement agencies are increasingly using mobile surveillance to monitor their citizens. For example, spyware like Pegasus has been used to target journalists, activists, and political dissidents. These tactics can stifle free speech, suppress dissent, and violate the fundamental right to privacy.

3.     Exploitation of Data: Data harvesting by corporations, advertisers, and even third-party app developers has become a growing concern. Personal data is increasingly being used to build detailed profiles for targeted advertising, often without the explicit consent of the user. This not only infringes on privacy but can also lead to the manipulation of consumer behavior and the exploitation of sensitive information.

4.     Security Risks to Sensitive Information: Compromised mobile devices can result in the theft of highly sensitive information, such as banking details, login credentials, and medical records. Cybercriminals who gain access to this data can use it to steal money, engage in fraudulent activities, or sell it on the dark web, causing long-term damage to an individual’s financial stability and reputation.

How Users Can Protect Their Privacy

Given the mounting privacy threats and the increasing sophistication of cyberattacks, it’s essential for users to take proactive steps to secure their mobile devices and protect their personal information. Some practical tips include:

1.Regularly Update Software: Mobile operating systems (iOS, Android) and apps frequently release security patches to fix known vulnerabilities. Keeping your device’s software up to date ensures you are protected against the latest threats.

2.Be Mindful of App Permissions: When installing apps, carefully review the permissions they request. If an app asks for access to information or features it doesn’t need to function (e.g., a flashlight app requesting access to your contacts or location), it’s best to deny those permissions.

3.Install Antivirus and Anti-Malware Software: While mobile devices may not face the same risks as desktops, antivirus software can still help detect and block malicious apps and spyware. There are several reliable mobile security apps available for both iOS and Android that can offer an added layer of protection.

4.Use Strong, Unique Passwords: Protect sensitive accounts by using strong passwords or a password manager. Consider enabling two-factor authentication (2FA) for added security on key accounts like banking apps, email, and social media.

5.Limit Tracking: Disable location services when not in use, and be cautious about sharing your location with apps and websites. Mobile browsers and apps may also track your activities for advertising purposes, so be mindful of the privacy settings available on your device and in the apps you use.

6. Beware of Phishing and Social Engineering: Always verify the legitimacy of unsolicited messages or emails asking for personal information. Be cautious about clicking links or downloading attachments from unfamiliar sources.

7. Use Encrypted Messaging Apps: For sensitive conversations, consider using messaging apps that offer end-to-end encryption, such as Signal or WhatsApp. These apps ensure that only you and the intended recipient can read the messages, adding an extra layer of privacy.

Conclusion: The Ongoing Battle for Privacy

As mobile devices continue to play an ever-expanding role in our lives, the challenge of safe-guarding our privacy has become more pressing than ever. While mobile phones offer incredible convenience, they also present significant security risks that threaten to erode personal privacy. By staying informed, taking proactive security measures, and remaining vigilant about how personal data is used, individuals can help protect themselves from the increasing number of threats to mobile privacy. However, the responsibility for securing mobile privacy does not lie solely with users—governments, corporations, and mobile developers must also play a role in ensuring that privacy remains a fundamental right in the digital age.

The post Privacy Concerns Amid Growing Mobile Security Threats: A Digital Dilemma appeared first on Cybersecurity Insiders.