privacy – Page 2 – Cubicgarden.com…

Bumble, their retention policy and my GDPR

Bumble launches "Dating Just Got Equal" campaign

I’m sure I have said this multiple times, I really want to like Bumble but every-time I try it again, I’m left with a bad after taste (like poor chocolate). I must learn dating apps don’t get better just worst.

Out of frustration, not with the people on the site (thats a whole different story). The mechanism was painful and annoying to say the least (not because of the females pick first).

So I deleted the app and requested my data from Bumble under GDPR law, as I have done for others previously.

Sent the request on 21st Jan, got the first reply on 23th Jan with the usual identity check. I replied on 24th Jan with the credentials which was made easy with my emails asking Bumble to change a profile element in late 2020. Then on 26th Jan I got this…

Hello,

Just to let you know, I have passed your email on to my supervisor here at Bumble who will get back to you as soon as possible.

We’re currently experiencing an incredibly high volume of emails, so it might take a little while longer than normal to get a response from a supervisor.

While we are working super hard to get to everyone, it may be tempting to send a chase regarding the status of your query. However, please bear in mind that we work on a queue-based system here. This means that sending an additional email may push your query further down in the queue and create a longer delay than we’d like.

Please know we haven’t forgotten about you and we really appreciate your patience during this busy time!

Joel
Bumble Feedback Team

Usually I would be on this like a hawk but I kind of forgot as I lost faith in OKCupid and others too. So Bumble sneaked under my radar till the 26th Feb when I finally received this email.

Hello,

Thank you so much for your patience in waiting for our response.

We’ve been dealing with an incredibly high volume of emails recently and have been working hard to get to your query.

Unfortunately, we are unable to proceed with your request as it appears as though your account was deleted more than 28 days ago.

In line with our retention policy, we begin to erase or anonymise your information upon the deletion of your account, following the safety retention window.

Please see our Privacy Policy for more information about how we use your data and your rights. You can read more about our privacy policy at: https://bumble.com/privacy

Please note that this only pertains to the profile registered to the email address you’ve contacted us from. If you have any profiles registered on Bumble with different contact details, please contact us using the relevant methods linked to those accounts.

Hila
Bumble Feedback Team

This answer absolutely drove me to rage because Bumble are hiding behind their retention policy. The only reason their retention policy kicked in is because they left it over 28 days. Its outrageous and I’m not standing for it.

I have given them 3 days to change their stance before I report them to the ICO. Although I still didn’t hear anything else from the ICO about Houseparty.

Expect to hear more soon!

Its time to move from Whatsapp to Signal

For the longest time people have asked why I don’t use Whatsapp? As someone who sees the flaws and reads the terms/conditions, I was never happy with the use of data. In the last few days its become much clearer with Whatsapp privacy change forcing you to accept the changes or stop using it (no opt out).

The core issue with the change is…

“As part of the Facebook family of companies, WhatsApp receives information from, and shares information with, this family of companies,” the new privacy policy states. “We may use the information we receive from them, and they may use the information we share with them, to help operate, provide, improve, understand, customize, support, and market our Services and their offerings.”

In some cases, such as when someone uses WhatsApp to interact with third-party businesses, Facebook may also share information with those outside entities.

Ok so they can’t read your (signal) encrypted messages but like we learned a long time ago, the metadata is sometimes tells more than the actual message.

Surely its time to switch?!

No? Remember this… dumb f**ks.

Apple and their form of privacy

Apple's smug new iPhone ad says privacy matters, just ...

Ummmm right…

I get Apple are more private about data than others like Google (which pings Android phones so much people are suing for data charges) but there is something about misplaced trust with Apple which always bugs me. These latest adverts and recent news stories say it all.

Downloads outage down issues which is all around Apples Gatekeeper privacy and Apple’s latest OS update Big sur network traffic bypass.

Of course this is all clear reasons why I’m very much in the open source camp. Maybe I won’t understand the code, but someone will and can inspect it or track down the issue without signing an NDA. I urge for people to not blindly trust. Always look out for open code, zero-knowledge security, no logging, transparency, etc

Amazon halo…be afraid be very afraid

There is so much I wanted to say about the Amazon Halo health/fitness tracker. The Twit.tv video above pretty much sums up my thoughts. I haven’t read through the halo privacy policy yet, but others are picking bit out already.

Amazon Halo privacy concerns

Wherever there are body scans, always-on microphones and a tech giant in the same service, there’s bound to be security concerns. Amazon knows this, and has already outlined what privacy will look like for future Halo users.

