Privacy.

This is a long entry because I’m passionate about digital rights. Please take a moment to read. Thank you.

Imagine this: you run errands and come across a “magic” nightstand at your local department store. We’ll call said department store “Bigmart”. The magic part of the nightstand is that it transports a copy of whatever you put in that nightstand to a warehouse owned by Bigmart. The popular store chain is up front about how it works in that they own the warehouse, you don’t. The warehouse is secure and they claim they can’t see the contents of the warehouse, but they can unlock something if you lose your original copy and want to retrieve the latest copy of whatever was manually transported to the warehouse. They also let you know that because this warehouse can be used by thousands or millions of people, some of whom may not be the most morally grounded folks around, they’ll scan the contents from time to time to make sure you’re not doing anything illegal or shady with the contents you’re storing in their warehouse. They’re up front about all of this and you decide whether you want to put contents in the magic nightstand, knowing that whatever is transported to the warehouse plays by these rules.

Now, imagine Bigmart decides to change the rules. They have decided that in addition to scanning the copies that are magically transported to the warehouse, they’re also going to stop by your house every few hours and go looking through your nightstand. Now, they promise they’ll only look straight ahead when they enter your private dwelling and they will not look at anything other than the contents of the nightstand. They want to see what you have put in your nightstand for magic transport before it’s been actually transported to the warehouse.

Would you let the big company into your home and allow them to look at the contents of the nightstand? I can’t answer for you, but I will say that I would not allow this. I have no guarantee that Bigmart is looking at only the contents of the nightstand because I can’t see what they’re doing. I have to trust them, even after they’ve changed the rules of the transaction, because they use magic to transport and to get in and outside my house. I’m not allowed to see what they’re doing while they’re doing it.

Now, I know Bigmart is doing this for a good reason. They’re looking for nefarious material that could be harmful to other people, particularly children. They want to make sure I’m not using the magic nightstand to do illegal things. Instead of checking when these things arrive at the warehouse, they want to check before they get to the warehouse. And they don’t even have a list of what’s illegal, they’re just comparing the “fingerprint” of these things to a list of fingerprints. There’s one in a trillion chance the item’s fingerprint could wrongly match something on the list. They don’t even own the list. They’re just one of several companies that uses this third party list to check fingerprints.

I would still not allow Bigmart to come into my home and rifle through my nightstand, regardless of their intent. As an American, that feels a little too much like guilty before proven innocent to me, and while of course I don’t want anything illegal transported through my magic nightstand, they always said they would scan my stuff when it arrived at the warehouse, not come into my home and go through the nightstand first.

Apple announced they would start scanning photos destined for iCloud Photos (their cloud-based storage service) on each user’s iDevice (iPhone, iPad, etc) before it is uploaded to iCloud. This practice will begin in a future update. They’re doing this in the name of privacy and they’re doing this to save the children.

I’m all for saving children. This is a fact that is absolute, without question, and without hesitation. But I’m also really big on privacy. And scanning my files, even if they’re in a special bucket headed for iCloud, before they’ve actually arrived on the iCloud servers feels very creepy to this paranoid geek. Because Apple uses “closed source” software, meaning we can’t see how it works or when it’s doing these things, we the users have no idea as to what’s really happening. How do we know a cranky regime somewhere in the world isn’t going to add to the third party list of bad photos? Imagine if a dictator decided he or she (or they) wanted to know who has photos of adult, consenting, homosexual content on their phones? What if the FBI or CIA decided they didn’t want to limit the scanning of this nature to only photographs destined to be stored in iCloud? What if they wanted to see the contents of text messages or any other files on the user’s phone? What if someone hacks into your phone and puts something bad on it? The list can go on and on and on.

On the surface, Apple’s plans ding a person’s privacy quite a bit but when shrouded with the “but the children!” argument, users may not have a problem with the practice. I get that. But it’s a slippery slope. It’s a very slippery slope. And for years Apple has been selling their devices on the promise of them being the most privacy conscious company in tech.

It’s like they did a 180 overnight.

When we give up a little bit of privacy, we have the potential of giving up all of our privacy. We need to keep our children safe, no question.

