Tag: data

POF first to respond to my GDPR request

Plenty of Fish

I mentioned how I emailed a load of dating sites for my data and then some… Under GDPR. So far I’ve been bounced around a little but POF is the first positive email I gotten so far…

PlentyofFish (“POF”) has received your recent request for a copy of the personal data we hold about you.

For your protection and the protection of all of our users, we cannot release any personal data without first obtaining proof of identity.

In order for us to verify your identity, we kindly ask you to:

1. Respond to this email from the email address associated with your POF account and provide us the username of your POF account.

2. In your response to this email, please include a copy of a government-issued ID document such as your passport or driving license. Also, we ask you to please cover up any personal information other than your name, photo and date of birth from the document as that is the only information we need.

We may require further verification of your identity, for example, if the materials you provide us do not establish your identity as being linked to the account in question.

Please note that if you previously closed your account, your data may be unavailable for extraction as we proceed to its deletion or anonymization in accordance with our privacy policy. Even if data is still available for extraction, there is some information we cannot release to you including information that would likely reveal personal information about other users. Those notably include messages you received on POF, which are not provided out of concern for the privacy of the senders.

Best,

POF Privacy Team

Well I guess they are being careful at least but will be interested to see what other questions they ask me.

Still wondering when the rest will get in touch?

Data portability and GDPR, been waiting a long time for this

EU GDPR 2018

One of the things I always wanted but never couldn’t see how it would happen without the good will of companies. Was real data portability of my own data.

Google, Facebook and others do provide a data dump but I found it really interesting to see the difference in my Facebook dump/zip/archive. I request it every year or when something changes. This year I did one while Facebook struggled to deal with the impact of Cambridge Analytica and the new GDPR changes.

In 2017 my zip was 31.4 MB (31,425,658 bytes)
In 2018 my zip was 171.3 MB (171,267,617 bytes)

Unlike previously FB included ALL the media in the messages I’ve exchanged with friends. All those gifs and videos friends have shared are now in the dump. I find it interesting they were not included previously. Which always raises the question of ownership. Something we (dataportability group) talked a lot.

I’m so looking forward to similar with other services… Although I’m still unsure if you can legally create services which use the data exports to import or not. It should be possible, as its your data.

Having already crafted a email to send to OKCupid, POF, Bumble, Tinder and some other dating sites similar to when the journalist requested every bit of data they had on her. Its set to send on May 25th which is the day when GDPR comes into effect aka tomorrow!

Thanks to Ubergill for much improving the email I originally drafted…

I’m looking forward to the replies!

Dear {service}

I am making this request for access to personal data pursuant to Article 15 of the General Data Protection Regulation. I am still concerned that your company’s information practices may be putting my personal information at undue risk of exposure or in fact has breached its obligation to safeguard my personal information.

I would like you to be aware at the outset, that I expect a reply to my request within one month as required under Article 12, failing which I will be forwarding my inquiry with a letter of complaint to the Information Commissioner’s Office.

Please advise as to the following:

  1. Please confirm to me whether or not my personal data is being processed. If it is, please provide me with the categories of personal data you have about me in your files and databases.
  2. In particular, please tell me what you know about me in your information systems, whether or not contained in databases, and including e-mail, documents on your networks, or voice or other media that you may store.
  3. Additionally, please advise me in which countries my personal data is stored, or accessible from. In case you make use of cloud services to store or process my data, please include the countries in which the servers are located where my data are or were (in the past 12 months) stored.
  4. Please provide me with a copy of, or access to, my personal data that you have or are processing.
  5. Please provide me with a detailed account of the specific uses that you have made, are making, or will be making of my personal data.
  6. Please provide a list of all third parties with whom you have (or may have) shared my personal data.
  7. If you cannot identify with certainty the specific third parties to whom you have disclosed my personal data, please provide a list of third parties to whom you may have disclosed my personal data.
  8. Please also identify which jurisdictions that you have identified in 1(b) above that these third parties with whom you have or may have shared my personal data, from which these third parties have stored or can access my personal data. Please also provide insight in the legal grounds for transferring my personal data to these jurisdictions. Where you have done so, or are doing so, on the basis of appropriate safeguards, please provide a copy.
  9. Additionally, I would like to know what safeguards have been put in place in relation to these third parties that you have identified in relation to the transfer of my personal data.
  10.  Please advise how long you store my personal data, and if retention is based upon the category of personal data, please identify how long each category is retained.
  11. If you are additionally collecting personal data about me from any source other than me, please provide me with all information about their source, as referred to in Article 14of the GDPR.
  12. If you are making automated decisions about me, including profiling, whether or not on the basis of Article 22 of the GDPR, please provide me with information concerning the basis for the logic in making such automated decisions, and the significance and consequences of such processing.
  13.  I would like to know whether or not my personal data has been disclosed inadvertently by your company in the past, or as a result of a security or privacy breach.
  14. If so, please advise as to the following details of each and any such breach:
  15. a general description of what occurred;
  16. the date and time of the breach (or the best possible estimate);

iii. the date and time the breach was discovered;