Halo health data is encrypted in transit and in the cloud, and sensitive data, like body scan images, are deleted once processed. Meanwhile, voice analysis is processed entirely on the user’s smartphone and deleted after. Nothing is recorded for playback — users can’t even listen to their own speech samples.

All Amazon Halo data can be managed and deleted in the Halo app. Your Halo account is also separate from your Amazon Prime one, so anyone you share your Prime account with won’t be able to access your private health information.

This for me is one of the things people in the Quantified Self movement were always worried about.

Do you trust Amazon with this much personal data?
Whats the actual pay off?
Is it all actually worth it?

Then you have to ask the question what makes it different from other quantified self devices and systems?

Public Service Internet monthly newsletter (Sept 2020)

We live in incredible times with such possibilities that is clear. Although its easily dismissed seeing the 2020’s worst security breaches so far and asking what changed in the EU?.

To quote Buckminster Fuller “You never change things by fighting the existing reality. To change something, build a new model that makes the existing model obsolete.”

You are seeing aspects of this happening with challenges to app stores and seeing people take action over their social data.

My browser never ever consents

Ian thinks: One thing I like is browser extensions. This one is part of a movement to never consent to anything sites want to push us. Try it out and disable it if you don’t like it

More emerging tech from open hardware world

Ian thinks: NODE features a lot here but look out for the Edge of tomorrow exoskelton and the open cardboard robot which turns a smartphone into a low-cost remote telepresence robot.

The Underestimated Threat Vector: Homogeneity

Ian thinks: Right in the middle of the Defcon hacking virtual conference, a well thought-out talk about the threat of homogeneity. Remember not to read the comments. I could have done a whole month of recommendations for Defcon talks. I highly recommend browsing through the Defcon talks by starting at the playlists.

Thank goodness for the Max Schrems of this world

Ian thinks: I have been moving my data into EU servers when Brexit happened and its very difficult. Thanks goodness for the Max Schrems of this world, willing to go to court over this.

Build the resilient future using indigenous wisdom

Ian thinks: Julia Watson’s short TED video is deeply impressive and shows the answers are all out there, in places and communities we tend to ignore.

Paying for privacy, not ideal but interesting

Would you really abandon Google for a paid ad-free search engine? Neeva might be for you? Although I’m happy with Duckduckgo’s non-tracking ad system.

Deepfakes solution needs critical mass

Ian thinks: Its a reasonable idea but relies on people/systems creating and looking for the CAI metadata. I also checked if it was opensource and it is. I look forward to the Gimp plugin very soon.

Fawke your face for protection against facial recognition

Ian thinks: Finally a reasonable way to cloak your face from facial recognition systems like clearview AI. Nice open source which you can run without visually distorting your beautiful face.

Facebook ads under close scrutiny

Ian thinks: We all know how facebook adverts and editorial weighting works but everyonce in a while a experiment really brings it into sharp view. This Vox video is that, although they also point at the little known Facebook Ad Library.

Find the archive here

Signal what are you up to?

I love Signal and never used Whatsapp because of many reasons included in this great opinion piece. Its gotten better and better but the recent pin number is a worry. I’m not the only one.

“Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with,” Signal wrote in 2016.

That, according to critics, has now changed.

“They should have a dumb network that knows nothing because it can’t be compromised then,” The Grugq told Motherboard. “[Having contacts] is a lot. It isn’t messages, sure. But I don’t like it. I don’t want them to have anything. Make the networks dumb and the clients smart.”

I do understand why they have done it, but I don’t know where its going next. Marlnspike (head dev of Signal) replies.

Marlinspike defended the decision to enable PINs and give users a way to migrate to a new device and keep certain data, and will increase the security of users’ metadata, “new features Signal users have been asking for.”

“The purpose of PINs is to enable upcoming features like communicating without sharing your phone number. When that is released, your Signal contacts won’t be able to live in the address book on your phone anymore, since they may not have phone numbers associated with them,” Marlinspike told Motherboard. “For most users, this also increases the security of their metadata. Most people’s address book is syncing with Google or Apple, so this change will prevent Google and Apple from having access to your Signal contacts.”

Smartphone use — Photo by Gilles Lambert on Unsplash

The changes Signal has made show how there can be a tension between messenger usability and feature set and security. It’s too early to say whether you should stop using the messenger. For most users’ threat models, it’s still one of the best options. But one of the key things that set Signal apart—that it collects almost no information about its users, appears to be changing.

Convenience is the enemy of security and I would say privacy. I wouldn’t be surprised if signal gets forked.

