Riverbank Ruminations

Observations from the Banks of the Technology River (Tom Evans)

You are being followed, do you care?

“Maxim 33: If you’re leaving tracks, you’re being followed.”
-The Seventy Maxims of Maximally Effective Mercenaries
― Howard Tayler

Did you ever feel like you are being followed? You are going about your business  and you get that feeling. You look around you. Nothing seems unusual or out of place, but you just have that feeling. You continue taking care of the day’s tasks and then check again. Still you can’t see anything that seems suspicious. The bad thing about this is you ARE being followed.

If you connect to the internet, you most likely use some sort of browser. More websites post those little banners now that say “We use cookies. Click here to read our policy”. Do you know what that means? It means that the website will track you. They will create a small file that contains some amount of information about you and leave it on your computer. This will allow them to do something either to help you or them, most likely them. Your browser history is a list of where you have been. You are leaving tracks.

What Information is Your Browser Tracking?

Most of us are familiar with the idea that there is a browser history being collected. It might even be something we use to go back to something we want to review again. Unfortunately, there are lots of times when we are being tracked without our knowledge. You may want to take your favorite browser to this website and see whether it is protecting you at all. It is run by the Electronic Frontier Foundation (EFF) and will do a quick check on what your browser does, or does not do.

This article cited a study of Android software. The study found that a great deal of information is collected about users, much without their permission. “But what about the permission requests when you install something? Doesn’t that help protect me?” It could if not for several issues. 1) Does the end-user understand the permissions and their impact? 2) If you don’t grant permissions, the app probably won’t work. 3) Does the end-user even read the requests or do they just click OK?

Even worse is one finding from the study:

the researchers say they identified more than 4,845 owner or “personalized” permissions by different actors in the manufacture and distribution of devices.

So that means they found systematic user permissions workarounds being enabled by scores of commercial deals cut in a non-transparency data-driven background Android software ecosystem.

Apps Collect More Data Than You Realize

So even if you are sure you are not explicitly giving permissions that might be excessive, the app may have a way of getting those permissions without your involvement. This means that apps have access to data on your phone that may be much greater than you realize. Who gets that data? What do they do with it? The study adds:

“Potential partnerships and deals — made behind closed doors between stakeholders — may have made user data a commodity before users purchase their devices or decide to install software of their own,” 

While Ring is attempting to beef up security by starting to require two factor authentication (2FA) for accounts, the tracking aspect of the software is still of some concern. This article when discussing the tracking data collected by the Ring app mentions this:

On Monday, the digital rights group said Ring for Android version 3.21.1 is “packed” with third-party trackers that collect customers’ personally identifiable information (PII) including names, private IP addresses, mobile network carriers, persistent identifiers (PIDs) — long-lasting references to digital objects — as well as sensor data. 

“The danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user’s device,” the EFF says. “This cohesive whole represents a fingerprint that follows the user as they interact with other apps and use their device, in essence providing trackers the ability to spy on what a user is doing in their digital lives and when they are doing it.”

We ARE The Product

So one aspect of tracking/data collection is that, as the saying goes, ‘you are the product’.  We are a product that is somewhat unusual. Most products are meant for consumption. We are a product to which other products are sold. Companies want to know as much about us as is possible. Hence loyalty rewards programs where we get discounts in exchange for letting the store track all our activity. When we are making a conscious exchange of data for something we think has value, that is one thing. When we are giving up data unknowingly and for someone else’s gain, that is a problem.

In an era when we are installing all kinds of apps on our devices and then conducting all of the business of life on those devices, we need to be very careful about what we install. App builders are all about making money, which is ok because everyone needs to make a living. However, it is far too easy to make money from end-users without letting them know they are giving up personal information to enrich someone else. We all leave digital tracks. We are all being tracked.