T-Mobile: Privacy Is a Tough Business
March 12, 2021
Just a bit of mobile phone experience this morning. T Mobile (the magenta or pink outfit) notified me I could opt out of its forthcoming “sell your data” initiative. I dutifully clicked on the link to something which appeared in an SMS as t-mo.com/privacy12. Surprise. The page rendered with a notice that it was a new domain. I fiddled around and was able to locate the page via the search box on T-mobile.com. I filled in the data, including a very long Google ad tracker number. I clicked the submit button and nothing happened. I spotted an email address which was “privacy@tmobile.com.” Guess what? The email bounced. I called 611, the number for customer service. I was told that T Mobile would call me back in 30 minutes. Guess what? No call within the time window.
Privacy is a tough business, and it is one which amuses the marketers and thumbtypers who work with developers to create dark patterns for paying customers. Nice work.
Nifty move. Well, the company is magenta or pink. It is dark, however. Very dark and quite sad.
Stephen E Arnold, March 11, 2021, 435 pm US Eastern
Google Allegedly Sucking User Data: Some Factoids from the Taylor Legal Filing
November 16, 2020
I read the legal filing by Taylor et al v. Google. The case is related to Google’s use of personal data for undisclosed reasons without explicit user permission to consume the user’s bandwidth on a mobile network. You can download the 23 page legal document from this link, courtesy of The Register, a UK online information service. Here’s a rundown a few of the factoids in the document which I found interesting:
- Google’s suck hundreds of megabytes of data is characterized as a “dirty little secret.” Hundreds of megabytes of data does not seem to me to be “little.”
- Google allegedly conducts “passive information transfers which are not initiated by any action of the user and are performed without their knowledge.” I think this means taking data surreptitiously.
- Taking the data uses for fee network connections. I think this means that the user foots the bill for the data sucking.
- Android has a 54.4 percent of the US smartphone market.
- The volume of data “transferred” is about nine megabytes per 24 hours when an Android device is stationary and not in active use.
This graphic appears in the filing on page 11:
The big bar shows Google’s data sucking compared to Apple’s.
The document states:
Google has concealed its misappropriate of Plaintiffs’ cellular data.
I wonder if Google’s senior executives are aware of what the Android phones are allegedly doing. Google was not aware of a number of employee activities, most recently the leak of ideas for thwarting EU regulators.
Is this another example of entitlement management; that is, acting in a manner of a high school science club confident in its superiority over lesser mortals?
Stephen E Arnold, November 16, 2020
Android: Fragmentation? What Fragmentation
November 9, 2020
Interesting statement in “Older Android Phones Will Be Cut Off From a Large Chunk of the Web in 2021”:
Let’s Encrypt noted that roughly 34% of Android devices are running a version older than 7.1 based on data from Google’s Android development suite.
Android fragmentation? What fragmentation?
Stephen E Arnold, November 9, 2020
Washington Might Crack Down On Mobile Bidstream Data
November 4, 2020
Mobile devices siphon data from users and sell the data to third parties, mostly ad companies, to make a profit. The bidstream is mobile’s dirty secret that everyone knows about and the federal government might finally do something to protect consumers’ privacy says The Drum: “Mobile’s Dirty Little Data Secret Under Washington’s Microscope.”
“Bidstream” is the mobile industry jargon used for data mobile services collect from users then sell. The data is sold to advertisers who bid on ad space in real time exchange for targeted ads. Bidstream data could include demographics, personal hobbies and (even more alarmingly) real time coordinates for consumers’ current location.
The Interactive Advertising Bureau’s (IAB) executive vice president Dave Grimaldi stated that his organization has recently communicated a hundred times more with the federal government about the bidstream than the past two months. There are politicians worried that the bidstream could not only violated privacy, but could lead to deceptive business tactics (and maybe violent actions). There are currently no industry standards or rules from the IAB or the Mobile Marketing Association against bidstreams.
In June 2020, Mobilewalla released demographic information about BLM protestors under the guise of data analysis, while politicians called in surveillance. They want to know if Mobilewalla’s analysis along with the midstream violate the FTC act:
“The FTC won’t say whether it is probing bidstream data gathering, but its chairman did respond to lawmakers. ‘In order to fully address the concerns mentioned in your letter,’ wrote FTC Chairman Joseph Simons in a letter to Wyden obtained by The Drum, ‘we need a new federal privacy law, enforceable by the FTC, that gives us authority to seek civil penalties for first-time violations and jurisdiction over non-profits and common carriers.’… In questions sent separately to Mobilewalla, Senator Elizabeth Warren (D-MA) and other legislators asked the company to provide details of its “disturbing” use of bidstream data.‘Mobilewalla has and will respond to any request received from Congress or the FTC,’ a Mobilewalla spokesperson tells The Drum, declining to provide further detail.”
Those mobile phones are handy dandy gizmos, aren’t they?
