I have been thinking a lot about privacy in technology. Then I watched Social Dilemma and made me think we are in a little more of a hole than I originally thought.
I have worked in tech for many years, in the advertising, real estate, medical device, and financial sectors and I am lucky enough to have not had to implement creepy surveillance software into the code. Through logs and some form of analytics I was able to piece together how users interacted with our apps, but never had more motivation than that.
When you being to think about all the physical sensors you are attached to and couple that with the digital switches the picture of you becomes so vibrant that you would be shocked at how well companies know you, more than you even know yourself. In your iPhone you have:
GPS
accelerometer
gyroscope
barometer
compass
fingerprint or face scanner
moisture
proximity
ambient light
always listening microphone for Siri
Near Field Comm (NFC)
Hell the new iPhone announced today has freaking LiDAR to scan your living room. On the Apple Watch there are even more sensors that can track your steps, your voice, your heart rate variability, blood oxygenation, pulse, body temperature, and your sleep patterns.
Digital sensors track your app usage, screen time, what you’re reading, what you like, the ads that work and the connections you make with friends and family. That data is fed into algorithms that generate models of who you are as a generic set of rules. Often this is used to sell you products via ads. But can also be used to predict if you are violent, if you’re susceptible to crackpot conspiracy theories and will spread them, or even if you were near a crime and are suspicious.
We really need to stop this as an industry. I realize data is used to feed applications, but they should not be used as means of currency to buy time with your friends online. The only way this can happen is through regulations.
The EU is already hitting back at these companies by putting users data in the hands of the users with GDPR. But the law is still kind of gray, and leaves open room for interpretation.
I have been following Sir Tim Berners-Lee’s new internet Inrupt Solid for a while and absolutely love the idea of users keeping their data and companies asking for permissions that users manage over time. Facebook wants to use your name and photo for registration, one day you decide you want to revoke privilege to that information, you do it from your own pod, not through the company that probably will never delete your data, anyway.
As startups and companies that give a damn, there needs to be a pledge or a seal of approval that can be used to show that you are not collecting any data that is not needed for the application you are using. Not selling data to third parties and have a written, reviewed data retention policy. You aren’t using third party vendors that collect your users data like google analytics, or Mailchimp.
Blackout is a tool built by The Markup that is the tip of the iceberg. We need more people that care about others privacy and to take action on their sites to stop the madness. We need people to log out of facebook, twitter and the like til they start respecting users privacy.
As designers and engineers, we can start by being up front about why we need certain data from our users. Tell them where we are collecting the data what it will be used for. Build that trust back up. This article on Muzli gives some tips on how to design for privacy - I joked on twitter that we should call it Privacy Driven Development
/rant