Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Good morning everyone. How's it going today? Wanted to talk to you a bit, um wrap up the week. Um It was on and off a little bit this week because of the trip down to Miami for the Trend Micro directions 18 conference um back now um in the home studio coming to you live on a Friday beautiful day outside.
Hope it's wonderful where you are as well. Wanted to kind of wrap up a bunch of stuff um Today um with a common theme, sort of being transparent with what you do with user data and how you collect it. What kind of set me off down this path was I tweeted out two days ago, that office had an update on the Mac and it gave you two choices and it seemed like a third was missing.
It said we can collect really advanced data or basic data about you and share that out. There was no, don't collect anything. And if you tried to stop like the close the window and not provide an answer, the application would shut down. And this happens across all of the office 2016 Mac applications.
And I imagine there is a similar thing happening on the Windows version right now as well. Now tie that to, I'm sure what you've seen is an avalanche of updated terms and conditions and privacy policy in anticipation of GDPR going into effect next week. And this larger question of what do you do with user data?
How do you collect user data? What data are you collecting um is really at the forefront, especially when you Sprinkle on the location sharing from third parties for cell phone providers. So talked about earlier in the week, location smart and the US carriers and some of the Canadian ones turns out there's a Canadian company called Instream Matt Brager from the CBC, had a great article on that and I'll link to that down well on basically doing the same thing was getting around, you know, you've agreed in the user license, licensing agreement to this type of location sharing.
So here's what they're doing behind the scenes and there's a lot of this sort of shadiness going on. And I say shadiness because it's definitely not out in the sunlight. If you've been tuning into some of the other episodes of Mornings with Mark, you know, I'm a huge fan of externally and internally being really transparent around what you're doing and why.
So you don't need to give the specific configurations but understand, you know, if you're setting up a web proxy system inside your organization, telling users, hey, we have an automated tool that's looking for security threats, inbound and outbound on the web traffic. Um But you know, things like banking and financial institutions are not at all scanned via encryption is actually in the end there versus other sites where we're doing a man in the middle and looking at the traffic.
But again, it's an automated system. It's not people, you know, whatever the choice is for your organization, telling your users about it, informing them and getting them on board is the way to go. Um When it comes to things like this Microsoft office pop up, you don't have a choice if you want to use the software, that's part of the agreement.
And I understand the business perspective, you know, there's a lot of value in that data office has been one of the forefront of data harvesting and collection for a decade plus. Somehow we still have those user interfaces based on that information, but still they've been trying to tune and improve the product.
And that is sort of the go to for any s a service for sort of modern security or modern software service that you deliver is trying to get as much user feedback, automatically understand how the product is being used so that you can not only market and sell more of that product, but you can improve that product over time.
The challenge again is transparency being open and honest and upfront and having a massive 48 page legal document for people to sign, that's essentially non optional and non comprehensive really doesn't get to where you want to be with your users. And that's a clear understanding of what data is being harvested and why there are certain scenarios where you're using something out.
And you understand, you know, hey, when I'm tweeting out that's public, you know, even if I've locked it to protect it, it's probably going to be public and you treat it as such because it's a broadcast using on a desktop that's really sort of where this gets under my bonnet. You know, pet peeve has been my key word, I guess all week.
But the amount of uh so I'm using an outbound firewall, I'll give you an example. I'm using outbound firewall on my mac called Little Snitch, a great little tool. Um You know, a lot of smart defaults, smooth little user interface for what it does and it basically uh prompts you every time there's a program that's trying to access it online and tells you where it's going.
The amount of desktop apps that uh apps that are tracking what you're doing on your desktop is ridiculous. And they don't tell you that they're tracking this stuff. They're using Google Analytics, they're driving uh doubleclick, they're using other um uh tools to determine desktop behavior and I'm sure it's with the best of intentions.
But again, without transparency, then the assumption, you know, people get cynical very quickly and you assume sort of the worst. So my big takeaway for today, I know this is somewhat rambling. My big takeaway for today is everybody internal and external needs to put a lot of effort into the clarity into the usability, into the understanding of what this data trade off agreement is.
Again, to my core philosophy, there's no bad methodology, it's really just or there's no bad exchange. If you want to harvest a massive amount of data, that's fine. As long as it's an explicit transaction. If you don't take any data at all, that's also fine, whatever works for your business.
But what has to work for your users is a clear understanding as to what's going, where, when and why that's the key takeaway for today. I hope you are set up for a fantastic Friday as always hit me up online, uh marknca um on this network and every other um If you're seeing this on youtube and such, comment below.
Let me know what you think. What's your approach on this? I hope you have a Great Friday, a great uh weekend. It is a long weekend for me. I will be back most likely on Tuesday with another episode. Thanks for tuning in, take care.
