tag:theconversation.com,2011:/fr/topics/tracking-19220/articlesTracking – The Conversation2023-12-26T19:41:19Ztag:theconversation.com,2011:article/2191982023-12-26T19:41:19Z2023-12-26T19:41:19ZKeeping a streak alive can be strong motivation to stick with a chosen activity<figure><img src="https://images.theconversation.com/files/566590/original/file-20231219-17-i2u80d.jpg?ixlib=rb-1.1.0&rect=1379%2C248%2C3881%2C2980&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Neither rain, nor snow, nor sleet, nor hail shall keep a streaker from their self-appointed activity.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/photo/athletic-man-jogging-in-extreme-weather-condition-royalty-free-image/1184153812">janiecbros/E+ via Getty Images</a></span></figcaption></figure><p><a href="https://ftw.usatoday.com/2013/06/alabama-fan-attended-781-consecutive-games-before-passing-away">Dick Coffee</a> attended 781 consecutive University of Alabama football games. <a href="https://www.mensjournal.com/adventure/meg-roh-celebrates-7-years-of-surfing-every-day-by-going-surfing">Meg Roh</a> surfed through illness, storms and nightfall to maintain a seven-year daily surfing streak. <a href="https://www.nytimes.com/2022/01/01/sports/running-streak-rise.html">Jon Sutherland</a> ran at least 1 mile every day for over 52 years. </p>
<p>An activity streak has the power to compel behavior, and marketers have taken note. Marketing researchers <a href="https://scholar.google.com/citations?user=irJyTtAAAAAJ&hl=en&oi=ao">Jackie Silverman</a> and <a href="https://scholar.google.com/citations?user=Lb3D24EAAAAJ&hl=en&oi=ao">Alixandra Barasch</a> recently documented 101 unique instances, including Snapchat, Candy Crush Saga, Wordle and the Duolingo language learning platform, of apps that have <a href="https://doi.org/10.1093/jcr/ucac029">incorporated streaks into their architecture</a> by tracking the number of consecutive days users complete a task. There are even <a href="https://www.thestreakingapp.com/">apps dedicated solely to tracking streaks</a>.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/566406/original/file-20231218-15-fcjdpq.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="statistics for wins and streak with a guess distribution chart" src="https://images.theconversation.com/files/566406/original/file-20231218-15-fcjdpq.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/566406/original/file-20231218-15-fcjdpq.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=310&fit=crop&dpr=1 600w, https://images.theconversation.com/files/566406/original/file-20231218-15-fcjdpq.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=310&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/566406/original/file-20231218-15-fcjdpq.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=310&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/566406/original/file-20231218-15-fcjdpq.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=389&fit=crop&dpr=1 754w, https://images.theconversation.com/files/566406/original/file-20231218-15-fcjdpq.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=389&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/566406/original/file-20231218-15-fcjdpq.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=389&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">One user’s Wordle streak of more than a month’s worth of wins.</span>
<span class="attribution"><span class="source">Screenshot from Wordle on New York Times</span></span>
</figcaption>
</figure>
<p>What is it about streaks that makes them so compelling? <a href="https://scholar.google.com/citations?user=5yNBAfIAAAAJ&hl=en&oi=ao">I’m interested in consumer behavior and decision making</a>. For insight into streaks and their motivating influence, I conducted research, recently <a href="https://doi.org/10.1007/s11747-023-00944-4">published in the Journal of the Academy of Marketing Science</a>, on the phenomenon.</p>
<h2>What is a streak?</h2>
<p>Because there’s no generally accepted definition of what a streak is, I started by trying to define the phenomenon. Based on input from people maintaining streaks and how streaks are described in the popular media, I suggest they have four underlying characteristics.</p>
<p>First, streaks require unchanging performance and temporal parameters. In other words, rules, established by the streaker or others, define what it means to successfully complete the activity and the schedule for doing so. For example, a streak may involve completing a session of 50 pushups every calendar day.</p>
<p>Second, the streak-holder largely attributes completing the activity to his or her resolve.</p>
<p>Third, a streak is a series of the same completed activity that the person maintaining the streak considers to be uninterrupted.</p>
<p>Fourth, the streaker quantifies the series’ duration. For instance, a streak-holder can tell you exactly how many consecutive workdays they’ve biked in to the office, or they can tell you the precise date the streak began.</p>
<p>This definition distinguishes an activity streak from winning streaks and lucky streaks. Unlike activity streaks, winning streaks depend on the performance of others – an opponent – while lucky streaks involve outcomes that are not under the control of the person executing the streak.</p>
<p>My definition also highlights that streaks are perceptual. Some people who have completed an objectively uninterrupted series of an activity may not view that as a streak. Others who have not completed the activity every time the opportunity arises may believe they have a streak.</p>
<h2>Is it a streak, habit or collection?</h2>
<p>People often engage in behavior patterns, or a recurring way of acting in a given situation. A streak is a form of patterned behavior, but there are others. Most people have habits, which are <a href="https://doi.org/10.1111/j.1559-1816.1998.tb01681.x">reflexlike and triggered by the context</a>. For example, many people mindlessly fasten their seat belts upon getting in a car.</p>
<p>That automatic aspect sets a habit apart from a streak. A streak often requires the actor to have a strategy for completing the activity <a href="https://doi.org/10.2307/1252098">in various situations or contexts</a>. For example, someone with a streak of running at least 1 mile every calendar day may need to carefully plan a run when traveling across time zones.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/566591/original/file-20231219-27-q90dyb.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="man looking anxiously out airplane window" src="https://images.theconversation.com/files/566591/original/file-20231219-27-q90dyb.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/566591/original/file-20231219-27-q90dyb.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/566591/original/file-20231219-27-q90dyb.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/566591/original/file-20231219-27-q90dyb.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/566591/original/file-20231219-27-q90dyb.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/566591/original/file-20231219-27-q90dyb.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/566591/original/file-20231219-27-q90dyb.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">A streaker can get stressed when circumstances outside their control prevent them from doing the activity.</span>
<span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/photo/scared-male-passenger-looking-out-the-window-of-an-royalty-free-image/1439979538">urbazon/E+ via Getty Images</a></span>
</figcaption>
</figure>
<p>While developing a habit may be appealing because it <a href="https://www.springerprofessional.de/en/customer-inertia-marketing/18347036">minimizes thinking</a>, I discovered that the challenge of finding a way to complete the behavior can motivate many streak-holders.</p>
<p>Failing to perform a habitual behavior on occasion will have little impact on the <a href="https://doi.org/10.1037/0033-295X.114.4.843">likelihood of the person performing the behavior in the future</a>. Conversely, failing to perform a behavior that is part of a streak ends the streak.</p>
<p>For some people, ending a streak discouraged the behavior in the future: “The streak is over. Why bother?” For others, it hardened their resolve: “The streak is over. I’ve got to start another streak as soon as possible.”</p>
<p><a href="https://doi.org/10.1016/0167-4870(95)98956-X">Creating a collection</a> is another form of patterned behavior. Collections typically involve dissimilar objects connected by a common meaning. For example, Jay Leno is known for his <a href="https://cars.usnews.com/cars-trucks/features/jay-lenos-car-collection">collection of antique and exotic cars</a>. But unlike a streak, a collection does not end if someone fails to add to it every time the opportunity arises. I found that a collection of experiences or stories is often a byproduct of maintaining a streak. </p>
<h2>Why do streaks motivate behavior?</h2>
<p>By tapping into various psychological drivers of behavior, streaks can motivate people in several ways.</p>
