Protecting yourself
Wer sich im Internet bewegt, muss damit rechnen, dass seine persönlichen Daten in fremde Hände geraten. Zum Glück gibt es Apps, mit denen Sie Ihre Privatsphäre schützen. Doch auch diesen müssen Sie vertrauen. ALEX HERN berichtet.
The world isn’t a binary choice between living in a surveillance state and opting out of all technological developments. You can use the technology and opt out of sharing your private information at the same time — you just have to know how. A new kind of service is trying to help ordinary users take control of their digital lives. Companies such as Disconnect and Jumbo act like a digital concierge for their users, changing privacy settings, deleting sensitive data and making surveillance difficult. However, to use the privacy apps to their fullest means giving them a level of control over your digital life that would be very easy to abuse — and it’s hard to be certain that any company can be trusted with such sensitive information.
Changing settings
The main reason for the rise of privacy apps is the increase in “settings” and “preferences” screens in our lives and the powerful options within them. Web platforms are complex, with large networks of linked services, spin-offs and acquisitions.
Each of them treats users differently, has a separate place to change privacy settings and could theoretically expose some information you would rather keep private.
What your settings are at any given moment probably depends on when you opened your account, when you last logged in and how good you are at reading pop-ups that flash in front of you when you just want to find out the address of the party you’re going to.
Facebook has even actively changed privacy settings in the past, a practice for which it was given a “consent decree” by the US Federal Trade Commission in 2011 (which it then broke during the Cambridge Analytica scandal, leading to a $5 billion (€4.5 billion) fine). But even if a company hasn’t changed your privacy settings, it can still be hard to find out exactly how much information you are making public.
For instance, whether or not Google is tracking your physical location 24/7 on an Android phone depends on when you first used Google Maps and whether you have changed any settings since. The company used to turn “location history” on by default. Now, it does not.
“It’s an unfair game between users at one end and companies at the other”
Acting as an advocate
Jumbo is an app for IOS and Android launched in 2019. Its goal is to cut through some of this confusion. The offer is simple: by downloading the app and checking a few boxes, the app automatically locks down your privacy settings on platforms that include Facebook, Google, Twitter and Amazon. Instead of you having to find every individual preferences screen and decide which settings are harmless — and which are worded to sound harmless — the app does it for you.
Pierre Valade, the company’s Brooklyn-based founder, describes its role as an advocate for users everywhere. “It’s an unfair game between users at one end and companies at the other. Companies write privacy policies with lawyers, and they make it harder for you to figure out how to opt out, how to delete your data, but as a user, you’re supposed to figure out all of that yourself. That’s the idea here: it’s about representing people and working for them, to simplify a complex system.”
The service Jumbo offers is possible because the largest technology companies can be shamed into giving users the ability to opt out of the worst violations of their privacy. Google doesn’t want you to turn off all of its ad personalization, but, the company rationalizes, most people probably won’t even know about the setting, and it satisfies the privacy warriors to have the option to remove themselves from the tracking apparatus, even if most of the world leaves the options exactly as they are.
But for the rest of the internet, shame doesn’t work. Most of the companies that track you across the internet aren’t polite enough to give you the ability to opt out, nor are they open enough for you to know they’re snooping on you in the first place. You might remember to go into the cookie settings for some websites, if you’re diligent, but eventually, you’ll forget — or visit a dubious site that disregards the law. For those sites, you need a rather pushier sort of advocate: something like Disconnect.
The company offers a service that uses ad blockers, firewalls and virtual private networks (VPNS) to sit between you and the snoopers, letting through only the information you intend to make public. “Without protection like ours, thousands of trackers collect information about our online activity when we simply use our phones or computers,” says Casey Oppenheim, the company’s co-founder. “Most of these trackers are companies we’ve never interacted with directly, yet they collect detailed profiles including our location data, browsing history and more.”
For trackers across the net, that means the app keeps a blacklist, preventing the worst offenders from loading up to protected devices at all. Then, in situations where the snoopers might be sitting between the device and the internet — think an airport Wi-fi — the app offers a simple VPN service that turns on automatically when needed, preventing anyone else on the connection from seeing what’s being shared.
Collecting your private information Anyone, that is, other than Disconnect. Because the difficult problem with the new wave of privacy apps is that, to use them, you have to trust them with your most sensitive information. Services such as Jumbo make an even bigger demand than most internet services: for that app to work, it must request and store your usernames and passwords for every service you want it to work with. These are probably the most sensitive passwords you have, considering the importance of accounts on Facebook, Google and Amazon. Both apps make it clear that they have no intention of using that information.
Disconnect’s Oppenheim says: “We don’t want, and don’t ask, users to trust us with any sensitive information. In fact, we collect as little data as possible; we don’t even require email or any personal information, and our technology is architected to not collect any user data. As per our privacy policy: ‘We don’t collect any of your personal info, including your IP address, other than information you voluntarily provide.’”
Jumbo goes a step further: the app is carefully constructed so that the most sensitive information never leaves the user’s device. It would be a lot easier for Jumbo to work as a web service, connecting to various sites from a centralized server. Instead, it operates more like a heavily automated web browser by logging on to Twitter, Facebook and the rest for you.
The process is, admittedly, arduous: the first run-through can take a long time to
“People can stop using their phone, move to India, take hash and live in the mountains”
complete and leave your phone rather hot. But founder Pierre Valade hopes it helps people trust his app with their sensitive information. “We’re trying to do a better job in the long run,” he says, “but I think that we do have a good foundation. If you go to a doctor, you have to give them your X-rays, your bloodwork. If you go to a lawyer, you have to give them the information about your case. You must trust them to work for you. But we’ve designed a technology that only works on the phone; we don’t have access to it. By design, it’s very safe. It’s not completely bulletproof, but it makes it much, much harder.”
Fighting for your trust
Ultimately, it’s about trust. That’s not unusual; after all, nearly every action you take in life is backed up by trust rather than technical guarantees. (There’s no technology, for instance, that stops the postie opening your letters and talking about them with their friends.) But the nature of their access means that the companies that provide privacy apps need to fight harder than most to prove they’re trustworthy.
For Valade, he tries to move the focus away from the fact that Jumbo is free. “Something that’s been important for us is that we’re not seen as a free product, because everyone knows there is no such thing as a free product,” he says.
Jumbo planned to introduce a subscription service in March 2020, which adds extra features for people who want to increase their privacy and security. Disconnect already has a similar option, Disconnect Premium, which offers permanent VPN use across up to three devices for $50 (€45) a year. The paid-for features, the companies hope, will convince their users that they aren’t secretly selling data on the side to fund their development. But the free tiers remain available, and, trust aside, it’s hard to see why they aren’t more popular. For some, there may be a feeling that there’s no real option to keep big tech out of our lives, and privacy apps will only ever be a partial solution.
Valade hopes otherwise: “It’s a bit like saying you shouldn’t lock the door because someone can smash a door. Yes, I think people can stop using their phone, move to India, take hash and live in the mountains. But the reality is that we can get more privacy now, within the world that we actually live in. So, our goal is to make privacy so convenient that you can actually get it. Our point is actually more about control. Are you OK with what you sign up for?