Privacy Vs. Convenience
In the product design world at the moment all it seems anyone cares about is wearable tech. Wristbands, watches, HUDs, smart jewellery; for fitness tracking, health monitoring, stress sensing, GPS guidance, message notification, air quality monitoring; aimed at adults, children, pets…! The list goes on.
I’m pretty bored of it to be honest.
As a product designer my role is too often limited to the aesthetic and physical elements of the device (not by choice) and there is only so many ways you can style a wrist-bound object. Nevertheless it has prompted me to look closer at the User Experience of this family of products. Actually — products is the wrong word. Really these are digital services. The only reason there is a physical device at all is that as yet we haven’t developed the technology to implant the same set of sensors directly under the skin.
I could talk for ages about how in my opinion these devices could be a great deal better, but thats not for today.
Today I want to talk about privacy vs. convenience.
In my research into wearables, particularly health trackers, I was intrigued as to the levels of data these devices firstly require you to tell them about yourself, and then proceed to track every day, no minute, that you wear them. So I took a look at Jawbone UP’s Privacy Statement:
Information We Collect.
…we ask you to provide your first and last name, email address, postal addresses, account name, password, photo, gender, height, weight, and date of birth. You can also choose to upload your address book and Facebook contacts to our servers, or through email address lookup, so we can help you find friends using UP….Other information you may input includes what you eat and drink, your mood…
Information you automatically provide:
When you use or sync your Device, it automatically transmits activity and physical information to us including, but not limited to, detailed physical information based on monitoring your micro movements, including when you are asleep, when you are awake, when you are idle, and your activity intensity and duration, heart rate and other biometric data….Your Device and UP App may also transmit precise location data.
I’m really no sure why this shocked me. I give out my personal information all the time. Yet when you see it in such a long list, you realise just how much companies such as these know about you.
And yet for the majority of people this doesn’t cause concern.
Everything about data collection is tailored to make it a lot more difficult not to provide the information they are requesting than to just fill in the damn form and hit ‘submit’. And people are lazy. “If this is what Jawbone need to accurately monitor my health and help me get fit, then sure have it all. What’s the worst that could happen…?”
But what could be the consequences of a San Francisco based company sitting on years worth of health data from hundreds of thousands (if not millions) of users across the world? And what about the more obvious players like Google and Facebook?
We know where you are. We know where you’ve been. We can more or less know what you’re thinking about. — Eric Schmidt, Google CEO, 2010.
In 2012, Google was fined $22.5 million dollars by the Federal Trade Commission for misrepresenting its tracking policy to users of Apple’s Safari browser — the largest penalty for violating an order in FTC history. This lead Microsoft – expecting people to flee from Google once they realised how much of their data the company was collecting – to create ad campaign Scroogled. Nobody listened, nobody cared. In 2014, Canada’s privacy watchdog found Google had broken privacy laws through targeted online advertising after a man complained that he was seeing adverts on websites for sleep apnea devices after previously Googling the condition. Turn’s out their policy of never using users health, race, religion or sexuality to target ads is not all that accurate.
But what could the consequences really be?
Nowadays, the first place we turn to when we are feeling sick or concerned about our health is the internet. Health concerns are an intimate matter and yet the majority of the websites commonly visited (confidentially, we believe) are passing on sensitive data to third party corporations. In 2014, Tim Libert, a researcher at Pennsylvania University, custom-built software to analyse the top 50 search results for nearly 2,000 common diseases (over 80,000 pages total). The results were shocking: a full 91 percent of the pages made third-party requests to outside companies.
When you type say “herpes” into a search engine and click on the top link, you are making a ‘first party request’. The site accesses it’s servers and returns to you the HTML file of the page you were looking for (in this case probably something you don’t want the whole world knowing you’re looking at). If the site has Google Analytics installed and has embedded sharing capabilities to Facebook or Twitter, it then sends a ‘third party request’ to each of these companies making it absolutely clear to them what it was you were searching for. Data brokers such as Experian and Acxiom are also top of the third-party list. This alone doesn’t seem that bad, but when you take into account that most of these companies are collecting other kinds of data about your browsing (through cookies), it becomes fairly easy to link an identity to your search.