<p>In general, a streak adds a higher-level goal (keeping the streak alive) to a lower-level goal (completing an individual activity). Streaks also add structure to an activity, and structure can <a href="https://doi.org/10.1037/0022-3514.65.1.113">simplify thinking and decision making</a>. The extent to which goal achievement or structure is important to you would influence your commitment to a streak.</p>
<p>I also found the way a streak is structured can affect the streak-holder’s commitment to it. For example, a streak of meditating at least 20 minutes each day may be more appealing, and lead to more commitment, than a streak of meditating at least 140 minutes each week. While the amount of meditating is the same in both cases, a daily streak adds structure, thus simplifying decision making, and encourages the person to regularly engage in a beneficial behavior.</p>
<p>Streaks can serve to <a href="https://doi.org/10.1007/s12599-013-0273-5">gamify</a> the underlying activity by <a href="https://theconversation.com/gamification-harnesses-the-power-of-games-to-motivate-37320">creating rules and quantifying the outcome</a>, and many people enjoy the challenge of a game.</p>
<p>Finally, I found that activities that are more relevant to one’s identity are more likely to generate commitment to a streak. If someone identifies as religious, a daily streak of praying may be more appealing than a daily streak of playing Wordle because a praying streak can provide a way of demonstrating one’s desired identity to others.</p>
<p>While streaks can compel behavior, they do not motivate all people for all situations. They can even have the opposite effect. Some people are turned off by the prospect of a streak because they’re concerned about being obligated to it, as reflected in the <a href="https://www.runeveryday.com/news/archive/newsletterV17N4.pdf">comments of a former streak runner</a>: “I realized that, if I let it, the streak could become a ‘thing’ that controlled my life, my travel, and those around me.”</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/566593/original/file-20231219-15-e39aqx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="January calendar page with 'Let's go!' sticky note on the first of the month" src="https://images.theconversation.com/files/566593/original/file-20231219-15-e39aqx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/566593/original/file-20231219-15-e39aqx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/566593/original/file-20231219-15-e39aqx.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/566593/original/file-20231219-15-e39aqx.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/566593/original/file-20231219-15-e39aqx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/566593/original/file-20231219-15-e39aqx.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/566593/original/file-20231219-15-e39aqx.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">A new page on the calendar can feel like it offers a fresh start.</span>
<span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/photo/calendar-indicating-lets-go-on-1st-january-royalty-free-image/1080219424">Isabel Pavia/Moment via Getty Images</a></span>
</figcaption>
</figure>
<h2>Streaks and the new year</h2>
<p>As the calendar turns to a new year, many people resolve to engage in self-improving behaviors that facilitate better mental or physical health. People often begin streaks on Jan. 1 or other important dates, such as holidays, birthdays or anniversaries of noteworthy events. Such temporal landmarks add meaning and structure to the streak and create a “<a href="https://doi.org/10.1287/mnsc.2014.1901">fresh start effect</a>.”</p>
<p>While many people make New Year’s resolutions, <a href="https://fisher.osu.edu/blogs/leadreadtoday/why-most-new-years-resolutions-fail#:%7E:text=Researchers%20suggest%20that%20only%209,fail%20at%20New%20Year's%20resolutions.">only a small percentage of people complete them</a>. My research suggests that structuring a resolution as a streak may be the nudge that some people need to stick with it further into the new year – and maybe far beyond.</p><img src="https://counter.theconversation.com/content/219198/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Danny Weathers does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>A streak can motivate you to keep on keeping on with behaviors ranging from praying to running to sharing pictures on social media. Here’s what goes into making them so compelling.Danny Weathers, Professor of Marketing, Clemson UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2129352023-09-18T14:25:22Z2023-09-18T14:25:22ZWild animals leave DNA on plants, making them easier to track – here’s what scientists found in a Ugandan rainforest<p>The world is losing animals at an alarming <a href="https://doi.org/10.1126/science.1244693">rate</a> due to habitat degradation, climate change and illegal human activities in the wildlife protected areas. In fact, it is estimated that, by 2100, <a href="https://www.ipbes.net/sites/default/files/spm_africa_2018_digital.pdf#page=25">more than half</a> of Africa’s bird and mammal species could be lost. </p>
<p>Efforts to conserve biodiversity depend on information about which animals are where. Tracking wildlife is instrumental. Existing tracking methods include camera trapping and line transects, which are specific areas and designed trails respectively, that can be revisited from time to time to monitor habitat conditions and species changes. These methods can be expensive, labour intensive, time consuming and difficult to use, and might not detect all the species that are present in an area. Dense rainforests present a particular problem for tracking, since the vegetation is often very thick and doesn’t let much light in.</p>
<p>Recent research has shown that vertebrates leave their DNA in the environment, both as <a href="https://www.sciencedirect.com/science/article/pii/S0960982221016900?via%3Dihub">airborne particles</a> and on <a href="https://www.nature.com/articles/s41598-023-27512-8">vegetation</a>. This offers a useful new way to monitor species. </p>
<p>Our international research team, working in the rainforest of Uganda’s Kibale National Park, wondered whether the environmental DNA methods would be useful to us. We reasoned that if animal DNA was in the air, perhaps it settled and got stuck to leaves. Waxy, sticky or indented leaf surfaces might even be ideal DNA traps. Would simply swabbing leaves collect enough DNA to monitor species and map biodiversity?</p>
<p>Our <a href="https://doi.org/10.1016/j.cub.2023.06.031">study</a> demonstrated that many birds and mammals can be detected using this simple, low tech method. It’s a promising tool for large-scale biomonitoring efforts.</p>
<h2>Kibale National Park</h2>
<p><a href="https://ugandawildlife.org/national-parks/kibale-national-park/">Kibale National Park</a> in Uganda is famous for its rich biodiversity and has earned its place as the “primate capital” of the world. It is home to 13 species of non-human primates including the endangered Red colobus monkey and chimpanzees. </p>
<p>To test our idea, the research team went into the park’s dense tropical forest armed with 24 cotton buds. Our task was to swab as many leaves as possible with each bud in three minutes.</p>
<p>To tell which animals gave rise to the DNA in the swabs, the team sequenced a short piece of DNA, called a barcode. Barcodes are distinct for each animal, so the barcode found in the swabs could be compared to a barcode library containing all animals sampled to date.</p>
<p>The team didn’t expect great results, because in rainforest conditions – hot by day, cold at night, humid and wet – DNA degrades quickly.</p>
<p>So we were surprised when the results came back from the DNA sequencer. We’d picked up over 50 species of mammals and birds and a frog, with swabs collected in just over an hour, on only 24 cotton buds.</p>
<p>We detected nearly eight animal species on each of the cotton buds. These species spanned a huge diversity, from the very large and endangered African elephant to a very small species of sunbird. </p>
<p>Detected animals included the hammer-headed fruit bat, which has a wing-span of up to one metre, monkeys like the elusive L’Hoest’s monkey and the endangered ashy red colobus, as well as rodents such as the forest giant squirrel. A great variety of birds was detected too, including the great blue turaco and the endangered gray parrot.</p>
<p>The high diversity of animals, coupled with the impressive animal detection rate per swab, suggests we can now collect a lot of animal DNA simply from leaves. The ease of sampling, a task we can ask anyone on our team to do quickly when they are in the forest, suggests we could use this method to track animal diversity in the park, particularly in areas that are rapidly changing.</p>
<p>One of the team members, Emmanuel Opito, is studying exactly these areas in the park for his doctoral project. He is trying to understand how the invasive <em>Lantana camara</em> and the woody herb <em>Acanthus pubescens</em> inhibit forest regeneration. With this leaf swabbing method, it will be easier to explore how removing invasive species and allowing the forest to regenerate will help animal biodiversity recover. </p>
<h2>Easy way to gather information</h2>
<p>Monitoring animal populations is crucial to comprehend the scale of ecosystem changes and to guide the development of effective management strategies. New technologies like these environmental DNA approaches offer promising support for these efforts. </p>
