1984 – Getting Closer?

While going through the toil and turmoil of trying to understand and get the Android phone working the way I wanted, and address all manner of security and privacy issues, I happened upon an event that made me wonder about technology and how George Orwell’s 1984 novel about a future society may already be here. While looking for an app on my PC, using Google, that would allow my Android phone to be answered more easily than in the standard way, I came across one that might have been the answer. So I then went into the Google Play Store on my phone to search for this app, but when I opened the store, that app came up without asking. That took me aback somewhat, as my PC and phone are not synced, nor had I logged into my Google account on either. That was one of those WTF? moments. It seems that I’m not the only one to experience these moments.

Big Brother is listening, watching and waiting - (source: The Next Web)

Big Brother is listening, watching and waiting – (source: The Next Web)

This incident led me to think about all the technology that we use and which is connected to all and sundry sources that record each and every keystroke, activity, location etc 24/7. Now it’s nothing unusual for a mobile phone to be sending all manner of information to all manner of locations, that was evident when I started to learn about Android and how every single app installed in the phone allows access to just about everything on the phone by default. Some apps need access such as a navigation app needing access to the phones GPS, but there’s no genuine reason why a banking app needs access to the GPS (and keeps reminding you that it can’t access the GPS – Westpac). The same applies to many other apps that seem to want access to every feature contained within the phone. How much of this is accessed if not curtailed? I really have no idea and how you would know what is being sent. I can see what apps have accessed mobile data but what does it mean, especially when I haven’t used, for example, YouTube on my mobile phone? Some of the data usage is minuscule, but why any at all?

Big Brother is listening, watching and waiting.

Big Brother is listening, watching and waiting.

Big Brother is listening, watching and waiting.

Big Brother is listening, watching and waiting.

So this story isn’t about conspiracy theories, but about what really is going on in our world in this ever connected life and where we may be headed. If you’re not thinking about this, you should. Mobile phone and internet technology has enabled anyone and everyone to connect in one way or another, Facebook being the dominant connection system the world over (I’m not on Facebook but it apparently still keeps shadow profiles through various means). And being connected to Facebook, every person is sending all manner of information to Facebook and ultimately to advertisers to whom Facebook sells personal profiling information. That’s just one aspect, but there are many other technology developments that people are embracing with open arms and perhaps not considering the implications. The Internet of Things (IoT) is becoming perhaps the most pervasive technology today and willingly being introduced into tech savvy households with the promise of huge benefits. But as is always the case, with open ended promises come risks, ‘Amazon Echo Recorded And Sent Couple’s Conversation — All Without Their Knowledge‘:

As secret recordings go, the Portland couple’s conversation was pretty mundane: They were talking about hardwood floors.

But their Amazon Echo was listening and recording their discussion. The device then sent the recording to someone in their contacts — without the couple’s knowledge.

The wife, identified only as Danielle, told Seattle TV station KIRO 7 that they learned something was amiss when they received a phone call from the husband’s employee who lived in Seattle, telling them what he had inadvertently received. He told them to unplug their Alexa devices right away.

Danielle says she and her husband went around the house unplugging their devices — which they had in each room, controlling their home’s temperature, lights and security.

The employee sent the couple the sound file that the Echo had sent to him, and they were shocked to realize they had essentially been bugged.

The Amazon Echo is just one of many where such devices inadvertently or not, can and do allow others to eavesdrop, and worse, into one’s home and lives. Specific devices like the Echo and similar devices by Apple and Google, as well as smart TVs, are all able to record conversations and send data without your knowledge. Some smart TVs can even see you. The more of this technology that’s installed in one’s home, or anything that’s connected to the internet or your smart phone is open to misuse by the manufacturers or hacking by unscrupulous individuals. If you have security cameras, for example, to watch your home while you’re away, it’s highly possible that criminals are watching your home as well and will know when you’re not at home, ‘Home CCTV systems hacked and streamed online‘:

It has been revealed that hackers are now spying on people through webcams, home CCTV and baby monitors, and streaming the footage online.

As many people fail to change the default passwords on the devices when they’re bought, this leaves them vulnerable to attack and open to privacy breaches.

An investigation by the The Mail on Sunday newspaper showed security camera footage from inside homes, offices and shops across the UK being intercepted and broadcast live on the internet.

According to The Mail on Sunday, during a two-hour period last week investigators watched an internet website – available to anyone in the world – and saw footage from British locations, including:

  • Babies in cots
  • A schoolboy playing on his computer at home in North London
  • Another boy asleep in bed
  • The inside of a Surrey vicar’s church changing room
  • An elderly woman relaxing in an armchair
  • Two men in a kitchen sharing a meal

Now the issue here is that default passwords aren’t being changed and many people have no idea that these sorts of things need to be done. However, as technology advances and hackers become more sophisticated, there’s no guarantee that changing a password will be sufficient in future. When you consider how many IoT devices may be installed in a home such as personal assistants, security cameras, mobile app controlled lights, internet fridge, washing machine etc, how many people will studiously ensure that each device has an appropriate password? And as many devices increasingly interconnect with each other and then with devices like Amazon Echo that records and sends information ‘to the other home’, a single breach may affect every device in your home.

