Google Allegedly Sucking User Data: Some Factoids from the Taylor Legal Filing

November 16, 2020

I read the legal filing by Taylor et al v. Google. The case is related to Google’s use of personal data for undisclosed reasons without explicit user permission to consume the user’s bandwidth on a mobile network. You can download the 23 page legal document from this link, courtesy of The Register, a UK online information service. Here’s a rundown a few of the factoids  in the document which I found interesting:

  • Google’s suck hundreds of megabytes of data is characterized as a “dirty little secret.” Hundreds of megabytes of data does not seem to me to be “little.”
  • Google allegedly conducts “passive information transfers which are not initiated by any action of the user and are performed without their knowledge.” I think this means taking data surreptitiously.
  • Taking the data uses for fee network connections. I think this means that the user foots the bill for the data sucking.
  • Android has a 54.4 percent of the US smartphone market.
  • The volume of data “transferred” is about nine megabytes per 24 hours when an Android device is stationary and not in active use.

This graphic appears in the filing on page 11:

image

The big bar shows Google’s data sucking compared to Apple’s.

The document states:

Google has concealed its misappropriate of Plaintiffs’ cellular data.

I wonder if Google’s senior executives are aware of what the Android phones are allegedly doing. Google was not aware of a number of employee activities, most recently the leak of ideas for thwarting EU regulators.

Is this another example of entitlement management; that is, acting in a manner of a high school science club confident in its superiority over lesser mortals?

Stephen E Arnold, November 16, 2020

Android: Fragmentation? What Fragmentation

November 9, 2020

Interesting statement in “Older Android Phones Will Be Cut Off From a Large Chunk of the Web in 2021”:

Let’s Encrypt noted that roughly 34% of Android devices are running a version older than 7.1 based on data from Google’s Android development suite.

Android fragmentation? What fragmentation?

Stephen E Arnold, November 9, 2020

Washington Might Crack Down On Mobile Bidstream Data

November 4, 2020

Mobile devices siphon data from users and sell the data to third parties, mostly ad companies, to make a profit. The bidstream is mobile’s dirty secret that everyone knows about and the federal government might finally do something to protect consumers’ privacy says The Drum: “Mobile’s Dirty Little Data Secret Under Washington’s Microscope.”

“Bidstream” is the mobile industry jargon used for data mobile services collect from users then sell. The data is sold to advertisers who bid on ad space in real time exchange for targeted ads. Bidstream data could include demographics, personal hobbies and (even more alarmingly) real time coordinates for consumers’ current location.

The Interactive Advertising Bureau’s (IAB) executive vice president Dave Grimaldi stated that his organization has recently communicated a hundred times more with the federal government about the bidstream than the past two months. There are politicians worried that the bidstream could not only violated privacy, but could lead to deceptive business tactics (and maybe violent actions). There are currently no industry standards or rules from the IAB or the Mobile Marketing Association against bidstreams.

In June 2020, Mobilewalla released demographic information about BLM protestors under the guise of data analysis, while politicians called in surveillance. They want to know if Mobilewalla’s analysis along with the midstream violate the FTC act:

“The FTC won’t say whether it is probing bidstream data gathering, but its chairman did respond to lawmakers. ‘In order to fully address the concerns mentioned in your letter,’ wrote FTC Chairman Joseph Simons in a letter to Wyden obtained by The Drum, ‘we need a new federal privacy law, enforceable by the FTC, that gives us authority to seek civil penalties for first-time violations and jurisdiction over non-profits and common carriers.’… In questions sent separately to Mobilewalla, Senator Elizabeth Warren (D-MA) and other legislators asked the company to provide details of its “disturbing” use of bidstream data.‘Mobilewalla has and will respond to any request received from Congress or the FTC,’ a Mobilewalla spokesperson tells The Drum, declining to provide further detail.”

Those mobile phones are handy dandy gizmos, aren’t they?

