privacy

Bokeh - a Private Social Network Attempt

Screen Shot 2019-05-08 at 8.39.25 PM.png

We discuss user data and privacy a lot around here. Here is a Kickstarter project that will actually respect user privacy. Instead of collecting and mining your user data to sell you creepily specific targeted ads, Tim Smith is building Bokeh to be a private, secure, and user-funded social network. For instance, when you post your photos, you get to choose who sees them. Bokeh won’t show who follows you or who you follow. You don’t have to worry about friends of friends seeing your photos. If one of these “friends” has requested to follow you three times and you said no, Bokeh will prompt you to block them.

It’s intended to be a user funded project. No creepy ad-crawling. I sincerely hope this works.

Privacy Versus Cloud Services, Continued

For years now, folks interested in technology have considered the tradeoffs between cloud services and privacy. Tim Cook’s recent comments at the Berkshire Hathaway shareholder conference has me thinking about it again. Tim was clear on Apple’s position:

But we don’t want to use you as our product. And we just have a fundamental issue with doing that. And we’ve always thought that the building of a detailed profile about your life could result in tragic things.

The contrast Apple is trying to draw is with other Silicon Valley giants whose business model is grounded on user data (and advertising)—namely Facebook and Google. 

The question gets interesting when you realize there are tradeoffs. Privacy protects users, but access to mountains of user data helps make better, faster, more responsive cloud services, which also benefits users.

If Apple intends to protect user data, are they going to fall behind on the better/faster end of the equation? Probably. But how much?

Those who follow Apple closely have known about their position on user privacy for years. But lately, Apple is more vocal about their preference to protect user privacy. Nearly every time someone puts a microphone in front of Tim Cook, he raises this point. 

When these lines were first drawn years ago, there was a lot more digital ink being spilled on the wisdom of Apple’s position. You don’t hear as much about it lately.

So how is Apple doing? From my experience, Apple still is lagging, but not as much as I worried it might. 

One way to evaluate this is Photo search in Apple Photos versus Google Photos. Google pioneered the ability to search for contents of photos with words. They have a massive database of photos to work with, and their algorithms can easily find a “dog” in the “snow” from your library of 42,000 photos. Apple added this feature a few years ago, but the difference is that Apple built its models on purchased photo libraries, not looking at all of its users’ photos. Moreover, Apple does the machine learning for these searches not on their cloud servers but instead on your devices. You too can now find a “dog” in the “snow” with Apple Photos. I am pretty confident the search terms don’t update as quickly in Apple Photos as they do in Google Photos, but that is the cost of that privacy thing.

Photos is just one measure, and I am sure if I thought about it long enough, I could find other examples that are both better and worse in comparison. For me, at least, when comparing privacy versus cloud services, I would rather err on the side of privacy. So long as the Apple cloud services are viable, I’m okay if they aren’t the best if in exchange I’m getting a higher degree of privacy. 

At first, I tried to quantify it. How close does Apple have to be to Google for me to be happy? 50%? 75%? For me, it is more a question of whether the cloud service is: 1) something I’d use often and; 2) functional. In my case, functionality, even if slower and not quite as good, is good enough. I think Apple gets off easy with my calculus, but everybody gets to set their own threshold, and everyone isn’t as paranoid as I am when it comes to privacy.

One thing everyone can agree on is that this story isn’t over yet.

Three Things You Can Do Today to Increase Your Facebook Privacy

For years I was one of those curmudgeons that refused to use Facebook in any capacity. I’ve been turned around on that a little bit because of the success of the Mac Power Users and Free Agents Facebook groups at creating a safe, fun place to talk about shared interests. They are both special communities. Nevertheless, Facebook can be a dangerous place if you care anything about your privacy.

There’s a lot of questions about Facebook lately and I’ve been receiving a lot of email from listeners on the subject. I should preface this post by saying I am hardly a Facebook power user. I log in to participate in the above two groups, but that’s about it.

Nevertheless, even this limited exposure could get me in trouble because Facebook likes to collect data. Between the news of the last few weeks plus the recent discovery that they can also collect your call and text history, I decided it was time to spend a little bit of time tuning up my own Facebook settings and thought I should share with you. So here are a few things you can do today.

1. Delete All Facebook Applications from your Phone (and iPad).

IMG_0DF389A55F1F-1.jpeg

A lot of the trouble arising from Facebook starts with their mobile applications. The trouble is that your phone has a lot of information about you and Facebook is insatiably hungry for information about you. Moreover, over the years we’ve had plenty of evidence that Facebook hasn’t been a real team player on the iPhone and they’ve done all sorts of dirty tricks to make sure their app is always front and center. This is both creepy, and it kills your battery faster.

I understand for a lot of people this is asking a lot. Their phone is their primary window into Facebook, and if that is really what you want, I don’t begrudge you. However, if you can live without Facebook on your phone, I think you’re better off. I just use Facebook in the browser on my Mac (or the browser on my iPad), and it’s just fine.

2. Audit your Privacy Settings

One thing Facebook has improved over the years is exposing its privacy settings. Years ago it felt like playing a videogame to find your way to the proper screens. Now it’s all combined in your setting screen under the privacy tab. Go through it and make changes to suit your level of comfort. I would recommend erring on the side of caution. You can always go back and make the settings more open if you’re finding that the more conservative settings are getting in the way.

Screen Shot 2018-03-26 at 10.35.09 AM.png

3. Audit your Application Installations

A big part of the recent problems is that the Facebook API is so liberal that apps you authorize are taking a lot more information than you may think. I have not authorized any apps to access my Facebook data and given the limited way in which I use a service; I expect I never will.

