Referral links

Unlike other ads on this page, the two links below are to services I use - if you're looking for a new SIM or broadband connection I can personally recommend them, and these are specific referral links that I can get bonuses from if you sign up, so please use them :-)

Get a free giffgaff Sim Broadband from £5.99 a month with an included wireless router when you sign up to Plusnet - terms apply

Sunday, 28 September 2014

"Being watched by google" and missing the point of Facebook's messenger scandal

[Short link to this article if you need it - http://goo.gl/pVdsoM - or retweet me. This article is a useful collection of links I've gathered for myself as much as being a blog article for others!]

The Facebook messenger app that was introduced appears to have generated quite a bit of controversy. Facebook split out the messaging functionality into a separate app from the main one and blocked the main one's ability to manage private messages, this effectively forcing people to install the new app to keep their existing functionality.
Not inherently a problem in itself, but it seemed to stir up a bit of controversy about the permissions that the application had. It wanted access to your camera and microphone. How could that be. The level of outrage seemed to reach fever pitch on some parts of the internet about how having acces to that meant that they could spy on you and record everything you're doing. It got ridiculous, and the media didn't help - I saw this appearing via a share in my facebook feed:






HOW TERRIBLE. WE SHOULD ALL STOP USING FACEBOOK!!!


Well, yes there are plenty of reasons to stop using facebook which I'll get into later, but this really isn't one of them. And if he's a "tech expert" he needs to be fired for scaremongering. In fact the issues raised in there are applicable to the permissions that the original facebook app already had, so you'd better stop using that and several others too if you're going to avoid messenger:

 Let's use a common sense critique:
  1. These permissions are requested for the app because facebook allows you to take pictures/video and send them with your messages. In the case of the main facebook app, there's a recent new - OPTIONAL - feature that allows it to listen in the background to detect and post what you're watching/listening to. Even the scandal-inducing Daily Mail didn't really seem to have a problem with it. I use a separate app that does something similar to post what I'm listening to to last.fm when I'm at a venue playing music. It's a nice thing to have.
  2. Facebook are quite open about the function that makes use of the camera/microphone (if you're still wondering why, then here's the - entirely reasonable - official response to the concerns), but what about other apps that you use? Do you know the company behind them? If there's a chance they're a scammer or have other sinister intentions do you check them out in the same way you would when criticising a large company like Facebook? Surely that's where the real danger is - with the lone developer who might be trying to steal your identity or take other things from you.
  3. If Facebook really was trying to snoop in on your microphone or send pictures back to base, you'd see a significant amount of background data usage in the app (other than any auto-playing videos). This simply doesn't happen, so the scare stories are just that.
  4. So we established in point 1 that there are legitimate features in apps that require use of those device features, but what if you didn't want to use those features and wanted to block access to, say, the microphone, or your photos stored on the phone? Apps tend to be installed with an "all or nothing" way of operating. The current Android app permission groups are here. What worries me is that Google tested an Android feature for selectively blocking app permissions via an "App Ops" setting menu in Android 4.3 but then pulled it (actually they claimed they'd put it in accidentally) but if you want to find someone to really have a go at about security and potentially allowing spying, maybe the OS vendors such as Google should be your target... (NOTE: With a rooted Nexus 5 you can put it back, or possibly also on other rooted devices). Or maybe you should consider getting hold of a device which can run the Cyanogenmod variant of Android which has such a function called "Privacy Guard". iOS already has such functionality built in so that's a win for Apple, as nothing should be able to sneakily use your microphone unless you allow it. And in fact with the newly released iOS8 they've has gone so far as to say "The authorities can't access your data" with Android about to follow suit (reference), although whether that'll be a good thing when a high profile court case comes out where evidence couldn't be obtained from such a device is questionable.
I know many disagree, but I still can't help feel that the demise of Flash on mobile has encouraged platform-specific apps in a way that makes the permissions aspect worse. If the manufacturers or community had managed to write a more secure, lightweight Flash implementation maybe all of this wouldn't be an issue ... But it would've been less lucrative for the app stores ...

I think the hype over the messenger app is just scaremongering because people like to think that Facebook is evil. In reality, they're just adding new cool features in their app. Yes there are people who will say "But I'll never use them" but ithis is the technology industry, and it's going to move forward. It's called progress - without it they would struggle to remain dominant in the social media space. And if you're really concerned about the Facebook app, uninstall it and use the mobile web page which cannot access the things you're worried about, and does give you access to Messages. It's your choice. I have to admit I was a bit surprised when thumbnails of my newly taken photos showed up within the app and it offered to add them, but (I believe) that is all being done on the device and not sent to the servers (Unless it's sending thumbnails of course - if you want a conspiracy theory!)

Google, and increasingly Facebook, make their money out of targeted advertising and knowing things about you to enable the ads to be more useful. To a certain extent I don't have a problem with that (I don't use AdBlock as I'd rather vote with my feet on such issues and avoid the sites if they're too intrusive) and I'd rather ads were of interest to me than not) but for those who do the best answer is not to use them. Stop using Google and switch to a search engine such as duckduckgo instead which won't track you in the same way. The problem is that Google's data collection means that their results will generally be superior. They have access to a lot of information to use to give you the best results, and other search engines aren't quite there. But they're worth trying ...

