Privacy Paradox – What Your Phone Knows

Featured image by Rami Al-zayat

Bruce Schneider makes an interesting distinction in his interview in this episode, “so imagine I hired a private detective to eavesdrop on you…” he’d bug your home etc and the report would contain the content of your conversations, that’s the data. However, “if I were to ask him to put you under surveillance, where you went, who you spoke to, what you read, what you looked at…” that’s the metadata.

It’s this metadata that we’re looking at in today’s challenges. Your phone provides access to all kinds of metadata to different apps. Over time when using apps there are always pop ups, give Facebook access to your photos, your location, your microphone and more. You turn it on that one time, and forget! There is no option for “allow once”. Come on Apple, provide that third option!

Today’s Tasks

Task 1: Go through your phone’s privacy settings and try turning off microphone or location access in one app. Or two! Or three.

Location services: Most apps seem to be set to never, and those that aren’t are set to “while using”. I’m going to try turning most of these off completely and see if I really need that turned on.

Contacts: I’m a bit surprised so few apps on my phone ask for the contacts list. Most of all I’m surprised that Facebook and Messenger don’t appear in this list, or LinkedIn. I suppose Facebook the app doesn’t need it, as Whatsapp provides that information to their parent company over all. Of course this is only how contacts are connected on the phone, that doesn’t account for how Apple and email services like Gmail scrape your contact list.

Photos: This one I’m a bit torn on. I Tweet photos, post to instagram, send friends photos via Whatsapp and Messenger so on one level it makes sense to allow these apps to read and write to the photos app. Where it feels weird is with the metadata that is attached to those photos such as when and where the photo was taken, depth of field, etc. During TvsZ 4.0 (a game played on Twitter) I happened to be traveling so I posted a photo and stated I was hiding from the zombies in an unknown city. Within moments another player identified I was in Reykjavik. I thought to myself “shoot, I’ve left location services on on Twitter” but as it turned out they had found the location in the photo metadata.

Microphone: This one is easy. None of these apps should need the use of my microphone, OFF!

Camera: This one is a bit tricky too (see Photos above). I am going to try turning about half of the apps off and see if I notice.

Health: “Allow ‘Messages’ to read data: heart rate” … WTH APPLE!?

Motion and Fitness: I hate that “on by default” is a thing. Turn all this nonsense off.

Task 2: Download Signal. Signal is an encrypted text messaging service.

More from Bruce Schneider, he recounts a story at 9:15 in the podcast about an US official refused to take a drug test (and no one underneath him would either). Even though he had nothing to hide, privacy is something we should protect. It’s those who have privilege in society that need to support these notions for those who can’t defend themselves.

A little more

I heard an interview with Bruce on another Note to Self podcast episode. I strongly recommend at least listening to that. During the interview Manoush asks him about his book, Data and Goliath, and I managed to find an audio book version. I tend to be on the road a lot, so audio books are my preferred way to get into books new and old. Again, I recommend this book as a ‘get to know the world around you’ sort of piece. I listened to it over a year ago, but one thing from it that maybe has stuck most with me was a study he references (sorry I can’t find pages #s). A researcher managed to take anonymized census data in the US and combine that data with other big data sets that are available on the market (yeah, your info is for sale). After combining the datasets the researcher was able to identify over 90% of folks from the anonymized set. Does that creep you out as much as it creeped me out?

Leave a Reply

Your email address will not be published. Required fields are marked *