Tag: dataportability

POF first to respond to my GDPR request

Plenty of Fish

I mentioned how I emailed a load of dating sites for my data and then some… Under GDPR. So far I’ve been bounced around a little but POF is the first positive email I gotten so far…

PlentyofFish (“POF”) has received your recent request for a copy of the personal data we hold about you.

For your protection and the protection of all of our users, we cannot release any personal data without first obtaining proof of identity.

In order for us to verify your identity, we kindly ask you to:

1. Respond to this email from the email address associated with your POF account and provide us the username of your POF account.

2. In your response to this email, please include a copy of a government-issued ID document such as your passport or driving license. Also, we ask you to please cover up any personal information other than your name, photo and date of birth from the document as that is the only information we need.

We may require further verification of your identity, for example, if the materials you provide us do not establish your identity as being linked to the account in question.

Please note that if you previously closed your account, your data may be unavailable for extraction as we proceed to its deletion or anonymization in accordance with our privacy policy. Even if data is still available for extraction, there is some information we cannot release to you including information that would likely reveal personal information about other users. Those notably include messages you received on POF, which are not provided out of concern for the privacy of the senders.

Best,

POF Privacy Team

Well I guess they are being careful at least but will be interested to see what other questions they ask me.

Still wondering when the rest will get in touch?

Data portability and GDPR, been waiting a long time for this

EU GDPR 2018

One of the things I always wanted but never couldn’t see how it would happen without the good will of companies. Was real data portability of my own data.

Google, Facebook and others do provide a data dump but I found it really interesting to see the difference in my Facebook dump/zip/archive. I request it every year or when something changes. This year I did one while Facebook struggled to deal with the impact of Cambridge Analytica and the new GDPR changes.

In 2017 my zip was 31.4 MB (31,425,658 bytes)
In 2018 my zip was 171.3 MB (171,267,617 bytes)

Unlike previously FB included ALL the media in the messages I’ve exchanged with friends. All those gifs and videos friends have shared are now in the dump. I find it interesting they were not included previously. Which always raises the question of ownership. Something we (dataportability group) talked a lot.

I’m so looking forward to similar with other services… Although I’m still unsure if you can legally create services which use the data exports to import or not. It should be possible, as its your data.

Having already crafted a email to send to OKCupid, POF, Bumble, Tinder and some other dating sites similar to when the journalist requested every bit of data they had on her. Its set to send on May 25th which is the day when GDPR comes into effect aka tomorrow!

Thanks to Ubergill for much improving the email I originally drafted…

I’m looking forward to the replies!

Dear {service}

I am making this request for access to personal data pursuant to Article 15 of the General Data Protection Regulation. I am still concerned that your company’s information practices may be putting my personal information at undue risk of exposure or in fact has breached its obligation to safeguard my personal information.

I would like you to be aware at the outset, that I expect a reply to my request within one month as required under Article 12, failing which I will be forwarding my inquiry with a letter of complaint to the Information Commissioner’s Office.

Please advise as to the following:

