Carl T. Holscher fights for the customers.

Tag: Privacy

An Apple A Day

In other words, it’s not merely a policy that Apple will keep your health data — all of it — private on iCloud. If you’re using two-factor authentication for your iCloud account — and you most definitely should be — it’s mathematically secure via end-to-end encryption. Apple not only won’t hand it over in the face of a demand from law enforcement in a state where abortion has been criminalized, they can’t.

You can check which apps have access to what Health data in Settings → Health → Data Access & Devices.

Daring Fireball: Period-Tracking Apps and Data Privacy in Post-Roe America

My wife has been talking about getting an iPhone SE to have an Apple Watch since no Android watch has ever been worth the price tag nor experience.

While Apple is not a panacea of privacy as Gruber points out, now feels like too late the time to double down self-hosted solutions and on-device privacy measures.

Ads in Times Square

Collecting Data

I’m fine with giving Google my data. I’m happy to let Waze read my calendar and peek into my email to let me know how to get places and when I should leave to arrive on time.

I’m happy to let the world of Internet services revolve around me to offer me snippets of information or convenience. Though what I really want is for them to work better.

Don’t show me ads for socks because I bought socks. I just bought socks. How many socks do I need? You should know I bought socks yesterday. How about showing me ads for new shoes. Or another article of clothing. Maybe it’s time for a new belt or a nice hat.

If you’re going to collect and sell my information, would you please so something useful with it?

Here are some ideas to help you out.

  1. I am 6’5″ and 350 lbs. I am a tall, fat man. I wear a size 14 shoe. Tell me what stores actually stock such an endangered creature. I don’t mean tell me where they are “available” because when I walk in and am greeted with two all-white tennis shoes and a single pair of dress shoes, that doesn’t count.

  2. You’re using data of what I bought to offer me… more of the same thing. How about looking at what other people buy when they buy this item. What about a complimentary item? When people buy these socks, they also often buy these shorts. After buying these socks, people look at shoes. Or a water bottle. Something tangentially related to those socks. I don’t need more socks.

  3. You know what problems I’m having by what I write about, email, add to wish lists and look up. Why are you not offering me solutions? You know I’m looking at NAS storage devices, recommend one. You know I am looking for a new hard drive, how about a recommendation?

  4. Things go on sale all the time. I wait for things to go on sale before I buy them. If you know I’ve added something to a wish list, why not tell me when it’s on sale? You’re practically guaranteed to get a sale when you tell me the thing I am interested in is available for less money. Why are you not doing this?

An Apple a Day from Flickrs' US Government Works collection - https://www.flickr.com/photos/marine_corps/6800235568/

Hands off my Apple

Yesterday, Apple posted a letter to its customers. This letter talks about the current San Bernardino terror case and what it means for all of us. The U.S. Government is asking Apple to build a backdoor into the operating system. Currently, there are parts of the devices even Apple is unable to get access to. The government wants to change that so only they can get into them. But that’s not how back doors work.

The backdoor into your phone is like the door on your house. You can walk in the door. You can lock the door. You can add another door to it but it’s still a door anyone can use. This is a hugely important issue. Encryption gives us privacy. In this age where every last private detail is up for sale, I appreciate Apple taking a stand.

For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.

Apple doesn’t need to know the contents of my iPhone.

The FBI is requesting a backdoor be built into the iPhone/iPad operating system. This would allow anyone to bypass all the security features on those devices.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The U.S. Government wants access to iPhones. Now you may not think that sounds so bad. But once a backdoor is opened, you can’t close it.

The U.S. Government will have a backdoor to get access to iPhones and bypass all security features of the device. Does that sound good to you? Law Enforcement should have this access to fight terror and apprehend criminals, right? That’s great! I’m all for catching criminals and fighting terrorists. But what about this?

The Chinese Government will have a backdoor to get access to iPhones and bypass all security features of the device.
ISIS will have a backdoor to get access to iPhones and bypass all security features of the device.
Hackers will have a backdoor to get access to iPhones and bypass all security features of the device.

There is nothing to prevent others from using this same backdoor to get access to your phone. Once the U.S. Government can walk in, so can China, or Iran or ISIS or Anonymous. Anyone with the technical ability can find and access the backdoor and all of your private information is now public.

