The age of centralisation
Delivered on 13 January 2019 by Justin Pyvis. About a 5 min read.
I’ve been thinking for some time about how centralised many of the services we use on a daily basis really are. For example, for a true social network - that is, primarily text-based with a user’s content preserved but limited to “friends” only - you really only have Facebook. There are certainly alternatives but in terms of keeping in touch with a wide group of diverse associates, it’s Facebook or bust (curse those network effects!).
But as I discussed last week, Facebook is not a monopoly in the true sense of the word. While Facebook itself might be entirely centralised, it operates in a decentralised environment where its position at the top of the food chain is fickle at best. As the late Harold Demsetz (1988) put it in The Organization of Economic Activity: Ownership, Control and the Firm:
“The analytical usefulness of the concept of decentralization derives precisely from the fact that it allows the analyst to ignore the behavior of a single individual or a small group of individuals. It implicitly asserts that the tactical measures taken by incumbent firms to bar entrants from an industry cannot long hold at bay the continuous onslaught of more efficient organizations and techniques of production.”
The only way Facebook can prevent entrants from eventually usurping it is by constantly improving, or through artificial barriers, which is precisely why regulators should keep clear (I really, really don’t want to be stuck with Facebook any longer than necessary).
Industry concentration is the new normal
But what I realised is that it’s not just social networks where a person’s choice is limited: banks; utilities; transport - both public and private (e.g. Uber/taxi) - universities; soft drinks (60% of the global non-alcoholic beverages industry is controlled by Coca-Cola and Pepsi); insurance; and even super markets, are all relatively concentrated. As this chart by the Economist shows, most sectors in the United States have become more concentrated since 1997.
That’s not necessarily a bad thing; it might be optimal to have one or a few providers of a good or service instead of a number of smaller ones, and the relationship between industry concentration and higher profits all but disappears when firm size is taken into account (see for example Yale Brozen’s 1982 book Concentration, Mergers, and Public Policy).
Living in an age of centralisation
But it does mean we are living in an age of centralisation, especially in the tech sector. I find it somewhat ironic that one of the most innovative, adaptive and decentralised (using Demsetz’s description above) sectors is also the one in which a few companies tend to dominate at a given task.
In the past, industry concentration wasn’t an issue because the firms were essentially direct service providers. Your bank charged you account fees, and/or lent out your deposits, to make a profit. Your internet provider, water and power utilities charge you a monthly fee based on some combination of fixed and usage charges. But that all changed with Google and its “free” services, a model later copied by Facebook and countless other start-ups around the world.
Instead of charging you directly, they sell targeted access to you (or the means, via the data it stores about you, for some other entity to target you). Individually your data aren’t worth much, as Gregor Barber noted in a recent Wired article when trying to sell his Facebook data, but when you have more than a billion users you can start to do some funky things with their information (data scientist roles have grown over 650% since 2012).
“My tipping point was the Facebook hack, exposed in September, in which I—along with some 90 million other potential victims—was temporarily locked out of my account. I imagined my identity rippling across the internet, thanks to the single sign-in convenience of Facebook Connect. After a long season of leaks, hacks, and shady data pillaging, I’d had enough. I considered simply deleting my account. But then I landed on a different strategy: making a profit.
…I was ready to call it quits—unless, that is, my proceeds reeled me back in. I tallied up my fiat (that’s money, to the rest of us): 162 WIB, 1 DAT, 0 NRN. My earnings, while eclectic, were worth approximately 0.3 cents.”
What you can do about it
As Barber found out, a random individual’s Facebook data aren’t worth much, but Facebook’s centralised database clearly is (otherwise no one would pay for access). For now, free services paid for with targeted advertising tailored via “big data” stores of user information are the business model. It won’t be that way forever, but while it is there are some things you can do to protect yourself. Barber had a good suggestion:
“My efforts had simply heightened my sense of just how much I was sharing, and made me inclined to expose a little less: to leave my phone at home when I went on a run, or to conceal my phone number and real email address from Facebook.”
It’s safe to say that the likes of Facebook and Google already know a LOT about you. The list of data gathering techniques they employ are virtually endless, whether it’s direct collection through a combination your web searches, online purchases, music and video preferences, etc., or indirectly via your family, friends and co-workers’ data (so-called “shadow profiles”).
Even if you’re being careful, they’re also able to “fingerprint” your web browser and device, allowing them to track you when you don’t want to be tracked. Those Facebook “like” buttons at the end of a blog post? They’re specifically designed to track you and your web browsing activities, linking what you do while not on Facebook to your shadow profile. The list of tracking tools and techniques employed by these companies is ever-growing and evolving as their advertising business model depends upon knowing more about you than their competitors.
But for the vast majority of people - myself included! - your data are probably about as valuable to these firms as Gregor Barber’s above, i.e. not very. The best thing you can do is just not give it up so easily: change your privacy settings, block third-party cookies, use browser extensions that block trackers and switch to open source and/or encrypted alternatives where you can (for example, use Signal instead of Facebook Messenger and ProtonMail instead of GMail). If you sync your data into the cloud (e.g. with Dropbox), consider using something like Cryptomator to encrypt it before it ever leaves your device.
Most importantly, use a password manager such as KeePass or BitWarden, secured with a strong passphrase and ideally a physical token (e.g. a YubiKey). While the likes of Facebook and Google are as creepy as they come, for the average person your primary threat will come from using a weak password on multiple websites or apps, exposing you to malicious actors seeking to hurt you financially (or worse).