You may have some apps that you want to use with Facebook and that is fine but make sure it is your conscious decision to opt in. Take a close look at the apps tab in your Facebook settings and make sure you feel comfortable with every app you’ve authorized to access your data.

Screen Shot 2018-03-26 at 10.56.45 AM.png

Note there is also a setting on this screen, Apps Others Use, to edit the amount of information other people’s applications can use when accessing your Facebook data. I recommend tapping the edit button and making appropriate changes. I leave very little data exposed this way.

Screen Shot 2018-03-26 at 10.45.12 AM.png

The Slippery Slope of Internet Privacy

The U.S. Senate has now voted to remove prior regulations prohibiting Internet Service Providers (ISPs)–the folks you pay for your home Internet pipe–from selling your browsing and Internet data to others for fun and profit. This is pretty terrible news if you care at all about your Internet privacy. For a long time now ISP's have been storing and saving your Internet history data. They know where you go and how long you spend there. This new regulation, assuming it also passes the house and gets signed into law (it will) lets them sell your data.

I hate this.

One of the big arguments in favor of this change by ISPs is that because Google and Facebook are making money from our data, they should get in on the action too. That argument, however, fails. Google and Facebook are services that consumers can use or avoid. Consumers can, in effect, opt out of the madness. That isn't true with your home Internet connection. Every website you visit and every web service you use are now information available on the open market.

You may be thinking how you don't do anything particularly nefarious so it doesn't matter. I think that is short-sighted. Somebody with a few bucks should not be able to find that I spend time at certain banking websites or researching certain medical issues or even websites about one political belief over another. Future employers, or insurers, or anybody else with a check book should not be able to snoop through my browsing records.

This seems to me the kind of thing that you'd want to protect no matter where you stand on the political spectrum. Even though the vote on this is down party lines, I have multiple conservative friends that are up in arms over it.

So what can you do?

1. Complain

I'd encourage you to complain to your congressperson. The House of Representatives hasn't voted yet and 5calls.org is a great place to start.

2. Get a VPN

Virtual Private Network services allow you to get on the Internet without the ISP seeing where you are actually going. The VPN company will know but, assuming you use a reputable one, they won't sell your data. I've been using VPNs for years. They're particularly helpful if you spend a lot of time on the road using WiFi that you don't control. Recently I purchased a one-year subscription from Cloak and right now I'm feeling pretty good about that. I could turn that on at home any time (or selectively) to hold on to my privacy.

3. Go Elsewhere for your Internet Pipe

For a lot of communities, the options are very limited but if you have other options for your Internet service, investigate them. Maybe some of them will make your privacy their selling point.

Before you email me to say I'm being alarmist or to remind me that most of our Internet privacy was already fictional, I understand what you are saying. Nevertheless, I can't help but feel in the slippery slope of Internet privacy, we're about to take a pretty long slide.

Jonathan Zdziarski at Apple

Jonathan Zdziarski is a well respected security and privacy expert. Now he works for Apple. Jonathan's explanation of why he took the gig pushes all my buttons.

This decision marks the conclusion of what I feel has been a matter of conscience for me over time. Privacy is sacred; our digital lives can reveal so much about us – our interests, our deepest thoughts, and even who we love. I am thrilled to be working with such an exceptional group of people who share a passion to protect that.
— Jonathan Zdziarski

I think Apple is serious when they talk about protecting user privacy and hiring people like Jonathan. I don't know if this priority gives Apple much market advantage in the world today where most consumers are pretty cavalier about their privacy but it sure makes me happy to be using Apple products.

Yahoo.Gov

It is becoming increasingly clear that last year, the government ordered Yahoo to search its entire user email database and Yahoo’s response was, “no problem”. According to the New York Times, Yahoo was forbidden from disclosing the order and the collection is no longer taking place, but if they’re forbidden from disclosing, how would we really know that? Moreover, if that particular collection has stopped, who is to say that there aren’t other searches ongoing that still have not been disclosed. Is the government co-opting other technology companies to do their snooping for them? Yahoo has responded that Reuter’s original reporting of this was “misleading”, But again how would we really know? All of this is done under the veil of secrecy.

Every time the issue of privacy comes up, I feel like a bit of a dinosaur. I think privacy is a fundamental right and one upon which the United States was founded. It is baffling to me that these big companies, with presumably teams of lawyers, can just roll over so easily when the government asked them to search their entire email database.

If you could pretend for a moment that the Internet and email didn’t exist and discovered that the US Postal Service was opening and scanning every piece of mail that went through on the lookout for some particular piece of correspondence involving a terrorist or a foreign government, you would probably be outraged. I would be. The difference between that hypothetical world and the one we live in is that the Internet and email does exist and it is technically possible to pull something off like a search of all of Yahoo’s email for all of its users. Put simply, they are doing this because they can. Moreover, the government has shown very little restraint in asking for that type of information. This request may have been for an entirely legitimate reason. However, once you open up that door, it is going to be very difficult to close it.

At a minimum, I believe there should have been public disclosure and the courts should have had an opportunity to weigh in before the government was given such sweeping power. I can’t help but feel that Yahoo let the government off way too easy here and if I were a Yahoo email subscriber (I am not) I would be looking for new options … today.

Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.
— Benjamin Franklin

The NSA Reads BlackBerry BES Encryption Too

So now we hear that they've also hacked the BlackBerry BES encryption. I've noticed, in myself at least, that the more of these revelations that become public, the less I am surprised each time. I can't help but wonder that we have already lost the fight for any hope of actual online privacy.