It’s a bright afternoon, but that’s not why Greg Tseng is wearing mirrored sunglasses and a ball cap with the brim pulled low. Sitting at a cafe table in Kendall Square, the 22-year-old software engineer and aspiring entrepreneur gestures toward a group of people lounging with their phones out.
Any of them could be taking pictures with him in the background, and uploading them to social networks that run facial recognition algorithms.
“Everywhere you go, something’s watching you. It’s all being recorded,” Tseng said.
When he uses the Internet, Tseng assumes a different disguise: a program he’s developed can browse the Web as if he were an entirely different person. His goal is to thwart advertisers, marketers, and more nefarious digital snoops by making them believe they are watching someone else.
With the public awakening to the privacy concerns that Tseng is so acutely aware of, the Weston native is working to develop a commercially available product called Diluvian, based on the program he’s been testing on his own computer.
While he sleeps, travels, or works on his laptop, Diluvian uses artificial intelligence to visit websites it believes would fit the profile of a college-aged woman. In a recent demonstration, the robot played videos by Demi Lovato, loaded online shopping websites, and scrolled through women’s fashion blogs. None are likely online destinations for Tseng, who dropped out of George Washington University three years ago and favors Euro dance music and gym shorts.
If you can’t prevent someone from accessing your information, Tseng argues, you can at least prevent them from exploiting what they find.
“You have no idea what the future holds,” he said. “You never know what kind of information can come back and bite you.”
Tseng’s idea captured the attention of the Thiel Foundation, which was set up by venture capitalist Peter Thiel to support entrepreneurs who are willing to forgo college. The foundation awarded Tseng a $100,000 grant to keep him afloat as he tries to bring his product to market.
Diluvian is a twist on an concept that cybersecurity researchers have been kicking around for decades. So-called data pollution efforts contaminate users’ data to the point that it becomes it’s difficult to interpret.
Many of the Internet’s most popular services rely on tracking browsing data, which they use to create profiles that marketers and others covet for their value in targeting ads and tailoring users’ experiences.
So browsing data is particularly difficult to keep private. Individual websites and Internet services often use “cookies,” installed on browsers to keep track of user habits. And last year, Congress made it easier for Internet service providers to sell information about customers’ Internet activity without their permission.
Andrés Arrieta, a technology projects manager at the Electronic Frontier Foundation, a nonprofit digital rights group based in San Francisco, said he believes users are waking up to the realities of what they’re revealing when they log onto the Internet. Cambridge Analytica’s improper use of Facebook users’ data to influence the 2016 US elections, he said, had a big hand in drawing public attention to privacy issues.
“The security community was aware of all of this, but users were not necessarily aware of all of this,” Arrieta said. “People did not necessarily understand what they were giving up.”
The foundation makes a product called Privacy Badger, which blocks third parties it catches tracking users across multiple sites. Discerning users can also use tools that attempt to obscure where they’re browsing from, that block sites from loading advertisements or tracking software, and that encourage secure connections whenever possible.
Data pollution is seen by some as a complement to those tools, which aren’t foolproof.
One simple effort, called makeinternetnoise.com , will open tabs in your browser and load random websites.
Steven Smith, a senior staffer at the national security-focused MIT Lincoln Laboratory, last year released a program that browses a huge volume of websites over a user’s network to make it harder to discern information about the real people using the computers.
About 1,000 people have downloaded a free version of Smith’s creation, but he’s still studying whether it actually achieves its goal of disguising user information to the point where it can fool a sophisticated analysis.
“It has to be proven technically before people should put confidence in it to be able to be used in a widespread way,” Smith said.
Smith said his program, designed to protect people from snooping by their Internet service providers, is fair game because users need Internet access and have no way to opt out of data collection.
He has ethical concerns, however, about using such tactics against Internet companies such as Google and Facebook. If you don’t like their policies, he said, don’t use their services.
Tseng argues that most people have no idea that many sites subject users to extensive tracking in order to make money.
“I really firmly believe that if the vast majority of people really understood how they are paying for the service, there would be a lot more qualms about using the service,” Tseng said.
Tseng contends Diluvian’s use of fake “personas” will be better at fooling tracking algorithms than random browsing. Organized misinformation, he says, is more powerful than chaos in preventing the real user’s profile from revealing itself.
Tseng hopes to launch a commercial product by next year, at first targeting businesses that want help deceiving hackers who, seeking trade secrets or intellectual property, might monitor employees’ online activity for clues about their work. But he also thinks there will be a market for everyday users who are wary of creating an indelible record any time they want to look something up or listen to music.
But Diluvian takes effort and equipment to set up. It runs on a dedicated device and protects only the computers to which it is connected. To use it on a smartphone, a customer would load the mobile device with special networking software.
And so far, at least, the Internet has shown that most people are willing to forgo privacy for the sake of convenience.
Whether Tseng is a harbinger of a future where privacy obsession becomes more common remains to be seen.
He’s the person who walks out of the room when somebody is taking a selfie. He refuses to Google anything on a smartphone. He uses a Sony Discman to listen to music — in 2018. “It’s unhackable,” he said.
Dan Chamberlain, a close friend, was sitting with Tseng in the stands at a demolition derby recently when he noticed Tseng had put reflective tape on his hat — an attempt to foil facial recognition programs sifting through photos of the crowd. (Reflected light, Tseng said, interferes with the algorithm.)
But the more time you spend with Tseng, Chamberlain said, the more his attitude makes sense.
“We’ve kind of gotten used to our privacy being invaded,” he said. “It seems like overkill, but when he explains where the stuff can be used, it’s like, ‘Maybe I should think of doing something like that.’ ”
Andy Rosen can be reached at firstname.lastname@example.org.