<p>Because leaf swabbing does not require fancy and expensive equipment or much training to carry out, it can easily be carried out by the staff at Uganda Wildlife Authority, field assistants or biologists working in the forest. </p>
<p>The method can also be scaled up because DNA sequencing technology is becoming more accessible and affordable post-COVID-19. There is a lot of potential for environmental DNA to contribute to biodiversity monitoring at a much larger scale and to inform biodiversity management initiatives.</p><img src="https://counter.theconversation.com/content/212935/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Patrick Omeja was supported by the International Development Research Centre.</span></em></p>Many animal species can be detected using a simple, low tech method of collecting DNA from the environment.Patrick Omeja, Senior Research Fellow and Field Director, Makerere University Biological Field Station, Makerere UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2039892023-04-19T15:58:32Z2023-04-19T15:58:32ZEmergency alert system launches in the UK: should you be worried about privacy?<figure><img src="https://images.theconversation.com/files/521614/original/file-20230418-22-qlop3w.png?ixlib=rb-1.1.0&rect=0%2C17%2C2000%2C1410&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Privacy concerns over the emergency alert? Here's what you need to know.</span> <span class="attribution"><a class="source" href="https://www.gov.uk/alerts">gov.co.uk/Shutterstock/Canva</a></span></figcaption></figure><p>When disaster strikes, it’s helpful to know what’s going on. This is why the UK government has launched an <a href="https://www.gov.uk/alerts">emergency alerts service</a>, to be used in life-threatening situations including flooding and wildfires. </p>
<p>The time has now come to test how the system works – which is why every mobile phone in the UK will get an emergency alert on Sunday, 23 April at 3pm. The message, which will appear alongside a loud alarm and vibration on millions of phones, will let the government see how this new public warning system operates. Your phone will vibrate and make a loud siren-like sound for about ten seconds – even if it’s on silent. </p>
<p><a href="https://news.sky.com/story/emergency-alerts-how-they-work-in-other-countries-including-a-few-times-when-it-has-gone-wrong-12851133">Similar systems</a> are already in place in countries such as the US, Australia, France and Japan. But while these alerts can make a <a href="https://ascelibrary.org/doi/abs/10.1061/(ASCE)1527-6988(2000)1:2(119)">big difference</a> in emergency situations, they also raise serious <a href="https://www.ohmymag.co.uk/news/uk-emergency-phone-alerts-have-citizens-concerned-about-privacy-heres-what-you-should-know_art16943.html">privacy concerns</a> which might tempt some people to <a href="https://www.gov.uk/alerts/how-alerts-work">opt out</a> from the messages. </p>
<p>Domestic violence charities have also <a href="https://www.independent.co.uk/tv/news/emergency-alerts-iphone-android-turn-off-b2314745.html">expressed concern</a> that the message and loud alarm may alert abusers to secret phones that some people experiencing violence in the home may have hidden. Women’s Aid and Refuge have both <a href="https://www.mirror.co.uk/news/uk-news/how-stop-uk-gov-emergency-29709068">issued advice</a> on how to turn the alerts off if you’re hiding a secret phone. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/MvZM-oCReu8?wmode=transparent&start=1" frameborder="0" allowfullscreen=""></iframe>
</figure>
<p>National alert systems use <a href="https://www.techopedia.com/definition/6405/cell-broadcast-cb">cell broadcasting technology</a>, which allows messages to be sent to all mobile devices within a defined area without knowing their phone numbers or locations. </p>
<p>In essence, the <a href="https://link.springer.com/article/10.1007/s11069-022-05241-x">cell broadcast system</a> is a computer that checks the message, makes sure it’s secure and valid, and then sends it via special radio signals to all the radio towers that cover the area where the message is meant to go. </p>
<p>Crucially, the message is not sent to individual phone numbers, but to groups of phones that are in the area – much like making an announcement via loudspeaker in a stadium full of people. </p>
<p><a href="https://twitter.com/HumanRights4UK/status/1637407146022240259?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1637407146022240259%7Ctwgr%5Ea710a1f9862290e12bd636dd0082e0adcbd8a495%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.ohmymag.co.uk%2Fnews%2Fuk-emergency-phone-alerts-have-citizens-concerned-about-privacy-heres-what-you-should-know_art16943.html">Fears have been expressed</a> <a href="https://www.ohmymag.co.uk/news/uk-emergency-phone-alerts-have-citizens-concerned-about-privacy-heres-what-you-should-know_art16943.html">that cell broadcasting</a> could enable mass surveillance by revealing who is in a certain area at a certain time. Or by allowing authorities to track people’s movements across different areas. But are these worries really justified?</p>
<h2>Phones at risk?</h2>
<p>The Cabinet Office <a href="https://www.bbc.co.uk/news/uk-64999417">has stated</a> that the service does not require any personal information such as someone’s identity, location, or telephone number. Nonetheless, <a href="https://www.sciencedirect.com/science/article/abs/pii/S0267364913001325?casa_token=BHpFihBaH9IAAAAA:D8Reo6QwWu5s-NdzCOg9vtLSk0jPNVmKxwuHT9W7t16bED3nt2UHqVyGlfK7hNx7kQItMBuJOQ">research</a> shows that privacy issues can happen even when personal information is not collected.</p>
<p>It’s possible, for example, that <a href="https://www.bitdefender.co.uk/blog/hotforsecurity/americas-emergency-alert-system-is-vulnerable-to-hacker-attacks-dhs-warns/">hackers could intercept</a> an emergency alert system if the alerts are not encrypted or authenticated properly, or if there are vulnerabilities in the devices or networks that receive them. Indeed, <a href="https://securityledger.com/2020/01/seven-years-later-scores-of-eas-systems-sit-un-patched-vulnerable/">warnings about lack of security</a> and potential hacks have been <a href="https://www.bleepingcomputer.com/news/security/dhs-warns-of-critical-flaws-in-emergency-alert-system-devices/">raised in the US</a> around their <a href="https://techcrunch.com/2021/08/11/fema-emergency-alert-system/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAANejl3TNI0cu8oU8Qqi24JV83k3UkN0FxG4uE31FlQDJ4mHLeqquX9nsnK19NfQHqo17BF4RbxyDfhlhfrFhcBLQ6M6NgkxDUyaYGQHI9f4rf-CQzt6S9nq42gHVCJTwm6h0FK7uwwaSblkmdkkekGJo0qTCtVfLdUJ_98q_1DBW">emergency alerts system</a>.</p>
<p>It’s also possible that <a href="https://metro.co.uk/2023/04/18/be-wary-of-phishing-scams-posing-as-emergency-alerts-warns-expert-18632557/">scammers</a> could use the opportunity to send false alerts to phones that include bogus links. The official alert won’t include any links or requests to reply.</p>
<p>And of course, alerts can be sent in error. In 2018, widespread panic was witnessed in Hawaii after an early-morning emergency alert mistakenly warned of an incoming ballistic missile attack. </p>
<figure class="align-center ">
<img alt="Emergency Alert" src="https://images.theconversation.com/files/521609/original/file-20230418-920-j5mbhf.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/521609/original/file-20230418-920-j5mbhf.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=519&fit=crop&dpr=1 600w, https://images.theconversation.com/files/521609/original/file-20230418-920-j5mbhf.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=519&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/521609/original/file-20230418-920-j5mbhf.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=519&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/521609/original/file-20230418-920-j5mbhf.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=652&fit=crop&dpr=1 754w, https://images.theconversation.com/files/521609/original/file-20230418-920-j5mbhf.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=652&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/521609/original/file-20230418-920-j5mbhf.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=652&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">This message set off widespread panic.</span>
<span class="attribution"><a class="source" href="https://twitter.com/JerryDunleavy/status/952257206208131073/photo/1">Twitter</a></span>
</figcaption>
</figure>
<p>Hypothetically speaking, it may also be possible to profile people through an alert system. If someone acknowledges an alert quickly or follows the instructions in the alert, it could indicate that they are compliant and cooperative. </p>
<p>Whereas, if someone ignores an alert or does not follow the instructions, it could indicate that they are rebellious or suspicious. China did a similar thing in terms of <a href="https://www.cpomagazine.com/data-privacy/china-adds-covid-19-contagion-risk-ratings-to-individual-profiles-in-national-surveillance-system/">contagion risk</a> during the height of <a href="https://www.nytimes.com/2020/03/23/technology/coronavirus-surveillance-tracking-privacy.html">COVID-19</a>. </p>