  1. Please confirm to me whether or not my personal data is being processed. If it is, please provide me with the categories of personal data you have about me in your files and databases.
  2. In particular, please tell me what you know about me in your information systems, whether or not contained in databases, and including e-mail, documents on your networks, or voice or other media that you may store.
  3. Additionally, please advise me in which countries my personal data is stored, or accessible from. In case you make use of cloud services to store or process my data, please include the countries in which the servers are located where my data are or were (in the past 12 months) stored.
  4. Please provide me with a copy of, or access to, my personal data that you have or are processing.
  5. Please provide me with a detailed account of the specific uses that you have made, are making, or will be making of my personal data.
  6. Please provide a list of all third parties with whom you have (or may have) shared my personal data.
  7. If you cannot identify with certainty the specific third parties to whom you have disclosed my personal data, please provide a list of third parties to whom you may have disclosed my personal data.
  8. Please also identify which jurisdictions that you have identified in 1(b) above that these third parties with whom you have or may have shared my personal data, from which these third parties have stored or can access my personal data. Please also provide insight in the legal grounds for transferring my personal data to these jurisdictions. Where you have done so, or are doing so, on the basis of appropriate safeguards, please provide a copy.
  9. Additionally, I would like to know what safeguards have been put in place in relation to these third parties that you have identified in relation to the transfer of my personal data.
  10.  Please advise how long you store my personal data, and if retention is based upon the category of personal data, please identify how long each category is retained.
  11. If you are additionally collecting personal data about me from any source other than me, please provide me with all information about their source, as referred to in Article 14of the GDPR.
  12. If you are making automated decisions about me, including profiling, whether or not on the basis of Article 22 of the GDPR, please provide me with information concerning the basis for the logic in making such automated decisions, and the significance and consequences of such processing.
  13.  I would like to know whether or not my personal data has been disclosed inadvertently by your company in the past, or as a result of a security or privacy breach.
  14. If so, please advise as to the following details of each and any such breach:
  15. a general description of what occurred;
  16. the date and time of the breach (or the best possible estimate);

iii. the date and time the breach was discovered;

  1. the source of the breach (either your own organisation, or a third party to whom you have transferred my personal data);
  2. details of my personal data that was disclosed;
  3. your company’s assessment of the risk of harm to myself, as a result of the breach;

vii. a description of the measures taken or that will be taken to prevent further unauthorised access to my personal data;

viii. contact information so that I can obtain more information and assistance in relation to such a breach, and

  1. information and advice on what I can do to protect myself against any harms, including identity theft and fraud.
  2. If you are not able to state with any certainty whether such an exposure has taken place, through the use of appropriate technologies, please advise what mitigating steps you have taken, such as
  3. Encryption of my personal data;
  4. Data minimisation strategies; or,

iii. Anonymisation or pseudonymisation;

  1. Any other means
  2. I would like to know your information policies and standards that you follow in relation to the safeguarding of my personal data, such as whether you adhere to ISO27001for information security, and more particularly, your practices in relation to the following:
  3. Please inform me whether you have backed up my personal data to tape, disk or other media, and where it is stored and how it is secured, including what steps you have taken to protect my personal data from loss or theft, and whether this includes encryption.
  4. Please also advise whether you have in place any technology which allows you with reasonable certainty to know whether or not my personal data has been disclosed, including but not limited to the following:
  5. Intrusion detection systems;
  6. Firewall technologies;

iii. Access and identity management technologies;

  1. Database audit and/or security tools; or,
  2. Behavioural analysis tools, log analysis tools, or audit tools;
  3.  In regards to employees and contractors, please advise as to the following:
  4. What technologies or business procedures do you have to ensure that individuals within your organisation will be monitored to ensure that they do not deliberately or inadvertently disclose personal data outside your company, through e-mail, web-mail or instant messaging, or otherwise.
  5. Have you had had any circumstances in which employees or contractors have been dismissed, and/or been charged under criminal laws for accessing my personal data inappropriately, or if you are unable to determine this, of any customers, in the past twelve months.
  6. Please advise as to what training and awareness measures you have taken in order to ensure that employees and contractors are accessing and processing my personal data in conformity with the General Data Protection Regulation.

Thank you,

Ian

Data portability in online dating sooner than they think?

Dating Apps make money from attention & personal data

I have written a few times about disruption in online dating, heck its something which will be discussed at Mozilla Festival this year (tickets are available now).

But interestingly the EU’s General Data Protection Regulation may get in there ahead of any setup/network disruption. In the Guardian I saw a piece called Getting your data out of Tinder is really hard – but it shouldn’t be.

Its all about getting data back from Tinder (which remember is part of IAC/Match group)

…Duportail eventually got some of the rest of her data, but only on a voluntary basis, and only after she identified herself as a journalist. Her non-journalist friends who followed suit never got responses to similar requests.

