Phone apps help themselves to our contacts, Google tracks our web history, and supermarkets monitor our buying habits. Can anything stop the great data grab?
If you use a smartphone and download apps, as half the UK population does now, you’ve probably used an app which pops up a dialog box pop asking “Find your friends?” and offering to search some new social network – or one of the more familiar ones – for people you already know.
It’s easy and quick to click on the “OK” button. But do you know what’s happening once you do? This is where you suddenly discover that what you thought you knew about your online privacy is wrong – or at best, incomplete.
In mid-February, an Indian researcher, Arun Thampi, figured out what was happening when Path, a would-be social network app for Apple’s iPhone for “sharing your life”, asked that question. It was uploading the entire contents of your address book – names, emails, phone numbers – to Path’s servers.
The outcry over this data grab was rapid and widespread – at least among the Silicon Valley digerati and those who watch them. Path’s chief executive wrote a mea culpa blogpost, the company updated its app so it wouldn’t upload all the data, and everything seemed calm.
Then Dustin Curtis, a user interface designer, pointed out that loads of apps do this. On his blog, he noted: “I did a quick survey of 15 developers of popular iOS apps, and 13 of them told me they have a contacts database with millons of records. One company’s database has Mark Zuckerberg’s cellphone number, Larry Ellison’s home phone number and Bill Gates’s cellphone number.” But he added: “This data is not meant to be public, and people have an expectation of privacy with respect to their contacts.” More digging showed that Facebook, Instagram, Yelp and location service Gowalla did too. It seemed like it would be easier to list the apps that didn’t do it.
For those feeling suddenly itchy about their privacy, there was more to come. A few days after Curtis’s blog, Twitter admitted that it too grabbed address book data (though only, it said, your friends’ emails and phone numbers); the purpose being just to find people you already know who might already be, or will be, members of the service. Jon Leibowitz, the chairman of the US’s powerful Federal Trade Commission, summed it up in a sentence: “Right now, it is almost impossible to figure out which apps collect data and what they do with it.”
Apple chewed this over silently for a week and then announced that a forthcoming update of the iPhone and iPad software would prevent this.
But just as another privacy storm seemed to have come and gone, another arrived: Jonathan Mayer, who researches online privacy at Stanford University, discovered that Google had hacked past the default privacy settings of Apple’s browsers on the iPhone, iPad and desktop so that it tracked people’s use of the web, whether or not they were signed into its services.
That also meant that its advertising arm DoubleClick could follow them too. Adding to the appearance of culpability, as soon as the Wall Street Journal, following up Mayer’s discovery, contacted Google, it stopped doing it. In recent weeks, only Facebook – accused wrongly by the Sunday Times of reading your text messages (the company insists it’s doing no such thing; the capability in its app is for a future mobile payment service) – has emerged without immediate criticism.
But the damage has been done. “Between the Path debacle and Google’s Safari cookies, [Silicon] Valley’s moral bankruptcy on privacy was made obvious,” commented James Grimmelmann, an associate professor at New York Law School, on Twitter.
But it’s not just in the narrow space of web browsing or apps that we’re identifiable. A chilling story in the New York Times described how the giant Target store is now so good at tracking what items people buy that it can spot if someone is pregnant – especially in the second trimester, when they begin buying things such as vitamins and maternity clothes; catch them there and “we could capture them for years”, as a statistician explained. The 25-item prediction system works so well that Target knew that a teenage girl was pregnant (and began sending appropriate shopping coupons to her home) before her father did. Which caused some red faces – first anger, then embarrassment – when he found them and accused the Target manager of encouraging her to get pregnant.
On Target’s part, it was nothing personal. But it wasn’t private either: somewhere in its machine, there was a link between the girl and her pregnancy.
Essentially, the edifices of privacy that we once thought we understood are melting like ice in a heatwave. Once upon a time, before mobile phones, it was really hard, without direct surveillance, for anyone else to know where you were. The advent of mobile phones meant police could track you by seeing which mobile masts your phone connected to. Then supermarket loyalty cards meant big retailers could make educated guesses about your home life – your income, education, life stage. Next, the location of your use of debit and credit cards, and the burgeoning number of CCTV cameras, all began to add up to a picture where not just the police but also big businesses could build up a picture of where you were pretty much throughout the week.
