Facebook provides a suite of turnkey app-building tools for Android that are widely used among the most popular Google Play apps, with billions of combined installs; naturally, these tools create incredibly data-hungry defaults in the apps that incorporate them, so that even before you do anything with an app, it has already snaffled up a titanic amount of data, tied it into your Google Ad ID (which is recycled by Facebook to join up data from different sources) and sent it to Facebook.
Needless to say, the GDPR made these practices radioactively illegal, but despite two years’ warning that the GDPR was coming into effect last spring, Facebook dragged another six months out before updating its tools, and these updates still have propagated to all the apps in Google Play.
The data harvested from phones – including, for example, which Bible verses you read using a King James Bible app, and which searches you made on Kayak – is added to your “shadow profile”, and no one (outside of Facebook) knows for sure how that’s used.
You can practice a little self-defense, but it’s cumbersome: root your phone and you can block all network traffic to *.facebook.com; you can also reset your Ad ID and disaggregate the data coming off your phone. I’ve had a poke around but can’t find a tool that resets the Ad ID every 10 seconds – please leave a comment if you know of one.
Frederike Kaltheuner and Christopher Weatherhead from Privacy International gave an outstanding talk on the subject at the Chaos Communications Congress in Leipzig last month; an accompanying paper gives more detail, including methods.
Kaltheuner and Weatherhead were able to gain insight into the apps’ behavior by rooting an Android phone and installing a man-in-the-middle proxy that used forged certificates to intercept and decrypt data on its way to Facebook. Ominously, none of the apps they tested used certificate pinning (let alone certificate transparency) to detect/prevent this kind of man-in-the-middle activity.
It’s not clear whether the same conduct is present in apps in Apple’s App Store; Apple uses unique Ad IDs that are similar to Google/Android’s and could be exploited in the same way. However, Apple’s DRM is designed to make this kind of research much harder. I hope the Privacy International researchers take a crack at it: perhaps they could use simulated, cloud-based Ios devices used for developer testing.
If you are trying to find work in South Korea, you are likely to be interviewed by a bot that uses AI to scan your facial expressions to determine whether or not you are right for the job. To make sure you are displaying the kind of facial expressions, you can hire a consultant.
Nathaniel Stern writes, “The World After Us: Imaging techno-aesthetic futures (Flickr set) is an art exhibition that asks, ‘What will — and what can — happen to our gadgets over geological time?’ For the last few years, I have been working scientists to artificially age phones and computers in different ways, growing plants and fungi in watches, phones, laptops, and more, and turning phones into ink (via blenders and oils), iMacs into tools (melting down the aluminum, and shaping it into a wrench, hammer, and screwdriver), and otherwise spiking electronic waste onto 12 foot towers and/or ‘growing’ them (intermingled with botanicals) across 1000 square feet of wall space. Here I want people to think and act differently in and with their media devices, their electronic waste, and the damage it does to create both in the first place.”
goodreads is orphaning my books because trans name changes are too hard even though it’s absolutely within their power
Amazon: You wantta change your name? Cool, call us so we know you are real people. Okay, thanks done.
Goodreads: We reserve the right to deadname you for life because we PRESERVE HISTORY. Fuck you wanting your updated books listed on your account even though it’s just a typo fix at this point. Start over if you want that.
This isn’t a defense of Amazon. Amazon owns goodreads.
Shit like this is why some publishers even refuse to change an trans authors name on their books. Because it “takes to much time to correct.” Which forces authors to wait years for their publishing contacts to expire and then they are forced to re-publish it themselves if they don’t want to deadname themselves when promoting their work.
Goodreads librarians then proceeded to call me a liar and removed even more books from my author profile. So yeah if I link to my amazon or my author profile there it’s because goodreads decided to be transphobic trash removing the only one step removed from amazon reader site option I have.
This is such bullshit I literally asked for a typo correction not “special treatment”.
They proceeded to delete my comments about how their policy is inconsistent and transphobic when I pointed out I dotted my i’s and crossed my t’s that published books matched the updated name change and then closed the thread claiming “Librarians are allowed to be uncomfortable with name changes.”. Below the cut is a screencap of what I said:
is there any way other goodreads users could contact them to express that we’re unhappy with how your situation was handled?? while at this point not surprising, it is appalling, and as an avid goodreads user, i would hope there’s something i could do to help trans authors
There’s https://www.goodreads.com/about/contact_us for whatever it’s worth. I’ve been tweeting @goodreads because I thought they might be more annoyed at bad PR since this will be the third contact people resquest I’ve done.
If you do it would be worth noting:
1) I followed the name change guidelines. So you are allowed to do this.
2) It’s literally the name on all my books. It’s not me on a whim like I want a new name today, it’s literally how everything is published. What even is there to be uncomfortable with?
tinder and okc do this as well so advertisers know all ur fetishes now
At CES, the Verge’s Nilay Patel interviewed Vizio CTO Bill Baxter, who told her that when it comes to the surveillance features of his company’s “smart” TVs, “it’s not just about data collection. It’s about post-purchase monetization of the TV…[When it comes to ‘dumb’ TVs,] we’d collect a little bit more margin at retail to offset it.”
The remarks come in the context of the low margins in the TV market, which Baxter gives as 6%, and how companies like his are driven to seek out other revenue streams for their products.
But Baxter also implies that he doesn’t believe there’s a market for dumb TVs, even at a premium. This is certainly what I discovered last year when my family bought a house and went TV shopping: there were no panels large enough for my wife’s satisfaction (she’s a retired pro gamer and wanted a really big screen) unless we were willing to buy a set with several kinds of built-in networking and sensors that would put our home under surveillance.
In theory, you can turn all that stuff off, but then you have to trust that the manufacturer is both honest and competent, both of which seem like needless risks to take, especially in an era when companies face virtually no liability for product defects, routinely cover them up, and threaten whistleblowers who disclose their sneaky data-collection and poor software quality.