My other big concern regarding Google Android is the "Android OS" data usage on cell connections on Android devices. It's not a huge amount - a few Kb each week, but I do wonder what exactly it's doing. It could be a measurable cost for some very low data users if it's using some data every day with some pay-as-you-go deals offering a certain amount of data per-day for a fixed price. Any expected data usage is counted under specific apps or the play services, and I have app updates disabled unless on WiFi. So what is my phone doing talking to Google in the background? I've got location data switched off, so it can't be sending the (frighteningly accurate as it happens! Try switching GPS off and you'll see) WiFi-based location mapping back to to Google in there ... This is from my device's cell data use in the last week:


Maybe they're the ones sending my photo thumbnails back to Google for the NSA ...

My real concerns about Facebook.

Maybe the above publicity about Messenger is a good distraction for Facebook, as it diverts attention from some of the real issues with their client apps. The mobile web page is great, but in terms of data use it's relatively inefficient. The calls made through the APIs by the Facebook app are far less of a data hog. So you might think another option might be to use a third-party Facebook client that doesn't give so many permissions. But there are two problems with this:
  1. Firstly, the feed is filtered differently. Actually through the APis it doesn't appear to be filtered at all so your "Close friends" and "Acquaintances" don't get the prominence you've asked for in your feed. If you're not familiar with those options they are a great way to increase/decrease the prevalence of friends in your stream - and if you really want to "stalk" a friend then there's also the "Get Notifications" option so you get a notification for everything from them. All of these are available when you click the "Friends" button on someone's profile on the web site, in addition to the asynchronous "Follow" option for those who allow it. There are many who think that Facebook filters the feed too much, and for them using another app might be a good idea ... Except for the second problem with third party apps...
  2. Many people have (understandably) set their privacy options (Settings -> Apps -> Apps Others Use) to prevent access to their posts and photos etc. (NOTE: Some experimentation I've done suggests it may not always work...although you can kill off the platform app entirely from Settings->Apps->"Apps, websites and plugins" which does seem to work but stops you using FaceBook logins anywhere) It's to stop games and other rogue apps from being able to access their "friends only" information, but it also prevents "real" third-party facebook clients from seeing their posts. Maybe there needs to be two classes of app - and perhaps the "anonymous login" option for apps is enough - although there's little incentive for Facebook to do quite enough to make "real" third party clients work as it's generally easier to inject ads in their own clients the way they want...
  3. I wrote about a bunch of other concerns a couple of years ago, and although some things have changed since then, I did mention the app permissions thing in there. and why people would choose to restrict app permissions.
And I'll be honest, those "lock-ins" meaning you get reduced functionality with third party apps is a big part of the reason I sometimes consider leaving Facebook. I am using a third party app, and so I know I'm often missing people's posts at the moment. But then on a positive, Facebook does provide a lot of control over the access if you know what your way around the options, but it's good to see Facebook's new "Privacy Check up" wizard being presented to users now (Did they know I was about to publish this blog?)



There are also articles on topics such as "How to lock down your facebook account for maximum privacy" but I honestly think that doing a lot of what those articles say reduces the effectiveness of a social media platform. Most people post things on twitter without where followers/followes are all visible, so why lock down your facebook account so much that such information is lost? Sure there are some scams involving acquisition of those lists, but I'd rather we lived in a world where people were educated on security and keeping their wits about them online rather than artificially let them believe that a checkbox on one site will make them secure/immune ... I'd really like to see schools teach good online security habits since such knowledge should be essential for all online users. Let's not be overly paranoid about one site.

Social moving forward - is there any hope?


Anyone trying to get into the social media space will have a very hard time competing with Facebook. Even Google are struggling to do it with their initial "Buzz" offering and now Google+, which has recently been changed so that all Google Mail users don't have to have a Google+ account. The critical mass of people who use Facebook is huge, and nothing else is at a level where it's a substitute. I suggested an alternative to Google search earlier, but it's much harder for one person to choose to use a different network. Twitter just isn't the same as Facebook, the recently launched "ad-free" Ello has potential issues:
Diaspora's "pod" concept where there's no central hosting server is interesting - they started by charging users for the service in order to support it without advertising which wasn't a bad idea in theory, but they're not getting the wide adoption they need either, and they had some issues with their reputation amongst early adopters. But there's an option if you want to break away from Facebook.

But Mikko Hypponen of F-Secure recently had an interesting perspective. He, like quite a few people I suspect, would be willing to pay for such "essential" services as Google if it was an option to do so and not have all the data collection in place. But he argues quite strongly that from where Google are now it actually wouldn't be of benefit to them to offer it, as we're far more valuable to them when they can hold our data than a token amount of money would be. The tracking of us is what let's the world move forward to the sorts of ideals that Microsoft's vision of the future has predicted, and things like Google Now, if you let it, are moving us towards that. And facebook's revamped Atlas advert platform is widening its scope to rival Google Ads, but while introducing that they're adding anonymous logins and encouraging privacy checkups. The question that many people didn't ask at the time of Microsoft's vision video was: Who pays for it? The answer is you, by handing over your details so Google potentially knows more about who you really are than you do. It's up to you if you're happy with that, but the important thing is to know what you're doing. And if you want to see who's getting your info in practice, install the extremely enlightening the Lightbeam (Formerly Collusion) plugin for FireFox, or the third-party Ghostery one, and remember that it's your choice to allow web sites to set cookies .. They all prompt you for it now although that's possibly missed the point since the tracking is often just done via javascript instead. I've also seen a comment recently about how Facebook pick up on things you've viewed on external sites (as does Google) but in reality that's not so much Facebook spying on you as the retailer sending your details back to Facebook. Arguably a more realistic way to look at it.

But if you really value you're privacy, I suspect that LinkedIn, also known as "The Creepiest Social Network", is probably the one to avoid ..

NB The quote in the title of this article is from Kasabian's Eez-eh single

No comments:

Post a Comment