We know that Google and Facebook suck up data from all the web, but think for a minute about a company like Experian. Libert “found Experian on thousands of sites… here is a company that knows the intimate details of my student loans, and they may also know about my health concerns? …That blew me away”.
In 2013, Experian was fined for selling consumer data to identity thieves in Vietnam. Plus, the data, stored by unknown entities with unknown levels of security, may be at risk for hackers. And that’s not all. Add this data to credit scores and (especially in the US where over 60 percent of bankruptcies are medical-related) it is entirely possible the company could know not only which individuals went bankrupt for medical reasons, but when they first went online to learn about their illness as well. And what about when the medical data is eventually factored into your credit score? Imagine if you were a bank and someone came to you to ask for a loan and you could pay a data broker for this type of information… And what about applying for jobs?
So why aren’t people more careful?
People are, by their very nature, lazy when it comes to things in which they are not interested. They want the convenience and seem to be willing to pay the price that is privacy.
It’s much quicker if I enable Auto-fil in Google Chrome. It’s simpler if I let Twitter keep me signed in. It saves having to set up an account if I can just use Facebook to sign-up to this online shop.
You don’t think twice about it because data is intangible.
People can log on to their computer, check their email, and then walk away and forget about it because it is not physical. Because of this, people place much less weight on their online data and are willing to sacrifice it for the sake of keeping things simple. You wouldn’t leave the key in the door of your house as you pop out to the shops, or display all of your valuables on your windowsill for all passers by to see, but we are doing exactly that with our personal information online.
We don’t read the small print because it’s long and, well, small! So we click agree and Google sells our information to the highest bidder. We hear stories of data hackers and think to ourselves ‘well why on earth would someone care about my information? It’s only me.’ But it’s only through the acceptance that there doesn’t seem to be any other option, that these big data hoarding giants are able to get away with such disregard for users privacy. We have to start changing what we believe to be OK.
What can we do?
The ‘social platform or search engine that doesn’t track your activity’ dream is never going to be a reality because such a platform has to be free to gain the number of users that actually makes them valuable. And to be free, they rely on advertising. And big companies will only pay big money to business that can ensure specific adverts are reaching the correct sub-group of people. And to do this; the business must have a database of user age, gender, race, interests… you get the idea.
So what can we do.
I was recently introduced to duckduckgo.com, the search engine that “doesn’t track you”. After finding out that many of it’s features have been developed via the duckduckhack opensource platform I was very interested to find out more. I desperately wanted to be won over instantly, but I’m too used to Google and it’s not Google [although you can change the appearance to look pretty much identical to Google]. Nevertheless, after reading their very persuasive search privacy guides: donttrack.us & dontbubble.us along with their reason as to why you should even care about online privacy, I’ve set it as my default search engine in the hope that by the end of the month I won’t be searching duckduckgo for google.com. The fact that a team of 20 in Philadelphia are even able to develop a search engine with the potential to compete against Google is in itself impressive. That they promise to do so without tracking their users demonstrates that their are better and safer options out there.
…when you search for something private, you are sharing that private search not only with your search engine, but also with all the sites that you clicked on. In addition, when you visit any site, your computer automatically sends information about it to that site (including your User agent and IP address). This information can often be used to identify you directly — Why You Should Care: duckduckgo.com
Duckduckgo is just one of a growing list of companies out there aiming to help you not only prevent third-parties accessing your data, but also enabling you to see exactly who is tracking you. Ghostery Inc. turns the web transparent, enabling you to see the full line up of cookies, tags, web bugs, pixels and beacons interested in your activity and ad blocker such as AdBlock or Privacy Badger aim to prevent third-party requests from the websites you use.
So all is not lost. There are simple easy ways to begin understanding and protecting your online privacy. Question is are you willing to give up some of that convinience? I hope I have persuaded you to take a moment to think about it.
How much privacy you are willing to sacrifice?
How much you have sacrificed already?