There’s an interesting lawsuit against Facebook snaking it’s way through the legal system. Here’s the gist of the complaint:
The lawsuit alleges that Facebook’s photo-tagging system violated user privacy by creating faceprints — geometric representations of a person’s face — without explicit consent. Those faceprints are typically used to identify users to suggest tags for uploaded photos. According to the complaint, that’s a violation of Illinois’s Biometric Information Privacy Act, which forbids the collection of biometric identifiers like fingerprints or faceprints without a person’s explicit consent. As Alvaro Bedoya of the Center on Privacy and Technology at Georgetown Law described it, “If you run a bar, the law doesn’t prevent you from picking up my used pint glass, but it prevents you from pulling my DNA off it.”
What is this about? Do you know how you upload an image to Facebook and it sometimes will ask, “Is this Adam McLane?” That’s happening because Facebook scans all of the images of you that you’ve tagged as yourself to determine unique biometric characteristics of your face to detect images of you all over Facebook. That biometric scanning, originally developed for military and law enforcement purposes, is now being used for commercial purposes by Facebook.
Social media principle #5 says, “You aren’t the customer of social media companies, you are the product they are selling.” If you read Facebook’s terms of service carefully you’ll see that Facebook reserves the right to use this information to target advertising to you. So you might not say that you are a fan of Nike shoes. But that photo of you wearing Nike shoes? Yup, Facebook can sell Nike (or it’s competitors) information about Facebook users who wear Nike shoes. (They sell information about you which you freely give them!)
That’s a rather benign example. But what about things which might not be so benign?
We care about privacy but we don’t
I find that people care deeply about their personal privacy. They will vehemently defend their legally protected rights to privacy, are offended by breaches of privacy, and can articulate “the line” clearly.
That’s in theory, of course. In practice people don’t really care that much about their personal privacy much. Here’s a small sample of what they might post online:
- Physical location
- Location of their home
- First, last names
- Names of children, pets
- Names of employers
- Names of friends, co-workers, family members
- Contact information, email, phone numbers
- Photos and videos, themselves, their spouse, the children, their friends and relatives (including biometric information like their voice)
- Writing samples
- Religious information
- Employment history
- Educational background
- Personal ideologies, aspirations
- Purchase history
- Travel patterns
- Medical information
These are the things that we post openly on the most popular social networks. (Facebook, Twitter, Instagram, Snapchat, LinkedIn, Periscope, etc) So many people will say they care deeply about privacy but they really don’t.
Their behavior is mismatched with their actions.
What apps are tracking me?
To further this claim that most people don’t actually care about their privacy, they just say they do, let’s take a look at who you are sharing even more personal information with your smartphone.
A June 2015 report from Nielsen showed that the average number of apps American users access per month is steadily increasing, about 26 apps per month. (Source)
The study also says, “Over 70% of the total usage is coming from the top 200 apps.”
Here’s the question I find very few people seem to be asking: Who owns the top 200 apps, what types of data are they collecting about me, and what are they doing with that data?
Here’s the Top 20 free iPhone App as of right now. Can you answer the above 3 questions for each of them? (Source)
- Hungry Shark World
- Running Man Challenge
- Trumps Wall: Build it Huuuge
- Hovercraft: Takedown
- Houseparty: Group Video Chat
- Color Switch
- Google Maps
- Best Friends
- iTunes U
- Layout from Instagram
Each of these apps, as well as the rest that you have on your phone right now, each collect information about you. Do you know who owns that data? Do you know what’s being collected? Do you know what they are doing with your private information?
The example of location
Right now, my iPhone has 65 apps that ask to track my location, 16 of which are listed as tracking my location “Always.” Why do you think they want this information? Some of it is to make the app work properly, for sure. But some of it is to collect, aggregate, and use that information for their own purposes.
While not always visible when you post something online… if you’re using an app that accesses your GPS location
How accurate is that information? The iPhone is accurate to about 8 meters. There’s a noticeable difference in the geolocation data in pictures that I take at my house between the front yard, my bedroom, the kitchen, and my office.
The device itself
Of course, let’s not forget that while apps are tracking and reporting back all sorts of information about you all the time, your device itself is tracking even more.
Location… always means always. Here’s a fun fact that I don’t think most smartphone users realize. Your phone’s GPS only turns off if the phone is off. For instance, I kept my phone on Airplane Mode for my recent trip to Haiti so I wouldn’t use any international data. But pictures I took with my iPhone while it was on Airplane Mode… they are still geotagged. See, your phone is tracking you all the time. Don’t believe me? Open up the Health App for iPhone. It’s tracking your steps, your altitude, and your level of activity all the time. If you use Apple Pay you better believe they are keeping track of your spending habits, too.
So what do I do?
I suppose the smartphone has become the ultimate accountability partner. And, in some ways, that’s a good thing. The phone you keep in your pocket tracks your every move, what you’re thinking, what you are spending your money on, what you listen to, when you sleep, where you drive, and who you talk to.
My point is that you can’t do all of these things and then claim you care about privacy. You say you do. But you don’t.