Archive 7 min read

Ubiquitous Digital Tracking

Had enough of the Facebook / Cambridge Analytica scandal yet? Yeah, me too. Thankfully, it's rolling up to address the bigger issue of digital tracking in general.

Ubiquitous Digital Tracking

Watch this episode on YouTube.

Reasonably Accurate 馃馃 Transcript

Morning. All right. So this is the last episode of Mornings with Mark for the week. Um It's coming up to the long um spring uh weekend for Easter. Um So I won't be broadcasting today or start. Um Obviously broadcasting today.

I won't be broadcasting uh tomorrow on the Friday or on the Monday. Um because it's a nice long weekend, which is great. So hopefully you guys have some good relaxing plans. Take it easy, um Maybe catch up on some stuff or better get, get outside.

Um If you're in an area where there's no snow, we're almost snowless, but we still got quite a bit on the ground. So hopefully that'll melt off. Um So all week in the last two weeks really, uh We've been talking about Facebook, Cambridge, Analytica, the um rising of issues, sort of the, the upbringing of some issues that we in the privacy and security community have known for a long time, but they're finally starting to see some traction in the public view.

Um And this is always a challenge where, you know, you see um potential, you see an issue when it comes to security. It's hard enough let alone when it comes to privacy. So we've seen this where for the longest time it's been logically understood that you give up a notion of um certain the privacy when you're constantly sharing things on social media.

And I think now people are starting to see the consequences and the breadth of the data that's out there and it's not just the stuff you're explicitly giving, it's the stuff that's inferred. So, um I finished up a video yesterday I posted on youtube, it's to go into a blog post, so it's not narrated.

It's just a little background music and it's a visualization of what Facebook was able to determine uh for me for 2017 based only on logging in. So not posting anything but just logging in and you'll see where I traveled around the world based on where I opened up Facebook, um which is kind of um spooky.

Um In that in the map, I've dialed back the specificity a little bit so that it's not quite an invasion of my privacy. Um But uh when I was looking at the results, all 43 data points were basically down to the neighborhood level.

Um And that's a quite um a big improvement over most go IP location most of the time when somebody uses your IP address to find out where you are, um It ends up being really bad and it will say like, oh, you're in the city next to the city you're in or something like that.

Um Facebook correlates a whole bunch of additional data sources to get that really, really accurate, to give them that information. And I don't think that's something a lot of people realize. Um And then there's a bunch of other things that have been popping up.

There's been a few main media articles about Google and the challenges that Google or Google users, which is basically all of us face, especially if you're an Android user, how much just how much Google knows about you based on your activities.

And that's what's really hard for people to understand is the aggregate of all this information. So I'm almost finished that post, you know, the same post I've been talking about all week. One of those weeks just bouncing around from idea to idea.

But I do have, you know, that video was up on youtube. The post is going through and I'm just using the Facebook as an example. But the other thing that I wanted to talk about and I want to show you.

So I'm going to swivel over to the computer here for a second to show you is what your laptops like what your desktops have been doing. I think there's been this sort of stealth move over the last few years where developers not maliciously but are adding more and more tracking features to our software in order to improve their experience or the user experience.

But the consequences can be pretty darn significant. And so I use a program on my Mac called Little Snitch. It's a good program. It's called, it's an outbound firewall. So most computers work a very simple way.

They won't just take random connection requests from the outside. But if your computer calls out, it will receive the data back in. So if the program you're running is calling out to a bunch of sites, your, your odds are, your system is configured to allow that to happen.

Well, little snitch is one of many firewalls that look at that outbound traffic and ask for user permission. So of course, I've tweaked it for a bunch of things to allow certain things to deny certain things.

But I wanted to show you just as an example here. Um how much information my laptop is actually kicking out. So I'm going to swivel for a sec. This is not going to be as elegant as it should and I'm going to share out not Safari, but little snitch.

All right, perfect. So you can see here in the middle, the Blue Square is actually my laptop, right? That's where I live. I live in Canada and these are all the connections it's making out now. A lot of them totally make sense.

There's no real weird odd thing about, you know, the fact that Tweet bot which is connecting to Twitter and it's my Twitter clients is actually calling out. We're a live, which is what I'm using to broadcast to you guys right now.

But when you expand out to look where it's going. So yeah, it's going to youtube because that's where I'm streaming. It's going to eam.com because it's looking for updates. It's also going to facebook.com because I have it configured to stream to Facebook.

So that totally makes sense as well. But it's also going to doubleclick.net, which is an ad network and six more and a bunch of these are based on youtube and Facebook streaming requirements. But double click is actually very, very interesting.

Also, if we go in here and we go to Google Analytics, I can type properly. Yeah, Google analytics.com and you'll see the normal candidates. OK? Google Chrome Safari, there are browsers, you know, same with mail, they're pulling in web content.

We should see that quite a bit. But Spotify is using Google Analytics Tableau desktop, which is a visualization software is using it contacts mate, which is a tool to help duplicate contacts is calling out to Google Analytics.

Um Fluid is another web app. Same with a bunch of these are web proxies for testing one click route is an Android routing service that is again calling out to Google Analytics and there's all of these different services mix panel.com might have some results.

No, so no one's calling on the mixed panel which is nice. Um But when you start to look at these, so if I look at double click again, double click.net is an ad network. So why are any of these outside of the web browsers?

Why are any of these actually calling out to a um ad network? Right? And you'll see that more and more of how much these various applications call out to different services. So office calls out to a ton of different Microsoft services which you kind of expect.

But every once in a while, you find these extra ones that start to go out to these ad networks to um services that are looking at uh different scopes. There we go that are looking at different um tracking services.

And it's like this is a desktop app. It shouldn't necessarily be tracking my behavior or I would say it shouldn't track my behavior without my explicit consent. Yet, there's a ton of these applications that do it.

Software development has shifted into this world where tracking is the default. There's no question of whether it's ethically correct or it's the right call for the user is just done. And I think that needs to shift that needs to change.

I'm hoping that this push and the attention that is going on. Facebook can be bubbled up to a larger question of where we want to go and how much we want our tools, which are fantastic and wonderful how much we want them to be tracking us.

So you look at a tool like my iphone X apple takes a privacy, strong Privacy foundation. It's not that they don't track this data, they don't share it out from the device without very, except in very specific scenarios where android takes the opposite approach.

And that basically everything is shared out. There's a huge amount to this issue. It's really nuanced, it's really complex. But at the end today is one key question, how much do we want our real lives tracked in the digital world and how much ownership and how much visibility do we need as users?

These are questions we need to ask, these are answers we need to demand from these different providers. It's going to be a long road, but hopefully we can get there. That's a big thought um to wrap up the week with.

Um but this is what's batting around up here. So, um I hope you guys have a really great long weekend. Uh I am hoping to get the post, you know, I won't even say it because I've been saying it for the last few videos.

Stay tuned to me on my normal channels. Uh at marknca Happy to have this discussion. Hopefully, you're thinking about this stuff. Hopefully, you know, where you stand on these issues or at least you're starting to investigate and educate yourself.

Always reach out, happy to talk about it. Hope you guys have a great long weekend. We'll talk to you soon.

Read next