68 Likes to Know Who You Sleep With: How Your Phone Leaks Intimate Details of Your Life
Original article posted on Medium.
What if I told you that, from your call logs alone, someone could identify your relationship status, the place you live, and the status of your health?
If your call logs weren’t available to someone, don’t worry, they only need to see you “Like” a minimum of 68 posts on Facebook to determine your sexual preferences, political affiliations, drug and alcohol use, and parents’ relationship status.
You don’t have a Facebook? Not a problem. Do you use an app to navigate? Your preferred locations are saved and if you go somewhere new or unusual, let’s say, to another company’s building to interview for a new job, your location rats you out before you have the chance to tell your boss you’re quitting.
You’ve been warned time and time again. You’re being tracked. And yet, while the data we share can be used to tell the world so many intimate details of our lives, we share this data with most who ask. Why? Because the decision to share this information is made up of a series of small decisions.
Apps ask for access to your data when they need it. That means that you’re rarely looking at the entire landscape of data you share. When it’s time to make these decisions about your privacy, they are presented to you as independent decisions. This is a psychological principle known as “framing” wherein the decision you make is more influenced by the way in which it is presented to you than the reality of the decision.
I used to not be worried about this. I have a generally positive faith in humanity that even if my whole life was public, that I wouldn’t be harmed by it. But that’s the thing: for most people, harm won’t come in the form of the police banging at your door with a warrant for your arrest. Rather, the attack on most people is nuanced. The information you share manifests in a targeted attack on your livelihood in the form of subconscious manipulation. Instead of your data ending you in jail, algorithmic advertising and content suggestions influence your belief system, putting you in a kind of mental prison. You think you’re in control while the ad tech companies are laughing all the way to the bank.
How are these companies getting your?data?
On both Apple and Android phones, your data is protected by permissions. These permissions require the user to accept or deny a specific app access to each category of data before the phone will share it. You may have seen a permission request look like this:
But it’s not just the one company that’s getting your data. Any third-party services the app uses also have access to any data you share with the app. That means if you let Netflix access your location, if the company uses an analytics provider like Google’s Firebase, now both Netflix and Google have your location. When your apps share your data with these third-party services, they are legally required to disclose this information to the user. But in practice, these disclosures are buried in privacy policies full of legal jargon only the lawyers enjoy reading (and probably not even them…).
Your data can also be leaked without you accepting permissions/in unintentional ways as well. It is convention nowadays for apps to connect to the internet using secure communications, but it has been shown that a non-negligible percent of communications are unencrypted. This means that if your data is sent unencrypted, anyone can get it.
领英推荐
In the way back, dimly-lit part of this system of tracking users lies the data aggregators. They are the real stars of the show. They scour the internet for any data on you and combine that with data shared with them and data they purchase to build an intimate profile on you. These data aggregators say they will only sell their database of user data to vetted companies but to trust them would require us to have blind faith.
To show the magnitude of data available to purchase, the New York Times purchased 50 billion location pings from 12 million Americans. From this data, the Times was able to track the movement of individuals from their homes to their office to their favorite coffee shop — information on users that could easily be used to manipulate or harm someone.
“Within America’s own representative democracy, citizens would surely rise up in outrage if the government attempted to mandate that every person above the age of 12 carry a tracking device that revealed their location 24 hours a day. Yet, in the decade since Apple’s App Store was created, Americans have, app by app, consented to just such a system run by private companies.”
What should we?do?
Privacy is not about hiding from the world and keeping everything about yourself a secret. That’s not sustainable nor is it beneficial. Sharing our data with companies has given us incredible technologies like Google Search and Amazon’s marketplace. The level of innovation fueled by mass analysis of data has improved the lives of billions. Privacy is the ability for people to have full control over who/what/where/how/why they share their data. That is the world I want for us.
You might expect me to ask you to “join the fight to take down the evil tracking companies.” But that good v.s. evil mentality has resulted in the current system of fleeting, reactionary enforcement of privacy. That call to action is valiant, but limited by the amount of “buzz” the problem can generate and the scope of our legal and social systems to punish it. In reality, most of these vulnerabilities are left in an unattended minefield of privacy concerns. What must happen is a collaborative and preventative effort to force these companies to be transparent about the data they collect and the entire lifecycle of that data.
Trust me, I understand that this threat against personal privacy is abstract and can feel too big to comprehend. My whole research is focused on privacy and some days I wake up and feel like my efforts are a drop in the bucket.
If you have ever felt that way too, start with a few things. Like my mom likes to remind me: To eat an elephant, you must start with one bite. Here are some suggestions for that first bite:
Note: References have been embedded in the post as links.