But we need to keep our privacy safe as well.

Privacy.

Photo courtesy of NBC News.

While I still use Facebook to keep in touch with family and friends, as well as participate in some groups that are not available anywhere else on the Internet, I absolutely refuse to have the application on my iPhone.

Here’s why. This is a list of all the ways the Facebook iOS app tracks your phone usage, courtesy of the new privacy information available with the latest version of iOS on my Apple iPhone X.


App Privacy

The developer, Facebook, Inc., indicated that the app’s privacy practices may include handling of data as described below. This information has not been verified by Apple. For more information, see the developer’s privacy policy.

To help you better understand the developer’s responses, see Privacy Definitions and Examples.

Privacy practices may vary, for example, based on the features you use or your age. Learn More

Data Used to Track You

The following data may be used to track you across apps and websites owned by other companies:

Third-Party Advertising

Contact Info
  • Physical Address
  • Email Address
  • Name
  • Phone Number
Identifiers
  • User ID
  • Device ID
Other Data
  • Other Data Types

Developer’s Advertising or Marketing

Contact Info
  • Physical Address
  • Email Address
  • Name
  • Phone Number
Identifiers
  • User ID
  • Device ID
Other Data
  • Other Data Types

Analytics

Contact Info
  • Physical Address
  • Email Address
  • Name
  • Phone Number
Identifiers
  • User ID
  • Device ID
Other Data
  • Other Data Types

Product Personalization

Contact Info
  • Physical Address
  • Email Address
  • Name
  • Phone Number
Identifiers
  • User ID
  • Device ID
Other Data
  • Other Data Types

App Functionality

Contact Info
  • Physical Address
  • Email Address
  • Name
  • Phone Number
Identifiers
  • User ID
  • Device ID
Other Data
  • Other Data Types

Other Purposes

Contact Info
  • Physical Address
  • Email Address
  • Name
  • Phone Number
Identifiers
  • User ID
  • Device ID
Other Data
  • Other Data Types

Data Linked to You

The following data, which may be collected and linked to your identity, may be used for the following purposes:

Third-Party Advertising

Purchases
  • Purchase History
Financial Info
  • Other Financial Info
Location
  • Precise Location
  • Coarse Location
Contact Info
  • Physical Address
  • Email Address
  • Name
  • Phone Number
  • Other User Contact Info
Contacts
  • Contacts
User Content
  • Photos or Videos
  • Gameplay Content
  • Other User Content
Search History
  • Search History
Browsing History
  • Browsing History
Identifiers
  • User ID
  • Device ID
Usage Data
  • Product Interaction
  • Advertising Data
  • Other Usage Data
Diagnostics
  • Crash Data
  • Performance Data
  • Other Diagnostic Data
Other Data
  • Other Data Types

Developer’s Advertising or Marketing

Purchases
  • Purchase History
Financial Info
  • Other Financial Info
Location
  • Precise Location
  • Coarse Location
Contact Info
  • Physical Address
  • Email Address
  • Name
  • Phone Number
  • Other User Contact Info
Contacts
  • Contacts
User Content
  • Photos or Videos
  • Gameplay Content
  • Other User Content
Search History
  • Search History
Browsing History
  • Browsing History
Identifiers
  • User ID
  • Device ID
Usage Data
  • Product Interaction
  • Advertising Data
  • Other Usage Data
Diagnostics
  • Crash Data
  • Performance Data
  • Other Diagnostic Data
Other Data
  • Other Data Types

Analytics

Health & Fitness
  • Health
  • Fitness
Purchases
  • Purchase History
Financial Info
  • Payment Info
  • Other Financial Info
Location
  • Precise Location
  • Coarse Location
Contact Info
  • Physical Address
  • Email Address
  • Name
  • Phone Number
  • Other User Contact Info
Contacts
  • Contacts
User Content
  • Photos or Videos
  • Audio Data
  • Gameplay Content
  • Customer Support
  • Other User Content
Search History
  • Search History
Browsing History
  • Browsing History
Identifiers
  • User ID
  • Device ID
Usage Data
  • Product Interaction
  • Advertising Data
  • Other Usage Data
Sensitive Info
  • Sensitive Info
Diagnostics
  • Crash Data
  • Performance Data
  • Other Diagnostic Data
Other Data
  • Other Data Types

