quick come back to IT security and privacy

While having dinner with friends yesterday we talked about IT security for moment. One of them basically said he was totally surprised, that websearches he had done on Android show up on his iPhone as well. He is not an IT guy, so maybe it is useful to explain this a bit further….

Starting with Android (and I don’t want to ditch it, I need to say this right in the beginning) is mainly driven by Google. As Google does not charge for it’s services (except for computing power in the Cloud) and it is a business, the question is, how to they make money – well, I know it is obvious to a lot of people, but let me restate this: Advertising.

By simply showing you something that might be interesting for you and that you are willing to buy. Now, if I think about advertising, I think about magazines and TV first of all. When there are ads on TV I assume I do what most others do as well – I turn down the volume, start zapping or walk away from the TV. What makes Google more effective for those that want you to see advertising is that Google knows who you are (well, not necessarely all your name aso, but you for sure have an ID with them). So whenever you provide data to them they get to know you better. How do you send them data?

Well by using Chrome, signing into google when you use it – and obviously by using android. It is designed to collect data and I would even claim, that Google has no interest at all to make Android more secure and isolate Apps better from each other as that means users get more control on what Apps get access to and what they can use to send it back home and profile you.

To be frank, yes, there is a convenience factor here, but you are paying for it with your data.

Now I hear the same argument being made again: I have nothing to hide. As much as that is probably true for my friends, you I think, are missing the point. Ask yourself if you would post all your personal data on your house so everbody can see it. If you say: Sure, then move on. If you say no, then I think you might have nothing to hide but you also don’t want everybody to know.

In the end the real problem starts with the technology available these days. Computers are now able to process and correlate huge amounts of data and with arteficial Intelligence make sense out of it easier than years before.

So, maybe a simple example: You share your geo location with google (because you, for example use Google Maps). So Google will get to know where you start your journey from (mostly home it a lot of cases) and where you often go to in the morning (work), or on the weekend for shopping. It is not very hard to connect these dots. I spoke about this on an earlier post and you can easily see the recorded geo data Google has from you!

Now, moving on. You communicate via WhatsApp, Facebook, whatever. Even if WhatsApp might not analize your data (Google is known to process your mail for patterns), you send them other data. When you use it, where, aso. Just again, data that is interesting to profile you and allows a company to show you better ads, that they can then charge the companies higher fees for.

All apps tend to ask for permissions, but you should really think what is needed. You should think if you want to sign in or if you want to use the private browsing mode of a brower. I am not saying that all is a secure way to not be profiled as there are new ways that internet companies are able to use data of your computer to assign you an ID and identify you. Your CPU, Resolution, whatever. All that data that Browsers can read from your machines.

All this data likely provides a pretty good picture of who you are. And if you still think, I don’t care, pls follow this thought: Assume you want to sign up for an isurance. Would you want your health insurance to track if you work out, what you eat, how much you drink and smoke? Do you want to live in a world when you have your next hangover your healt insurance raises because you poisoned your body? Even if we think we do live healthy, science can change and something we do now might be seen as bad – once that is treacked it will affect fees later on. So I don’t think it’s that easy and simple – unfortunately.

So – I think we should all be careful about what we share on the internet and use our brains. As much as we don’t invite any foreign people into our lives immediately, we shouldn’t do the same in the internet. And we should respect other peoples view’s and needs as well. For example. I am consciously not posting pictures of my kid. Or I am trying to stay vague on things that only if you met me and we interacted would make sense to you. I am not perfect with that and sure, there will be traces and a chance that you can correlate data and make sense out of it. But at least I am trying to make it harder than serving everything in an easy way.

If you would ask me for some advice: Try to make your social profiles private. If you don’t (which I am doing on a few services consciously), understand what that means and think what you want to post there. And remember, even if your Facebook profile, Google profile, Microsoft, Twitter, Instagram, whatever is potentially private, all these companies analyze your data. And they also sell it if they can. Why wouldn’t they?

Btw, the thing that triggered the discussion yesterday was Alexa and the recent incident: As we do have the European privacy law in effect now every European citizen has a set of important rights:

  • they can request that data is being deleted (and there are fees if that does not happen)
  • people can request to get the data that is being stored about them

Latter happened with Amazon – somebody had requested his or her data from Amazon. The result was quite astonishing as Amazon not only sent the requested data but also the recordings of other people. Now again, do you want Amazon to record you (without knowing) and then make those recordings available to random people?

I assume Amazon will get this problem fixed but you can clearly see there is a difference between things that can be done (recording and unlimited storing of data) and that should be done (why is the data not deleted? Why is it being kept? How can the computer programs not isolate the data properly? )

When you give data away, you don’t have any control over it anymore. You have to trust other people to do the right things and take care of your personal data. As that is something that we all can not always avoid, we should still ask why it is needed.

I didn’t purchase a 0€ recording the other day as I had to register. That is fine, but I am not willing to provide more data than needed to the supplier. Why do they need my address, date of birth, aso? Sure, they can ask for all of that, but WHY is it needed? It is not transparent to me. And I would still think not necessarely. They are not shipping anything to me, so why an address?

Anyway, I hope I made you think a bit. It really isn’t that easy. We all produce data with others, computers advance in their ability to process the data. So I think it is important to think about what we do before we just simply move ahead and click ok.

I had an interesting debate with my former boss a few weeks ago: The claim was that in the US a change in eMail provide is happening, more and more people are moving from “free” (we defined what free really means earlier) services to services that cost you a few dollars. Sure, nobody gives you the total guarantee that the data isn’t analyzed, but the need to do it is much lower when you actually make money on other ways. I would also assume that people will ask this question more and more and hopefully at some point think what they post and share publically and what they should keep for themselves. Or only post in environments they control.

Because this is likely only the beginning – when I look at China and the face recognition software that is being used, the score people get by behaving right or wrong: That is all not the right way. As a society we need to agree on what we find acceptable and what we don’t want to happen. And we need to think about it. It is way to easy to say: But we need to store all the data and the technology to protect you from xyz. As well as that might be true, it opens any gate to misuse at the same time.

I want to close this with a quote I heard in a podcast today: You can’t get freedom with total security. If you want to be free you have to accept at the same time that you have to take some risk by not everything being fully controlled.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s