Privacy and Data Protection

2016June Privacy

There are no surviving letters from Captain Cook to his wife, she burnt them saying they were “too personal and sacred”. We’re losing the idea that some things might be worth holding as personal and sacred. Part of that is our own doing, we’re sharing more images, texts and posts than ever (today’s count = 2 blog posts, 5 images, 4 links, spread across seven accounts). But a bigger part, a scary part, is from the technologies we use and the changing government rules.

Governments are taking more and more of our data. Last year the UK government expanded its surveillance powers last year with the passing of the Investigatory Powers Bill, which creates a government database to store the web history of every citizen in the country.

But perhaps the most insidious increase in data collection is via our mobile phones. I don’t share personal information on Facebook itself (I lied about my date of birth), but if I leave the application permissions on default then I grant Facebook the right to data from my calendar, camera, contacts, location, microphone, phone, sms, and storage. The location data means that Facebook knows where I live, where I work, and where my favourite cafe is. The contact data means they potentially know my mother’s home phone number.

Your phone knows more than you realise, health data from your fitbit, stored passwords for your banking account, your exact location – either via the location app or via wifi pings. And beyond Facebook we install dozens of apps and grant them permissions, in this edition of the BBC’s “Click” programme they report on an app that collects a frightening amount of data, which happens to have been downloaded 50M downloads.

In general it doesn’t really matter if someone knows where I work,  I publish that information on LinkedIn anyway, and it probably doesn’t matter much that someone finds out where I live. But it might. For vulnerable people – those escaping domestic violence, refugees, protesters – this is information that they definitely want to keep private.  (Here are some practical tips to secure your phone, from encryption to app management. )

In fact the EU Charter on Human Rights asserts that data protection is a human right with the words “Everyone has the right to the protection of personal data concerning him or her” and there is debate on whether this should be a global human right.  If you think we have a right to privacy then it’s a pretty short step to thinking data protection must be an important part of that.

Tomorrow is Data Protection Day, celebrate by adding two factor authentication to your accounts, checking app permissions and adding encryption to your phone.

Image: Occhiata   |  Franco   |   CC BY 2.0



I heard this for the first time recently, despite being online for hours of every day for the last 15 years, and despite witnessing a couple of examples of it.

So what is it? Here’s the definition the Urban Dictionary gives, you’ll note it’s from 2008

Screen Shot 2013-09-03 at 12.54.04 PM
Some examples;

  • in an anonymous forum someone figures out who you are IRL (in real life) and publishes your real name.
  • your social security number ends up on a site based in the former soviet union – and you’re the First Lady, Michelle Obama
  • the head of FBI’s home address was posted online (although an out-of-date address)

It sounds like a problem, and it could be in some cases, but it’s legal. Or at least it’s legal to re-publish public information.

If the information is obtained by hacking or by social engineering then a crime may have be committed, and if the information is used to infiltrate emails, commit fraud or to threaten someone that is a crime.

But publishing public information? Not a problem.

Which means we should all be smart about how much information we share online, but as the number of devices we use grows, and the amount we communicate online grows this gets harder.

Facebook Privacy – a better format

Facebook privacy shortcutsIn a week where Instagram (now owned by facebook) was in the news for changing its terms and conditions, facebook improved its privacy set up by introducing privacy shortcuts.

I haven’t found any change to the options available, or any change to my settings – I’d be writing a very different post if that were the case. This just makes it a whole lot easier to check my settings. With the “view as”  option I can also see how various group members can see my posts in a really easy way – my mother doesn’t need to know some of the nonsense my friends post…. and that picture was photoshopped, honest.

I don’t always like how facebook behaves, but this seems to be a good step.

A Better Experiene?

Yahoo will improve my experience based on my age

My internet birthday.

A number of websites ask you your birthdate as part of their registration process, including – as shown in the above example – Yahoo!

It’s interesting, government departments in many countries cannot ask for any personal information unless it is needed for the services they provide. Why can internet sites get away with this? Your date of birth is a critical piece of identity information, but it’s absolutely not necessary to register for a website.

Yahoo! in this case tries to soften the blow by promising to provide me with a “better experience”. Let me translate what that means; they will guess based on your age which ads should be served to you. So if you’re in your thirties, and perhaps visit a baby clothes site, you’ll get baby ads, if you’re over forty five it’ll be hair-loss and menopause remedies. Get older and it’s incontinence pads. As if you couldn’t search for such products without their help.

In my case I lie, I have a birthdate that I use as my “internet birthday”. Which means I’ll get the incontinence pad ads a little late.

Facebook Timeline – the Inevitable

Apparently from Saturday you’ll have to switch to Facebook’s timeline.

I’ve resisted it. I found it harder to find things on other people’s profile so I didn’t want to change my own but I finally gave in to the inevitable and updated my facebook page to timeline last weekend. I did some research, and the two things I knew I had to change were the cover image and my privacy settings. I also knew I needed to check which apps were connected to my facebook account and ensure that there was no frictionless sharing that I did not want.