  1. the source of the breach (either your own organisation, or a third party to whom you have transferred my personal data);
  2. details of my personal data that was disclosed;
  3. your company’s assessment of the risk of harm to myself, as a result of the breach;

vii. a description of the measures taken or that will be taken to prevent further unauthorised access to my personal data;

viii. contact information so that I can obtain more information and assistance in relation to such a breach, and

  1. information and advice on what I can do to protect myself against any harms, including identity theft and fraud.
  2. If you are not able to state with any certainty whether such an exposure has taken place, through the use of appropriate technologies, please advise what mitigating steps you have taken, such as
  3. Encryption of my personal data;
  4. Data minimisation strategies; or,

iii. Anonymisation or pseudonymisation;

  1. Any other means
  2. I would like to know your information policies and standards that you follow in relation to the safeguarding of my personal data, such as whether you adhere to ISO27001for information security, and more particularly, your practices in relation to the following:
  3. Please inform me whether you have backed up my personal data to tape, disk or other media, and where it is stored and how it is secured, including what steps you have taken to protect my personal data from loss or theft, and whether this includes encryption.
  4. Please also advise whether you have in place any technology which allows you with reasonable certainty to know whether or not my personal data has been disclosed, including but not limited to the following:
  5. Intrusion detection systems;
  6. Firewall technologies;

iii. Access and identity management technologies;

  1. Database audit and/or security tools; or,
  2. Behavioural analysis tools, log analysis tools, or audit tools;
  3.  In regards to employees and contractors, please advise as to the following:
  4. What technologies or business procedures do you have to ensure that individuals within your organisation will be monitored to ensure that they do not deliberately or inadvertently disclose personal data outside your company, through e-mail, web-mail or instant messaging, or otherwise.
  5. Have you had had any circumstances in which employees or contractors have been dismissed, and/or been charged under criminal laws for accessing my personal data inappropriately, or if you are unable to determine this, of any customers, in the past twelve months.
  6. Please advise as to what training and awareness measures you have taken in order to ensure that employees and contractors are accessing and processing my personal data in conformity with the General Data Protection Regulation.

Thank you,

Ian

We present the Living room of the future…

living room of the future flyer

I’ve been working on the living room of the future and write about it quite a few other places including the BBC R&D blog.

Its part of the reason for the radio silence recently, but honestly the team of 3 universities and 2 arts organisations have been hard at work to create the live demonstrator of the living room of the future.

living room of the future

I won’t lie, its bloody exciting not only for the experience but what it enables and stands for. I highly recommend taking part in the research if you are able to come to Liverpool from Thursday 3rd – 8th May.

Of course I don’t want to reveal too much and although its hard to do much of a spoiler as its about a shared experience. Our twitter bot is doing a good job showing the inners of what going on if you are wondering.

There has been a question for a while which people always ask. Why the living room? To which I answer sensitive place, common private area for discussions, there are existing social hierarchies at play in the space and its place for small audiences. Its also a complex space which I’ve seen talked about a lot recently.

BD3-34 - Pilsen St bedsit with armchair

I found Millennials don’t need living rooms, piece from the Independent fascinating.

A prominent architect has argued millennials do not need living rooms and their housing prospects would be greatly improved if size regulations were overhauled.

Patrik Schumacher, who took over as head of Zaha Hadid Architects after the legendary founder died in early 2016, said “hotel room-sized” studio flats were ideal for young people who led busy lives.

In a paper published by the Adam Smith Institute, he suggested size rules should be reviewed to increase the number of studio flats available to those on lower incomes.

While a 25-square-metre flat is the minimum in Japan, in the UK the minimum is 37 square metres for a one-bed.

Although reading through the piece, it sounds like a land grab to change the regulation and fit even more property in smaller spaces. There is a slight point that the price of property is super high and this could help (IF) prices don’t increase they are currently.