Once you make a door, that door is open to anyone. Right now, that door is a steel-enforced concrete wall. Don’t smash a hole into it and install a door.

How much privacy is your pay check worth?

I’ve been seeing more and more stories about job seekers getting asked for Facebook passwords

and I thought it might have only been a poor choice by a single company. But judging by this story, it has been commonplace to ask interviewees for their Facebook credentials in job interviews. This is purportedly to check for gang affiliations, illegal activity or anything that could “damage the image of the employer” during the process of vetting the applicant.

I think this is a dirty trick against desperate people in a bad economy.

Vetting Candidates

I understand where the companies are coming from. Interviewing is difficult. The process of whittling down hundreds or thousands of applicants to a manageable number to phone screen is maddening. To further get a list of people to interview in person is even more difficult. Even after multiple interviews, the employer is still hiring an unknown person and hoping for the best. This is also why probationary periods exist for new hires.
There is no guarantee the person will be a good fit, is trustworthy and is worth the time and energy invested to hire them. Vetting candidates is hard, time-consuming work. However, it needs to be done legally and ethically. If you play games to hire people, you won’t always get the best employee but you will get the best game player.

Expectations of Privacy

There is no expectation of privacy on corporate networks. This should not extend into personal lives.

When you’re at work, you are on company time and company equipment. Don’t expect anything you do to be private. This is not to say that anyone in IT is watching your browsing habits or reading your email. They have far better things to do and are way too busy to be randomly poking around mailboxes and file servers.

Some employers employ monitoring software in addition to the nannyware to block access to social networks, video game sites and pornography. These are the things you’ve seen. Though, behind the scenes there can be software tracking the amount of time you’re spending on various sites or places you’re visiting on the web.

There is a huge difference between monitoring the activity of employees while at work and prying into the personal lives of potential employees. I can understand the desire of an employer to see what they’re getting when they hire. But what they’re asking is for akin to asking for a copy of your house key, car key and bank PIN.

Think of all the things sitting in your email account. How many accounts are tied to that email? Where are your password reset emails sent? Where are your bank statements sent? How many passwords to other systems are sitting inside your email at this very moment.

Now give your email password to a stranger. This is the same as providing your Facebook password to a stranger on the street.

It doesn’t stop there

Access to a Facebook account doesn’t stop with the personal messages, pictures, notes and information within Facebook. Having access to your Facebook account also grants this unknown person access to any site you’ve used Facebook to login to.

Login to your Facebook account and go to Account Settings, then Apps, or use this link to see the applications connected to your account. If your account is anything like mine, that’s a pretty long list. By granting access to Facebook, you’ve also potentially granted access to all of these applications as well.

Optional

Employers are calling the request for passwords optional. They are not requiring applicants to turn over their passwords. However, if a Facebook password stands between feeding your family and your privacy, you’re going to feed your family.

There is a long list of things which can’t legally be asked in interviews including what religion do you practice, what social organizations do you belong to, how old are you, are you married, do you have kids, what do your parents do for a living, do you smoke or drink, do you use illegal drugs, how much do you weigh, how far is your commute, and have you ever been arrested?

There are a lot of areas off limits to interviewers and a lot of ways to bend those rules to get the information desired.

Social networks are not covered in the list because they are relatively new inventions. There are two states looking to make it illegal to discriminate against job applications who refuse to turn over passwords to their social media account. Maryland and Illinois have both introduced bills to do so.

Even though it may be legal for an employer to ask for passwords in order to vet the applicant, handing over those credentials is not.

Illegal

In addition to it being a violation of the terms of use for any social media web site to provide credentials to another person.

The Department of Justice regards it as a federal crime to enter a social networking site in violation of the terms of service, but during recent congressional testimony, the agency said such violations would not be prosecuted.

So while it remains a violation of the terms of the web site, and a federal crime, the Department of Justice has agreed to look the other way on employers asking for your personal passwords. This should be all I need to say about the practice.

Economic times are hard for everyone. Companies need good people and people need to put food on their table, keep a roof over their heads and support themselves and their families.

It is wrong for companies to rely on immoral and illegal means to filter out applicants. While this practice is in use for now, it leads down a dangerous road. How far is too far? How much privacy is a pay check worth?

Powered by WordPress & Theme by Anders Norén