GDPR privacy notifications — primrose path of default settings

 Computer, General, News  Comments Off on GDPR privacy notifications — primrose path of default settings
Jun 012018
 

I’ve been getting a lot of privacy policy update notifications in my email since last month. As part of terms and conditions for use of a product or service. All in response to the GDPR — General Data Protection Regulation, a European Union Regulation which was implemented on May 25, 2018. Many companies sell products and services globally; hence, the notices for those of us in the United States.

Wiki: According to the European Commission, “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”

The lead-up to the effective date of the GDPR led to many companies and websites changing their privacy policies and features worldwide in order to comply with its requirements, and providing email and on-site notification of the changes, … This has been criticized for eventually leading to a form of fatigue among end-users over the excessive numbers of messages.

I’ve read some of these notices in full. And supplied my consent when requested. Tedious. Once you read a few, others are similar. Generally, the GDPR has facilitated clarification of all the ways our personal data is collected and used and especially shared. So, at face value, such transparency is a good thing.

This Washington Post article (May 25, 2018) “Why you’re getting flooded with privacy notifications in your email” summarizes what’s happening.

European Union regulators have always been much tougher on tech companies than their U.S. counterparts, for instance forcing them to give users more control, imposing fines for noncompliance and requiring platforms to spot and delete illegal content.

But as this Washington Post article (June 1, 2018) “Hands off my data! 15 default privacy settings you should change right now” points out, compliance for the updated privacy policies has an insidious “buyer beware” side. In some cases, the GDPR changed nothing as far as your personal data. “The devil’s in the defaults.”

Say no to defaults. A clickable guide to fixing the complicated privacy settings from Facebook, Google, Amazon, Microsoft and Apple.

You’re not reading all those updated data policies flooding your inbox. You probably haven’t even looked for your privacy settings. And that’s exactly what Facebook, Google and other tech giants are counting on.

They tout we’re “in control” of our personal data, but know most of us won’t change the settings that let them grab it like cash in a game show wind machine. Call it the Rule of Defaults: 95 percent of people are too busy, or too confused, to change a darn thing.

Give me 15 minutes, and I can help you join the 5 percent who are actually in control. I dug through the privacy settings for the five biggest consumer tech companies and picked a few of the most egregious defaults you should consider changing. These links will take you directly to what to tap, click and toggle for Facebook, Google, Amazon, Microsoft and Apple.

Google has been saving a map of everywhere you go, if you turned on its Assistant when you set up an Android phone. Amazon makes your wish list public — and keeps recordings of all your conversations with Alexa. Facebook exposes to the public your friends list and all the pages you follow, and it lets marketers use your name in their Facebook ads. By default, Microsoft’s Cortana in Windows 10 gobbles up … pretty much your entire digital life.

I’ve increasingly noticed the tradeoff between convenience and personal privacy. For example, Google’s services can make finding things, navigating, and scheduling appointments rather seamless. A digital assistant, providing personalization (like having an amazing personal butler). But my digital footprint — comprehensive record of my contacts and times and places — is shopped and shared between apps and services in a somewhat spooky way.

Changing the defaults … mean you’ll get less personalization from some services, and might see some repeated ads. But these changes can curtail some of the creepy advertising fueled by your data, and, in some cases, stop these giant companies from collecting so much data about you in the first place. And that’s a good place to start.

Windows 10 data collection — privacy matters

 Computer  Comments Off on Windows 10 data collection — privacy matters
Apr 062017
 

Checking and tuning your Windows 10 settings is highly recommended. I typically do this when helping clients upgrade to Windows 10 or set up a new PC. Windows 10 moved many settings from control panels to the Settings app. There’re lots of privacy settings, as I’ve mentioned previously.

I follow news about how companies collect data from PCs and other devices. This includes Internet Service Providers as well. And the growing list of intelligent personal (digital) assistants (Cortana, Siri, Alexa, Google Home) — so-called intelligent assistance has a price, eh.1  Typical Privacy Policies offer few options for controlling what data is collected and how that is shared. Few opportunities to opt-out. You need to agree or you can’t use the product or service. But sometimes you can limit how data is shared; so, reviewing those options usually is recommended.2

As a result, PC World’s recent article “Microsoft finally reveals what data Windows 10 collects from your PC” is noteworthy.