Polly Neate, CEO of housing charity Shelter, hit back at the architect’s remarks. “Tiny homes don’t necessarily mean cheaper homes, and at Shelter we know that having a decent place to live is vital for people’s well-being. So compromising on space and quality isn’t going to do anyone any favours,” she told The Independent.

“Homes in the UK are not expensive because they are too large, they are too expensive because our housing market is broken. When big developers realise they can squeeze, for example, 20 tiny homes on the same patch of land that once fit just ten then the price of land will rise to reflect this.

“The solution to the housing crisis is not to build ever smaller homes but to bring down the price of land and build the type of genuinely affordable homes that people actually want to live in.”

My thoughts went back and forth while reading but I wondered if the living space is squeezed what will disappear? Maybe the living room or kitchen will be first to go, looking at Japanese flats for example.

There was a choice in building the living room of the future, that it should be big or small? What was it it and what wasn’t. We decided on small to reflect the trend on smaller shared spaces and the need for the 3rd space.

Looking at the other side of the living room project, it was also fascinating to read about the UK’s first smarthome with Apple home kit baked in. The obviously scares the life out of me but every buyer of smart homes should read the house which spied on me and also the follow up which explains how it worked.

The house which spied on me

In December, I converted my one-bedroom apartment in San Francisco into a “smart home.” I connected as many of my appliances and belongings as I could to the internet: an Amazon Echo, my lights, my coffee maker, my baby monitor, my kid’s toys, my vacuum, my TV, my toothbrush, a photo frame, a sex toy, and even my bed.

Its super revealing and a very good long read. It speaks volumes about the different data which flows around our homes and spaces like the living room.

So what you waiting for, get yourself a ticket now!

Remember what Zuckerberg said about its trusted users?

Mark Zuckerberg is “deluded” by his own faith in Facebook’s ability to be a force for good in the world.

I have so many pieces saved in my wallabag archive about the faccebook/cambridge analytica data issues (it is not a breach!). As I read, more information comes to light.

But I am always reminded of what Zuckerberg said about its trusted users… and it sums up so much.

Dumb fucks…

The thing about the statement is although it might be throw away in nature it speaks volumes about the way Zuckerberg thinks about Facebook users. It also interesting to think how Facebook is makes users feel that way, taking the power and control out of their hands. The reactions to the reveals have been so-so like when Edward Snowdon revealed the mass surveillance of millions of citizens around the world.

But its super clear, no matter how powerless we all feel, its super important to not lose sight that these giant companies have weaponised data, algorithms and psychology against us all. Running from one service to another isn’t so helpful in the long run.

We need to be more conscious about our decisions physically, mentally and virtually or be the dumb fucks Zuckerberg talked about.

Quantifying my attention across devices

Rescue Time in Jan 2018My frustration with tracking my smartphone use, the apps permissions and data use; drove me back to rescue time.

I decided it’s time to combine the time I spend on different devices together in a sensible way. Previously I had used rescue time even with the bulk collection of personal data a worry. But a long time ago there was no sensible rescue time tracker/scrobbler for Linux. I remember trying the early betas and not being impressed at all.

So coming back years later I was happy to see a scrobbler on every platform including android and Linux. Not even a tgz but a deb package which is easy as pie on Ubuntu. After installing it and recovering my old account; I was up and going quickly. It doesn’t use much resources on android or Linux and sits quietly in the background.

The breakdown is impressive and making changes to the categories makes things very interesting. For example here’s Monday time (bear in mind I was ill in the morning but you can see once I was awake, I was off and running)

RescueTime - Categories 10 jan

I also have Hamster time data which I can combine if I like to really understand and drill down.

My hamstertime data for 8th JanIt might seem like overkill but as most of this is automated, theres little I need to do.

What does your circadian rhythm say?

It’s always been clear that sleep is a big deal and more and more research is coming out to show the massive effect sleep can have in our lives. Especially at critical times of our development.

I have been tracking (quantifying) my sleeping solidly for about 3-5 years and its surprising to see the effect of the things like different alcohol drink, cheese, coffee, milk and chocolate. I also been to many events, with the last one being Cafe Sci: Myth and Science of Sleep. I generally track my dreams now, which is quite different from previously when I use to track them with a lot more detail.