Whitney Grace, November 4, 2020

The Purple Yahoo Verizon Mobile Device Innovation

November 2, 2020

I spotted a hard-hitting bit of “real” journalism in “Yahoo’s First Branded Phone Is Here. It’s Purple and Only $50.” One question, “Is the ring tone the Yaaaa-hoooooo yodel? The phone comes from the hard working folks at ZTE. This is a Chinese firm located in Shenzhen with clean, cheerful factories in several locations. The model has been around for a decade. The purple version available from the cheerful Verizon unit managed by Guru Gowrappan. Yep, “guru.” The write up points out that Guru Gowrappan allegedly said:

[You] may have the option to get free access to its Yahoo Finance Premium offering, while a Yahoo Sports fan would get free betting credits or promotions for the company’s sportsbook, assuming they are in a state where sports gambling is legalized.

Yaaaa-hoooooo.

Stephen E Arnold, November 2, 2020

Contact Tracing Apps: A Road Map to Next Generation Methods

October 30, 2020

I read “Why Contact-Tracing Apps Haven’t Lived Up to Expectations.” The article explains that the idea of using a mobile phone and some software to figure out who has been exposed to Covid is not exactly a home run. The reasons range from people not trusting the app or the authorities pushing the app, crappy technology, and an implicit message that some humans don’t bother due to being human: Sloth, gluttony, etc.

The write up appears to overlook the lessons which have been learned from contact tracing applications.

  1. The tracers have to be baked into the devices
  2. The software has to be undetectable
  3. The operation has to be secure
  4. The monitoring has to be 24×7 unless the phone is destroyed or the power source cut off.

These lessons are not lost on some government officials.

What’s this mean? For some mobile phone operations, the insertion of tracers is chugging right along. Other countries may balk, but the trajectory of disease and other social activities indicated that these “beacon” and “transmit” functions are of considerable interest in certain circles.

Stephen E Arnold, October 30, 2020

After Decades of the Online Revolution: The Real Revolution Is Explained

October 9, 2020

Years ago I worked at a fancy, blue chip consulting firm. One of the keys to success in generating the verbiage needed to reassure clients was reading the Economist. The publication, positioned as a newspaper, sure looked like a magazine. I wondered about that marketing angle, and I was usually puzzled by the “insights” about a range of topics. Then an idea struck me: The magazine was a summarizer of data and verbiage for those in the “knowledge” business. I worked through the write ups, tried to recall the mellifluous turns of phrase, and stuff my “Data to Recycle” folder with clips from the publication.

I read “Faith in Government Declines When Mobile Internet Arrives: A New Study Finds That Incumbent Parties Lose Votes after Their Citizens Get Online.” [A paywall or an institutional subscription may be required to read about this obvious “insight.”] Readers of the esteemed publication will be launching Keynote or its equivalent and generating slide decks. These are often slide decks which will remain unfindable by an organization’s enterprise search system or in ineffectual online search systems. That may not be a bad thing.

The “new study” remains deliciously vague: No statistical niceties like who, when, how, etc. Just data and a killer insight:

A central (and disconcerting) implication is that governments that censor offline media could maintain public trust better if they restricted the internet too. But effective digital censorship requires technical expertise that many regimes lack.

The statements raise some interesting questions for experts to explain; for example, “Dictatorships may restore faith in governments.” That’s a topic for a Zoom meeting among one percenters.

Several observations seem to beg for dot pointing:

  1. The “online revolution” began about 50 years ago with a NASA program. What was the impact of those sluggy and buggy online systems like SDC’s? The answer is that information gatekeepers were eviscerated, slowly at first and then hasta la vista.
  2. Gatekeepers provided useful functions. One of these was filtering information and providing some aggregation functions. The recipient of information from the early-days online information systems was some speed up in information access but not enough to eliminate the need for old fashioned research and analysis. Real time is, by definition, not friendly to gatekeepers.
  3. With the development of commercial online infrastructure and commercial providers, the hunger or addiction to ever quicker online systems was evident. The “need for speed” seemed to be hard wired into those who worked in knowledge businesses. At least one online vendor reduces the past to a pattern and then looks at the “now” data to trigger conclusions. So much for time consuming deliberation of verifiable information.