There are all kinds of new features in the Windows 10 Creators Update rolling out on April 11, but one change really sticks out. Greater transparency about the data that Microsoft collects from your PC.

All too often manufacturers and service providers intone that collecting diagnostic (or quality-of-service) data helps improve their products and services. Some of this appears reasonable. Some remains mysterious. And occasionally there are stories about excessive or inappropriate data collection (e.g., regarding some children’s Internet-connected toys). Or how such data may be stored essentially forever. And security of that data.

Microsoft published two Technet pages describing the data Microsoft collects from users on the Creators Update. There are two levels of diagnostic data: basic3 and full4. The information is quite detailed and we won’t get into it here, but if you’re interested, you can find all the nitty-gritty details in those links. Note that while the Basic listing reveals all, the Full listing is a summary of the kinds of data that setting collects.

Even the basic level can gather quite a bit of info from your PC, though in a blog post, Windows chief Terry Myerson pledges that “we only collect data at the Basic level that is necessary to keep your Windows 10 device secure and up to date.” Microsoft still offers no native way to turn off Windows 10’s diagnostic collection completely.

At least in the latest Windows 10 Update Microsoft consolidated privacy settings better.

Instead of a string of screens when you first install the new version of Windows 10, Microsoft is putting all the key privacy settings on one screen. The dashboard you’ll see depends on whether you’re already running Windows 10 on your machine or setting up a new PC for the first time.

 

Notes

  1. I am more concerned about data collection by major corporations and the many app/service providers than by the government.
  2. As well as being aware of how you voluntarily provide data when using any Internet-connected device, or even your landline or cell phone. The recent repeal of the FCC’s Internet privacy rule is concerning: “The Obama-backed rules — which would have taken effect later this year — would have banned Internet providers from collecting, storing, sharing and selling certain types of customer information without those customers’ consent. Data such as a person’s Web browsing history, app usage history and location details would have required a customer’s explicit permission before companies such as Verizon and Comcast could mine the information for advertising purposes.”
  3. “The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Windows Store. When the level is set to Basic, it also includes the Security level information.” [Detailed list follows on that page.]
  4. Full telemetry level (inclusive of data collected at Basic):
    • Common Data (diagnostic header information)
    • Device, Connectivity, and Configuration data
    • Product and Service Usage data
    • Product and Service Performance data
    • Software Setup and Inventory data
    • Content Consumption data
    • Browsing, Search and Query data
    • Inking, Typing, and Speech Utterance data
    • Licensing and Purchase data

Smartphones and privacy — tuning app permissions

 Computer, Phone  Comments Off on Smartphones and privacy — tuning app permissions
Jan 152016
 

When you install or update apps on your smartphone, do you get prompts for permissions? Access to your camera, contacts, photos, network, etc. Clear or confusing? Is there a choice — all or none or just some?

CNET’s article “Your Android phone is too damn nosy” discussed this issue.

On Android phones, people have faced an all-or-nothing approach. They could accept all permissions when they download the app or nix downloading it at all. Google is addressing the concerns of Egelman and others with its Android Marshmallow [6.0] operating system, which lets people sign off on more specific permissions before installing an app.

Egelman said that up to now people have been used to and resigned to just tapping “yes” on permissions so they can use an app. But the study, conducted by the University of British Columbia and the University of California at Berkeley, showed that 80 percent of people would have said “no” to at least one permission request if they’d been given the opportunity. What’s more, the average participant wanted to say “no” to nearly a third of all the permissions their phone has demanded in order to run apps.

The referenced article for Android Marshmallow noted:

Instead of giving any app carte-blanche permission to look at your contacts, photos, or use your Wi-Fi signal, just by simply downloading it, you now have the power to rein in your apps.

If you use an iPhone, do you know how to tune your app permissions (settings)?

Trading away personal info — twilight of privacy?

 Computer  Comments Off on Trading away personal info — twilight of privacy?
Jan 142016
 

Imagine you’re visiting a mall and occasionally someone stops you and asks for some personal information: Your favorite places to shop? Things you like to purchase? Brands you like? … You’re told that as a reward for providing that information you’ll get a gift certificate. What if that happens to you on the street, just walking around your city. Any difference in your reaction?