Tracking sleep can seem a but of nonsense; I mean leaving your phone on your bed while you sleep or using a wristband device to collect data can seem poor for data collection. However with some calibration and a few months data, it becomes clear through the patterns whats good quality and bad quality sleep; oppose to the length of sleep. The key being the cycles of sleep… Light sleep into REM into deep sleep into light sleep and over again.

Sleep as Android data

Here is me sleeping in a hotel for 5hrs 49mins after drinking cocktails in London during the week of Mozfest. You can see the alcohol puts me into deep sleep quickly but it takes a while for my body to get back into its normal sleep pattern. I also had a done a lot of walking that day.

graph_detail_20171019_1.11

This clearly shows although I had 7hrs 21mins of sleep when I woke up, I felt like crap. To be fair I had red wine, and was on cold meds to get rid of my long lingering cold. Once again I was in a hotel, this time in Sarajevo. No coffee this time.

graph_detail_20171119_1.30

This is from todays sleep, even with a few scoops of ice cream and coffee, I slept extremely well and woke up feeling pretty fresh and ready to take on the world.

I use Sleep as Android with my Pebble watch. I do sync everything to Google Fit, Google Drive and Dropbox to make a personal back up for myself.

Ultimately I would clearly say I have learned so much by looking at the patterns, especially over a longer period of time.

Urban legend says facebook is listening

8409207368_b4acce604e_c_d

There so much talk about Facebook and other west coast megacorps (the 5 stacks) listening in on our conversations. To be fair its part of the reason why I don’t like Whatsapp who own and can do what ever they like to the metadata of your conversations. It’s all become a bit of an urban legend, but to be fair the megacorps are doing an incredibly bad job explaining how things are happening (little to no transparency, but to be fair it’s not fitting with their business model).

Even a recent episode of Reply All tackled this field – #109 Is Facebook spying on you.

You can look & listen to the rising concern the public have around their privacy; and the increasing number of stories. I you can’t help but think maybe there is a change coming? Or at least I’d like to think so… but its clear there is a lack of understanding of data by the general public.

For example

“One of the things that Facebook can do is if you like something, it can advertise that thing to your friends. So the brother-in-law obviously signaled to Facebook that he was into white supremacy somehow, and Charles’ friend was liking a lot of the guy’s posts, and they were friends on Facebook, so Facebook was like, “Alright, well, why don’t I advertise this white supremacist stuff to you.”

If you actually read the Facebook EULA, it actually says this but certainly not in such clear human readable words (its been a long while since I skimmed the FB eula, so may have changed – but doubt it). In my own experience, it’s also very hard for people to envision scenarios where the links matter, hence it may not be the actual data but the links between the data which suddenly make people worry and care; the data taken out of context. Most have no idea how many categories of data Facebook alone are sorting us all into.

This is hard to show and demonstrate without going; without going all black mirror or someones eyes glazing over. In my experience when talking about data most people shrug and say things like, “nothing to hide.”

Glass room recipt

During Mozfest this year I got the chance to walk around the Glass Room on Charing Cross Road, with the people at the ingenious bar giving out data detox kits. The kits are interesting because it’s aimed at a mass audience and the advice although simple is generally useful. I also found some of the installations good, especially the one where you are swiping through your facebook timeline (it was twitter for me) and 2 mins later, given a printed receipt of your work. (Funny enough, it felt like a lot longer than 2mins but then again, its not really the thing I do regularlly)

We certainly need more of this!

Hopefully more of these public interjections will start to move the discussion on from urban legends to a proper informed discussion about ethical data use. I believe FB and others are capitalising on the general public ignorance and its got to stop.

Whats that? Peer pressure?

Whatsapp on a phone

I recently came back from mobile roaming in Sarajevo; its been a while since I’ve been to a county where data roaming wasn’t as straight forward as its become. Even doing the standard replying to the automatic text didn’t work. (Although this isn’t about roaming data, although I have a long history when it comes to international roaming data).

It was kinda weird the assumption that everyone would be on Whatsapp. I understand the limitations of text messages and the greed of the mobile operators in the past around MMS and EMS, has crippled its use. Especially at 50p per message when internationally roaming on EE.

My colleagues ask over and over again, why am I not on Whatsapp? To be fair many others have asked the same question. So here’s some of my reasons.

