Gossip, Rumor Mills and Your Favorite Applications
Nathan Sweaney recently did a talk about privacy. Now don't roll your eyes... I know you've heard about how it's important… yadda yadda yadda... But... Nathan brought up a seriously good point towards the end: What if we COULD monetize and control our very own data? I’m paraphrasing here, of course.
Follow my train of thought here- You grow grass in your yard. You hate to mow. The grass gets the attention of a lawn mowing service and they offer to start mowing it for you- even clean up the clippings. This is GREAT! “Sign here!” they say with a smile.
But, then…
Then, you find out they have been selling your clippings as hay to a local farmer- for a really good profit margin, let's face it- they harvested from your land and don't pay YOU for it... sooo.... besides the gas they put in the mower and other overhead it's cheap for them to do it.
Now, do you demand a cut of the dollars? I mean, you fertilize your grass, you bought the land to put it on, you water it when it's dry... etc.
Is the free service worth letting them make money off of you?
Also- you have no idea of the character of the person/people coming to trim. What if they accidentally mow over your prized rose bushes? Knock down your mailbox? Start mowing at 5am? Or just because they’re near- they start doing the same thing to your neighbors citing that YOU trust them, so why shouldn’t they?
That’s the basic reality of our data-hay field. We’ve planted it, cultivated it- they sell it without ever being clear of their intentions. We just stand there and say, well at least the field has been cleared? Uhhh…. Wwwhhhhaaaattt?
But wait!
They give us control of what we share and when we share it? Right? Wrong.
All your favorite apps let you believe you’re controlling those things. According to one such policy,
“We also receive information about your online and offline actions and purchases from third-party data providers who have the rights to provide us with your information.”
Wait a minute… the third-party… have the RIGHTS to provide THEM with MY information? Did you get that sick feeling in your stomach too? Good.
Look, unless every privacy policy across every platform is exactly the same, the 135 or more third party folks have you, one way or another. Your social media platforms are selling access to your behaviors to third party data collectors, who then sell that to marketers- When I started scrolling through the list- I had never even heard of one of them. Maybe that’s just me though.
Take 4Info, “a platform that more effectively maps people, screens and data” as an example of a company I’ve never heard of and their policies around children under the age of 16 is pretty lax.
“Our Platform, Website and services are designed for those 16 years of age and older. If we are made aware that we have received personal information from someone under 16, we will use reasonable efforts to remove that information from our records immediately.” -4Info Privacy Policy
So what? They said they’d try real hard. Some of the data sets that they map of mini-you include a whole lot of weight loss and beauty products. That all sounds like exactly the sort of thing you want shoved in your preteen/teenagers face… for… how long is average use by teens anyway? Well- according to that hyperlink over there, “Teens spend an average of seven hours and 22 minutes on their phones a day, and tweens -- ages 8 to 12 -- are not far behind, at four hours and 44 minutes daily, according to a new report by Common Sense Media, a nonprofit that promotes safe technology and media for children.”
Awesome. Now our kids are connected faster than ever to being over exposed to shame inducing, low self esteem driven marketing campaigns which, by the way is a perfect emotional state for predators to find them. Just ask the Innocent Lives Foundation- I never wanted to know what grooming meant outside of the doggos pampering regimen.
By the way, what happens if one of the head-spinning number of marketing firms loses our little “grass clippings”? What if they- spring a leak? Well, now all that beautifully correlated log level reporting that documents your favorite adult sites, dating apps, health check look ups, and what bank you use is dumped all over the [spooky spirit fingers] darkweb. How do I know this? Well, in step my pals from various threat intel platforms- one of which featured their research with BuzzFeedNews last July. "Data Collection And State Surveillance Put LGBTQ People At Risk Online And Off" links back to an original article- "Online Surveillance, Censorship, and Discrimination for LGBTQIA+ Community Worldwide".
Join me, Evan Akin associate intelligence consultant who spearheaded the above report, Cy Eurdice with Innocent Lives Foundation and Will McCullen for the IT Center of Excellence and Cyber Warfare Range at PIMA Community College for The Coffee Table Talks : Did you hear? Your applications like to gossip...
System Engineer III @ IWCO Direct
4 年A little off topic... Have you watched Mr. Robot yet? It's about a hacker group that takes down the conglomerate that controls all of the data in the world. I wholeheartedly believe that we have reached an era where we are being controlled and manipulated by big tech. Other than completely going off of the grid, what other option do we have?...
Senior Technical Staff at Control Vision, Inc.
4 年Surveillance Capitalism is a good read despite its initial Marxist tilt.
Cyber Security Analyst | SSCP | CySA+ | Security+| Network+
4 年Over 7 hours a day screen time... I barely reach 2 hours a day. There is so much more to this world than the device in the palm of your hand.
Data privacy & protection, cybersecurity law, policy, research
4 年I think the first step in creating a sense of normalcy regarding the collection of our personal data was in public acceptance of the credit bureaus. We were sold on the legitimacy of their operations and somehow have been complacent in the bureaus' ownership of our data. Consider how hard they make us fight to correct incorrect information on our reports; the way they fought to keep us from accessing information about ourselves, charging us to view what is rightfully our property (because shouldn't information about us that is used to establish our identity and integrity be ours?). Credit bureaus, IMO, were the test case for 3rd party control of our data. We allowed them to basically take ownership of it and sell it to make a profit from it because we were convinced the bureaus provided us with a service. They aren't. That information could just as easily be vetted in any application we make. It's just more convenient to grab the data and analysis from a single entity than making all those calls. And that's it in a nutshell: we've sacrificed our autonomy over our identities, over ourselves, for convenience.
Detection Engineering | DaC | IR | Threat Hunting | CTI
4 年Livid will probably follow shortly. It's amazing that the option is coming down to give up your privacy or you can't participate. And it's not just apps - many in-person events are headed down that path. Consent to having your image, etc. used for whatever purposes or you are basically shut out because it's too complicated to make sure you aren't included in public postings. /rant