Tattletale Apps & Your Personal Data – Spotlight #310

Good Monday morning. It’s September 23rd. The United Nations Climate Action Summit begins today. Learn more about the session at the official website.

Today’s Spotlight takes about 6 minutes to read. Want to chat about something you see here? There’s a contact form here.

2. News To Know Now

1. Facebook canceled “tens of thousands of apps” while conducting investigations into how they handle user privacy. Four hundred developers are associated with the apps, but Facebook has not identified them.

2.  Facebook political advertisers must create new disclosure statements by mid-October.  Snapchat announced that it will use similar processes and update its political ad library. Political advertisers in Canada and the U.S. have spent more than one million dollars so far in 2019 on Snapchat.  Open Secrets data has the details.

3. Big Tech finance headlines:

  • Palantir will seek a $26 billion valuation, according to CNBC
  • Salesforce.com has invested another $300 million in WordPress.com developer Automattic-with-the-three-ts. The announcement.
  • Payment processing company Stripe added a $1.2 billion round and is now valued at $35 billion. Details at Crunchbase.

3.  Government Data Mining, Part 2: Tattletale Apps and Your Personal Data

Our government data mining analysis covers four areas over four weeks.

1. Facial recognition’s growth – last week
2. Ancillary personal data from DNA testing and app use – below
3. National and local algorithms to make sense of all the data – next week
4. Extensions into areas like personal health records and trackers.

Scary stories about phone apps, browser extensions, and smart devices abound in our society. We’re no longer surprised when we learn that a tech company is selling ovulation data from apps women use to track their periods or that Foursquare doesn’t care if you use their app to check in to a location since they have “passive” data collection.

Personal data from all of your transactions constantly flows into buckets at data brokerages around the world. WaPo columnist Geoffrey Fowler wrote a blockbuster expose this summer about browser extensions that seem innocuous but “leak information” directly to data brokers. In Fowler’s expose, one of the browser extensions was used to magnify images on a screen, but requested the ability “to read and change your browsing history.” The extension had 800,000 users and was packaging each user’s search history.

At a large family gathering this weekend, I was asked to troubleshoot someone’s PC because it seemed like Google was unresponsive. After only fifteen minutes of tinkering I found that there was a Firefox extension that promised private browsing. Instead, it read search data and routed the request to another network. Luckily, they didn’t return to Google but to Yahoo! search, which was my first clue that something terrible was happening.

Don’t forget that the absence of data is also data. Netflix raised eyebrows last month when The Verge found that Netflix was monitoring a phone’s physical activity sensor. Netflix later said it was a test to see if they could improve video quality while people were watching on the move. But the question remains why a video app gets to track your movements and activity. Fitness trackers, phones, and smart watches all have the ability to understand where you are and what you are doing or not doing.

Even medical data isn’t protected despite health privacy laws. ProPublica found 5 million health records on hundreds of computer servers worldwide. Anyone with a web browser or a few lines of computer code can view patient records, they found, including names in some cases. They didn’t do any hacking or nefarious activities because the records—either for consultation or stored for archives—were publicly accessible on the Internet.

Google, Amazon, and Microsoft are part of a new trade group called the CARIN Alliance that is creating a medical records universal standard for patient records. You’re probably already thinking to yourself, “What could go wrong with those three setting up programs accessing my most personal data?” Good news. The federal government, many state governments, and major health insurance companies are also participating.

The point is that your transactions every day create a growing pool of data about you.  Here in northern Virginia, our state is one of several using “remote sensing” that checks a vehicle’s emissions when it passes through a toll booth. The program is a great way to monitor air quality but also allows local jurisdictions to understand which vehicles don’t meet emissions standards and the locations that they travel through. 

Foursquare would call that a passive check-in.

Next week: the algorithms coordinating all of the data about you.

Read Part One of the series, Facial Recognition’s Growth

4.  Checking in On Amazon

Living off the grid has become harder and now Amazon is finding a way to track cash payments. 

The company announced last week that it would begin accepting cash payments via Western Union and a program called “PayCode”. When a user checks out from Amazon and selects PayCode, they receive a code that they bring to Western Union. Once there, they can settle the account and the product will be shipped. The service starts in October.

Deliveries in 2021 and later will likely be made in some fancy new vehicles after Amazon announced that it would become a signatory to the corporate climate pledge that echoes the Paris climate agreement. Amazon announced that it had placed an order to purchase 100,000 electric-powered trucks over 10 years from a startup named Rivian. Amazon’s $10 billion order follows their $700 million investment last February and Ford’s $500 million in April. 

Amazon also got a big assist from The Wall Street Journal (paywall) this weekend after they surfaced a report that a “grass roots” campaign called “Free and Fair Markets” that attacks Amazon is secretly funded by Walmart, Oracle, and commercial real estate behemoth Simon Property.  Campaigns that purport to be independent “grass roots” campaigns but are secretly funded by an interested party are called “astroturf campaigns” because they’re meant to look like grass (roots).

5. Debugged: Can You Identify Where These Pictures Were Taken?

First Draft News has a four image “Observation Challenge” that allows visitors  to assess where images came from and whether you could correctly identify their locations if you were working in a newsroom. There are lots of on-screen hints and you get four chances at each of four images.

Yes, you can use the Internet. It’s not a knowledge test.

6. Also in the Spotlight

Google sister company Wing upped the stakes in the delivery wars by announcing a drone delivery test in rural southwestern Virginia. FedEx and Walgreens are also involved. (via Transport Topics)

Trivia app Givling claims to pay off student debt, but may not be all that it claims to be, say the folks at Truth in Advertising.

LinkedIn will begin offering online testing for users who want to demonstrate their skills knowledge. Read more at TechCrunch.

7. Great Data: Mapping Political Supporters on Twitter

One of the best network maps we’ve seen recently is Erin Gallagher’s take on “Trump Train” supporters on Twitter. This isn’t political, but a good lesson in how to map followers and understand your influencers. Besides, as Erin points out, there is nothing like this in social media on the left side of the political spectrum.

Read the analysis here.

8. Protip: Backing Up Your iPhone

There are new operating systems for iOS users. You should back up your iPhone BEFORE upgrading.

Here is a step-by-step guide showing how.

9. Bizarre Bazaar (strange stuff for sale online)

Rockabye Baby is a music company that creates woodblock and mellotron-based lullabies from popular music, including classic rock, hip hop, and punk. Their new release is Lullaby Renditions of Selena. AV Club interviewed the team.

100 releases and 600 million streams to date.

10. Coffee Break:  Dark Web Images

A team of researchers has indexed 37,500 images from the Dark Web to test automating security images. You can go to their site, but you have to download all of the images in a tarball archive. If you don’t know what the file extension .tar.gz means, then you don’t need to visit. Luckily for you, I downloaded them all and am including three below.

Here’s the site if you’re that kind of interested.

Images showing credit cards, a gun, and drugs for sale so you don’t have to visit to see.

picture of gun for sale on dark web

picture of drugs for sale on dark web

picture of credit cards for sale on dark web

Leave a Reply

Your email address will not be published. Required fields are marked *
You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>