Product Personalization

Purchases
  • Purchase History
Financial Info
  • Other Financial Info
Location
  • Precise Location
  • Coarse Location
Contact Info
  • Physical Address
  • Email Address
  • Name
  • Phone Number
  • Other User Contact Info
Contacts
  • Contacts
User Content
  • Photos or Videos
  • Gameplay Content
  • Other User Content
Search History
  • Search History
Browsing History
  • Browsing History
Identifiers
  • User ID
  • Device ID
Usage Data
  • Product Interaction
  • Advertising Data
  • Other Usage Data
Sensitive Info
  • Sensitive Info
Diagnostics
  • Crash Data
  • Performance Data
  • Other Diagnostic Data
Other Data
  • Other Data Types

App Functionality

Health & Fitness
  • Health
  • Fitness
Purchases
  • Purchase History
Financial Info
  • Payment Info
  • Credit Info
  • Other Financial Info
Location
  • Precise Location
  • Coarse Location
Contact Info
  • Physical Address
  • Email Address
  • Name
  • Phone Number
  • Other User Contact Info
Contacts
  • Contacts
User Content
  • Emails or Text Messages
  • Photos or Videos
  • Audio Data
  • Gameplay Content
  • Customer Support
  • Other User Content
Search History
  • Search History
Browsing History
  • Browsing History
Identifiers
  • User ID
  • Device ID
Usage Data
  • Product Interaction
  • Advertising Data
  • Other Usage Data
Sensitive Info
  • Sensitive Info
Diagnostics
  • Crash Data
  • Performance Data
  • Other Diagnostic Data
Other Data
  • Other Data Types

Other Purposes

Purchases
  • Purchase History
Financial Info
  • Other Financial Info
Location
  • Precise Location
  • Coarse Location
Contact Info
  • Physical Address
  • Email Address
  • Name
  • Phone Number
  • Other User Contact Info
Contacts
  • Contacts
User Content
  • Photos or Videos
  • Gameplay Content
  • Customer Support
  • Other User Content
Search History
  • Search History
Browsing History
  • Browsing History
Identifiers
  • User ID
  • Device ID
Usage Data
  • Product Interaction
  • Advertising Data
  • Other Usage Data
Diagnostics
  • Crash Data
  • Performance Data
  • Other Diagnostic Data
Other Data
  • Other Data Types

Practice What You Preach.

My husband and I watched “The Social Dilemma” on Netflix last weekend. It’s a documentary about the effects of social media, and more importantly information capitalism, on society and how it’s basically ripping apart our social construct. The focus of “The Social Dilemma” is on Facebook, but it also talks about other platforms such as Twitter and Instagram and addresses the major issues around Google.

After watching “The Social Dilemma”, Earl took Facebook and Facebook Messenger off of his phone. I had done the same months ago, but had recently put it back on, albeit sandboxed to the best of my ability so that it wouldn’t have access to my location or contact data or push notifications or anything.

I need to follow the lead of my husband. He is a very smart man. I removed Facebook and Facebook Messenger from my phone this morning. Again.

I decided to go a step further and remove Facebook from my iPad. Before doing so, I posted the photo above without a caption. I doubt anyone will notice.

Aside from the manipulation and raping of personal information that is inherent to Facebook’s business model, I came to realize that Facebook has pushed too much information about my family and friends in my direction. Last night I had a cousin push a fake video edited to make Joe Biden look like he was barely coherent to her husband and for some reason Facebook felt I needed to see that interaction. Seeing activity like this has caused me to question the moral foundation of too many friends and members of my family. Fake video aside, there have been many comments about Joe Biden’s stuttering. How many of the folks making fun of Joe have made fun of me behind my back? Why would I want to associate with people that take delight in making fun of people? Why would I allow myself to get sucked into that sinking vortex of mockery and find myself doing the same thing?

