Tag Archives: data security

December 4, 2017 · 12:41 pm

Losing The Lottery

We’re all bugged. If you carry a smartphone, you may rest assured that it’s possible to identify that device as it moves through the world and interacts with various services. How difficult do you think it is, once someone has a device ID, to associate it with a phone number‘s owner?

I think none of that is a surprise to you, nor is it to me. I try to keep the list of organizations tracking me to a minimum and to a list of companies I trust. Unfortunately, that takes more effort that most people are willing to exert but it can affect you in more ways that you might know.

I uninstalled a lottery app this morning. It was doing a number of things that caused me concern. First, it alone was responsible for 65% of the data traffic from my phone when the phone was idle. The app was idle too, or so I thought. In fact, it was busy sending my phone number, my device ID, and several other very personal pieces of data (Facebook and Twitter ID’s among them) to…someplace. Who knows what happened to the data from there.

I installed this app a few months ago when the Powerball prize pool was ridiculously large. It seemed like a convenient way to input my tickets and get notified if I won anything. What I won, apparently, was the ability to be tracked as an individual and have my battery drained unnecessarily. Buh bye.

What’s the point today? I guess it’s a message for you as you’re on either side of the desk. As a marketer, we can’t violate our customers’ trust by using the permissions they give us to collect usage data and selling or sharing that data to companies with which the customer has no relationship. More than 70 percent of smartphone apps are reporting personal data to third-party tracking companies like Google Analytics, the Facebook Graph API or Crashlytics. Generally, those companies are there to improve the user experience. The problem is that in many cases, app developers that that permission as carte blanche to send the data anywhere. I’ve seen how that data can be used for profiling and targeting and believe me, it’s frightening.

As consumers, we need to pay more attention to privacy and where our data goes. It’s not just to keep your battery from running down. Given the role that our smart devices play in our daily lives, it’s quite possible that a bad actor could know way more about you than you’d care to share. I don’t just mean by monitoring your texts or any unencrypted data you send. It’s also tracking your movements. As a positive, location-based services can help us (you get an alert for a sale at a store you frequent as you pass within a quarter mile) but the possibility of an unscrupulous third party misusing that data is exceptionally high. Check your app permissions. Why would a game need to know your location or have access to your camera, for example? Turn off the permissions that don’t make sense.

I’ll be looking up the results of the money I risked on Powerball some other way since trying to make my life a little easier made it a lot more risky in other ways. It was a good reminder to let my devices work for me and not for people who want to spy on me. You with me?

Leave a comment

Filed under digital media, Huh?, Reality checks

Tagged as , , , , , , , ,

November 5, 2015 · 9:47 am

It’s Not Just Data

There is an interesting case that was argued before the Supreme Court the other day and it just might have an impact on your business.  There was also a lawsuit filed in an unrelated matter that could have the same effect.  A third item is a study that’s kind of scary. Let’s have a quick look at them and think about what they might mean to anyone who gathers information about their customers. 

First, the case before The Supremes.  It involves Spokeo, one of the large data aggregators.  Spokeo’s information about a consumer was almost 100% wrong.  As Justice Kagan said, “They basically got everything wrong about him. They got his marital status wrong. They got his income wrong. They got his education wrong. They basically portrayed a different person.”  The plaintiff was seeking a job when he filed suit, and worried that the errors in the report would affect his job search.  The other suit involves Ashley Madison.  They were sued for allegedly misleading users by inflating the number of women who belonged to the service.  As we have found out from the data hack, only a small percentage of the profiles belonged to actual women who used the site.  The company hired employees whose jobs were to create thousands of fake female profiles.

I suspect that a third form of data abuse will be in the courts shortly, as a recent study found that the average Android app sends potentially sensitive data to 3.1 third-party domains, and the average iOS app connects to 2.6 third-party domains.  None of the apps notify users that their information is being shared with third parties.  Data that’s wrong, data that’s fake, and data that’s shared without permission.  I suppose if we could get the fake guys to populate the wrong guys, sharing it without permission wouldn’t be a big deal.  Since it’s your personal information, it is.

If you gather data (and who doesn’t), you have a responsibility to keep it secure and not to use it for purposes beyond what the owner of the data (that would be you and me) reasonably expects you’ll be doing with it.  If you’re disseminating data, especially data that could impact someone’s life and not just your own business, you need to be sure it’s accurate.  And if you’re making stuff up, please just go away.

They’re not just data points, folks.  They’re people.  Maybe they’re lawsuits in waiting, or maybe they’re your spouse, kids, or parents.  Let’s be careful out there, ok?

Leave a comment

Filed under Helpful Hints, Huh?

Tagged as , , , ,

February 26, 2015 · 1:17 pm

It’s Not Just Big Brother

Another day, another horrible bit of news on the privacy front.  I’ll take it as a sign that another post on data collection and privacy is called for.  I think that by now we all know that everything we do in a digital world is collected and that nothing collected in a digital world is private.  Oh sure, maybe your Aunt Sally can’t see your phone records, but someone can, and it’s probably not someone who needs to know that you called a suicide prevention hotline 4 times last month.  As one writer put it:

Collection means access, period. Someone who wants information can always find a way to get it, and yet we’re only expanding methods of information collection: trackers, cameras, beacons, glass, drones. This puts all of us in a very public place, constantly.

Amen, and it’s a thought each of us needs to keep more forward in our minds.  The Pew Internet folks have been doing an ongoing survey with respect to privacy and the latest report (which you can read here) contains the following quote:

An executive at an Internet top-level domain name operator who preferred to remain anonymous replied, “Big data equals big business. Those special interests will continue to block any effective public policy work to ensure security, liberty, and privacy online.”

I’m not really aware of any recent business model that isn’t centered around data collection and monetization at least in part.  Retail, health care, entertainment and media, finance, and insurance are sliding their models to revolve more around robust data collection and usage.  We as consumers can say “fine, I will gladly give up data in return for convenience, better pricing, or an improved product”, but that’s a choice WE make, not the provider.  It implies informed consent.

The latest fiasco to which I referred earlier comes from Lenovo, which, as Ars Technica reported:

…found itself in hot water last week when researchers discovered that pre-installed adware from a company called Superfish was making users vulnerable to man-in-the-middle attacks. The adware installed self-signed root HTTPS certificates that made it easy for Superfish (as well as low-skilled hackers) to intercept users’ encrypted Web traffic.

In other words, by buying a Lenovo computer you made data which you thought was secure and private very much not so.  That’s the sort of corporate bad behavior which is intolerable.  But in order to respond, we have to be aware, and I suspect that this is only one example of this behavior.

OK.  Rant over.  The take away is this – if you’re a business, act responsibly and transparently.  If you’re a netizen, pay attention.  It’s not just Big Brother who is watching.

Thoughts?

Leave a comment

Filed under digital media, Helpful Hints, Huh?

Tagged as , , ,