Anonymity is not enough in apps

You can set your privacy settings on apps so that personal data is not shared. But even anonymous data can threaten security.

Take the case of the fitness tracking app Strava. Their website tracks exercise routes of users and plots them on a map of the world. The routes show up as bright lines; the brighter they are, the more they are used. You can’t pick out individuals on the map because they are only sharing data anonymously. They are revealing in ways that were never intended.

In this Strava map of Kamloops, you can see familiar areas of the city that where people have been exercising. There’s the downtown grid, Rayleigh, and Sun Peaks on the upper right. Some areas are a bit mysterious, like in the lower left. I went to Google Maps to see if there is a community there but couldn’t find any. Someone, or group, exercises near Chuwhels Mountain above New Gold Afton Mine. Is there a camp that I don’t know of?

 Strava map

Australian student Nathan Ruser was doing some similar browsing, comparing exercise routes on Strava to Google Maps, when he came across exercise routes around U.S. military bases in Iran, Syria and Afghanistan. The Strava map revealed much more than the Google map did: it exposed troop movements. It probably never occurred to soldiers how much they were lighting up the base.

While the locations of the military bases are not exactly top secret, the movements of soldiers could compromise the operational security. The fitness app could highlight sensitive outposts and troops’ habitual routes during military drills and patrols. Ruser, who is also an analyst for the Institute for United Conflict Analysts, tweeted:

“If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous. This particular track looks like it logs a regular jogging route. I shouldn’t be able to establish any Pattern of life info from this far away (January 27, 2018)”

Air Force Colonel John Thomas, a spokesman for U.S. Central Command, told the Washington Post that the military was looking into the implications of the Strava map.

It probably didn’t occur to soldiers that they were compromising base security by simply turning on the fitness tracker. After all, none of their personal information was being shared.

This way of thinking ignores the greater good according to Arvind Narayanan, a computer scientist at Princeton University.

“This assumes that my behaviour affects my privacy,” Narayanan told CBC Radio’s Spark, “but really I think what Strava story has shown is that it’s more than that. That’s when privacy becomes a collective issue (February 2, 2018).”

The privacy settings can be confusing. Someone going out for a run doesn’t want to spend time trying to figure out which boxes to check.

Beyond the actions of individuals and their privacy settings, there is the vulnerability of big corporations.

“Strava has been in the news but there are dozens of companies sitting on sensitive data. There’s not a lot of public oversight around these super sensitive databases about billions of people,” adds Narayanan.

Unmasking Uber and Facebook

Let’s stop pretending that Uber is just along for the ride in the gig economy and that Facebook is just a technology company.

gig

At first glance, the gig economy seems great: a way for individuals with an entrepreneurial spirit to improve themselves. The reality is that it’s a race to the bottom. For many workers, it’s all they have. They string together a number of insecure, low paying, temporary jobs to try to keep the wolf from the door.

Mortgage companies are reluctant to lend to those without secure work. Gig workers have trouble saving for retirement; they have no sick or maternity leave; no health care plans. Workers are easily abused because of the one-to-one relationship with employers.

It’s easy to become complacent if you have a reliable income. Someone like me, for example. On my visit Los Angeles last year I used Uber. I marveled at the technology that allowed me watch the car’s progress from blocks away on my tablet. I was impressed by the courteous driver and his new, clean car and the low fare.

But those of us with reliable incomes should worry as full-time positions are eroded by the gig economy.

Uber professes to be just an app that connects drivers with passengers; a dubious claim says Carl Mortished:

“That was Uber’s wizard scheme: to make money from millions of taxi journeys without actually employing a single driver or even being part of the transaction. It was about making money from the gig economy without doing a single gig (Globe and Mail, November 4, 2016).”

Judges in England found Uber’s claim that it was not an employer to be unbelievable. Drivers have no control over choice of customers, fares, and routes traveled. They are subject to a rating system that amounts to a disciplinary procedure. Judges ruled that drivers were entitled to minimum wages and paid holidays.

Facebook harbors its own pretensions. At an event in Rome last year, an audience member asked founder Mark Zuckerberg if Facebook was an “editor in the media?” He replied that Facebook does not produce content but merely “exists to give the tools to give you the tools to curate and have the experience to connect to the world that you want.” Mortished disagrees:

“What Mr. Zuckerberg says is untrue. Facebook is editing and making content. Facebook is paying millions of dollars to celebrities and other media organizations to make videos for Facebook Live.”

Facebook edits its website: banning, deleting and restricting content that doesn’t fit their rules. They ran into a storm of protest when editors deleted the famous Vietnam War photo of naked girl fleeing an American napalm attack.

Facebook should grow up. It’s no longer the college photo-sharing web site it once was. Facebook would prefer not to be classified as a publisher because it would find itself in the messy business of being responsible for content that might be offensive, defamatory, or potentially criminal.

I’m not against Uber. Properly implemented, it could improve taxi service and provide fair working conditions for drivers. I like Facebook. It keeps me in touch with friends and family. But let’s avoid the charade, Mr. Zuckerberg, of the exact nature of the business that you’re in.