It’s gross.

I think the main reason for removing Facebook from my devices (again) is it’s battering my soul and damaging the good memories I have of people. Your politics and beliefs shouldn’t be my business, as long as you’re not out to reduce my standing as a citizen based on my sexual orientation. I want people in my life that I know would have my back in a tough situation.

The dialog on Facebook has shown me I can’t trust many of the folks I call “friends”. This makes me sad.

And I don’t want to be sad anymore.

Search.

Google really loves it when you use their Google Chrome browser as the default across your devices. When you tie your devices together in this fashion it is much easier for ad revenue dependent companies to glean and scrape every scrap of information they can about your life. When I mention this to people, particularly Android users, I’m reminded they have nothing to hide and besides the other options are too expensive, slow, and don’t provide the same convenience.

Back in the 80s and 90s a certain segment of the population would become surly when asked for their phone number when making a purchase at Radio Shack. Heck, back in the day department stores would do some rudimentary marketing by asking for your five-digit zip code at the checkout. I remember more than one occasion where a person in line ahead of me would refer to give it because apparently they didn’t want the department store to know they were from the village with a population of 2500.

Look, I know what I do online leaves traces for others to query. Consumer tracking is an unfortunate reality of using the Internet, especially in the United States. Using the same (non-Gmail) email address for over two decades has tied my information together in ways I can’t even imagine. But what happens when the ad companies start talking to one another and your email address is tied to your Google searches? What if, and this is not outside the realm of possibility at all, a cashier were to enter your email address at a Point of Sale terminal in your neighborhood market and then suddenly recommend an ointment for the skin rash you had last week? Would that make you comfortable?

We like to think Google gives the best search results to our queries because it skews the results to our tailored interests. If Google thinks you’re a conservative, if you might see results for “climate change” that point you to a right-leaning beliefs or even conspiracy sites. Lean the other way and your results could lead you to a protest in your community.

This is why I try to use DuckDuckGo for all of my searches and why I have also defaulted to the service as my preferred search engine on all my devices. A quick side bar: it’s interesting to me that Apple touts its privacy practices front and center on the majority of their marketing but they elect to set Google as the default search engine on both iOS and MacOS. How’s the cooperative revenue opportunity working for the two tech giants?

In iOS and iPadOS, if you want to change your search engine, go to the Settings Panel, find Safari, and then you’ll see an option for “Search” near the top of the parameter list. There you can select a different default search engine for your web browser. In Mac OS this is available under “Settings” in Safari. In Windows 10 it’s specific to the browser you’re using, likewise for alternate browsers on iOS and Mac. Linux users already know how to change it.

We can all co-exist on the Internet without giving companies, and perhaps other bad actors, the entirety of our lives. As human beings we have a right to privacy.

In the Digital Age we have to work a little harder for it.

Privacy.

From John Gruber at Daring Fireball.

>This new ad from Apple touting iPhone privacy protection is good, and genuinely funny. But what makes it funny — the premise is a series of people loudly sharing in the real world the sort of information that gets unknowingly tracked online — is actually the perfect analogy to help explain how the tracking industry — what ought to be considered the privacy theft industry — has grown into existence.

Consider the new ad-tracking privacy protection feature in iOS 14. The tracking industry, led by Facebook, is up in arms about it — apparently such that Apple might delay enforcing it for a few more months, according to this report today by Alex Heath for The Information (paywalled, alas — here’s MacRumors’s summary). Heath’s report closes thus:

Branch CEO Alex Austin, whose company specializes in measuring the effectiveness of ads in mobile apps, called Apple’s proposed change to IDFA “unworkable for the app ecosystem.”

“Apple’s move has gone too far, disproportionately disrupting a vibrant app ecosystem by throwing the baby out with the bathwater,” he told The Information.

The entitlement of these fuckers is just off the charts. They have zero right, none, to the tracking they’ve been getting away with. We, as a society, have implicitly accepted it because we never really noticed it. You, the user, have no way of seeing it happen. Our brains are naturally attuned to detect and viscerally reject, with outrage and alarm, real-world intrusions into our privacy. Real-world marketers could never get away with tracking us like online marketers do.