  1. I simply don’t trust Facebook (owners of Whatsapp); I removed FB from my mobile devices and only put the lite version of messenger with all its permissions removed (inlcuding contact access)
  2. I read the Whatsapp End User Licence Agreement, a few years ago and then didn’t  agree with the terms especially around who they share the metadata with. I assume its changed but I don’t see a compelling reason to do it again.
  3. I don’t trust Whatsapp’s security implentation of Signals end to end message encryption; and is it all mute if Whatsapp is sharing the metadata anyway?
  4. This isn’t just because its FB; I don’t use Googe Allo either. I use certain systems for certain things. I get for most people Whatsapp is their ICQ but the benefit isn’t enough to make me use it.
  5. I don’t like the net neutrality issue, with certain mobile operators giving it priority over other services.

End of the day, everyone needs to make their own decision based on real information; not on social & peer pressure. Happy for you to be on Whatsapp but I won’t be joining you.

Data portability in online dating sooner than they think?

Dating Apps make money from attention & personal data

I have written a few times about disruption in online dating, heck its something which will be discussed at Mozilla Festival this year (tickets are available now).

But interestingly the EU’s General Data Protection Regulation may get in there ahead of any setup/network disruption. In the Guardian I saw a piece called Getting your data out of Tinder is really hard – but it shouldn’t be.

Its all about getting data back from Tinder (which remember is part of IAC/Match group)

…Duportail eventually got some of the rest of her data, but only on a voluntary basis, and only after she identified herself as a journalist. Her non-journalist friends who followed suit never got responses to similar requests.

Finally armed with the 800 pages she had clawed back from Tinder, Duportail wrote a story reflecting on her own relationship with her data, and the myopic view Tinder had of her love life. I feel her story helps bridge the chasm between those with information stored in the database and the architects behind it, providing much needed neutral common ground to democratically discuss power distributions in the digital economy.

Given the popularity of her story, and my overflowing inbox, I would say many agree. And indeed, you should expect more similar stories to be unearthed in the future because of the upcoming General Data Protection Regulation (GDPR). From May 2018, the new European-level regulation will come into force, claiming wider applicability – including on US-based companies, such as Tinder, processing the personal data of Europeans – and harmonising data protection and enforcement by “levelling up” protections for all European residents.

I know there is a lot of push back from the big American internet corps, but this is coming and the there is no way they can wriggle out of it?

…beyond the much older right of access, the true revolution of GDPR will come in the form of a new right for all European citizens: the right to portability.

It seems like such a small thing but actually it has the potential to be extremely disruptive. Heck its one of the things I wanted back in early 2011. Imagine all those new services which could act like brokers and enable choice! It could be standard to have the ability to export and import rich data sets like Attention profile markup language (APML).

I just wish we were staying in Europe, although the UK has agreed to take GDPR, thankfully! There was no way, if they were left on their own, this would ever come about; like it looks like it might.

Oh Plex, why oh why?

https://www.flickr.com/photos/cubicgarden/4303608740/

I know the picture above isn’t Plex but rather XBMC/KODI but this shot sums up how I feel about Plex right now.

I have been using Plex server quite a bit and decided that I would snap up a lifetime PlexPlus pass a while ago. So I was pretty peed when they updated their policy around data collection. From Plex’s Highlights of what is changing:

Upcoming features and services involving third-party and ad-supported content will require Plex to collect and, in some cases, share information about the third-party content you are streaming. For clarity, third-party content is content that we deliver or stream to you that is not contained in your personal media library.

Ok thats annoying for me but not too much of pain as I don’t really use the Plex addons/plugins. I know others are more upset about this.

In order to understand the usage across the Plex ecosystem and how we need to improve, Plex will continue to collect usage statistics, such as device type, duration, bit rate, media format, resolution, and media type (music, photos, videos, etc.). We will no longer allow the option to opt out of this statistics collection. Again, we will not collect any information that identifies libraries, files, file names, and/or the specific content stored on your privately hosted Plex Media Servers. The only exception to this is when, and only to the extent, you use Plex with third-party services such as Sonos, Alexa, webhooks, and Last.fm.

We will no longer allow (including paid lifetime!) users to opt-out! Also usually when you get something like this, its anonymous data collection. I know later its makes it sound like anonymous but it never actually says this. I still need to read through the privacy policy in full again. But this feels like it might break a EU data law and for sure the ones coming soon. (Plex is based in Delware & Switzerland)

To be fair I’ve had a task to try out Emby for a long while, but this begs the question of what happens to my Plex pass and why don’t Plex share collected data with us? Luckily plex data portability isn’t such a pain. Also its another reason why most of my media consumption is through Kodi not Plex.