The article cited above has discovered downstream consequences of behaviors (social and economic) which have been part of the online experience for many years.

The secondary consequences of online extend far beyond the mobile devices. TikTok exists for a reason, and that service may be one of the better examples of “knowledge work” today.

One more question: How can institutions, old fashioned knowledge, and prudent decision making survive in today’s datasphere? With Elon Musk’s implants, who will need a mobile phone?

Perhaps the next Economist write up will document that change, hopefully in a more timely manner.

Stephen E Arnold, October 9, 2020

Quite an Emoji for 2020

September 28, 2020

DarkCyber does not use too many emojis. Sure, we put them in our DarkCyber video news program to add visual punctuation. Most days, words are okay or K in the lingo of the thumbtypers. One of the research team called attention to “These New Emojis Perfectly Sum Up This Dumpster Fire of a Year.” The image comes from an outfit called Emojipedia. We think this is the Oxford Dictionary updated for Gen X and Gen Y mobile messaging addicts.

image

Nifty and appropriate. Keep in mind that in about 12 weeks we can look back and reflect on the pandemic, economic erosion, social unrest, and the asteroid which will have collided with earth on or about the first week of November.

Does dumpster fire capture the spirit of this memorable year? The emoji does.

Stephen E Arnold, September 28, 2020

Listening to Mobile Calls: Maybe? Maybe Not

August 18, 2020

An online publication called Hitb.org has published “Hackers Can Eavesdrop on Mobile Calls with $7,000 Worth of Equipment.” Law enforcement and other government entities often pay more for equipment which performs similar functions. Maybe $7,000 is a bargain, assuming the technology works and does not lead to an immediate visit from government authorities.

According to the write up, you can listen to mobile calls using a method called “ReVoLTE”, a play on the LTE or long term evolution cellular technology. The article reports:

Now, researchers have demonstrated a weakness that allows attackers with modest resources to eavesdrop on calls. Their technique, dubbed ReVoLTE, uses a software-defined radio to pull the signal a carrier’s base station transmits to a phone of an attacker’s choosing, as long as the attacker is connected to the same cell tower (typically within a few hundred meters to few kilometers) and knows the phone number. Because of an error in the way many carriers implement VoLTE, the attack converts cryptographically scrambled data into unencrypted sound. The result is a threat to the privacy of a growing segment of cell phone users. The cost: about $7,000.

Ah, ha, a catch. One has to be a researcher, which implies access to low cost, highly motivated students eager to get an A. Also, the “researcher” words makes it clear that one cannot order the needed equipment with one click on Amazon’s ecommerce site.

How realistic is this $7,000 claim? DarkCyber thinks that a person interested in gaining access to mobile calls may want to stay in school. CalTech or Georgia Tech may be institutions to consider. Then after getting an appropriate degree, work for one of the specialized services firms developing software and hardware for law enforcement.

On the other hand, if you can build these devices in your bedroom, why not skip school and contact one of the enforcement agencies in the US or elsewhere. DarkCyber has a suggestion. Unlawful intercept can lead to some interesting learning experiences with government authorities. Too bad similar enforcement does not kick in for misleading headlines for articles which contain fluff. That sounds like I am pointing out flaws in Silicon Valley-style reporting. Okay, okay, I am.

Stephen E Arnold, August 18, 2020

TikTok: Exploiting, Exploited, or Exploiter?

August 12, 2020

I read “TikTok Tracked Users’ Data with a Tactic Google Banned.” [Note: You will have to pay to view this article. Hey, The Murdoch outfit has to have a flow of money to offset its losses from some interesting properties, right?]