Whitney Grace, November 4, 2020
The Purple Yahoo Verizon Mobile Device Innovation
November 2, 2020
I spotted a hard-hitting bit of “real” journalism in “Yahoo’s First Branded Phone Is Here. It’s Purple and Only $50.” One question, “Is the ring tone the Yaaaa-hoooooo yodel? The phone comes from the hard working folks at ZTE. This is a Chinese firm located in Shenzhen with clean, cheerful factories in several locations. The model has been around for a decade. The purple version available from the cheerful Verizon unit managed by Guru Gowrappan. Yep, “guru.” The write up points out that Guru Gowrappan allegedly said:
[You] may have the option to get free access to its Yahoo Finance Premium offering, while a Yahoo Sports fan would get free betting credits or promotions for the company’s sportsbook, assuming they are in a state where sports gambling is legalized.
Yaaaa-hoooooo.
Stephen E Arnold, November 2, 2020
Contact Tracing Apps: A Road Map to Next Generation Methods
October 30, 2020
I read “Why Contact-Tracing Apps Haven’t Lived Up to Expectations.” The article explains that the idea of using a mobile phone and some software to figure out who has been exposed to Covid is not exactly a home run. The reasons range from people not trusting the app or the authorities pushing the app, crappy technology, and an implicit message that some humans don’t bother due to being human: Sloth, gluttony, etc.
The write up appears to overlook the lessons which have been learned from contact tracing applications.
- The tracers have to be baked into the devices
- The software has to be undetectable
- The operation has to be secure
- The monitoring has to be 24×7 unless the phone is destroyed or the power source cut off.
These lessons are not lost on some government officials.
What’s this mean? For some mobile phone operations, the insertion of tracers is chugging right along. Other countries may balk, but the trajectory of disease and other social activities indicated that these “beacon” and “transmit” functions are of considerable interest in certain circles.
Stephen E Arnold, October 30, 2020
After Decades of the Online Revolution: The Real Revolution Is Explained
October 9, 2020
Years ago I worked at a fancy, blue chip consulting firm. One of the keys to success in generating the verbiage needed to reassure clients was reading the Economist. The publication, positioned as a newspaper, sure looked like a magazine. I wondered about that marketing angle, and I was usually puzzled by the “insights” about a range of topics. Then an idea struck me: The magazine was a summarizer of data and verbiage for those in the “knowledge” business. I worked through the write ups, tried to recall the mellifluous turns of phrase, and stuff my “Data to Recycle” folder with clips from the publication.
I read “Faith in Government Declines When Mobile Internet Arrives: A New Study Finds That Incumbent Parties Lose Votes after Their Citizens Get Online.” [A paywall or an institutional subscription may be required to read about this obvious “insight.”] Readers of the esteemed publication will be launching Keynote or its equivalent and generating slide decks. These are often slide decks which will remain unfindable by an organization’s enterprise search system or in ineffectual online search systems. That may not be a bad thing.
The “new study” remains deliciously vague: No statistical niceties like who, when, how, etc. Just data and a killer insight:
A central (and disconcerting) implication is that governments that censor offline media could maintain public trust better if they restricted the internet too. But effective digital censorship requires technical expertise that many regimes lack.
The statements raise some interesting questions for experts to explain; for example, “Dictatorships may restore faith in governments.” That’s a topic for a Zoom meeting among one percenters.
Several observations seem to beg for dot pointing:
- The “online revolution” began about 50 years ago with a NASA program. What was the impact of those sluggy and buggy online systems like SDC’s? The answer is that information gatekeepers were eviscerated, slowly at first and then hasta la vista.
- Gatekeepers provided useful functions. One of these was filtering information and providing some aggregation functions. The recipient of information from the early-days online information systems was some speed up in information access but not enough to eliminate the need for old fashioned research and analysis. Real time is, by definition, not friendly to gatekeepers.
- With the development of commercial online infrastructure and commercial providers, the hunger or addiction to ever quicker online systems was evident. The “need for speed” seemed to be hard wired into those who worked in knowledge businesses. At least one online vendor reduces the past to a pattern and then looks at the “now” data to trigger conclusions. So much for time consuming deliberation of verifiable information.
The article cited above has discovered downstream consequences of behaviors (social and economic) which have been part of the online experience for many years.
The secondary consequences of online extend far beyond the mobile devices. TikTok exists for a reason, and that service may be one of the better examples of “knowledge work” today.
One more question: How can institutions, old fashioned knowledge, and prudent decision making survive in today’s datasphere? With Elon Musk’s implants, who will need a mobile phone?
Perhaps the next Economist write up will document that change, hopefully in a more timely manner.
Stephen E Arnold, October 9, 2020
Quite an Emoji for 2020
September 28, 2020
DarkCyber does not use too many emojis. Sure, we put them in our DarkCyber video news program to add visual punctuation. Most days, words are okay or K in the lingo of the thumbtypers. One of the research team called attention to “These New Emojis Perfectly Sum Up This Dumpster Fire of a Year.” The image comes from an outfit called Emojipedia. We think this is the Oxford Dictionary updated for Gen X and Gen Y mobile messaging addicts.
Nifty and appropriate. Keep in mind that in about 12 weeks we can look back and reflect on the pandemic, economic erosion, social unrest, and the asteroid which will have collided with earth on or about the first week of November.