<p>While the UK government says data isn’t being collected and a response isn’t required to the alert in this scenario, it should be said that, over the last ten years, the UK government’s track record in terms of state surveillance has been far from exemplary. </p>
<h2>State surveillance</h2>
<p>More specifically, the UK government has a history of <a href="https://www.amnesty.org/en/latest/press-release/2021/05/uk-surveillance-gchq-ecthr-ruling/">abusing its surveillance powers</a> and <a href="https://www.theguardian.com/world/2016/nov/19/extreme-surveillance-becomes-uk-law-with-barely-a-whimper">violating people’s privacy rights</a>, often without public knowledge or consent. </p>
<p>In a series of <a href="https://hudoc.echr.coe.int/eng#%7B%22itemid%22:%5B%22001-186048%22%5D%7D">high-profile</a> <a href="https://www.judiciary.uk/judgments/the-queen-v-secretary-of-state-for-the-home-secretary-of-state-for-foreign-and-commonwealth-affairs/">legal cases</a>, the UK security services have been found to be in unlawful overreach of their data surveillance powers, with successive home secretaries failing to hold them to account.</p>
<p>It’s also been discovered that UK security services have <a href="https://www.theguardian.com/technology/2013/jun/07/uk-gathering-secret-intelligence-nsa-prism">shared data</a> with foreign intelligence agencies, such as the US National Security Agency, without ensuring adequate protection of people’s privacy rights. With such a track record, it’s not surprising that there’s some scepticism when it comes to the government’s management of the emergency alerts system.</p>
<p><a href="https://www.businessinsider.com/countries-tracking-citizens-phones-coronavirus-2020-3?r=US&IR=T">Fears around privacy</a> are also <a href="https://www.cnbc.com/2020/03/27/coronavirus-surveillance-used-by-governments-to-fight-pandemic-privacy-concerns.html">understandable</a> given <a href="https://www.securityinfowatch.com/alarms-monitoring/emergency-safety-equipment/mass-notification-solutions/article/21209007/when-saving-lives-infringes-on-personal-privacy">concerns</a> about how similar systems could operate further afield. If a government already monitors the mobile device of a journalist, activist or whistleblower, for example – a practice that is unfortunately <a href="https://www.amnesty.org/en/latest/news/2022/07/the-pegasus-project-one-year-on-spyware-crisis-continues-after-failure-to-clamp-down-on-surveillance-industry/">not uncommon</a> <a href="https://www.theguardian.com/world/2021/jul/18/ft-editor-roula-khalaf-among-180-journalists-targeted-nso-spyware">even in Europe</a> – it’s possible they could then narrow down the location of that person by checking whether they receive alerts that are sent to a specific area. </p>
<p>Despite these issues, <a href="https://www.theweek.co.uk/news/technology/960516/pros-and-cons-of-the-emergency-alert">on balance</a>, national alert systems are a useful tool for informing and protecting the public in case of emergencies. And instructing people to deactivate this function in their phones would not be responsible. At the same time, it’s a major oversimplification to <a href="https://www.avonandsomerset.police.uk/news/2023/04/emergency-alerts-national-test-to-take-place-on-sunday-23-april/">claim</a> there are no privacy risks whatsoever because the system <a href="https://fullfact.org/online/emergency-phone-alert-gdpr/">does not collect personal information</a>. </p>
<p>Indeed, <a href="https://www.pinsentmasons.com/out-law/news/uk-government-to-loosen-privacy-rules-to-enable-implementation-of-a-national-public-emergency-alert-system">privacy is not a luxury</a> or a privilege. It is a fundamental <a href="https://www.equalityhumanrights.com/en/human-rights-act/article-8-respect-your-private-and-family-life#:%7E:text=Article%208%3A%20Right%20to%20privacy,his%20home%20and%20his%20correspondence.">human right</a> that deserves respect and protection. This is why robust oversight of emergency alert systems is required to ensure they are not abused by governments.</p><img src="https://counter.theconversation.com/content/203989/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Stergios Aidinlis does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Emergency alerts system: a lifesaving service or a threat to privacy?Stergios Aidinlis, Lecturer in Law, Keele UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1842192022-07-05T12:14:29Z2022-07-05T12:14:29ZBrowser cookies make people more cautious online, study finds<figure><img src="https://images.theconversation.com/files/471474/original/file-20220628-14476-ro18kw.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C8256%2C5487&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Cookie notifications become a ubiquitous aspect of online life.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/news-photo/november-2021-lower-saxony-oldenburg-a-person-has-a-mobile-news-photo/1236887868">Mohssen Assanimoghaddam/picture alliance via Getty Images</a></span></figcaption></figure><p>Website cookies are online surveillance tools, and the commercial and government entities that use them would <a href="https://techcrunch.com/2015/08/21/agree-to-disagree/">prefer people not read</a> those notifications too closely. People who do read the notifications carefully will find that they have the option to say no to some or all cookies.</p>
<p>The problem is, without careful attention those notifications become an annoyance and a subtle reminder that your online activity can be tracked.</p>
<p>As a researcher who <a href="https://scholar.google.com/citations?user=7cJhUEkAAAAJ&hl=en">studies online surveillance</a>, I’ve found that failing to read the notifications thoroughly can lead to negative emotions and affect what people do online. </p>
<h2>How cookies work</h2>
<p>Browser cookies are not new. <a href="https://qz.com/2000350/the-inventor-of-the-digital-cookie-has-some-regrets/">They were developed in 1994</a> by a Netscape programmer in order to optimize browsing experiences by exchanging users’ data with specific websites. These small text files allowed websites to remember your passwords for easier logins and keep items in your virtual shopping cart for later purchases. </p>
<p>But over the past three decades, cookies have evolved to track users across websites and devices. This is how items in your Amazon shopping cart on your phone can be used to tailor the ads you see on Hulu and Twitter on your laptop. One study found that 35 of 50 popular websites <a href="https://theconversation.com/cookies-i-looked-at-50-well-known-websites-and-most-are-gathering-our-data-illegally-176203">use website cookies illegally</a>. </p>
<p>European regulations <a href="https://gdpr.eu/cookies/">require websites to receive your permission</a> before using cookies. You can avoid this type of third-party tracking with website cookies by carefully reading platforms’ privacy policies and opting out of cookies, but people generally aren’t doing that.</p>
<p><a href="https://doi.org/10.1080/1369118X.2018.1486870">One study</a> found that, on average, internet users spend just 13 seconds reading a website’s terms of service statements before they consent to cookies and other outrageous terms, such as, as the study included, exchanging their first-born child for service on the platform.</p>
<p>These terms-of-service provisions are cumbersome and intended to create friction.</p>
<p><a href="https://www.degruyter.com/document/doi/10.23943/9781400890057/html">Friction</a> is a technique used to slow down internet users, either to maintain governmental control or reduce customer service loads. Autocratic governments that want to maintain control via state surveillance without jeopardizing their public legitimacy frequently use this technique. Friction involves building frustrating experiences into website and app design so that users who are trying to avoid monitoring or censorship become so inconvenienced that they ultimately give up. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/HFyaW50GFOs?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Browser cookies explained.</span></figcaption>
</figure>
<h2>How cookies affect you</h2>
<p>My newest research sought to understand how website cookie notifications are used in the U.S. <a href="https://doi.org/10.1080/19331681.2022.2063215">to create friction and influence user behavior</a>.</p>
<p>To do this research, I looked to the concept of mindless compliance, an idea made infamous by Yale psychologist Stanley Milgram. <a href="https://www.simplypsychology.org/milgram.html">Milgram’s experiments</a> – now considered a radical breach of research ethics – asked participants to administer electric shocks to fellow study takers in order to test obedience to authority. </p>
<p>Milgram’s research demonstrated that people often consent to a request by authority without first deliberating on whether it’s the right thing to do. In a much more routine case, I suspected this is also what was happening with website cookies. </p>
<p>I conducted a large, nationally representative experiment that presented users with a boilerplate browser cookie pop-up message, similar to one you may have encountered on your way to read this article. </p>