Imagine you’re at home and setting up some new gadgets (maybe home automation modules or some Internet of Things smart devices) and you get to the step where you need to agree to some Terms and Conditions, including a Privacy Policy, which covers collection of personal data. If you agree to all the terms, you’ll get a monthly credit or rewards points. Do you say okay?

Imagine you’ve been given an in-home robotic butler or artificially intelligent personal assistant. The proviso is that you need to share your habits, likes, contacts, and personal schedule with the device. Maybe you do not even share all of that with family members and friends, eh. Creepy? A fair trade?

And imagine that in all these scenarios that some or all of your personal information is sold to marketing companies.

Do you draw the line somewhere? That’s the question addressed in a recent Pew Research report, as noted in a Washington Post article called “When is it worth giving up your data? Americans aren’t quite sure.

Would you trade information about when you’re in your house — and in what rooms — for the promise of cheaper energy bills, even if that means you’re sending this data to a distant tech company?

Often, the benefits to giving up personal information are obvious: Cheaper energy bills or a convenient way to swipe into a transit system. The potential pitfalls can be more abstract. For example, it’s hard to tell what the consequences could be down the road if a company is tracking your web browsing today.

Read the full article for more details about the scenarios which were explored and participants’ responses.

Creepy aspects of Windows 10’s privacy settings — more from PC World

 Computer  Comments Off on Creepy aspects of Windows 10’s privacy settings — more from PC World
Dec 212015
 

Windows 10 is a “winner” in most ways, especially for those moving from older Windows versions (and who invest the time to prep and complete a successful upgrade). However, as I’ve noted in prior posts, news about its “out-of-the-box” settings persists. And that’s a good thing. For many people, those settings may pose privacy issues. It’s best to check what’s going on, as Melissa Riofrio, Executive Editor, highlights in her December 14, 2015, PC World “Fixing Windows 10’s privacy problems” video.

Windows 10 has privacy issues: It asks for a lot of information in exchange for using its services. Here’s how to control that information flow.

Go to the settings section in Windows 10’s Control panel. You’ll find the privacy settings down near the bottom. You’ll definitely want to explore all the options here, but I’ll show you four [or three] really important ones. Remember, some settings affect important apps like email, so choose wisely.

The creepiest online ads are the ones that track where you’ve been and show you stuff you were just shopping for.

Ad blocking — Heinlein, Friedman redux

 General  Comments Off on Ad blocking — Heinlein, Friedman redux
Oct 012015
 

Well, the game’s afoot. Are you using ad blocking?

PC World’s “The price of free: how Apple, Facebook, Microsoft and Google sell you to advertisers” article summaries how four major companies handle collection of personal data when you use their products and services.

Because the latest version of Windows is always asking for information in the guise of being helpful, it’s easy to think that Microsoft’s the poster child for the collective attack on your digital privacy. But it’s not.

Now that Apple’s iOS 9 supports ad blockers, are you going to try one on your iPhone? The Washington Post summaries some choices in their “Here’s how some of the top iOS 9 ad-blockers stack up” article.

From a consumer standpoint, it seems like a good deal — particularly on a smartphone, where even a small ad can take up a lot of screen space. Ditching ads makes sites load faster and easier to read. And blocking tracking software may give those worried about privacy some peace of mind.

And the Washington Post continues with a cautionary perspective in “How our love affair with ad-blocking risks giving Internet providers even more power.”

If you often feel that the content on webpages you visit is overwhelmed by ads, this article notes that:

The New York Times took a look at this Thursday. It found that for many online news sites, it takes longer to load the ads than the news content visitors are presumably there to see. On an LTE connection, the Huffington Post loaded in 5.2 seconds with all its ads, for example, but with an ad blocker, that time was cut to just 1.2 seconds.

So, what could go wrong with all of this? Re/code discusses the topic in “Ad Blockers: Unwitting Arbiters of Consumer Preference.”

