Apps like Temu or TokTok. Or those cheap electronic devices where you have to download a questionable app and register an account. What exactly is being stolen and what is being done with it? Who is doing it? Why?
The biggest problem i have with my data being collected, analyzed and used is in the fact that it will almost certainly be used to teach a ML model about how to better manipulate with people like me - the people that are privacy conscious and are trying as much as possible to reduce their fingerprint.
That data is invaluable, and if there does exist a way how to target even people like that, which there probably does since we’re only humans after all, the ML model will eventually figure it out. And they have literally billions of people to experiment and learn on.
Now, we already know from a few leaked studies made by Facebook that they cab already pretty well manipulate people into mostly whatever they choose. Take a hypothetical situation where you get a crazy out-of-touch billionaire, who decides to buy a large social network company, and then decides “Hey, I really want this candidate to win. Tune up the algorithms!”.
And the ML models will get a clear goal, that has been already proven to just work pretty well at influencing user behavior. And any data you give them, it helps the model to fine tune into influencing people like you . Which would also be really hard to prove, because ML models are by definition black boxes that are really hard to reverse engineer, and proving that it was trained to do this is AFAIK almost impossible.
I don’t want no part in that. Thankfully, all the large social networks have CEOs that are reasonable and would never try something like that, right?
And one more thing - you may not think that data about your behavior are of interest to anyone right now. But look at China and their Social Credit. And imagine how would have I.e holocaust turned out, if the government had access to all the data, opinions and profiles of people that are being collected now.
Oh, you mentioned you sympathize with the Jews three years ago in a private message? Well, let’s hope the country you live in never ends up in a situation where that could be a huge problem for you or your family.
So, every time any site is offering a “personalized, curated list” for you (I.e the google search result, or YouTube recommended videos), assume you are potentionally being manipulated, and avoid the site altogether- because there’s no other way how to prevent it. The ML model knows that you know, and is already trying to figure out how to manipulate people that are taking care not to be. And if there is a way, it will figure it out with some success.
The potential future authoritarian government has been my primary concern when it comes to data collection and profiling by corporations like Google and Meta for years. The governments don’t even have to build their information gathering networks, although they still will, but so much of the surveillance has been done for them, goes back years (literally an entire lifetime for many people now), and is just a request away. I can’t judge how the climate will be in two years, let alone a decade or two from now, but that information isn’t going anywhere.
One of the projects I have in mind is to explore some kind of “offensive privacy”, where the focus would not be on not being trackable, but on your computer spewing random bullshit and behavior into the algorithm to confuse it, and have it learning on behavior that’s not really true, but only generated. This will enable you to kind of fight back and if done by enough users even reduce the effectivness of ML algorithms, since they would be learning bullshit. Unfortunately, the scale required to effectively affect the learning process of ML models would be enormous, so it’s not really feasible, but I think it’s still better than just “staying hidden”.
With the advances in AI, creating a tool like that, that would simulate several random user behaviors on your IP/fingerprint, shouldn’t really be that hard.
And as an added bonus - if it clicks on adverts, it’s costing someone money. Fuck corporations.
You talking about a more extreme version of something like AdNauseam?
Exactly! AdNauseam is my inspiration, unfortunately I dont use it right now because it doesnt work with my setup, due to Mullavad in combination with PiHole being too good at their job, so it cant really click on the adds even if it wanted to.
It would ideally require a solution that uses its own DNS server, so you can keep on using PiHole, and prefferably avoids living in your browser so you can keep it locked down for privacy.
Everything. Basically, if it’s not nailed down, they want to take it.
The short list of most common data taken would be app usage stats, not necessarily just for the app in question (eg, tiktok may pull data on how many hours of screen time other apps get, like YouTube or Instagram or literally anything else), GPS info, data about how often you handle your phone (from accelerometer readings), wifi networks including the bssid (mac address) of your router, which cannot be easily changed or masked, sometimes even data from your mic when you’re not using the phone at all.
They know when you’re sleeping, they know when you’re awake, they know when you’ve been bad or good… Oh wait, that last bit is Santa… Isn’t it?
Anyways, I wouldn’t be surprised if a few are bold enough to upload your pictures regardless of if you are posting the images, your browser history, security, device make/model, storage of your device, the list of files in storage, text messages…
Basically, anything that might help them identify you, what you do, where you work, when you work, how you travel, whether you’re in a relationship, how happy you are in that relationship and how long it has been going on… Anything that might lead them to provide more targeted ads. Been in a relationship for a while and you seem happy? Check out these engagement rings. Already married? Here’s some ads about parent stuff. Even something as simple as, hey, you’re single and it’s February, why not try Tinder or Grindr, or (insert app for your preference here).