Finally armed with the 800 pages she had clawed back from Tinder, Duportail wrote a story reflecting on her own relationship with her data, and the myopic view Tinder had of her love life. I feel her story helps bridge the chasm between those with information stored in the database and the architects behind it, providing much needed neutral common ground to democratically discuss power distributions in the digital economy.

Given the popularity of her story, and my overflowing inbox, I would say many agree. And indeed, you should expect more similar stories to be unearthed in the future because of the upcoming General Data Protection Regulation (GDPR). From May 2018, the new European-level regulation will come into force, claiming wider applicability – including on US-based companies, such as Tinder, processing the personal data of Europeans – and harmonising data protection and enforcement by “levelling up” protections for all European residents.

I know there is a lot of push back from the big American internet corps, but this is coming and the there is no way they can wriggle out of it?

…beyond the much older right of access, the true revolution of GDPR will come in the form of a new right for all European citizens: the right to portability.

It seems like such a small thing but actually it has the potential to be extremely disruptive. Heck its one of the things I wanted back in early 2011. Imagine all those new services which could act like brokers and enable choice! It could be standard to have the ability to export and import rich data sets like Attention profile markup language (APML).

I just wish we were staying in Europe, although the UK has agreed to take GDPR, thankfully! There was no way, if they were left on their own, this would ever come about; like it looks like it might.

Standardnotes my alternative choice to Evernote

Standardnotes

This is continuous fight I keep having with myself… For quite some time I’ve been looking for an alternative to Evernote on Linux & Android. I got it down to 3, Turtl, laverna and standardnotes.

In the end I decided Standardnotes mainly because I needed something which easily syncs like simplenote and I guess evernote. I liked the idea of being able to run my own standardnote server in the future. But the biggest thing for me was being able to convert my evernote notes. Yes it costs but I was happy with the terms (client side encryption) and comfortable with the payment which is less than evernote anyway. I also been looking a little deeper at Standardnotes. The privacy and sustainability statements are just stuff of dreams. Theres very few other services which can say and do these things.

What about the others?

Turtl, was good but the interface drove me a little nutty, having to login each time and no offline support? Maybe in a few years if the project gets more development it grow into something special and I’ll check it out again.

laverna is also good and is very quick and easy to get going but its mainly built around the browser as it uses javascript. There is a android app coming but its not there yet and syncing is tricky because it stores everything in the browser. I think you can move this to a sync container like dropbox, google drive, etc.

Standardnotes

With Standardnotes., I have added it to Wavebox, installed the Android apps (doesn’t install on my ereader as it needs Android 5+) and paid for a year subscription.

So far so good!

I do still use Simplenote for quick and temporary notes, but not I installed the the Linux app, this may go away too. Now I just need to sort out my imported 2177 evernotes!

Pebble update opens the door

ef433d2391d654aa37817295ce10f4a0_original

Been very happy to hear FitBit are contuning to make the pebble operational after they sunset the pebble servers.

One of the biggest questions for Pebble owners following the company’s acquisition by Fitbit last year has been how long their watches would keep working going forward. And while Pebble had announced at the time that Fitbit would be “going out of its way” to keep the smartwatch platform’s software and services running through 2017, there hasn’t been much news of what would happen past that point, especially given that a fair portion of Pebble’s software is cloud based.

To help address those issues, Pebble released an update this week that decouples the smartwatches from their dependency on cloud services, meaning that whenever Pebble’s servers do shut down, users will still be able to side load apps and new firmware to their smartwatches.

It’s not a perfect fix, and there are still plenty of answered questions. Features like dictation, messaging, and weather, for example, are all based on cloud services, and Pebble still hasn’t commented on whether or not it’s found a way to keep those working for users going forward. Still, at least Pebble fans will be able to continue to use the basic features of their watches, even as the rest of Pebble is absorbed into Fitbit.