1; The Cover Image

This is the large banner style image that is at the top of the page, your profile image is now set into the lower left of it.

The large image with the orange people is the cover image, the small one on the lower left is the profile image. It's good if they work together.

I’m a bit leery of posting photos of myself online, I like my face well enough, but I’ve had a couple of minor stalker-ish issues in the past. So I choose my favourite image from my holiday last summer, of calm seas and boats at anchor. It was taken soon after dawn on a day with no wind in the middle of a sailing holiday. It goes with my profile picture – but that’s luck rather then good management. The overall impression is pleasing, but not particularly creative.

Facebook said that around half of my friends had switched – but not all of those had uploaded a new cover photo, so I suspect for some it hasn’t been a choice.

For a brilliant (and funny) riff on the whole cover photo concept, take a minute to check this out.

2; Privacy Settings

It’s one of my gripes about Facebook – the privacy settings aren’t that easy to find. But because facebook now pushes everything you do onto your timeline it’s important to find them and check your settings.

Look for the little arrow on the top right of the page, click on it and you’ll see a short menu which includes Privacy Settings.

Facebook privacy settingsOnce you have found it and clicked on privacy settings it is easy, easier than it has been, to control who can connect with you, and who can see and post to your timeline.

You will also need to go through your timeline and remove anything that you don’t want to be seen – some things that were buried in the past are now easier for your friends and contacts to browse to. You can remove items individually by clicking on the “edit or remove”button on the upper right of the image. I like the “micro control” this gives visitors to facebook.

It’s easier on timeline for someone to find old posts you made, to limit this to friends only click on “Limit the Audience for Past Posts” on the privacy settings post. They’ve made this step hard to reverse so be sure it’s what you want before saying yes. For me this was a no-brainer, I’ve never wanted to share publically on facebook so limiting who can see the history probably doesn’t change what non-friends can see – but I enabled it just to be sure.

You can also delete your posts from other people’s timeline – this could be important because you do not know their privacy settings, and it’s their settings that will apply to your post. Here’s how.

3; Frictionless Sharing

This is the concept that information from one place, or internet service is shared on facebook. It’s why you’re seeing what your colleague listens to on Spotify or what your brother has read on Washington Post. I don’t particularly want to know, and I definitely don’t want to share. So I haven’t enabled this sort of sharing. In fact I will not click through to articles from Washington Post because I don’t want this sort of cross-platform sharing.

When I set up timeline I checked which apps had access to my facebook account (via the privacy settings), it’s only two and neither of them post to facebook automatically. Which is good news for me – I won’t be spamming my friends.

So it’s done. I’m on timeline. It took me about fifteen minutes.

Others have become more concerned about the facebook security, in some cases to the point where they purge their profile regularly or delete it all together. My personal approach is that I don’t put anything there that isn’t more or less public, and I only connect to family and friends. I lock down the security fairly strongly (only friends can see my profile), and I check the site daily (OK not just for security reasons). I still think it’s a great tool – but everyone has to take responsibility for protecting their own data and being smart about what they share online. It’s public people.


Unfortunately it’s not these cookies…

Have you ever heard of the “EU’s Privacy and Electronic Communications Directive”? Well it’s come into effect as law in the UK as of 25 May this year, with businesses having a year to comply.

Here in the Netherlands no law amendment has been made, but it will be discussed in the Tweede Kamer (House of Representatives), so I’m watching to see what the outcome will be. I don’t know the progress in other EU countries. (You can read more about the Dutch situation, in Dutch).

What seems to be required is an “opt-in” before a cookie placed on the visitors computer. Since most commercial websites add cookies for a range of purposes this will have a huge impact, and could significantly impact a visitor’s browsing experience. Imagine if every click on a site raised a pop-op informing you that a cookie was being placed and asking for you to agree or cancel. Most visitors would be quickly annoyed.

But there are other ways this could be implemented, I was visiting All Thing D for the first time. I was presented with this banner.

The promise to only present this note the first time you visit this site is met by setting a cookie, but it’s tracking cookies they are more concerned about. The “read more” link takes you to a page explaining their point of view on tracking cookies, and giving visitors information on how to remove cookies, or opt-out.

It’s a method that is more helpful to the visitor, and more visitor-friendly, but I’m not sure whether it will meet the requirements of the EU directive.

Cookies often store information about your last visit so that you do not have to re-enter information to a site, so they can be helpful – including password information on registration sites. Cookies can also be used as part of measuring traffic on the site. But they can also track all the sites you visit and send that information back to the site that set the cookie, or be used to track your viewing behaviour in order to customise the ads offered to you. The EU directive is connected to concerns at these uses of cookies.

I would definitely like to see more information available for visitors on what cookies are being set and how they are used. But endless popups are incredibly irritating for the user, so I’m hoping the ‘provide information’ option and one accept will work. Then of course there’s the question of whether visitors outside EU should have their visiting interrupted if it’s not legally required.

Expect updates.

image [cookies] /RHiNO NEAL/ CC BY-NC-ND 2.0