They want to know everything there is to know so they can get you to buy more crap you probably don’t need, for more than it’s worth, and keep that economic gravy train rolling.
Also to add to bssid, it is possible (in the majority of cases) to get the exact (and i do mean exact) geolocation of the router whose bssid you have. See geomac by drygdryg on Github.
Fun story: I purchased several wireless access points from an eBay seller, years back, and when I brought them online, our geolocation services on all our phones thought we were several hundred miles away from where we lived for many months. I assume the bssid data was feeding the incongruency.
After a few months, however, whatever database was feeding our devices with bad geolocation data, was updated, and we were once again “located” in the correct spot.
The accuracy of these systems is incredible, it will actually use, not only your own bssid, but also that of complete strangers to try to figure out where you are without turning on GPS. If your personal bssid is weak but your neighbors bssid is stronger, it will adjust your position based on the relative signal strength of each bssid that is detected. In the same way triangulation works with most radio signals.
I’ve seen such systems estimate, with a fair amount of accuracy, client location data on a floorplan where there are a few dozen access points in the space… So it works both ways. In that case I was part of a team at a job where the client had a couple thousand square feet of floor space, and about 12-15 access points to blanket the space in coverage. We could, with some degree of accuracy, follow the location of someone as they moved through the space; knowing where they spent most of their time, and what services in the space were utilized by the guest.
… It was a mid-sized airport.
I find the motion sensing and gps tracking to be the creepiest. Using motion sensing they can know when you put your phone down and pick it up, if it was screen down or face up, and knows when you are walking, running, driving, etc. Combined with GPS it can be used to pretty accurately judge when you wake up, where you go, and how you get there. Lots of apps also don’t “close” when you swipe it away, they continue running in the background, so if you have the setting “only collect data when using the app” it will still collect data until you close it in the background or force stop it.
That’s true, although I believe you still have to give permission to an app to use this (at least on Android). Not to say that people won’t accept things way too fast.
The enhanced permission api was a huge step forward but plenty of apps still just demand permissions up front and lock you out until you grant them
Would they not have had to give access to location services for this to happen though? Google is very good at giving me a “only while using this app” option for this kind of stuff now.
Don’t worry, they gave everyone a stale donut and an apology email as part of their class action lawsuit punishment.
When most people talk about companies ‘stealing’ their data, it’s just companies doing what they explicitly stated in the terms and conditions and these people agreed to.
The whole Google incognito mode drama right now is a great example of this. It literally always said ‘incognito will not prevent employers, websites you visit, or your ISP from collecting data’ when opening a incognito tab. So yeah, obviously Google also knows what you are looking up and they never implied otherwise at all.
they explicitly stated in the terms and conditions and these people agreed to
Unwieldy TOS’ have already been found to not be enough because no reasonable person reads all of it. It also doesn’t answer OPs questions
The whole Google incognito mode drama right now is a great example of this. It literally always said ‘incognito will not prevent employers, websites you visit, or your ISP from collecting data’ when opening a incognito tab. So yeah, obviously Google also knows what you are looking up and they never implied otherwise at all.
That’s not what the lawsuit is about, and even if that was the point, which one of “employers, websites you visit, or your ISP” is Google/the browser?
And yet I somehow knew Google was collecting my personal info because it was obvious. That’s the entire point of the company lol.
When someone searches ‘big donkey dicks’ in the url bar … where exactly did they think the browser was pulling those results from? Could it be a website… called Google?
It did exactly what it was described as doing it, which is basically no cookies and no user history (for the user or other users of their computer to see). The TV commercials about buying presents for loved ones never implied anything more.
And yet I somehow knew Google was collecting my personal info because it was obvious. That’s the entire point of the company lol.
‘People should have known this company would be misleading/lying’ isn’t a defence for what a company does
where exactly did they think the browser was pulling those results from? Could it be a website… called Google?
This is the important bit. Since Google handles both the browser and the search engine, that’s where there’s the potential for confusion (and what the court is deciding on). So basically: did the tracking only kick in when using a Google managed website, or was it happening on the browser level (for everyone regardless of what website they used).
Personally I agree that there are bigger issues to deal with
Suck that corporate teat harder.
-Sent from my iPhone
That serves your case less than you realise. Most people facing this invasion of privacy trust Apple even less.
I also trust Apple less…
You are a truly baffling individual. Good day
I was pointing out that the person calling me a corporate teat sucker was they themself one, as evidenced by their use of an iPhone.
I don’t own an iPhone at all and never have, ya dingus.