<p>I evaluated whether the cookie message triggered an emotional response – either anger or fear, which are both expected responses to online friction. And then I assessed how these cookie notifications influenced internet users’ willingness to express themselves online. </p>
<p>Online expression is central to democratic life, and <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2959611">various types of internet monitoring are known to suppress it</a>. </p>
<p>The results showed that cookie notifications triggered strong feelings of anger and fear, suggesting that website cookies are no longer perceived as the helpful online tool they were designed to be. Instead, they are a hindrance to accessing information and making informed choices about one’s privacy permissions.</p>
<p>And, as suspected, cookie notifications also reduced people’s stated desire to express opinions, search for information and go against the status quo. </p>
<h2>Cookie solutions</h2>
<p>Legislation regulating cookie notifications like the <a href="https://gdpr.eu/">EU’s General Data Protection Regulation </a> and <a href="https://oag.ca.gov/privacy/ccpa">California Consumer Privacy Act</a> were designed with the public in mind. But notification of online tracking is creating an unintentional boomerang effect. </p>
<p>There are three design choices that could help. First, making consent to cookies more mindful, so people are more aware of which data will be collected and how it will be used. This will involve changing the default of website cookies from opt-out to opt-in so that people who want to use cookies to improve their experience can voluntarily do so. </p>
<p>Second, cookie permissions change regularly, and what data is being requested and how it will be used should be front and center.</p>
<p>And third, U.S. internet users should possess the right to be forgotten, or the right to remove online information about themselves that is harmful or not used for its original intent, including the data collected by tracking cookies. This is a provision granted in the General Data Protection Regulation but does not extend to U.S. internet users.</p>
<p>In the meantime, I recommend that people read the terms and conditions of cookie use and accept only what’s necessary.</p><img src="https://counter.theconversation.com/content/184219/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Elizabeth Stoycheff has received funding from WhatsApp and Facebook for other endeavors, but that has no bearing on these research findings. </span></em></p>Cookie notifications remind people that they are being tracked, which affects how people behave online.Elizabeth Stoycheff, Associate Professor of Communication, Wayne State UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1792662022-05-27T12:33:01Z2022-05-27T12:33:01ZStudents are often segregated within the same schools, not just by being sent to different ones<figure><img src="https://images.theconversation.com/files/465073/original/file-20220524-22-jiazkf.jpg?ixlib=rb-1.1.0&rect=9%2C27%2C6029%2C3983&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Classmates in grades 3, 4 and 5 are more likely to come from diverse economic backgrounds than their schoolmates in grades 6, 7 and 8.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/news-photo/students-pass-a-beach-ball-to-the-next-person-on-the-list-news-photo/1334723214">Paul Bersebach, MediaNews Group/Orange County Register via Getty Images</a></span></figcaption></figure><p><em>The <a href="https://theconversation.com/us/topics/research-brief-83231">Research Brief</a> is a short take about interesting academic work.</em> </p>
<h2>The big idea</h2>
<p>Children from low-income households are <a href="https://doi.org/10.3102/0013189X221081853">increasingly being segregated into different classrooms</a> from their peers from higher-income households, according to recent research <a href="https://scholar.google.com/citations?user=NOT4bMEAAAAJ&hl=en&oi=ao">I</a> have conducted with education policy scholar <a href="https://www.american.edu/spa/faculty/marcotte.cfm">Dave E. Marcotte</a>.</p>
<p>From 2007 to 2014, we tracked all North Carolina public school students statewide, from third through eighth grades, observing how the students were grouped into math and English language arts classes by each school’s process for creating class groups.</p>
<p>We used course enrollment data to figure out how many students in each classroom were from families whose incomes are at or below 185% of the federal poverty threshold – and how many were not. We found that those economically disadvantaged students were increasingly likely to be concentrated in a subset of classrooms rather than spread out relatively evenly throughout the school. </p>
<p><iframe id="eaY3H" class="tc-infographic-datawrapper" src="https://datawrapper.dwcdn.net/eaY3H/9/" height="400px" width="100%" style="border: none" frameborder="0"></iframe></p>
<h2>Why it matters</h2>
<p>Often school segregation is thought about as Black and white students being forced to attend <a href="https://doi.org/10.1111/tsq.12010">different schools</a>. This makes sense given the <a href="https://library.law.howard.edu/civilrightshistory/blackrights/jimcrow">history of Jim Crow</a> – a 19th- and 20th-century legal system meant to <a href="https://www.ferris.edu/HTMLS/news/jimcrow/what.htm">relegate Black people to second-class status</a> in white society – and <a href="https://doi.org/10.1146/annurev-soc-071913-043152">court orders to desegregate schools</a>. </p>
<p>Another aspect of this issue is how students are sorted into classrooms within schools. A 2021 study found that more racially diverse schools are <a href="https://doi.org/10.1007/s12552-020-09309-w">more likely to have classrooms that are more segregated</a> than schools that are less diverse overall.</p>
<p>Researchers have recently begun to identify <a href="https://doi.org/10.3102/0002831216652722">rising levels of segregation between schools</a> based not just on race, but also on household income.</p>
<p>Students from wealthier households are more likely than their less-well-off peers to have <a href="https://www.russellsage.org/publications/whither-opportunity">higher academic achievement as measured by test scores</a> and to <a href="https://doi.org/10.1177/2332858416645834">attend and complete college</a>.</p>
<p>Efforts to provide equitable opportunities for all students often focus on comparing funding and staffing between schools. Indeed, lower levels of school funding lead to <a href="https://doi.org/10.1093/qje/qjv036">lower educational attainment and lower wages in adulthood</a>.</p>
<p>However, resources can also be distributed inequitably within schools, on a classroom-by-classroom basis. For instance, <a href="https://doi.org/10.1016/j.jpubeco.2010.11.009">more experienced teachers raise student test scores more than novice teachers, on average</a>. However, novice teachers are <a href="https://doi.org/10.3102/0013189X13495087">frequently assigned to classrooms with more low-income students</a>. Therefore, the more students are separated along lines of household income, the more likely poorer students are to fall behind academically.</p>
<h2>What still isn’t known</h2>
<p>We aren’t sure why there is an increase in segregation within schools by household income. One potential reason could be an increase in what is called “<a href="https://doi.org/10.1207/s15430421tip4501_2">academic tracking</a>,” which is the process of grouping students into classes based on their prior achievement, such as performance on standardized tests. </p>
<p>If <a href="https://doi.org/10.1257/aer.102.5.1927">low-income students perform worse on standardized tests than their peers</a>, they may be placed in lower tracks. However, standardized test scores may not accurately reflect ability for low-income students, since <a href="https://doi.org/10.1016/j.appdev.2003.09.002">students from marginalized groups perform disproportionately worse</a> on assessments.</p>
<p>If in fact test scores do accurately reflect ability, there may be <a href="https://doi.org/10.1257/aer.101.5.1739">some educational advantages</a> to track students into certain classes. However, researchers have long argued that <a href="https://doi.org/10.1177%2F019263658506948430">tracking perpetuates inequalities between low- and high-tracked students</a>. For example, students who are placed on lower tracks than their peers <a href="https://doi.org/10.1002/berj.3172">suffer from lower self-esteem</a> and are <a href="https://doi.org/10.1177/0895904816681526">not as well prepared for college success</a> as higher-tracked students with similar test scores.</p>
