Your privacy is at risk, and major companies are starting to take notice of users beginning to get paranoid. As i discussed in part one of this three part series, we are in a rather dark place and our privacy and security are at more risk than ever. Facebook F8 and Google I/O have both come and gone, leaving us with more promises of a better and more private future on their platforms. I'd like to examine these new features and how they may help or hurt us going forward. Will the end result actually leave us more private and safe?
Let's get the easy one out of the way. Facebook did very little in terms of actual announcements outside of generalizations and promise of a brighter future. Hey, at least we got a redesign... again. Mark Zuckerberg pledged (again) to make facebook a safer and more private platform. This time we know a bit more about how he wants to achieve that. First off a single messaging app for facebook, instagram and WhatsApp, which will be end to end encrypted, thus making facebook totally unaware of what is being sent between users. This is about the only useful thing announced, since, if done properly, it will actually allow users of this new app to discuss things without any data harvesting. Part of the redesign also places two recent features at the front; groups and secret crush. What does this do for user privacy? Nothing, and if anything, it is much worse. Instead of guessing that you love shoes, they know exactly because you joined a shoe appreciation group. Like tech? Joining that tech group will let facebook direct more tech ads at you. Secret crush? Go ahead and say goodbye to your most private desires with this one. Not only will facebook know who you desire, they now know your type and what interests draw your eye. Married and have a secret crush? Facebook can assume you might be struggling in your marriage and show you ads for anything from escort services, marital aids, or even counseling or lawyers. These two features allow facebook to shrink their guesswork even further to the point of knowing you better than you know yourself. So, as it always seems to be with facebook and privacy, one step forward, then two steps back.
First and foremost, and their most important announcement, Federated learning. It's something that has existed for a while, but it is very difficult to implement at scale. Unlike Apple's differential privacy, which takes data and adds a bunch of noise to it to prevent it from being traced to source, federated learning uses a machine learning model on device to study you and your on device data, it then alters the model to better serve you. Then it summarizes the changes to the model and shares it to an aggregate server. All of the summaries gathered are then analyzed for a trend and the findings are sent to update the global model. That way the model can improve, while user data remains on device. Federated learning is being tested in Gboard and will be rolled out to other services in the future.
Google pledged to work on more tools that are visible to the user. Incognito mode in chrome does not save data to the device, maps incognito mode does not send user history to their profile, and Google search incognito prevents search history from being updated. Notice the language though? We don't have clear information on what is happening to the data except that it isn't being associated with the account. There could very easily be tracking occuring in these modes, just that the tracking isn't tied directly to you. This is unsettling to me and Google needs to clarify exactly how user data is handled in every circumstance.
These announcments come a week after it was revealed Google is implementing a feature to auto delete your user history. Further investigation reveals that the data deleted is held for a 3 month period to ensure deletion was wanted, then permanently deleted. This is nice, but the data has been taken, categorized, and added to algorithms well before deletion. This feature is mostly a placebo to placate users. Again, its almost like they care, but their baby steps are not even in the right direction.
Google tracking tools are opt out sadly. New users are set up to fully be tracked by google. This is one more thing they need to change going forward. There is very little that casual users can hope for right now in terms of privacy, since most users won't even know about these settings or what they mean. In contrast Apple puts privacy settings in front of users right at set up, then at any chance during normal use. All of their data collection and diagnostics are opt in. There are tracking indicator reset tools readily available as well. In these aspects, google has a long way to go.
These promises of a private future are actually pretty bittersweet. It seems Facebook and Google have pivoted to try and redefine user privacy. We privacy advocates define privacy as our right to have data and keep it for ourselves, and use tools to make that data useful while remaining ours. The tech giants new definition is simple, they want users to believe privacy is having less data, rather than none at all. That being said, there is a bright side. You can take control of your data and privacy today, and that is what my next post will be about; Privacy 2019 Part Three: How You Can Stay Safe.