My last article discussed the problem with social media and privacy — or at least one facet of the overarching issue. As expected, there are readers who want to know what to do about it. It’s easy to throw out the standard advice on VPNs, basic tradecraft, and other such things, but let’s be realistic. People don’t take precautions that are inconvenient. In fact, the more work it is to be private, the less inclined people are to do it. Humans are lazy, after all, and it’s even easier to be lazy if you cannot see the actual, tangible effects of your data being used. Then it’s just an abstract idea somewhere.
This isn’t going to be an overly-technical treatise on how a phone works, how it violates your privacy, and all the geeky ways you can try to thwart it. What this series will be, is a common-sense look at what you, Joe Regular, can do with your phone right now, with some realistic facts about how bad it really is and whether your measures will work.
Where Are We Right Now?
As of 2017, about 77% of American adults have a smartphone. It’s unknown exactly how many kids and teenagers have one, but the numbers are staggeringly high. In other words, if you do NOT have a smartphone, you’re in the minority…but that won’t completely protect you either, as we’ll see.
We generally have our phones with us at all times, and instead of turning them completely off, we typically put them on vibrate or silent. They’re always on, always working and collecting, and as we now know, always listening.
What Does Your Phone Say About You?
We all have apps on our phone. In fact, apps can make life a lot more convenient. Here’s just a sample of some of the apps you might have:
- Diet trackers
- Sleep trackers, alarms, and even self-hypnosis
- Social media
- Texting apps
- Musical instrument tuners
- Shopping (Amazon, etc.)
- Mapping software (everything from Google Maps to GIS-type)
- Reading apps (Kindle, Aldiko, etc.)
- Website feedreaders
- Hobby apps for everything from hunting to cooking to crocheting
- Health apps for tracking vitals, blood sugar, medications, and more
- Mileage trackers for self-employed or business executives
- Real estate apps
The list goes on and on. In fact, you can even get apps that will track your menstrual cycles or pregnancies if you’re female. So let’s extrapolate that to what your phone says about you:
- Your height, weight, and level of satisfaction with your body type
- What you eat, when, and how much
- How well you’re sleeping, when you go to bed, and when you wake up
- Whether you cook or prefer to dine out, and where
- Where you are at any given moment, and with whom
- How stable your relationships are with family, friends, and spouses or significant others
- If you’re single, whether you’re looking, where you’re looking, and for what
- Who’s emailing you, and for what
- Who you talk to often, and exactly what you talk about
- What your hobbies are and how often you participate in them
- What news subjects interest you, and even why
- What websites you visit (and what your passwords for them are)
- Your politics, vices, beliefs, and secrets
- Your medical status, conditions, medications, and all of those weird body things you put into a search engine
- How well your business is doing on a day to day basis
All of those apps report back to someone, somewhere. As the Wall Street Journal reported a few days ago, that someone is Facebook. It doesn’t matter if you have a FB account, whether you have ever visited the social media giant or not. They collect your data anyway from the apps, and that relationship is two-way.
How bad is it? How personal does the data get? Here’s a glimpse:
In the Journal’s testing, Instant Heart Rate: HR Monitor, the most popular heart-rate app on Apple’s iOS, made by California-based Azumio Inc., sent a user’s heart rate to Facebook immediately after it was recorded.
Flo Health Inc.’s Flo Period & Ovulation Tracker, which claims 25 million active users, told Facebook when a user was having her period or informed the app of an intention to get pregnant, the tests showed.
Real-estate app Realtor.com, owned by Move Inc., a subsidiary of Wall Street Journal parent News Corp, sent the social network the location and price of listings that a user viewed, noting which ones were marked as favorites, the tests showed.
The best part is that none of the apps offered users a way to stop that reporting to Facebook. In fact, you’re assigned a hardware ID on your phone, and you can’t change it, so no matter what you can always be tracked. Even changing phones won’t matter, because you’ll install the same apps and link your profiles.
Sure, Facebook might be in violation of the law, but who’s going to stop them? And more importantly, even if they were completely barred from continuing the practice, that doesn’t stop what they already have.
TechCrunch found that a lot of companies use an analytic firm called Glassbox. That company has something called “session replay” which does exactly what you think — it captures every click, ever touch, every swipe you make and never tells you it’s doing it.
Glassbox posted a tweet last fall saying, “imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it? This is no longer a hypothetical question, but a real possibility. This is Glassbox. Experience it for yourself.”
On top of that, there was data leaking: passport numbers and credit cards, to be exact.
Icing on the Cake
As if all of this isn’t enough, last week Facebook got exposed yet again.
…Facebook has been secretly surveilling users it considers to be a “threat” by repurposing the Facebook app they had willingly installed onto their phones as a tracking beacon…
In case you’re still thinking that none of this affects you because you don’t have a Facebook account, let me go ahead and reiterate that it doesn’t matter. To repurpose a saying that someone I used to know said all the time, “You may not be interested in Facebook, but Facebook is interested in you.”
From its headquarters in Silicon Valley, all it takes is a click of a mouse for Facebook to track every EU lawmaker that has ever spoken a negative word about the company to see who they are meeting with in realtime. Those lawmakers smart enough not to voluntarily carry Facebook’s surveillance beacon in their pocket are likely still trailed by aides who do. As if that wasn’t enough, Facebook can track all of the journalists who have dared to cover the company in an unflattering light and can watch every academic and NGO privacy researcher to see who they might be meeting with. It can even read all of their private messages to see if their private missives to friend, family, spouses and children might shed any light on their research, reporting or policymaking relating to the company’s interests.
And just why, pray tell, do you think that Facebook wants all of this data? Is it really just targeted advertising? Filling their pockets?
Is there no other party who would be interested in such a treasure trove of deeply personal data? Is there nothing that could be done with it? Who would be willing to pay the exorbitant, nearly unlimited amounts of money that level of data — and the power that comes with it — is worth?
And if it’s not collected by that interested party, but instead purchased from companies who are collecting from users who, in many cases, are freely offering it, is it really a violation of the Fourth Amendment?
In the next segment of this series, we’ll start talking about what you can actually do about this. Spoiler alert: it’s all very inconvenient.