<p>The <a href="https://www.axios.com/2021/09/22/charter-school-pandemic-enrollment-growth">growth in charter school enrollments</a> over the past two decades could also contribute to the increases in within-school segregation by income that we find. Public school principals who fear their students may depart for charters may attempt to retain them <a href="https://doi.org/10.3102/0162373715577447">by introducing specialized curricula or expanding gifted and talented programs</a>. If these programs continue to primarily serve students from families with higher incomes, that could increase income segregation within schools. This is a possibility we are exploring.</p><img src="https://counter.theconversation.com/content/179266/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Kari Dalane and Dave Marcotte received funding from the Smith Richardson Foundation.</span></em></p>In middle school classes, students from lower-income families tended to be concentrated in just a few classrooms, new research from North Carolina has found.Kari Dalane, Ph.D. Candidate in Public Administration and Policy, American University School of Public AffairsLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1753162022-01-27T18:56:28Z2022-01-27T18:56:28ZOttawa’s use of our location data raises big surveillance and privacy concerns<figure><img src="https://images.theconversation.com/files/442544/original/file-20220125-23-1arca3.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C5615%2C3159&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Cellular phones track and reveal owners' movements, generating useful data for pandemic tracking.</span> <span class="attribution"><span class="source">(Shutterstock)</span></span></figcaption></figure><p>News recently broke that <a href="https://nationalpost.com/news/canada/canadas-public-health-agency-admits-it-tracked-33-million-mobile-devices-during-lockdown">the Public Health Agency of Canada (PHAC)</a> had been <a href="https://buyandsell.gc.ca/procurement-data/tender-notice/PW-21-00979277">procuring location data</a> from millions of mobile devices to study how COVID-19 lockdowns were working. </p>
<p>Appalled opposition MPs called for an emergency meeting of the ethics committee of the House of Commons, fearing that the pandemic was being used as an excuse to scale up surveillance. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/MTn1bNmvi0w?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Global News reports on the Canadian government’s use of location data.</span></figcaption>
</figure>
<p>At the same time, <a href="https://www.dagstuhl.de/en/program/calendar/semhp/?semnr=22022">our group of interdisciplinary experts from around the world</a> convened at a research retreat on the subject of the ethics of mobility data analysis. Computer scientists, together with philosophers and social scientists, looked at the ethical challenges posed by the uses of mobility data, especially those legitimized by the pandemic. </p>
<h2>The collection and use of location data</h2>
<p>Telecommunications providers like Telus and Rogers know where cellphones are located by triangulation from the cell towers to which each phone connects. The data is a commodity and <a href="https://www.telus.com/en/about/privacy/data-for-good/">they share it, in anonymized form, with others, including academics</a>. </p>
<p>Smartphones can also use the <a href="https://electronics.howstuffworks.com/gps-phone.htm">global positioning system (GPS)</a> or their connection to Wi-Fi access points to collect location data and share it with companies to receive customized services, like navigation or recommendations. </p>
<p>Many companies are interested in gathering location data even when their services don’t require it, as selling that data to other companies is an attractive prospect. For example, <a href="https://twitter.com/TectonixGEO/status/1242628347034767361">Tectonix tweeted</a> in 2020 about a dashboard it had developed with data acquired from <a href="https://xmode.io/">X-Mode</a> to track the cellphones of <a href="https://www.cnn.com/2020/04/04/tech/location-tracking-florida-coronavirus/index.html">people who partied on a Fort Lauderdale beach</a> during spring break in March.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1242628347034767361"}"></div></p>
<h2>Not so anonymous</h2>
<p>Companies and data brokers may claim to only store or sell anonymized location data, but that’s little comfort when <a href="https://doi.org/10.1038/s41467-019-10933-3">location data itself is so identifiable and revealing</a>. In particular, and contrary to popular belief, it’s almost impossible to make detailed location data truly anonymous. Even if a sequence of locations visited by an individual is stripped of any connection to that person’s name or other identifiers, the <a href="https://doi.org/10.1016/j.jcss.2014.04.024">possibility of re-identification due to the inherent information contained in this trajectory</a> must be considered. </p>
<p>It becomes quite simple to look up who lives at a given location and assume that where someone spends their days is their work, and where they are in the evenings is their home, and this can uniquely identify a person. </p>
<p>Similar to records of a person’s online activities, the places visited can also reveal sensitive data such as health (repeated visits to a particular clinic), religion, hobbies and family (where your children go to school). Location data is hard to anonymize and can be used to re-identify a person, and all sorts of other information can be inferred from patterns of movement.</p>
<p>Government agencies like PHAC want to use mobility data to understand trends in the “<a href="https://health-infobase.canada.ca/covid-19/covidtrends/?HR=1,4834&mapOpen=false">movement of populations during the COVID‑19 pandemic</a>” to study how the disease spreads and also to monitor how measures put in place, such as the confinement, are respected by the population. </p>
<p><a href="https://www.ctvnews.ca/politics/opposition-parties-team-up-to-call-emergency-house-health-ethics-committee-meetings-1.5734269">The fear expressed by Conservative and Bloc Québécois members of Parliament</a> is that the government is using the pandemic to justify a new level of surveillance of Canadians that could continue even after the pandemic is over. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/health-data-collected-during-the-coronavirus-pandemic-needs-to-be-managed-responsibly-141978">Health data collected during the coronavirus pandemic needs to be managed responsibly</a>
</strong>
</em>
</p>
<hr>
<h2>Best practices</h2>
<p>If governments are going to promote contact tracing or collecting mobility data for health reasons such as transmission of COVID-19, <a href="https://www.eff.org/deeplinks/2020/04/challenge-proximity-apps-covid-19-contact-tracing">best practices</a> suggest that the scope should be clearly defined, the information gathered kept to a minimum and there should be an expiry date for the project after which it’s reviewed. Some specific practices that government agencies like PHAC might consider include:</p>
<p>First, as PHAC is discovering, transparency is key: be transparent about what information is sought, how it will be stored and for how long, who will have access and what outcomes are anticipated. </p>
<p>In particular, due to its sensitivity with respect to privacy but also other ethical issues — such as the risks of stigmatization of particular groups in the population — the collection and analysis of large location datasets by governments should be made public from the beginning in a manner similar to the discussions around contact-tracing applications. </p>
<p>Location data isn’t representative since some groups, like children or the elderly, are less likely to carry smartphones, while others are more tech-savvy. Biased data needs to be accounted for, and transparency is a way for the public to audit the use of such data. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/race-based-covid-19-data-may-be-used-to-discriminate-against-racialized-communities-138372">Race-based COVID-19 data may be used to discriminate against racialized communities</a>
</strong>
</em>
</p>
<hr>
<p>Second, any organization gathering or working with data should develop a <a href="https://assistant.portagenetwork.ca/">data-management plan</a> that covers how it will deal with security and privacy implications. </p>
<p>Transparency and accountability around data plans is part of ensuring long-term ethical maintenance. Mobility data can easily be misused by third parties to make inappropriate inferences about citizens, so brokers, governments and researchers need to plan for how they will share data. This is especially true for researchers who value preservation of research data to enable replication and further research. </p>
<p>Open datasets allow results to be replicated and new research to be imagined combining past datasets, but openly shared datasets can also be used to re-identify people in inappropriate ways. The way data is anonymized before being shared is of great importance. It should also be made public to be open to the scrutiny of experts or associations concerned about privacy. </p>
<p>Third, civil society organizations need to be engaged in a dialogue around government policies, regulations and bias. Public trust in government surveillance and academic research needs to be developed and maintained — before there are scandals, not after.</p>
<p>We especially need to talk about who is represented and who is excluded, and what the implications are. For example, if the elderly or economically disadvantaged are less likely to have smartphones, then mobility data may under-represent their interests. That’s detrimental if this data is used to guide public policies. </p>
<p>Finally, we all need to contribute to the development of a new consensus around surveillance whether by governments, companies or researchers. PHAC could lead a conversation around health surveillance.</p>