It was always clear to me Twitter direct messages was never secure in anyway, hence why I tried to move private conversations over to another medium. If thats not email or signal what else? Recently I have been looking at a couple others…

Session which is decentralised messaging and Criptext, which is actually secure email. Both need work but have decent security.

The Houseparty is over, time for the GDPR to kick in the front door?

I requested my GDPR personal data from Houseparty/Epic games over a 2 months ago when I signed up under my spam email and slight social pressure from friends. I read the privacy policy and almost spat out my tea.

However I found I could use houseparty in a clean browser (chromium) – app.houseparty.com. as there was absolutely no way I was going to install the app on my pixel phone. After trying to play a game with friend I found the video worked but not the actual game.

As we moved on to using boardgamearena.com. I decided I wanted to delete my account and got interested to know how much data they had collected about me in my short time in houseparty.

Outcomes my GDPR request, I send it to data-requests@lifeonair.com and nothing. I resend it to support@houseparty.com and get my response. Back and forth then finally…

Houseparty Support

May 08, 2020, 20:46 +0100

Hello Ian,

Thank you for your response.

I’m glad that you’ve reached us regarding your request. We received your data request. Our team is working on pulling the data, and you will receive your data within 30 days.

Please feel free to contact us if you need any further assistance.

Regards,
Romeo Tango

As you see can see the date of May 8th was 34 days ago and yes I get Covid19 but I’m not expecting the much data back. Unless there is a ton coming my way?

Either way I’m annoyed at being messed around at the start and also them not taking it seriously. I’m still not convinced Romeo Tango is real to be honest.

So enough, I’ll let the ICO deal with it all.

Google’s COVID-19 contact tracing api

I tooted a while ago about the update and setup the blog entry but forgot to post it. So here it is… short and sweet.

Here is the only API details in Android…

Of course without an app its not active… Manchester Futurists talked about this on the latest podcast btw.

I lost all trust for Zoom yesterday…

British PM on Zoom — Wonder how many people have tried to dial into that zoom id?

Yesterday I was on a zoom call which was hijacked or zoombombed with something not just horrible but totally illegal. Because of this I have pretty much lost all trust in zoom.

This is of course very difficult as its what we use at work and of course being in the middle of the covid19 lockdown, makes things tricky. Because of this, I’m going to still use it but with much more caution and I’m going to be a lot more forceful about the hosting side of it.

Its clear war-dialers for public Zoom meetings is so easy and well used by inscrutable groups of people. Zoom could make sharable links much more difficult to war dial, similar to the way Google docs uses combinations of characters and numbers to make a much longer url, a lot harder to war-dial.

The defaults of Zoom, is setup for a semi trusted corporate environment. I understand the covid-19 pandemic changed everything but there has been many updates and only now is the defaults only just safe. Their share prices have rocketed but they are only now focused on security ahead of more features?

Their idea of end to end encryption is a total dump on top of the security findings saying some calls are being routed via China.. Today they announce you can choose your routing but you need to pay for it. More governments and companies are blocking zoom because they just don’t trust it.

Likewise neither do I… but I will use it… with caution.

I have been thinking about an equivalent, and thought about two.

I lost trust in Facebook a long while ago but still use it for volleyball events and the occasional post about something I feel could be important for friends, family and the public who don’t read my blog (as its posted on the internet already, I post publicly adopting the indieweb Posse approach, much to the surprise of some friends). For example I posted what happened on zoom yesterday there today.
Facebook was hardly trustworthy to start with and over and over again they took the living daylights with our data.
There was a point when Windows Vista pushed as the step/edition of Windows XP and I didn’t like what Microsoft had done to it. To be fair I didn’t trust them and saw shadows of where things were heading. So I switched to Ubuntu.I know the new Microsoft is quite different of course but the damage was done.

If you are hosting a Zoom call, please do lock it down theres a number of guides to help including this one.

Dropping Rescuetime for ActivityWatch

I tend to weigh up different systems and applications I use every once in a while. Especially weighing up the benefits to me.

One such application is Rescue time.

I used it in the past and over the last few months reinstalled it again. However this time I tried to automate the reports out of the free account and pretty much failed. The only way I could really do it is if I paid for the pro account at the cost of (a discounted) $6.75 per month.

So enough I thought… A little look around alternative to and decided to give Activity Watch a try.

ActivityWatch is an app that automatically tracks how you spend time on your devices.

It is open source, privacy-first, cross-platform, and a great alternative to services like RescueTime, ManicTime, and WakaTime.