Imagine if you were out shopping, went into a drug store, examined a few bottles of sunscreen, but left the store without purchasing anything. And then immediately a stranger approaches you with an offer for sunscreen. Such an encounter would trigger a fight or flight reaction — the needle on your innate creepometer would shoot right into the red. (Not to mention that if real-world tracking were like online tracking, you’d get the same creepy offer to buy sunscreen even if you just bought some. Tracking-based offers are both creepy, and, at times, annoyingly stupid.)

Or imagine if you found out that public billboards were taking photos of people who glance at them, logging those photos to a database, and using facial recognition to match them with photos taken at point-of-sale terminals in retail stores. That way, if, say, you were photographed looking at an ad for a soft drink, and later — hours, days, weeks — purchased that same soft drink, the billboard advertisement you glanced at hours, days, or weeks before could get “credit” for your purchase.

We wouldn’t tolerate it. But that’s basically how online ad tracking works.

The tracking industry is correct that iOS 14 users are going to overwhelmingly deny permission to track them. That’s not because Apple’s permission dialog is unnecessary scaring them — it’s because Apple’s permission dialog is accurately explaining what is going on in plain language, and it is repulsive. Apple’s dialog describes something no sane person would agree to because it is something no sane person would agree to.

Just because there is now a multi-billion dollar industry based on the abject betrayal of our privacy doesn’t mean the sociopaths who built it have any right whatsoever to continue getting away with it. They talk in circles but their argument boils down to entitlement: they think our privacy is theirs for the taking because they’ve been getting away with taking it without our knowledge, and it is valuable. No action Apple can take against the tracking industry is too strong.

Caturday.

I think Truman is getting bored with the subtle changes in our routine, even though we’re both home most of the time under normal circumstances. He knows something is different with the world but he can’t put his kitty paws on the details. Kibble and treats are happening on schedule but something tells his feline sixth sense that something is off.

To help cope with this situation he works on shredding the couch (I was tempted to call it a ‘davenport’) and climbing the screens on the windows to the balcony.

He needs a catcation, despite the innocent look displayed in the photo above.

Data Privacy.

My brother-in-law owns a company that maintains gas pumps and associated equipment at service stations in the Pennsylvania-New Jersey area. During a recent visit he noticed a station down the street that had “canopy pumps”, where the mechanics of the fuel pump is incorporated into the supports that hold the canopy over the area, presumably to shelter customers from the elements while they’re filling their vehicles with explosive liquid. While here he didn’t get a chance to snap a photo of the pumps, but I told him I would stop by and do so. He’d use the information to research where the pumps were from and if his company could get access to them for his customers.

The easiest way for me to share the photos I snapped this morning was to send him a message on Facebook Messenger. As I mentioned earlier this week, I no longer have “infinity pools of information” apps on my iPhone, and I’ve pretty much disengaged from Twitter permanently, but I still have a Facebook account that I can access on my iPad. I sent him the photos and he sent me a note of thanks. I like my brother-in-law, he’s a really good guy and I’m always happy to help out. Generally speaking I’d say I’m a pretty lucky man in the “in-law” department.

I decided to do a quick scan of Facebook to see what’s been happening with family and friends and immediately I was peppered with all sorts of service station related ads: Exxon Mobil, Shell, Gulf, the virtues of the environmental work of BP, etc. Prior to the three photos I had sent via Facebook Messenger, I had never seen an ad on Facebook for a gas station.

Anyone that believes their communication over Facebook Messenger, or any of their other associated applications, in out of their minds. I know family and friends that completely rely on What’s App. The company is owned by Facebook and the data is mined by Facebook. Instagram? Same deal. And Mark Zuckerberg has said on multiple occasions that Facebook’s intent is to tie the messaging mechanisms of all their apps into one database, one point of control, and one platform.

Earl remarked yesterday that he mentioned something while visiting with his brother the other night and now he had ads popping up on Facebook. He insists the only way Facebook could know about these things was to hear the conversation. The topic was so out of the norm, so off the wall, that there was no way he had searched for anything remotely related to what they were discussing so theoretically there should be no digital trail. That would mean Facebook had to be listening to him through the app on his iPhone.