<p>As the pandemic has shown, public trust in health measures is important to their success. Transparency followed by dialogue could allow appropriate data gathering and use, while still enabling useful research, especially in times of crisis.</p>
<p><em>Chiara Renso of the Institute of Information Science and Technologies of National Research Council of Italy co-authored this article.</em></p><img src="https://counter.theconversation.com/content/175316/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Geoffrey M Rockwell receives funding from the Social Science and Humanities Research Council of Canada and holds a leadership role in the Canadian Society for Digital Humanities. He has also received funding from the Alberta Machine Intelligence Institute. He is affiliated with the AI, People, and Society Initiative sponsored by the ATB AI Lab. </span></em></p><p class="fine-print"><em><span>Bettina Berendt receives funding from the German Federal Ministry of Education and Research (BMBF) – Nr. 16DII113f. </span></em></p><p class="fine-print"><em><span>Florence Chee does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p><p class="fine-print"><em><span>Jeanna Matthews is affiliated with and holds leadership roles within the Association for Computing Machinery (ACM) and Institute of Electrical and Electronics Engineers (IEEE).</span></em></p><p class="fine-print"><em><span>Sébastien Gambs receives funding from the Natural Sciences and Engineering Research Council (NSERC) of Canada, through the Discovery grant program, as well as from the Canada Research Chair program. </span></em></p>In order to track the pandemic, the Public Health Agency of Canada has been using location data without explicit and informed consent. Transparency is key to building and maintaining trust.Geoffrey M Rockwell, Professor of Philosophy and Digital Humanities, University of AlbertaBettina Berendt, Professor, Internet and Society, Technische Universität BerlinFlorence M. Chee, Associate Professor of Digital Communication, Loyola University ChicagoJeanna Matthews, Professor of Computer Science, Clarkson UniversitySébastien Gambs, Professor, Computer Science, Université du Québec à Montréal (UQAM)Licensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1653822021-08-09T12:26:14Z2021-08-09T12:26:14ZWhat is Pegasus? A cybersecurity expert explains how the spyware invades phones and what it does when it gets in<figure><img src="https://images.theconversation.com/files/415046/original/file-20210806-90251-104b4rt.jpg?ixlib=rb-1.1.0&rect=8%2C0%2C5455%2C3645&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">A woman holds a phone in front of the office of NSO Group, which makes a tool that can see and hear everything a phone is used for.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/news-photo/an-israeli-woman-uses-her-iphone-in-front-of-the-building-news-photo/596871396">Jack Guez/AFP via Getty Images</a></span></figcaption></figure><p>End-to-end encryption is technology that scrambles messages on your phone and unscrambles them only on the recipients’ phones, which means anyone who intercepts the messages in between can’t read them. Dropbox, Facebook, Google, Microsoft, Twitter and Yahoo are among the companies whose apps and services <a href="https://www.eff.org/encrypt-the-web-report">use end-to-end encryption</a>.</p>
<p>This kind of encryption is good for protecting your privacy, but <a href="https://www.washingtonpost.com/politics/2021/03/04/cybersecurity-202-fbi-renews-attack-encryption-ahead-another-possible-attack-capitol/">governments don’t like it</a> because it makes it difficult for them to spy on people, whether tracking criminals and terrorists or, as some governments have been known to do, snooping on dissidents, protesters and journalists. Enter an Israeli technology firm, <a href="https://www.nsogroup.com/">NSO Group</a>.</p>
<p>The company’s flagship product is Pegasus, <a href="https://techterms.com/definition/spyware">spyware</a> that can stealthily enter a smartphone and gain access to everything on it, including its camera and microphone. Pegasus is designed to infiltrate devices running Android, Blackberry, iOS and Symbian <a href="https://techterms.com/definition/operating_system">operating systems</a> and turn them into surveillance devices. The company says it sells Pegasus <a href="https://www.nsogroup.com/about-us/">only to governments</a> and only for the purposes of tracking criminals and terrorists.</p>
<h2>How it works</h2>
<p><a href="https://economictimes.indiatimes.com/tech/trendspotting/what-is-pegasus-spyware-and-how-it-works/articleshow/84607533.cms">Earlier version of Pegasus</a> were installed on smartphones through <a href="https://nvd.nist.gov/vuln">vulnerabilities</a> in commonly used apps or by <a href="https://www.trendmicro.com/vinfo/us/security/definition/spear-phishing">spear-phishing</a>, which involves tricking a targeted user into clicking a link or opening a document that secretly installs the software. It can also be installed over a wireless <a href="https://www.pcmag.com/encyclopedia/term/transceiver">transceiver</a> located near a target, or manually if an agent can steal the target’s phone.</p>
<figure class="align-right zoomable">
<a href="https://images.theconversation.com/files/415050/original/file-20210806-19-17pnxr8.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="Close-up of an icon on a smartphone screen" src="https://images.theconversation.com/files/415050/original/file-20210806-19-17pnxr8.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/415050/original/file-20210806-19-17pnxr8.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/415050/original/file-20210806-19-17pnxr8.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/415050/original/file-20210806-19-17pnxr8.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/415050/original/file-20210806-19-17pnxr8.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=502&fit=crop&dpr=1 754w, https://images.theconversation.com/files/415050/original/file-20210806-19-17pnxr8.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=502&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/415050/original/file-20210806-19-17pnxr8.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=502&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Pegasus can infiltrate a smartphone via the widely used messaging app WhatsApp without the phone’s user noticing.</span>
<span class="attribution"><a class="source" href="https://flickr.com/photos/140988606@N08/25076398627/">Christoph Scholz/Flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span>
</figcaption>
</figure>
<p>Since 2019, Pegasus users have been able to install the software on smartphones with a <a href="https://economictimes.indiatimes.com/tech/trendspotting/what-is-pegasus-spyware-and-how-it-works/articleshow/84607533.cms">missed call on WhatsApp</a>, and can even delete the record of the missed call, making it impossible for the the phone’s owner to know anything is amiss. Another way is by simply sending a message to a user’s phone that produces no notification. </p>
<p>This means the latest version of this spyware does not require the smartphone user to do anything. All that is required for a successful spyware attack and installation is having a particular vulnerable app or operating system installed on the device. This is known as a <a href="https://www.news18.com/news/tech/explained-what-are-zero-click-hacks-and-why-are-they-such-a-menace-3988664.html">zero-click exploit</a>.</p>
<p>Once installed, Pegasus can theoretically <a href="https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html">harvest any data</a> from the device and transmit it back to the attacker. It can steal photos and videos, recordings, location records, communications, web searches, passwords, call logs and social media posts. It also has the capability to activate cameras and microphones for real-time surveillance without the permission or knowledge of the user. </p>
<h2>Who has been using Pegasus and why</h2>
<p>NSO Group says it builds Pegasus solely for governments to use in counterterrorism and law enforcement work. The company markets it as a targeted spying tool to track criminals and terrorists and not for mass surveillance. The company does not disclose its clients.</p>
<p>The <a href="https://www.ynetnews.com/articles/0,7340,L-5444330,00.html">earliest reported use</a> of Pegasus was by the Mexican government in 2011 to track notorious drug baron Joaquín “El Chapo” Guzmán. The tool was also reportedly used to <a href="https://www.washingtonpost.com/investigations/interactive/2021/jamal-khashoggi-wife-fiancee-cellphone-hack/">track people</a> close to murdered Saudi journalist Jamal Khashoggi.</p>
<p>It is unclear who or what types of people are being targeted and why. However, <a href="https://www.bbc.com/news/technology-57881364">much of the recent reporting</a> about Pegasus centers around a list of 50,000 phone numbers. The list has been attributed to NSO Group, but the list’s origins are unclear. A statement from Amnesty International in Israel stated that <a href="https://twitter.com/KimZetter/status/1418212758185648146">the list contains phone numbers</a> that were marked as “of interest” to NSO’s various clients, though it’s not known if any of the phones associated with numbers have actually been tracked. </p>