Deploying ad blocking is not the fight consumers want. But neither the pay-for-access model nor the advertising-in-exchange-for-free-access model works well enough today. … Opting in to the advertising experience is also broken. Consumers en masse should not be expected to choose to view ads when blocking them is both easy and consequence-free. … It is a tragedy of the commons.

What about Heinlein and Friedman? See Wikipedia’s article titled “There ain’t no such thing as a free lunch.”

Apple’s updated privacy policy — plainly different than others’ policies?

 Computer  Comments Off on Apple’s updated privacy policy — plainly different than others’ policies?
Oct 012015
 

As noted in previous posts, the privacy policies of major tech companies, especially those with products and services that we interact with on a daily basis using our mobile devices, are getting a lot of media attention. And rightfully so. What’s moot? What’s not? Just because “it can be collected” begs the question of whether it should be collected. Just because “it makes us money” begs the question of whether it’s ethical or sustainable.

It’s all about trust. And secure handling and storage of personal data. As our mouse cursors or fingers hover over the “I agree” buttons for these long policies, who really ponders saying no? How many people check whether their personal data is shared reasonably — without arbitrary or capricious or nebulous intent?

The mobility and convenience of our digital mixes requires more and more personal data be collected, stored, and shared. Not just account information. Privacy policies evolve to address those expanding shares (as well as sometimes to clarify such policies).

So, as discussed in this MacWorld “Apple throws down the gauntlet with overhauled privacy policy” article, Apple wants not only to be clear about things but also stand out in an industry prone to buccaneer-like marketing.

The company isn’t just issuing platitudes about how great its privacy protections are—it dives into real detail about how its various services use and protect your data.

I find this article’s summary of how Apple handles data for their new News app particularly interesting:

The articles you read in iOS 9’s News app aren’t linked to you specifically, but to an anonymous News-specific identifier that you can reset at any time. News does use iCloud to offer you recommendations across all the devices you read News on, but those are stored on the device and not seen by Apple.

Apple does put ads in the News app and uses your reading activity to determine which ads to show you, but that information cannot be used outside of News to show you ads in any other app—not by Apple, and not by the publishers you read in News. You can also turn on Limit Ad Tracking so Apple can’t target ads to you based on your activity in News.

Evidently Apple’s iOS 9 security white paper is 60 pages long. Sigh.

Security vs. convenience — who wins?

 Computer  Comments Off on Security vs. convenience — who wins?
Sep 292015
 

I’ve discussed this topic with many of my clients, especially those who complain about remembering or keeping track of passwords — the trade-off between security and convenience for consumer products and services.

We recognize this trade-off everyday with different keys for physical locks and passwords for different digital services. Password managers can help with “one password to rule them all.” And some envision a future where biometrics just require your presence to gain access. How convenient.

Mobile devices pose a particular challenge for manufacturers. Consumers expect ease of use and convenience. Yet, these are complex devices, real computers, subject to the same security risks as traditional desktop and notebook PCs. As designers craft a more personal and natural way to interact with these devices (through gesture, voice, etc.), concerns about safety and security remain.

Elsewhere I’ve discussed the issue of privacy posed by increasingly convenient digital services, whether mobile or not. We’re faced with trusting butler-like personal digital assistants with all types of personal information so that things go smoothly — like a fine-tuned relationship where small facial expressions substitute for verbal sentences, actions are anticipated, and events always remembered. And we trust that our butlers communicate discreetly with others as they do jobs for us.

Generally I’ve felt that Apple balances security and convenience well. And that Microsoft keeps up to date with security patches. National news about security breaches keeps everyone alert. I tell my clients that none of these companies’ products and services are perfect, however.

So, I found this The Verge “In iOS 9, Apple is still trading security for convenience” article about Apple’s mobile devices interesting.

Siri is integrated deeper, pulling more data from more sources and making many recommendations before you’ve even asked for them. But this week, security researchers discovered a downside to Siri’s new intelligence. iOS 9 lets users access Siri from the lock screen, and if you work that access right, you can use it as a way to add contacts or even access the camera roll.

As with Microsoft’s Cortana, privacy or security concerns with Siri can easily be addressed by disabling features. But where’s the convenience in that, eh?

