The ubiquity of smartphones has made it easier than ever to manage, record, navigate and share our lives. This unprecendented power presents unique dangers we’re often unaware of, or choose to ignore in exchange for convenience. Most smartphone users are unwittingly leaking snippets of information about what they do when, with whom and where. In many instances, we’re tacitly granting applications permission to leak this information.
We’re inadvertently giving away our secrets, while opportunists deliberately collect them. But just what sort of information are we leaking? What can those collecting it do with it? And how can we protect our privacy in an age where sharing the minutiae of our lives is the norm and privacy is often mistakenly conflated with having something to hide?
Everything to everyone
Alarm clock, digital diary, music and video player, dictaphone, watch, computer, camera, electronic map, address book, oh, and telephone – the contemporary smartphone is all of these things in a single, pocket-sized device.
The combination of hardware miniaturisation, faster processors, better batteries, innovative software and high-speed wireless data and voice networks has allowed most of us to carry a potent computer with us at all times that’s almost permanently connected to the Internet and other devices like it. A supercomputer that is constantly sensing, noting, recording and sharing data about us and our activities.
Today’s smartphones offer a range of utilities that was, until very recently, confined to the realms of science fiction. The throwaway line “There’s an app for that” is amusing precisely because it’s so often true. But this functionality doesn’t come without a trade-off. Another bon mot of the 21st century is: “If you’re not paying for a product, you are the product.”
Google is ostensibly free, but it uses our data from Gmail, Maps, Calendar and other apps to serve us customised advertisements. Facebook does likewise, which is why it’s forever trying to find out more about us – what movies we like, where we went to school, who we’re dating… These services don’t come with a fee because the operators make their money by selling our data to advertisers.
The most widespread digital lie is clicking the “yes” button when asked whether we’ve read and agree to the terms and conditions of a service.
Facebook, in particular, has often pushed the boundaries of what constitutes acceptable use of data, only recognising or acknowledging the invisible line that serparates the agreeable from the objectionable once its crossed it. Nonetheless, most of us continue to use Facebook because of the convenience and because not being on the network is just not socially acceptable in many circles.
Every pic you take
In order to do useful things like arrange the pictures we take on a map (like Instagram does if you let it) or help us identify a song playing on the radio (like Shazam and Soundhound), our handsets have to collect data about us. By signing in to social media accounts or banking and communication apps, we share sensitive and personal data with our devices.
At first glance, this is a small price to pay. It’s incredible being able to see every destination you’ve ever used your phone’s GPS to guide you to laid out on a digital map, browsing your photos in grids of thumbnails based on location or time and date, or being able to read every single WhatsApp message you’ve ever sent. But what if someone else could see that information too?
Human beings are pretty good at identifying patterns and making inferences from them. It’s one of the reasons we so often see faces in inanimate objects like postboxes or the fronts of cars – we’re programmed to recognise the familiar. It’s our own version of the autocomplete our phones use to finish our sentences or correct our typos and it helps us make sense of the world.
Sometimes, though, we’re pretty bad at connecting the proverbial dots. For example, say you like to run. You might use a running app on your smartphone to track your routes and share the results to Facebook and Twitter because you like showing friends and family your progress. You get a warm and fuzzy feeling every time someone likes or favourites one of your run-related posts.
Each post includes a map of your route, how far you ran and how long it took you. There’s obvious value in this – you can’t pretend you ran 5km if you only ran 3km, you can see whether or not your times are improving over the same routes, or you can test new routes and compare them to previous ones.
The problem is, if you have a “public” Facebook sharing setting or you’re sharing the information to Twitter, anyone who cares to look can also tell things about you. Beyond seeing that you’ve finally broken that 5-minute per kilometre barrier that’s been eluding you for weeks, they can tell where you live, when you’re next likely to be running and which route you’re likely to take.
“Who would want to know where I am or where I run?” you might ask. I don’t know, but I do know that I don’t want to find out.
Sharing without caring
Most smartphone cameras add location data to every picture they capture by default. It’s called “geotagging” and it can be extremely useful. It can make finding a picture you took at a particular place months earlier a cinch and spare you scrolling through hundreds of unorganised images, but it can also give strangers all sorts of information most of us would rather they didn’t have.
This geolocation data is saved in something called metadata – literally, data about data. All sorts of file types can have metadata attached to them, from documents and images to audio and video. Unless you expressly set your mobile phone not to add location data to images, or manually strip that information from the metadata after the fact, any time you share those images, you share their metadata too.
Any social channels you’ve used to share images get that information as well – Instagram, Twitter, Facebook, Path, Ello, you name it. What can people tell from this information? That depends on what you take pictures of, but there’s probably enough information to work out where you, your friends and your loved ones live, work and play. Someone simply has to care enough to look.
Metadata’s gotten a lot of attention in the media in recent years, thanks to the whistleblowing actions of former National Security Agency contractor Edward Snowden. When he revealed the extent of the USA and UK’s digital espionage activities, claims were quickly made that they weren’t actively reading people’s emails or texts or listening to calls. Oh no. Instead, the surveillance agencies were merely recording and analysing metadata for our own safety.
These governments claimed they were simply monitoring which numbers made calls to which other numbers, how frequent the calls were, how long they lasted and so on. Nothing to worry about, they promised.