When it comes to internet privacy, be very afraid, analyst suggests

And just when you thought things couldn’t possibly get worse, you may want to ‘Quit Facebook Before It Inevitably Accesses Your Banking Data‘. It may only be only a matter of time before Facebook starts doing the same elsewhere and others start following the example:

If no other Facebook-related privacy issue hasn’t made you leave the social platform in disgust, perhaps the notion of Facebook become bosom buddies with your financial institution will. Probably not. You’ve made it quite clear you have no intention of quitting Facebook. What’s a bit more data surrendered at this point? Facebook already knows everything else about you, it may as well be privy to the intimacies of your financial transaction data as well right?

According to a report in the Wall Street Journal, Facebook has spent the last year asking banks like JPMorgan Chase, Wells Fargo, Citigroup and U.S. Bancorp for partnerships that would result in Messenger enhancements that unlike 360 degree video would be 360 degrees of your checkbook instead. But hey, maybe you could get fraud alerts in Messenger instead of your banking app. That seems better right?

So far banks aren’t biting, but it should be noted that both Google and Amazon have spoken with banks about possible partnerships, most likely for Google Home and Amazon Alexa devices.

And while putting together this story, there arose a situation that should be worrying for all. Facebook, YouTube Apple and several others have banned Infowars, a rather controversial site that I had a look at some time back and which does nothing for me other than turn me off, but it’s the implication of these bans that should concern everyone. This seems to be the beginning where the tech giants, which are platforms for public information and opinion, are starting to control what information and opinion is available to the public, urged apparently by government officials (in this instance US Senators). Once this begins and nothing is done about it, where will it stop? George Orwell wrote about Big Brother in ‘1984’, but I’ll bet he never envisioned that it could well be Big Corporations that would be the ones that did the controlling. In any case, 1984 does sound eerily familiar, and consider what makes one a thought criminal today:

In the year 1984, civilization has been damaged by war, civil conflict, and revolution. Airstrip One (formerly Britain) is a province of Oceania, one of the three totalitarian super-states that rule the world. It is ruled by the “Party” under the ideology of “Ingsoc” and the mysterious leader Big Brother, who has an intense cult of personality. The Party stamps out anyone who does not fully conform to their regime using the Thought Police and constant surveillance through devices such as Telescreens (two-way televisions).

Winston Smith is a member of the middle class Outer Party. He works at the Ministry of Truth, where he rewrites historical records to conform to the state’s ever-changing version of history. Those who fall out of favour with the Party become “unpersons”, disappearing with all evidence of their existence removed. Winston revises past editions of The Times, while the original documents are destroyed by fire in a “memory hole”. He secretly opposes the Party’s rule and dreams of rebellion. He realizes that he is already a “thought criminal” and likely to be caught one day.

So while technology can be a great thing and I’m one of those people that’s always interested in new technology and trying out new things, I’m also quite hesitant about installing all this new technology in my home. One of the problems with ‘smart technology’ is that it can all too easily fail or start working in ways you don’t want it to and, more recently, be able to be accessed all too easily by others. The two-way televisions of 1984 are effectively here already and more so in the way of Echo, Siri etc and you really don’t know when they are listening and what they are sending back to the ‘Ministries of Truth’. Conspiracy theories? Maybe.

Update 1. And they promise not to track you. ‘Google clarifies how it tracks a user’s location even if they turn the setting off‘:

After coming under fire from critics, Google has clarified how it tracks users even if they’ve disabled a “Location History” setting.

After an investigation from the Associated Press revealed many Google services store your location data even if you’ve used a privacy setting that says they won’t, Google updated the page to clarify that “some data may be saved”. But it has not changed the location-tracking practice.

Wait. Google tracked me even if I told it not to?
Yes.

Update 2. If they can’t access their banking details, they’ll start by accessing your credit card purchases, ‘Google and MasterCard strike secret deal to track customers’ in-store purchases‘:

Google and Mastercard have reportedly struck a secret deal to monitor users’ in-store purchases, to collect data on what Google ads have resulted in purchases.

After years of negotiations, Google paid Mastercard millions of dollars for its customer data, Bloomberg reported Thursday, citing two anonymous sources. The two could be sharing ad revenue, Bloomberg added but also reported a Google spokeswoman denied that claim.

A patent Facebook filed uses cameras at checkout counters to record and track shoppers’ faces, matching them to their social media accounts and sending them a message to confirm purchases.