Sep 182015
 

The “freemium” model for products and services dominates the digital landscape. Many companies use a free version (freeware) to promote their paid-for full version (and in some cases as a goodwill gesture to promote some public good). “Try before buy” is quite useful and these companies sometimes also provide free trial versions (user licenses for 10, 30, … days).

“Free” is a powerful marketing strategy. There’s a downside to the freemium model, however. Who pays the “freight” when there’s no fee? We constantly experience the consequences in ad-supported products and services. Less “filling,” more commercials. On many websites, ads and promotions clutter the page — they’re so dense that content is overwhelmed. More people, as a result, use ad blockers (and Reader / Reading View). And data collected about your use of these products and services is just as profitable.

So, while most people are aware that “there’s no free lunch,” many use free app’s (applications, programs, software) on their digital devices (smartphones, tablets, notebooks, desktops). Many of my clients, for example, use free anti-virus (anti-malware) app’s. Most of these are quite legitimate and useful (and better than Microsoft’s built-in Defender). Free versions are reviewed as well (for example, by PC World).

But whether free or paid, products and services come with terms and conditions and privacy policies. It’s the later — what data the provider collects and how such data is used — that’s increasingly a concern.

So, the release of a new, clarified Privacy Policy by AVG sparked industry reaction, as noted in this September 17, 2015, PC World “AVG’s new privacy policy is uncomfortably honest about tracking users” article.

The new policy, which takes effect on October 15, makes clear that AVG will collect non-personal data such as “Browsing and search history, including meta data.” AVG says it collects this data “to make money from our free offerings so we can keep them free.”

So, stay informed. Privacy Policies are everywhere. If you’re using AVG Free, does their new policy change anything?

[See my comments on this post for additional commentary on ad blocking.]

Aug 172015
 

So, you’ve been using Windows 10 for awhile. What do you think? What do you like or dislike?

Although released less than a month ago (as of today, August 17), the commentary is underway. For example, this “10 Things You’ll Hate in Windows 10” article:

There are some features that do need some work though. Some of them are pretty obscure issues. You can live with them until Microsoft gets around to addressing them. A few of these even have fixes coming that we know about. Others are more complicated problems that’ll take Microsoft and its partners sometime to address.

  • Updates Happen Automatically
  • OneDrive Syncing Stinks For Now
  • Skype Is a No Show
  • Only in Tablet Mode Does the Touch Keyboard Surface Automatically
  • Music Is Still Missing Basic Functionality
  • You Can’t Act on Notifications in the Action Center
  • Start Layouts Don’t Sync Across Devices
  • Windows Store Apps Need Updates
  • Connect to Suggested Open WiFi Hotspots
  • White Titlebars

Advice about privacy settings is a regular topic, as in this “How to reclaim your privacy in Windows 10, piece by piece” article:

There’s no doubt about it: Windows 10 is veritably infused with data-tracking tidbits and hooks into all sorts of Microsoft’s online services? Handing over all that data has some tangible benefits, like Windows 10’s OneDrive integration and the Bing-powered brains behind the Cortana digital assistant, but not everyone is thrilled with the idea of Big Brother Bill Gates constantly looking over their digital shoulder.

Read the full article for the rundown.

If you’ve explored the privacy and sharing options, including app permissions, on your smartphone or tablet, then these Privacy Settings categories may look familiar:

  • General – participate in personalized advertising inside apps
  • Location – permit apps and services to know where you are
  • Camera, Microphone – permit apps to see and hear you
  • Speech, inking, & typing – enable “getting to know you” (Windows & Cortana) – like a trusted butler [in addition to whether you want Cortana turned on and certain Edge settings]
  • Account Info – permit apps to know your name, …
  • Contacts, Calendar – permit apps to see your “personal organizer” data
  • Messaging – permit apps to read or send messages
  • Radios – permit apps to send or receive data from other nearby devices (like Bluetooth) [in addition to Wi-Fi Sense settings]
  • Other Devices – enable other types of automatic sharing & sync’ing (Xbox One, TVs, projectors, USB FlashDrive) [in addition to OneDrive settings]
  • Feedback – participate or not
  • Background apps – use some power management

I’ll be posting more reactions in the coming weeks.