The write up reveals that TikTok, the baffler for those over 50, tricked users. Those lucky consumers of 30 second videos allegedly had one of their mobile devices ID numbers sucked into the happy outfit’s data maw. Those ID numbers — unlike the other codes in mobile devices — cannot be changed. (At least, that’s the theory.)

What can one do with a permanent ID number? Let us count some of the things:

  1. Track a user
  2. Track a user
  3. Track a user
  4. Obtain information to pressure a susceptible person into taking an action otherwise not considered by that person?

I think that covers the use cases.

The write up states with non-phone tap seriousness, a business practice of one of the Murdoch progeny:

The identifiers collected by TikTok, called MAC address, are most commonly used for advertising purposes.

Whoa, Nellie. This here is real journalism. A MAC address is shorthand for “media access control.” I think of the MAC address as a number tattooed on a person’s forehead. Sure, it can be removed… mostly. But once a user watches 30-second videos and chases around for “real” information on a network, that unique number can be used to hook together otherwise disparate items of information. The MAC is similar to one of those hash codes which allow fast access to data in a relational structure or maybe an interest graph. One can answer the question, “What are the sites with this MAC address in log files?” The answer can be helpful to some individuals.

There are some issues bubbling beneath the nice surface of the Murdoch article; for example:

  1. Why did Google prohibit access to a MAC address, yet leave a method to access the MAC address available to those in the know? (Those in the know include certain specialized services support US government agencies, ByteDance, and just maybe Google. You know Google. That is the outfit which wants to create a global seismic system using every Android device who owner gives permission to monitor earthquakes. Yep, is that permission really needed? Ho, ho, ho.)
  2. What vendors are providing MAC address correlations across mobile app content and advertising data? The WSJ is chasing some small fish who have visited these secret data chambers, but are there larger, more richly robust outfits in the game? (Yikes, that’s actually going to take more effort than calling a university professor who runs a company about advertising as a side gig. Effort? Yes, not too popular among some “real” Murdoch reporters.)
  3. What are the use cases for interest graphs based on MAC address data? In this week’s DarkCyber video available on Facebook at this link, you can learn about one interesting application: Targeting an individual who is susceptible to outside influence to take an action that individual otherwise would not take. Sounds impossible, no? Sorry, possible, yes.

To summarize, interesting superficial coverage but deeper research was needed to steer the writing into useful territory and away from the WSJ’s tendency to drift closer to News of the World-type information. Bad TikTok, okay. Bad Google? Hmmmm.

Stephen E Arnold, August 12, 2020

More about India App Banning

July 23, 2020

India and China are not likely to hold a fiesta to celebrate the digital revolution in the next month or two. “Government Said to Ask Makers of 59 Banned Chinese Apps to Ensure Strict Compliance” explains that India has some firm ideas about the potential risks of Chinese-centric and Chinese-developed mobile applications. The risks include actions “prejudicial to sovereignty, integrity and security of the country.”

The write up states:

If any app in the banned list is found to be made available by the company through any means for use within India, directly or indirectly, it would be construed as a violation of the government orders…

It is not clear what action the Indian government can take, but obviously the issue is perceived as important; specifically, the accusation relates to the:

stealing and surreptitiously transmitting users’ data in an unauthorized manner to servers which have locations outside India.

Among the nearly 60 banned apps are:

  • Club Factory
  • TikTok
  • UC Browser
  • WeChat
  • Xiaomi

Plus, some less high profile services:

  • Bigo Live
  • CamScanner
  • Helo
  • Likee
  • Shein

There will be workarounds, of course. It is not clear if a citizen persists in using a Xiaomi phone and its baked in apps (some of which route interesting information through data centers in Singapore) what the consequences will be.

Censorship of the Internet is thriving and becoming an active measure in India and other countries. Why? Because Internet, of course.

Stephen E Arnold, July 23, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta