29 Nov 2023

In our fifth episode, we speak to François, a Quebec-based consultant deeply involved in open-source and privacy for over a decade, aims to fortify small businesses against cyber threats in an interconnected digital world.
I’m François, and I’m a consultant. I’m based in Quebec, in Canada. And why should we trust me? My backstory is that I have been involved in open source stuff, privacy stuff for a long time, more than 10 years. And I find it really, really important, especially when we began to have more data events like data leaks and cybersecurity stuff. And slowly I saw the legislation moving. I was following GDPR stuff from here like six, seven years ago. And I found that, okay, we need this kind of legal infrastructure to motivate people to learn about privacy and security. And now it’s getting air and we are beginning to have those kinds of legislation. But I want to protect small businesses because I think a small business is really vulnerable in the digital era. So that’s my motivation.
And I’ve done small business, not even having a dedicated IT team, so they’re not at the point where they will have someone dedicated to security. And as we see, they are more and more targeted because often they can be a stepping stone toward one of their clients, which would be a larger company, which is the ultimate target for cyber criminals. So that’s something I tell people. Sometimes you think your data is small, it’s not really important, but it’s important. It has value because cyber criminals want to have a massive amount of data to build a scenario to attack larger companies. Even if you protect yourself and if your friends around you and people you send email to, don’t protect themselves, you are vulnerable because it’s a team sport, privacy is a team sport. If you protect yourself, that’s fine, but other people need to protect you and you need to protect other people too.
So that’s the kind of mindset I want to implement, especially in a place like here in Quebec where all small businesses work together. Because we’re not a large community where we are, especially with our Québécois background, we’re French Canadian speakers and we have a strong small business network here. As I see, we’re all interdependent to another. So that’s something that I really care about. I really care about having our small business here as secure as possible and making sure people are aware of the privacy issues with sharing personal data without understanding how this data is used.
Yeah, so I’m a small consultancy, so I’m kind of a freelancer. We don’t name it this way in Quebec, but I’m a freelancer. And the way I want to bring privacy in small businesses is mostly I think that we should at some point replace patchworks of software as a service that they’re cheap. So people usually go for them, they have a free tier before paying for a larger tier, and they end up having a lot of them. So they lose awareness of where their data and their customer data is. I think a better way would be to bring back the compute and the software locally. So on the first thing, the first step would be to bring them back into our legislation, which is Quebec, in Canada, the data legislation is by the province. So on the Quebec level, then bringing people to use self-hosting for cloud software.
So software that is available as self-service for the customers, their website, their e-commerce, that kind of stuff. So having it locally, at least on self hosting. So infrastructure that they, not necessarily that they own, but at least they rent the server so they know where it is located, they have a control of what’s in, what’s out. And then also, why not bring most compute on our computers? We’re small businesses. We don’t need to have a large distributed system. We can do a lot of stuff on our powerful local laptops. And I think with some kind of awareness that we have powerful machines, we can then do a lot of stuff locally. And the best space for privacy is home. And it’s the same thing for computers.
The way I think we are a small business, so maybe we can bring back the stuff home or our business would be incredible.
One thing I could change with a magic wand would be for everyone to have their own data server, their own data store that is easy to control and then easy to give approval to use this data. So it comes back to self-hosting your data. I talked about it on the business side, but I think we should also go to the customer side, the citizen side, the family, the people, the friend side of things. Where you can, instead of sharing your family album on Facebook, you have this capacity to share it on your platform and then just click a box to share with friends and it shares with friends only. And it’s all managed behind the scenes, but you can stop everything. And the thing is that the data doesn’t spread around. It stays locally. And other people, like with the Fediverse, Mastodon and company, they access your data through their instance, and they think it’s out there on the internet, but it’s not. It’s locally hosted on your machine. So I would go with the Fediverse, but in a more user-friendly way. So this is my magic wand.
My main social place is LinkedIn. So I’m on LinkedIn. It’s the best place to maybe start reading my opinions, my stuff sharing about my business. I’m pretty involved in conversation, so it’s easy to put, just hit me on a publication in the comments and I will jump in the conversation. I really love to do that, to participate on the network.
Other than that, I have my own website, so my business is named “Je valide ça,” it’s a French name. It’s kind of a tongue in cheek to use the .ca domain. So in English it would mean I Check This or I Validate This, so it fits with the privacy or security stuff that I’m working with. And outside that, I also have other social networks, mainly Instagram, but it’s more casual. But for privacy stuff, really, it would be on LinkedIn.
I can also join Slack or Discord or those kinds of initiatives. So just invite me and I will jump in. I really like to learn about new communities, so that’s the best way to reach me for now. I know it’s not the most privacy aware place, LinkedIn, but LinkedIn is the place where most professionals, especially in privacy are. That’s where the community is. So yeah, LinkedIn is the place to be.
