Author : zenman Date : October 13, 2022

Takeaway points

  1. All data you produce no matter how inconsequential is being captured, analyzed, and stored for monetization now, and in the future.
  2. Data security and user privacy was not designed into the infrastructure of the internet. Because the constituent networks all began as private networks, there was no imperative to build in data security at that time.
  3. Service providers intentionally mislead you with Deceptive Design Patterns tricking you into doing things that are good for the provider, but bad for you.

How we got here The idea of security, abuse, or other malfeasance on the internet was irrelevant at the beginning, mainly for the reason that the networks that comprised the internet were originally all private networks. Within a trusted (private) network, strong security is not needed, nor is it expected to be required.

With the invention of the smartphone circa 2007, and the mass adoption of the World Wide Web, the entire conception, value, and usage shifted towards commerce. Unsurprisingly, this brought bad actors, hackers, state backed surveillance, and while more mundane, direct data collection by Google, then later adopted by virtually all business, software, and communications service providers.

The book “The Age of Surveillance Capitalism” [Shoshana Zuboff] documents the way Google evolved to capture data and the monetization of data has become a fundamental shift in all commercial apps. Microsoft, for example, calls their data gathering “telemetry”, in a tacit admission that they capture and transmit your data to their servers.

Further research reveals that they capture your usage data in extreme detail. How fast does your mouse accelerate? How long does the cursor linger over a particular icon? No detail is too small to capture. These are “fingerprints” that identify you. The objective is to capture as much data as possible, to archive it, then when suitable (Artificial Intelligence) means become available, squeeze more money out of what you did in the past. Hard to believe, however, makes sense. Can be explained simply as “profit motive”.

Underlying this information gathering is the disclaimer that you agreed to the terms of service. In some respects, this is true. You cannot use a phone without subscribing to a telecommunications company. Therefore you must agree to their terms. That is true.

However, service providers commonly mislead you using Deceptive Design Patterns [Harry Brignull]. A simple example is when the telephone agent explains the details of package X which include 5GB/month on the LTE network, but when the confirmation details come, it says 3GB/month on the (slower) 3G network. That is a simple “bait-and-switch” pattern. How can you prove the agent made a better offer than you received? Do you have hours to spend on the line bouncing between agents to resolve the problem? You agreed to X and they signed you up for Y. In other words, they lied to you. Do you just take the worse offer because it’s too much trouble to hold them to their word? Ha ha. Who hasn’t that happened to?

Questions to ask yourself

Google, Apple, Microsoft, Amazon, [your service provider] are all making money off your most intimate personal details. These companies are wildly profitable. You are already paying monthly fees or license fees AND giving them a raw material like gold with every gesture, name lookup, and movement of the mouse. If you are even logged in and doing nothing, you are generating data points for them.

Should you care about giving away your personal data? Who is collecting your personal data? What are they doing with your data?