I have been looking at alternatives to the pebble and not finding much especially when Fitbit bought Vector too.

GadgetBridge logo

But I’ve been looking at alternative ways to get the same fuctionality as whats currently available. The big one seems to be GadgetBridge, which seems to be growing in fuctionality quickly.  The other great thing about gadgetbridge is it supports the MiBand too, which may be a saver to the crappy MiBand application, which I can’t seem to get syncing with anything.

How to copy contacts from Windows phone to Android, without going crazy

Nokia Lumia 635 and HTC Desire 635

Short answer: Setup a Microsoft Outlook account on the windows phone, sync everything to it then export a CSV of all the contacts on a laptop. Login to your Google account on the laptop and import them all. Sync that google account with the Android phone.

My painful experience

My dad has had a Nokia Lumia 635 for a while (over a year). He wanted to upgrade his ageing Nokia and went into Carphone warehouse to get a upgrade. The sales person must have rubbed their hands (I felt they took advantage of my dad saying he wanted a Nokia) and sold him a Nokia Lumia with Windows Phone on it. I was pretty pissed about this because my dad already has a google account, chromebook and my mum has this and a Samsung android phone.

On Boxing day we went back and looked into buying him out of his contract. This was fine and he choose a HTC desire 626 as it had a big screen and didn’t cost anything to his contract. After taking it home, I set it up for him and boy did the fun start.

Some quick things… I’m running Ubuntu on a laptop, my parents have a chromebook, we all have google accounts and we now all have android phones. My parents are not technical and mainly use text and voice. They have broadband with wifi in the house plus a chromecast I bought a few years ago. The Nokia couldn’t connect to any wifi unless it was open with no security/encryption (I tried many ways to get this working but it seems to be a common fault, which requires a total wipe!)

Nokia Lumia 635

I plugged the Nokia into my Ubuntu laptop then copied everything off it I could see. Then copied it to the HTC phone, I also turned off my WPA security on my Nexus 5x phone to allow the Nokia to actually connect to the internet without using my dads low 4g data usage. Then setup his google account which I set to sync everything. When trying to sync contact information with the google account nothing would sync. I had my laptop open with the google account so I could see what was syncing and what wasn’t. I tried forcing the sync and Windows phone kept forcing me to sync with Outlook.com. In the end I setup a temporary outlook account and synced everything with that. I could see things syncing correctly on my laptop screen.

I thought with both accounts on the Windows phone it would now sync but no. So I had to export the lot out of Outlook.com on the laptop as a CSV file then import them into the google account via my laptop. Once syncing, I could setup the google account on the Android phone and everything was good except Gmail automatically creates a group for the imported contacts which I had to delete but keep the contacts.

HTC Desire 820_11

Once that was done, I forced a system update and greeted with the Android 6.0 (Marshmallow) upgrade, meaning my mums new phone and dads phones are very similar making the learning experience a little easier between both my parents.

Ultimately I was quite shocked how difficult a simple thing task was. I mean dataportability should be simple and at one point I was going to give up and get my dad to write out all the contacts to a new his new phone. It wasn’t helped by not having wifi access on the Nokia. I did try Bluetooth and sending contacts as emails but nothing quite worked.

I hope this helps others as I was tearing my hair out to get such a simple thing working. No wonder Nokia has dumped Windows mobile and gone Android.

A new bitcoin wallet needed

Bitcoin

I caught wind of ChangeTip closing down Reddit. Then later today received this email.

As you may have heard, ChangeTip will be discontinuing services soon 🙁

You are receiving this email because you have money in your wallet, and we want you to get it back before we close our doors.

BTC balance: *************
USD balance: $************

Please login to your account and withdraw your funds. If you like, you may also log in and donate remaining funds to charity when you close your account.