It can help you keep track of time spent on different projects, kick bad screen habits, or just understand how you spend your time.

Its pretty good and doesn’t drain my laptop while watching my laptop. Of course being local and under my control only, I don’t really need to worry so much about whats collected. You can of course limit things as you go, turn off tracking or just delete the data any time.

I have it on my Dell XPS laptop and on my work phone and its good except one thing. Currently there is no sync server, so each device has its own server. But they are working on this… Once they do, I’ll likely install it on my server and put the client on more of my devices.

The other thing I’m hoping for is to see more use of the stopwatch activity watch bucket (buckets are the pools of data collected). Since Project hamster is currently being rethought and I like to track my work progress alongside my activity.

As a whole the project has a lot of potential and worth the wait I hope for the features expressed above.

Public Service Internet monthly newsletter (Oct 2019)

Carole Cadwalladr & Paul-Olivier Dehaye's deep dive into the great hack

We live in incredible times with such possibilities that is clear. Although its easily dismissed by looking down at our feet or at the endless twitter fighting.

To quote Buckminster Fuller “You never change things by fighting the existing reality. To change something, build a new model that makes the existing model obsolete.”

You are seeing aspects of this happening with Matt Mullenweg’s comments about a open and diverse web after buying tumblr.

Don’t forget if you find this useful, you will find “Public Spaces, Private Data: can we build a better internet?” at the RSA London on 21st October 2019, right up your street.

Watching the labrats scurrying away

Ian thinks: Recently read Labrats book after seeing Dan Lyons at Thinking Digital. Its quite a raw insider view on silicon valley culture, the laughable and the horrific sides in equal lashings.

The Great Hack Workshop from Mydata 2019

Ian thinks: This was one of the highlights of Mydata 2019. Carole Cadwalladr & Paul-Olivier Dehaye’s deep dive into the build up to the great hack was fascinating. Lots of useful resources were revealed.

Are Boris Johnson’s PR People Manipulating Google Search?

Ian thinks: True or not, our dependence on a single search engine/service makes any potential manipulating even more impactful.

Ted Nelson on Hypertext, Douglas Englebart and Xanadu

Ian thinks: Its always amazing to see pioneers who narrowly missed out pushing concepts which were too early, but could come back.

Look out here comes the hyperledgers

Ian thinks: More ledger/blockchain projects to power your projects than you can shake a stick at. Very happy at least some are open-source.

ReasonTV’s look at the Decentralised web

Ian thinks: I was expecting something light touch but having Cory Doctorow mainly interviewed means its got some depth.

Etiquette and privacy in the age of IoT

Ian thinks: Etiquette tends to be forgotten in the advancement of technology. I don’t consider it rude to shut off a Alexa, I’m sure others will disagree.

Tipping etiquette set by user interface

Ian thinks: Talking about etiquette, very interesting to see norms set by user interface design decisions. Obviously set to benefit the company but its stuck now.

Exploiting technology or exploited by technology?

Ian thinks: Curious tale, but it does raise a question about digital access and backups. Least we forget about power and when things go technically wrong.

Public Service Internet monthly newsletter (Sept 2019)

We live in incredible times with such possibilities that is clear. Although its easily dismissed by looking down at our feet or watch how democracy is being gamed and broken. To quote Buckminster Fuller “You never change things by fighting the existing reality. To change something, build a new model that makes the existing model obsolete.”

With a focus on new models in business, technology, society, policy, processes, etc. I present my public service internet newsletter.

You are seeing aspects of this happening as people rethink public transport.

Don’t forget if you find this useful, you will find “Public Spaces, Private Data: can we build a better internet?” at the RSA London on 21st October 2019, right up your street.

Reflections on capitalism gone wild system

Ian thinks: Rushkoff’s monologue at Betaworks Studio is breathless, funny, tragic and worth every minute of your time.

Ghosts in the smart home

Ian thinks: Lancaster University’s short about smart homes, is a design fiction which is fun, informative and enjoyable to watch. Sure some the living room of the future and petras workstream had a influence?

Black lives matter’s alternative systems

Ian thinks: Theres a question later about the media, Alicia talks about creating their own systems not just relying on what already exists.

Surveillance systems head to head

Ian thinks: Cambridge Analytica’s whistle blower and Russian investigative journalist, go head to head discussing surveillance capitalism and government surveillance.

Suicide Is an epidemic and therapy apps are not helping

Ian thinks: As we turn to apps for everything a thoughtful look at therapy apps market good and bad. Theres not an app for everything.