Update 3. The My Health Record debacle is another example of Big Brother potentially keeping an eye on you and it’s an expanding industry, ”Big data’ says you’re a cancer risk. Do you want your insurer to know? Do you want to know?’:

Waiting for your name to be called. The squeeze on your arm from a blood pressure test. Visiting a doctor feels nothing like logging into Facebook, but for how long?

Your health is becoming another data point to be collected and analysed on a massive scale, as clinical records are digitised, apps track our heart rate, and new tools promise they can tell someone’s mental state from a tweet.

Update 4. Things aren’t getting any better on the technology front, ‘Researchers show Alexa “skill squatting” could hijack voice commands‘:

The success of Internet of Things devices such as Amazon’s Echo and Google Home have created an opportunity for developers to build voice-activated applications that connect ever deeper—into customers’ homes and personal lives. And—according to research by a team from the University of Illinois at Urbana-Champaign (UIUC)—the potential to exploit some of the idiosyncrasies of voice-recognition machine-learning systems for malicious purposes has grown as well.

There have been a number of recent demonstrations of attacks that leverage voice interfaces. In March, researchers showed that, even when Windows 10 is locked, the Cortana “assistant” responds to voice commands—including opening websites. And voice-recognition-enabled IoT devices have been demonstrated to be vulnerable to commands from radio or television ads, YouTube videos, and small children.

But skill-squatting attacks could pose a more immediate risk—it appears, the researchers found, that developers are already giving their applications names that are similar to those of popular applications. Some of these—such as “Fish Facts” (a skill that returns random facts about fish, the aquatic vertebrates) and “Phish Facts” (a skill that returns facts about the Vermont-based jam band)—are accidental, but others such as “Cat Fax” (which mimics “Cat Facts”) are obviously intentional.

Update 5. More bad news on the Android front, but hardly unexpected, ‘Report: ‘Hundreds’ of Android Apps Failed to Disclose Third-Party Tracking‘:

“Hundreds” of apps for Google’s Android platform failed to disclose third-party analytics and advertising services within them, which collected personal user information, according to a report.

“An analysis by University of Toronto researchers found hundreds of Android apps that disclosed the collection of personal information for the app developer’s own purposes — but, at the same time, didn’t disclose the presence of third-party advertising or analytics services that were collecting the personal information, too,” reported the CBC on Thursday. “If you give a weather app access to your location for a more accurate forecast, for example, a third-party advertising service embedded in the app could access it, too.”

Professor Lisa Austin, who was one of the co-authors of the study, called the results “eye-opening,” and declared, “This is one of the ways in which you’re getting tracked through your use of apps.”

“You can’t have informed consent if you don’t know that your information is being collected by these third parties,” she continued.

Update 6. Seemingly small incidents can easily be a test bed for things much more insidious:

Google has apologised after Android phone users noticed that the battery saver setting was remotely activated last week without their consent.

The battery saver affects how often apps update and work in the background.

The firm took to discussion website Reddit to explain that it was conducting an internal test that was “mistakenly” rolled out more widely.

The affected devices appeared to be running the Android Pie operating system.

Battery Saver can also delay notifications and stop location services when the device is not in use, in order to preserve power.

Update 7. What are your children doing? ‘New Mexico Sues Google, Twitter for Collecting Data on Children’:

The state of New Mexico is suing Google, Twitter, Tiny Lab, and other app developers for illegally gathering data on users under the age of 13 without parental consent.

New Mexico Attorney General Hector Balderas stated tech companies including Google, Twitter, and other app developers are violating the 1998 Children’s Online Privacy Protection Act (COPPA), by gathering and selling data on child users.

“These apps can track where children live, play, and go to school with incredible precision,” said Balderas in a press release. “These multi-million-dollar tech companies partnering with app developers are taking advantage of New Mexican children, and the unacceptable risk of data breach and access from third parties who seek to exploit and harm our children will not be tolerated in New Mexico.”

“As technology advances, more and more children are gaining access to the Internet and the Internet of things,” Balderas notes. “These games, downloaded from the Internet and connected to the Internet during and sometimes even after play, pose a unique risk to children.”

Update 8. Here’s an example of another issue relating to this data collecting of individuals’ personal information, ‘Report: Google Hid User Data Breach from Public out of Fear Congress Would Take Action‘. I have an account with Google because of Google Analytics and YouTube, but I would never provide the sort of information that people seem to freely offer to social media. Why on earth do people give up such information? It’s just asking for trouble:

Google failed to inform its users about the exposure of their private data for fear of the news inviting regulation and comparisons to Facebook’s Cambridge Analytica scandal, according to the Wall Street Journal.

The incident, which exposed users’ names, email addresses, birthdays, genders, general locations, occupations, relationship statuses, and photos, was reportedly caused by a “software glitch” in Google+ which “gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue.”