Does dumpster fire capture the spirit of this memorable year? The emoji does.
Stephen E Arnold, September 28, 2020
Listening to Mobile Calls: Maybe? Maybe Not
August 18, 2020
An online publication called Hitb.org has published “Hackers Can Eavesdrop on Mobile Calls with $7,000 Worth of Equipment.” Law enforcement and other government entities often pay more for equipment which performs similar functions. Maybe $7,000 is a bargain, assuming the technology works and does not lead to an immediate visit from government authorities.
According to the write up, you can listen to mobile calls using a method called “ReVoLTE”, a play on the LTE or long term evolution cellular technology. The article reports:
Now, researchers have demonstrated a weakness that allows attackers with modest resources to eavesdrop on calls. Their technique, dubbed ReVoLTE, uses a software-defined radio to pull the signal a carrier’s base station transmits to a phone of an attacker’s choosing, as long as the attacker is connected to the same cell tower (typically within a few hundred meters to few kilometers) and knows the phone number. Because of an error in the way many carriers implement VoLTE, the attack converts cryptographically scrambled data into unencrypted sound. The result is a threat to the privacy of a growing segment of cell phone users. The cost: about $7,000.
Ah, ha, a catch. One has to be a researcher, which implies access to low cost, highly motivated students eager to get an A. Also, the “researcher” words makes it clear that one cannot order the needed equipment with one click on Amazon’s ecommerce site.
How realistic is this $7,000 claim? DarkCyber thinks that a person interested in gaining access to mobile calls may want to stay in school. CalTech or Georgia Tech may be institutions to consider. Then after getting an appropriate degree, work for one of the specialized services firms developing software and hardware for law enforcement.
On the other hand, if you can build these devices in your bedroom, why not skip school and contact one of the enforcement agencies in the US or elsewhere. DarkCyber has a suggestion. Unlawful intercept can lead to some interesting learning experiences with government authorities. Too bad similar enforcement does not kick in for misleading headlines for articles which contain fluff. That sounds like I am pointing out flaws in Silicon Valley-style reporting. Okay, okay, I am.
Stephen E Arnold, August 18, 2020
TikTok: Exploiting, Exploited, or Exploiter?
August 12, 2020
I read “TikTok Tracked Users’ Data with a Tactic Google Banned.” [Note: You will have to pay to view this article. Hey, The Murdoch outfit has to have a flow of money to offset its losses from some interesting properties, right?]
The write up reveals that TikTok, the baffler for those over 50, tricked users. Those lucky consumers of 30 second videos allegedly had one of their mobile devices ID numbers sucked into the happy outfit’s data maw. Those ID numbers — unlike the other codes in mobile devices — cannot be changed. (At least, that’s the theory.)
What can one do with a permanent ID number? Let us count some of the things:
- Track a user
- Track a user
- Track a user
- Obtain information to pressure a susceptible person into taking an action otherwise not considered by that person?
I think that covers the use cases.
The write up states with non-phone tap seriousness, a business practice of one of the Murdoch progeny:
The identifiers collected by TikTok, called MAC address, are most commonly used for advertising purposes.
Whoa, Nellie. This here is real journalism. A MAC address is shorthand for “media access control.” I think of the MAC address as a number tattooed on a person’s forehead. Sure, it can be removed… mostly. But once a user watches 30-second videos and chases around for “real” information on a network, that unique number can be used to hook together otherwise disparate items of information. The MAC is similar to one of those hash codes which allow fast access to data in a relational structure or maybe an interest graph. One can answer the question, “What are the sites with this MAC address in log files?” The answer can be helpful to some individuals.
There are some issues bubbling beneath the nice surface of the Murdoch article; for example:
- Why did Google prohibit access to a MAC address, yet leave a method to access the MAC address available to those in the know? (Those in the know include certain specialized services support US government agencies, ByteDance, and just maybe Google. You know Google. That is the outfit which wants to create a global seismic system using every Android device who owner gives permission to monitor earthquakes. Yep, is that permission really needed? Ho, ho, ho.)
- What vendors are providing MAC address correlations across mobile app content and advertising data? The WSJ is chasing some small fish who have visited these secret data chambers, but are there larger, more richly robust outfits in the game? (Yikes, that’s actually going to take more effort than calling a university professor who runs a company about advertising as a side gig. Effort? Yes, not too popular among some “real” Murdoch reporters.)
- What are the use cases for interest graphs based on MAC address data? In this week’s DarkCyber video available on Facebook at this link, you can learn about one interesting application: Targeting an individual who is susceptible to outside influence to take an action that individual otherwise would not take. Sounds impossible, no? Sorry, possible, yes.
To summarize, interesting superficial coverage but deeper research was needed to steer the writing into useful territory and away from the WSJ’s tendency to drift closer to News of the World-type information. Bad TikTok, okay. Bad Google? Hmmmm.
Stephen E Arnold, August 12, 2020
-
- Subscribe to Beyond Search
Feature archive
News archive
-