The real johnny mnemonic (contains surgery pictures)

Ian thinks: Ever since Quantified Self people started embedding NFC under the skin, I wondered how far it would go. Perfect name for the software

We are not ready, privacy in 2019

Ian thinks: Really good list of the leaks, abuses, dumps and thoughts if we are ready for even more? Question is how many more before the end of year?

Emotional and erotic intelligence for an enlighten future (NSFW)

Ian thinks: Although a talk about sextech is uncomfortable for people, the subject of intimacy, human connection and self reflection are so much more important than our personal discomfort.

Danilo Milovanović public space interventions

Ian thinks: Excellent to see more thoughtful playful artistic interventions in the public realm.

Facebook cafe with free drinks and privacy check-ups?

https://twitter.com/wearesorryfor/status/1162346869017763853

When I saw Jasmine’s reply to Claires tweet. I thought exactly the same thing. Its the ethical dilemma cafe, only 5 years out too late.

Facebook is looking to take the initiative in the social media privacy debate by opening a network of pop-up cafes around the UK. Each will offer patrons free drinks and a privacy checkup, to help assuage consumer concerns about their privacy online.

Facebook Café will run from 28 August to 5 September in a bid to encourage Britons to get on top of their digital footprint, helped along by free-flowing caffeine.

One of these will be located within The Attendant on Great Eastern Street, London, in response to surveys indicating that 27% of Londoners have no idea how to personalise their social media privacy parameters.

Free coffee (what kind) and teas in exchange for? Privacy advice from Facebook, Wifi snooping like most, a honeypot, or maybe a bit of social engineering from FB staff (Scientology style)?

Is it worth it? I very much doubt it but it would be fun to mess with the FB cafe staff and systems. Don’t you think?

What is Web 3.0 and Why Do We Need It?

Web 3, Parity, Polkadot, Substrate, ipfs, blockchain? Wtf?

While visiting Republica 2019 and writing my presentation about it, I was trying to make sense of the deeper decentralised web stack. Jutta Steiner gave a talk at Republica but I was a little lost in what she was talking about. It was clear it was important but I was lost in the terms.

Watching her talk from tech open air (TOA19) was a lot clearer.

She also reminded me about the web3 summit, which I wish I could attend but always felt like I might not be quite the right person for it. I look forward to hearing what comes out of it however because its clear as Jutta says

…The first time I interacted with the web like everything was open and somehow that was the the perception like we now have this great tool and sort of thought like it’s not this these closed intranets. But it’s the information superhighway we can do whatever we want but what happened really over the 30 or so years afterwards was we replicated or built a ton of intermediaries that basically sit between us and anybody we want to interact on the with on the web online, be that through what’s that when we text to someone through Facebook, venmo, whatever you use you buy anything there’s always an intermediary for something that really should be a general p2p interaction. So the problem with this really is what’s underneath this and what led to this mass these mass centralization and of power and data in the hands of very few people is the fact that we had to do this in a very centralized way because this is just how the Internet technologies of where to work so we have an underlying architecture with centralized servers where all the data is gathered because of network effect the power accumulates and accumulates, and this is a very fraught way of doing things because you have a central point of failure and that was massively exposed by the Snowden revelations I mean partly because also backdoors are built into it but partly because it’s it’s centralized architecture…

Clear reason why web 3, I think…

#web30: The world wide web at 30 years old

We owe a lot to Sir Tim Berners-Lee on the 30th Anniversary of the web.

Tim Berners-Lee helped invent the world wide web 30 years ago. And he has consistently pointed out that the original dream that gave rise to it is under threat.

It is exactly 30 years since Sir Tim submitted a paper to his colleagues at CERN, suggesting a way of sharing data across networks, under the title “Information Management: A Proposal”. The humble title belies the importance of what was contained inside, which included a complete sketch for the networked information system that would on to become the internet we know today.

But its really important to think about the next 30 years.

Surveillance capitalism and governmental/state control are hot topics which very much threaten the fabric of the web. But so does our use of the web and the way we treat each other.

I had a really good 10min talk with Sir Tim Berners-Lee during the last Mozilla Festival, while talking about Solid, Databox and data trust. What got me as we talked, was ultimately we were talking about power and where it lies. Power in the hands of governments (Chinese model) , corporations (American model) or people? (could be the European model?)

I think remembering their are humans, not eyeballs, not lefties/rightwingers, etc is so important. Lets celebrate the people of the web!

https://twitter.com/whynotadoc/status/1105400124447039489