NSA whistleblower Edward Snowden warned that use of cloud services from Amazon, Google, and Microsoft may be convenient, but comes at a high price in terms of lack of visibility and control over what those cloud providers are doing on the back end.
People should not use technology mindlessly, Snowden noted. For-profit infrastructure like Amazon (AMZN)Web Services or Google (GOOG) Cloud Platform is fine, except those companies tell customers little about what’s happening inside those data centers. Amazon, for example, won’t even let customers tour its data centers.
“You’re giving them your data and giving up control,” he told attendees of the OpenStack Summit 2017 in Boston on Tuesday via a satellite link, ostensibly from Russia where he is in exile.
Public clouds like AWS are increasingly used by businesses that don’t want to build more of their own data centers, saving on upfront costs and headaches.
Cloud vendors typically say they cannot see or access encrypted user data. But the fact remains that public cloud is all about customers running their operations on hardware and software managed by another company, and that gives Snowden pause.
This was a receptive audience for his message. OpenStack is a set of freely available software that companies can use to build, manage, and control their own cloud infrastructure. And open-source proponents would say this, unlike the use of AWS or Google Cloud or Microsoft (MSFT) Azure allows companies to manage their own destiny.
The use of open-source technologies may be a better option for users than investing in technology they “don’t own, don’t influence, don’t control, or even shape,” Snowden said.
Companies can use OpenStack, which can be downloaded for free, or offered with paid support from Rackspace, Canonical, SUSE, and Red Hat (RHAT), to build their own computing infrastructure which, admittedly, requires a lot of technology expertise which tends to be expensive.
Related: Snowden May Return to U.S,
Complicating matters on the public cloud side, is that the same big providers—Amazon, Google, and Microsoft—that run all that industrial infrastructure, are also amassing vast quantities of data about consumers via devices like Amazon Echo, Google Home, and the upcoming Microsoft Invoke. Every time you order a Domino’s pizza, or an Uber car, or conduct a banking transaction using Echo, your data is being collected and used in theory, to provide you with better services.
But, even though that data is anonymized, and users can delete things they don’t want aggregated, the whole notion of a device listening in to you at home makes many people uncomfortable. One technologist with a financial institution that uses AWS, but who is not authorized to speak about it publicly, said he personally would never have an Amazon Echo or Google Home because he doesn’t want those companies collecting his personal data.
The problem for many users is, or should be, trust, said Snowden.
Get Data Sheet, Fortune’s technology newsletter.
“If you run on Google’s or Amazon’s technology, how do you know when it starts spying on you?” Snowden told the audience. “You have no awareness because it happens at a hidden layer of the software.”
For the record, these companies have said they are careful in how they collect, use, and protect customer data. The problem is whether you believe that.
This is the atomic moment for computer scientists. @Snowden #OpenStackSummit #freedom @OpenStack pic.twitter.com/7WhgbsDWTB
— … (@silentaug) May 9, 2017
And just as business users have very little visibility into what goes on in a public cloud, there is a similar issue of what’s happening in our own personal devices, including smartphones.
“When you put your phone on airplane mode or turn off location services, how do you know those things are really off?” Snowden asked. Toward that end, he said the Freedom Of Press Foundation is working on a design that will let phone users know definitively if their phones are sending data about their whereabouts.
Forrester Research (FORR) senior analyst Paul Miller said people should heed Snowden’s words. It can be fine to trust computing and data to a third-party, but you need to do so with your eyes open, he said.