I heard they were changing things up but this news is a shame. So I’m looking for somewhere to move my bitcoins. Bitcoin wallet looks popular and well I don’t know how long ChangeTip will enable the feature to transfer bitcoins (thank goodness for Dataportability eh?)

I found the micropayment side interesting and its a shame its gone of course there are others which I’ll check out in the future.

Data portability and the internet of things

Nabaztag on the Microwaves
I can’t help but laugh and partly shake my head at the crazy things which are being networked. You only have to follow internet of shit to get this.

I said heck no when a friend who I’d expect more thought from, suggested I should get one of the internet connected door locks; following my thoughts about Airbnb hosting. Not sure if they were being ironic or serious.

It comes as almost no shock, when reading the time that Tony Fadell sold me a container of hummus.

On May 15th a critical Nest product will go dark. I’m shocked this isn’t bigger news.

I don’t mean that the Nest product will reach end-of-life for support and updates. No, I mean that on May 15th they will actually turn off the device and disable your ability to use the hardware that you paid for.

Google/Nest’s decision raises an interesting question. When software and hardware are intertwined, does a warranty mean you stop supporting the hardware or does it mean that the manufacturer can intentionally disable it without consequence? Tony Fadell seems to believe the latter. Tony believes he has the right to reach into your home and pull the plug on your Nest products.

This littarly tingle’s of ethics of data; as I lumped data portability in the class of ethics a while ago. Theres been a few scary stories such as Berg cloud, the end of aibos and the famous nazbaztag saga. This is just the start, imagine when its your whole home system like in the example of Nest

Is the era of IoT bringing an end to the concept of ownership? Are we just buying intentionally temporary hardware? It feels like it. I own a Commodore 64 that still works.

The point is perfectly made. We have moved into a world of renting and/or licencing. I have many things which past their support date ages ago. For example my old Nexus 7 2012 edition, still runs and even has the latest Android 6.0 operating system on it. My pacemaker is coming up on 9 years old and there was a beta update 6 months ago! Even my Pebble smartwatch just recently got a update. And I can go back far further with other devices and machines. Heck my original Xbox and Playstation 1 still run and work..

Interesting to see Tony Fadell has stepped down too…

Slack, dataportability done right?

Slack… love it hate it, its seems to be going everywhere…

We recently had to move slacks for reasons not worth mentioning. I was pretty impressed as one of the founders of the data portability group way back, how easy it was to export one slack into another slack. If only more services would take note!

I found the story of slack so reminiscence of Flickr’s inception via game never ending.

Flickr was famously developed as a side feature for the MMO Game Neverendingthat Butterfield was developing with his then-wife Caterina Fake and the rest of their company, Ludicorp. The team realized that the photo-sharing aspect of the game could be spun off into its own service.

Always reminds me of sitting in the audience at the doors of perception 6 in Amsterdam when Stuwart Butterfield talked about the concept and plans.

The right to delete in online dating

Delete billboard by Ji Lee

You know how I’m very interested in the ethical dimension of  services and data. Data portability is something I have a long history with and alongside that, there is related idea of having access to delete.

Of course this can be very controversial like the much talked about, right to be forgotten.

Its intriguing to look at the online dating world where data is thrown about with little regard for the users.

Turns out, there are many people who think deleting a dating app from your phone is the same as deleting your profile – but it isn’t.

Dating apps and online dating sites make it kind of tricky to get rid of you altogether – after all, they attract people (and investors) based on user numbers, so they are not motivated to make it obvious how to delete your account.

Okcupid plays by the rules while eHarmony requires a web action and then a email to confirm. Hinge a mobile dating app, requires you to use a desktop browser before you can delete it the account on your mobile via uninstalling the app.

With Tinder, I disconnected my Facebook account from Tinder meaning the account will be rejected by Facebook if it was started again. Its not elegant but saves me having to install Tinder again. I kind of refuse to install it again.

Makes you wonder how many loops some of the other dating sites and apps will make you jump through…?