Now add in smartphones and apps such as Path, Twitter and Foursquare, as well as web-based companies such as Facebook and Google which rely on serving ads, and data-crunching like that done by Target (and all the big supermarkets) and the idea of “privacy” is being eroded from inside and outside. Your address book is somewhere in the “cloud”. You’re telling anyone who has access to your Facebook profile where you were. Foursquare users can track your whereabouts, if you “check in”. The supermarket where you shop is sending you coupons for nappies.
A graphical representation of how much public data Facebook used to show in 2005 compared to 2010 looks just like scary forecasts of polar ice cap melt. Except it’s already happening. In fact, online privacy looks altogether like global warming: we tut about it and mutter “something must be done”, and then do the equivalent of clambering into 4x4s – tagging photos on Facebook of friends getting drunk, tweeting pictures of our lovely trip and family on Instagram.
Simon Davies, director-general of Privacy International, the pressure group that has been warning about the ease of such invasions for years, thinks it’s an apt metaphor – but equally that, like the environmental movement, awareness is growing that it’s not right, and that we can’t go on this way.
“We have had developers tell us that they don’t want their platform screwed up by too much privacy management,” he says. “There’s all sorts of hoodwinking and linguistic devices that they use to persuade you to hand over your data.” Such practices are pervasive, he says.
But he sees signs for optimism: there’s growing awareness among a number of people on social networks (the irony might not be lost on you) that there’s value in keeping information about yourself, your whereabouts and life private. Not just to protect yourself from identity theft; also just because it’s nice to have some part of you that isn’t subjected to the panopticon of the web.
“It is like the environmental movement, in that there are evangelists working to keep the brakes on excess use,” says Davies. “I think Microsoft and Google are starting to see a change there.”
The trouble for Google is that 97% of its revenue comes from serving ads. Its profits improve if people click on ads, so it likes to show “relevant” ads – and the best way to work out which ads to offer is to watch which web pages people visit.
Google is painfully aware that government agencies take a dim view of any corporate infringement of people’s privacy – and also that if it loses users’ trust, the slope from top dog in search to also-ran could be slippery. (For that reason, Microsoft has been hammering away at the privacy topic in its PR efforts: when news broke that Google had worked around Internet Explorer’s protections, rather than follow its frankly arcane privacy system, Frank Shaw, Microsoft’s combative head of PR, tweeted in faux disbelief: “Google can work on a self-driving car but can’t figure out how to implement a standard?”)
“Even if you don’t think cookies are a privacy harm, you should care about Google’s inability to keep its promises,” noted Grimmelmann, who studies how software affects freedom, power and wealth distribution. He says it’s the same as not caring whether a politician had an affair: “[the politician] lying about it is still a big deal.”
And not many are prepared to give Google much leeway: “Of the four ad networks caught abusing [the] loophole in Safari cookie controls to track users, only Google is claiming it was unintentional,” tweeted Christopher Soghian, a security and privacy researcher based in Washington.
The culmination was the announcement last week by the Obama administration that it would push for all browsers to have a “Do Not Track” button as part of a “consumer privacy bill of rights”, while the Californian attorney general said that apps would have to include privacy policies to tell users what data they would access.
But where does it all end? “It’s a systemic problem,” says Davies. “The situation will only change when it’s not fashionable to give away your data, when it becomes sad to do so in front of your peers.”
Is there any chance of that happening? Mayer says there are “bright spots” in privacy; he is working on the “Do Not Track” system. But others in the industry point to the differences between the US and Europe – the strong data protection legislation in the latter, and its almost total absence in the former – and suggest the gulf can’t be bridged; our data will always flow downhill towards the area that lets companies make as much (profitable) use of it that they can. The columnist Helen Popkin commented despairingly: “Facebook is the slowly-warming pot of water and we, my friends, are the frog. By the time we noticed our peeling skin, another hunk of our privacy is long gone.” But that was in March last year. Since then more and more chefs have continued to gather around the pot. Do you want to find friends already using this service? Is it getting warm in here?
• This article was amended on 29 February 2012. A line in the original said that “Google had hacked past the default privacy settings of Apple’s browsers on the iPhone, iPad and desktop so it could track people’s use of the web “. Google points out that this was an unintended consequence. The story’s wording has been changed accordingly.
guardian.co.uk © Guardian News & Media Limited 2010