The Price for Free Play

toothpasteSome bad actors are playing fast and loose with our personal information. If you hadn’t heard, Cambridge Analytica, a UK-based political consulting firm, harvested 50 million people’s Facebook data without their knowledge in 2014. Cambridge Analytica purports to “measurably improve your brand’s marketing effectiveness by changing consumer behaviour.” This explanation might be helpful if you agreed to answer some questions, but what about all those other hijacked friends in your contact list that had their personal information harvested without their knowledge?

Big data is big business, and you can bet that Facebook is in business to make money. Part of that money-making machine comes in the form of gaming or psychological testing apps. Much like Apple’s App Store, Facebook generates about a 30 percent commission on each app that rolls across your Facebook feed. This revenue stream is one of the most significant sources of revenue it has.

Facebook does have a privacy policy, which they are in the process of changing, but no matter how many regulations are in place, there are always some shady characters around who are intent on getting your information without your knowledge. In fact, Facebook claims there was no breach at all. In other words, they knew data was going to Cambridge Analytica, but contends Cambridge Analytica violated the company’s terms of service — that makes me feel a whole lot better.

Facebook had been in hot water over privacy concerns before. According to a report in The Guardian, Facebook allowed the conduct of secret psychological tests on nearly 700,000 users in 2012. They hid “a small percentage” of emotional words from peoples’ news feeds, without their knowledge, to test what effect that had on the statuses or “likes” that they then posted or reacted to. At the time, COO, Sheryl Sandberg said, “We take privacy and security at Facebook really seriously because that is something that allows people to share” opinions and emotions.”

Okay, Ms Sandberg, given recent events, I think Facebook’s idea of taking privacy and security concerns seriously is vastly different than many others. If these social media companies and apps have the privilege of accessing our private information, they should make damn sure they or no one else can sell it to the highest bidder. The alternative is a breach of trust that goes beyond the pale and reaches further than just the social boundaries of one application.

Facebook, for example, uses many third-party companies like nametests.com or quizly.co, for example, to “enhance” their user experience. The irony is both these companies do not post their addresses or names of people who run their operations on their website, but yet they insist on getting access to our address books, contacts and other personal information. Most of these apps’ primary function is to drive advertising. Nametests say they use third-party analytics and re-marketing tools. A third party to the third party? I think it is getting crowded in here.

One of these third parties is an image processing app called FaceApp. The app analyses photographs and edits them according to the functions selected by the users like a prediction of how the person depicted will look older. The Nametests privacy policy states:

“The processing of the user’s personal data resulting from the photograph is carried out by FaceApp for the sole purpose of the selected function. The photograph is only temporarily stored temporarily for this purpose and is then deleted within five days. Data other than the photograph will not be transmitted to FaceApp. The data is transmitted via an interface to FaceApp so that FaceApp itself cannot collect any further user data (e. g. no IP address, cookies, etc.).”

I am not convinced. I must ask if “Data other than the photograph will not be transmitted to FaceApp,” why do they need any personal data at all?

What FaceApp really is, is a facial-recognition app, developed by team in St. Petersburg, Russia. They may not advertise that it is a facial-recognition app, but by using their app, you have given them the ability to match your name and other information to your face — that could be worth a lot of money to those in the business of identity theft. According to the Australian Privacy Foundation, apps like this “can remove the data from any effective legal protection regime, share it with almost anyone, and retain it indefinitely.” FaceApp asks for access to so many more options and rights than they need. Plus, FaceApp’s privacy policy states that if they sell their business, your data will be going with it. If it sounds scary, it should be. One thing is clear — it is not clear what happens to all the data you give it.

There are so many third-party apps from all over the world it is almost impossible to keep track. I’d make an educated guess that not everyone reads the Terms and Conditions, the Privacy Policies, or the fine print of all these apps. Even if we do read them, how do we truly know if our private information is safe with them? The answer: We don’t. Facebook cannot guarantee this; no one can.

Using any application online must be approached with a buyer beware mentality, especially when no money changes hands. When you partake in free social media platforms, quizzes, tests and other social media game apps, you put your personal information at risk. Anything online that seems free is often not. When doing anything online for free, there is often a trade-off of personal information for targeted advertising, or other nefarious options that I don’t even want to think of. If an app asks for access to things that have nothing to do with the functionality of it, or you cannot find contact information for an app company, I’d suggest running away as fast as you can. If companies like Facebook cannot ensure your data is secure, either governments need to step in with laws that carry stiff penalties, or we need to be more careful of what we put out there and with whom we interact.

This list is by no means exhaustive, but here are a few things you can do right now:

1. Use ad blockers. Most browsers have them in the browser preferences under privacy and security.

2. Use tracking protection. Tracking protection, also normally found under privacy and security, protects you from online trackers that collect your browsing data across multiple websites.

3. Do not give out personal information online or by email. Once you share your personal information, there is no assurance as to what may happen to it in the future. Unencrypted email is like sending a postcard — anyone can read it. If someone needs your personal information, it is best to use snail mail or the phone.

4. Do not fill out your social media profiles. The people that need to know your email addresses birthdays and phone numbers probably already know them, so there is no point in offering up this information to Twitter, Facebook and other social media apps just to be sold down the line at a later date.

5. Use your privacy settings in your social media applications. However, just because you’ve set your privacy settings to “Private” means nothing to those harvesting your personal information. Using this alone is not the end-all, be-all of protection, but any little bit helps.

6. Use strong passwords or logins to prevent your account from being hacked. A couple of good programs are LastPass and 1Password; they are both great at password management and both have free versions available.

7. Be wary of free online games and questionnaires. Nothing is free. You can easily assume you are trading your personal information for the use of the app. What happens afterwards is anyone’s guess.

8. If you need to fill out security questions, you must lie, lie, lie. It is much easier to find out your mother’s maiden name or the actual city you were born than when you use bogus or obscure answers that no one could ever guess, like for example:

What is the name of your favourite teacher?
Answer: Printer Ink
What is the model of your first car?
Answer: Garden Nome

Of course, to remember all these bogus answers you would be wise to, again, use a password management site like those mentioned in point 6. (I am not getting paid for any of this, by the way.)

9. The ultimate solution is not to use social media at all. This one may not be an option for many, but it can be for some.

We take the time to lock our doors and windows, but yet we freely give strangers from the other side of the world access to our personal information by way of our computers, as well as through the apps we use online. Perhaps what we need is our own terms and conditions protecting our privacy, our photos, our stories, our tweets, or whatever it is we post online. After all, these social media companies are nothing without people like us who keep them afloat.

The Cambridge Analytica / Facebook scandal has now included other entities and has become a “he said, she said, he said” litany of disparaging remarks, accusations and excuses. No matter who is at fault, our personal information is at stake. The bottom line is no one cares more about your privacy than you do; therefore, you should take an active role in protecting your privacy. You can’t easily put toothpaste back in the toothpaste tube, but that is no reason to stop protecting yourself as much as you can from future thefts and underhanded actions. That is why it is so important to be wary of what you share in your profiles, when answering psychological tests and when playing games online. My advice is less is more. The less personal information you share, the better off you will be.

Advertisements
Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s