Thing 4 – Digital Security
Not the first time I’ve quoted this song on this blog, but when a band writes a song based on Orwell’s 1984 and you’re talking about privacy and security in the 21st century it’s hard not to think of this song. Although, if we consider Neil Postman’s book Amusing Ourselves to Death we must consider the possibility, “that Huxley, not Orwell, was right.” So in that case, go listen the Brave New World (2000) by Iron Maiden.
So for the activities today we’re going through keeping your phone safe, in particular. What I find interesting is that the documents in step 1 focus on the physical phone itself as well as apps. I know in section 2 we go beyond that a bit, but it’s here that I wanted to point to a great episode of Note to Self where listeners sent in photos and an expert used Metadata from the photos to gather as much information about them as possible. Currently I’m in the process to scrubbing metadata from photos before I really get into using Lychee, and this episode I heard years ago is one of the reasons why:
The only thing I hadn’t done that was advised in the documents was writing down the IMEI number from my phone, but that’s done now. I have been in situations where we had to use “find my phone” for friends’ phones, and while the surveillance aspect of that service creeps me out it is one concession I consciously have to make.
Onto the next bit where we look at permissions for apps. I try to be quite conscious of what I’m giving apps access to. Often I’ll opt to provide temporary access to say WhatsApp to my photo library rather than direct access to the camera and microphone. I don’t know technically how much of a difference that actually makes, so if you know please respond in the comments. If I do need to give access to the camera and microphone (i.e. FaceTime) then I’ll do that temporarily and toggle that off. Speaking of toggling on an off, let me offer a gripe about Apple. Why the h*ll would they change the control centre on iOS from straight up turning wifi and bluetooth on and off to just “disconnect”. I found this chance infuriating, and I think it is something that tricks users into opening up security risks they are not really aware of. Literally Apple, you added a MINIMUM of three more clicks. This brings me to my next thought as I went through the materials, Dark Patterns. Dark Patterns are tricks that developers use to doop users into doing things they didn’t mean to. Check out the video.
One specific dark pattern that upset me the most was WhatsApp. Generally, I didn’t use WhatsApp a lot. I first got it when I got my first iPhone, before the Facebook takeover. During that time users had a choice to protect some of their data from being transfered to Facebook such as your contact list. As I moved to close down my Facebook account last year I tried migrating to use Signal as my preferred messaging app, but many of my friends and family weren’t into that idea so I thought, ok WhatsApp is supposed to be the next best thing as long as you don’t share your whole contact list with it. Which worked pretty well. Until after getting the constant notifications about “allowing access to the camera and microphone” and clicking deny, I opened a message from a friend containing a photo and another pop up appeared. Reflexively, I hit the button on the side I was expecting to deny access to my camera only to realize too late that I had just given Facebook access to my whole contact list. I turned it off right away, but they got me. They delivered exactly the user experience they needed to to trick me into giving up what they wanted. Not cool FB.
I might not have really cared before, but overtime I’ve learned that the ‘I have nothing to hide’ argument isn’t helpful. Thinking back to another FB privacy scandal (yeah, I know you’re probably tired of those by now), was when farmville was all the craze. I remember hearing at the time that even if you locked down your profile so only your friends could see your posts that if they played games like farmville then the app developer could also see my profile as if the developer was my friend. We now know a lot more about how invasive this truly was, but I recall at the time limiting my use of such games. We can take all the precautions for digital security we like, but our network can unknowingly expose us and vice versa.
Another note on this is that the advice in the articles repeatedly say to update your apps whenever possible. Just watch out for changes to the settings after you do so.
I forgot to mention another really cool online experience dealing with privacy on the web. In 2015, the NFB of Canada published Do Not Track, a “personalized documentary series about privacy and the web economy.” I haven’t gone through it since it’s publication, but I think it’s likely worth a revisit. If you’ve not seen it, you should check it out.