I ran across a disturbing article in The Verge about mental health apps that were oversharing user data. As usual, I’m not surprised, but still really angry. This is wrong and has to stop.
The Wild Wild Web
The problem is that we have no meaningful regulation around data collection and sharing. This allows these companies to sell you out without even telling you they’re doing it. The invisible hand of the market can’t function if consumers can’t objectively compare the relative security and privacy of Product A vs Product B. You can’t make an informed choice if you’re not informed.
Due to political debates in recent years, the term “regulation” has become a dirty word. Regulation means government overreach and meddling in our daily lives. But regulation is what keeps your airplane safe and your pilots sober when you fly. Regulation keeps the food and drugs you buy from poisoning you. Regulation makes you much more likely to survive when your car crashes. (I had a great conversation with Bruce Schneier about this.)
Trust But Verify? How?
The Verge article encourages users to ‘trust but verify’ their apps. I would amend that: never trust and always verify.
The sad thing is, there’s no good way for you to verify. Yes, you can scour the privacy policies. But that’s just not practical. For one thing, they’re too long. According this article, the iTunes terms of service are longer than Hamlet. PayPal’s agreement is longer than MacBeth. Who is ever going to read that?
And that assumes you can understand what the terms are saying. Much of the language is legalese. The true purposes of data collection and sharing are obfuscated by euphemistic language about “improving your experience”.
Worse yet, these apps (as this study shows) may not even tell you what they’re doing. Again… this is why we need regulations with teeth.
So, what are we to do? Here are a few tips.
- First of all, you can check out Terms of Service;Didn’t Read to help you quickly evaluate policies for popular sites and services. This site reads the terms of service for you and distills the key elements into a simple rating system.
- Second, you should clean up your apps. Remove any apps you no longer use or truly need. You can always re-install them if you change your mind later.
- Finally, dial back the permissions on any remaining apps. Don’t overshare. Why would a flashlight app need to know your location? Does that to-do list app really need access to your address book?
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!