There’s a reason I don’t have the Facebook app on my phone. How I wish there was something around the disrupt Instagram, but the likes of Flickr really screwed that up.

Please be cognizant that nothing you do online is safe, and nothing you do on your phone is completely private. I have lived by this rule for 30+ years and it still holds true today: If you don’t want it appearing on the front page of the New York Times, do not type it into a computer.

I guess that applies to innocent conversations as well.

Chromed.

I’ve never really been a fan of Google’s Chrome browser. There’s just something odd of trusting all of your browsing activity to a browser made by a company that relies on user data and ad revenue as its primary revenue source. Here’s an excellent article that recently appeared in The Washington Post that explains many of my concerns without getting too lost in the technobabble.

What was a little surprising to me was that organizations like health insurance companies and school loan facilitators are also in on the tracking business.

My tests of Chrome vs. Firefox unearthed a personal data caper of absurd proportions. In a week of Web surfing on my desktop, I discovered 11,189 requests for tracker “cookies” that Chrome would have ushered right onto my computer but were automatically blocked by Firefox. These little files are the hooks that data firms, including Google itself, use to follow what websites you visit so they can build profiles of your interests, income and personality.

Chrome welcomed trackers even at websites you would think would be private. I watched Aetna and the Federal Student Aid website set cookies for Facebook and Google. They surreptitiously told the data giants every time I pulled up the insurance and loan service’s log-in pages

That’s just creepy.

Commitment to Privacy.

A recent Macworld article highlights Apple’s commitment to user privacy in this digital day and age. An interesting read for all, but especially for the geek minded. The article also highlights the importance of “Sign In with Apple”, the new sign-in initiative from Apple I mentioned in yesterday’s post.

But convenience is only part of what makes Sign In with Apple such an excellent feature. Apple has baked privacy and security so deep into Sign In with Apple that it won’t work unless your account is protected with two-factor authentication. It uses Face ID or Touch ID on the iPhone and iPad. The coolest feature of all: you can opt to use a fake email address that forwards to your real one so the service you’re signing into won’t have access to your contact info.

1 Comment

Sign In With Apple.

Image courtesy of CNET

So Apple’s Developers Conference, called “WWDC”, which stands for “Worldwide Developers Conference” is underway in San Jose, California. The event is kicked off with their annual WWDC Keynote, which outlines the plans Apple has for their Operating Systems for the foreseeable future. This year Apple announced updates to all of their operating systems, including bringing iPad its own operating system called iPadOS. This will help separate the iPad from the iPhone experience a little bit.

In recent years Apple has doubled down and gone the extra step with their privacy efforts. Their built-in web browser, Safari, has plenty of privacy options. When shared with an application, location information is anonymized by default. Photo processing is done locally on the device and iCloud data is encrypted by default, without scanning for advertising opportunities.

One of the way ad-based Internet companies track you is by having you use your sign-in information with their service across third party apps. Most Internet users are familiar with message boards with “Sign in with Facebook” or third party apps like Dropbox with “Sign in with Google”. These services are convenient for the user; you don’t have to remember multiple passwords. However, it’s a tracking opportunity for the company providing the sign on service, plus it often forms a two-way information sharing opportunity for the sign on service and the third party application. Things like your name, nickname, email address, birthday, etc. could be shared across this connection. Plus, how many times have you received an email with advertising after using these credentials for a service that is at best vaguely related to the third party offering?

“Sign in with Apple” is a new way of signing in on your Apple devices. Tied with FaceID or TouchID (or other authentication methods, depending on the device), Apple will authenticate your identity and that’s it. If the third party service requires an email address, Apple will generate a random email address that forwards to your address. And that random address is used only for that service. Sick of emails from them? Delete the random address. You don’t need to change your real email address.

This is awesome.

One of my biggest pet peeves of today’s Internet is the amount of tracking and advertising. “Sign in with Apple” will be a great way to help combat that issue.

It’s just another reason I call myself a “Crazy One”.