<p>A media consortium, <a href="https://forbiddenstories.org/case/the-pegasus-project/">the Pegasus Project</a>, analyzed the phone numbers on the list and identified over 1,000 people in over 50 countries. The findings included people who appear to fall outside of the NSO Group’s restriction to investigations of criminal and terrorist activity. These include politicians, government workers, journalists, human rights activists, business executives and Arab royal family members. </p>
<h2>Other ways your phone can be tracked</h2>
<p>Pegasus is breathtaking in its stealth and its seeming ability to take complete control of someone’s phone, but it’s not the only way people can be spied on through their phones. Some of the ways phones <a href="https://ssd.eff.org/en/playlist/privacy-breakdown-mobile-phones">can aid surveillance and undermine privacy</a> include location tracking, eavesdropping, <a href="https://techterms.com/definition/malware">malware</a> and collecting data from sensors. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/415049/original/file-20210806-90685-1xfv372.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="An electronic device with handles on either side of a front panel containing buttons and lights and a graphic representation of a stingray" src="https://images.theconversation.com/files/415049/original/file-20210806-90685-1xfv372.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/415049/original/file-20210806-90685-1xfv372.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=384&fit=crop&dpr=1 600w, https://images.theconversation.com/files/415049/original/file-20210806-90685-1xfv372.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=384&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/415049/original/file-20210806-90685-1xfv372.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=384&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/415049/original/file-20210806-90685-1xfv372.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=482&fit=crop&dpr=1 754w, https://images.theconversation.com/files/415049/original/file-20210806-90685-1xfv372.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=482&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/415049/original/file-20210806-90685-1xfv372.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=482&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Law enforcement agencies use cell site simulators like this StingRay to intercept calls from phones in the vicinity of the device.</span>
<span class="attribution"><a class="source" href="https://newsroom.ap.org/detail/WashingtonSuspectedPhoneSpying/4e99d5e5bd054437abaf4ae4981894a0/photo">U.S. Patent and Trademark Office via AP</a></span>
</figcaption>
</figure>
<p>Governments and phone companies can track a phone’s location by tracking cell signals from cell tower transceivers and <a href="https://www.eff.org/pages/cell-site-simulatorsimsi-catchers">cell transceiver simulators</a> like the <a href="https://www.engadget.com/2015-04-08-erie-county-police-stingray-spy.html">StingRay</a> device. Wi-Fi and Bluetooth signals can also be <a href="https://arstechnica.com/tech-policy/2020/08/beware-of-find-my-phone-wi-fi-and-bluetooth-nsa-tells-mobile-users/">used to track phones</a>. In some cases, apps and web browsers can determine a phone’s location. </p>
<p>Eavesdropping on communications is harder to accomplish than tracking, but it is possible in situations in which encryption is weak or lacking. Some types of malware can compromise privacy by accessing data.</p>
<p>The National Security Agency has sought agreements with technology companies under which the companies would give the agency special access into their products via <a href="https://techterms.com/definition/backdoor">backdoors</a>, and has <a href="https://www.reuters.com/article/us-usa-security-congress-insight/spy-agency-ducks-questions-about-back-doors-in-tech-products-idUSKBN27D1CS">reportedly built backdoors on its own</a>. The companies say that backdoors <a href="https://www.zdnet.com/article/coalition-of-tech-giants-hit-by-nsa-spying-slams-encryption-backdoors/">defeat the purpose of end-to-end encryption</a>.</p>
<p>The good news is, depending on who you are, you’re unlikely to be targeted by a government wielding Pegasus. The bad news is, that fact alone does not guarantee your privacy.</p>
<p>[<em>Understand new developments in science, health and technology, each week.</em> <a href="https://theconversation.com/us/newsletters/science-editors-picks-71/?utm_source=TCUS&utm_medium=inline-link&utm_campaign=newsletter-text&utm_content=science-understand">Subscribe to The Conversation’s science newsletter</a>.]</p><img src="https://counter.theconversation.com/content/165382/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Bhanukiran Gurijala does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>A tool made for tracking criminals and terrorists has potentially been used against politicians, dissidents and journalists. Here’s how the spyware works.Bhanukiran Gurijala, Assistant Professor of Computer Science & Information Systems, West Virginia UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1274442019-11-26T04:33:36Z2019-11-26T04:33:36ZThe ugly truth: tech companies are tracking and misusing our data, and there’s little we can do<figure><img src="https://images.theconversation.com/files/303641/original/file-20191126-84268-9nsdjk.jpg?ixlib=rb-1.1.0&rect=66%2C5%2C3627%2C3074&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">While leaks and whistleblowers continue to be valuable tools in the fight for data privacy, we can't rely on them solely to keep big tech companies in check.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-illustration/computer-keyboard-multiple-social-media-images-114119137?src=4760a9b5-01c2-4efd-b8ff-7d5518288498-1-2">SHUTTERSTOCK</a></span></figcaption></figure><p>As survey results pile, it’s becoming clear Australians are sceptical about how their online data is tracked and used. But one question worth asking is: are our fears founded?</p>
<p>The short answer is: yes.</p>
<p>In <a href="https://privacyaustralia.net/online-privacy-survey-results/">a survey</a> of 2,000 people completed last year, Privacy Australia found 57.9% of participants weren’t confident companies would take adequate measures to protect their data. </p>
<p>Similar scepticism was noted in results from the 2017 <a href="https://www.oaic.gov.au/assets/engage-with-us/research/acaps-2017/acaps-2017-report.pdf">Australian Community Attitudes to Privacy Survey</a> of 1,800 people, which found:</p>
<p>• 79% of participants felt uncomfortable with targeted advertising based on their online activities</p>
<p>• 83% were uncomfortable with social networking companies keeping their information</p>
<p>• 66% believed it was standard practice for mobile apps to collect user information and</p>
<p>• 74% believed it was standard practice for websites to collect user information.</p>
<p>Also in 2017, the <a href="https://ses.library.usyd.edu.au/bitstream/handle/2123/17587/USYDDigitalRightsAustraliareport.pdf">Digital Rights in Australia</a> report, prepared by the University of Sydney’s <a href="http://digitalrightsusyd.net/">Digital Rights and Governance Project</a>, revealed 62% of 1,600 participants felt they weren’t in control of their online privacy. About 47% were also concerned the government could violate their privacy. </p>
<h2>The ugly truth</h2>
<p>Lately, a common pattern has emerged every time malpractice is exposed. </p>
<p>The company involved will provide an “opt-out” mechanism for users, or a dashboard to see what personal data is being collected (for example, <a href="https://myaccount.google.com/intro/privacycheckup">Google Privacy Checkup</a>), along with an apology.</p>
<p>If we opt-out, does this mean they stop collecting our data? Would they reveal collected data to us? And if we requested to have our data deleted, would they do so? </p>
<p>To be blunt, we don’t know. And as end users there’s not much we can do about it, anyway. </p>
<p>When it comes to personal data, it’s extremely difficult to identify unlawful collections among legitimate collections, because multiple factors need to be considered, including the context in which the data is collected, the methodology used to obtain user consent, and country-specific laws.</p>
<p>Also, it’s almost impossible to know if user data is being misused within company bounds or in business-to-business interactions.</p>
<p>Despite ongoing public outcry to protect online privacy, last year we witnessed the <a href="https://www.wired.com/amp-stories/cambridge-analytica-explainer/">Cambridge Analytica scandal</a>, in which a third party company was able to the gather personal information of millions of Facebook users and use it in political campaigns.</p>
<p>Earlier this year, both <a href="https://www.bloomberg.com/news/articles/2019-04-10/is-anyone-listening-to-you-on-alexa-a-global-team-reviews-audio">Amazon</a> and <a href="https://www.theguardian.com/technology/2019/aug/29/apple-apologises-listen-siri-recordings">Apple</a> were reported to be using human annotators to listen to personal conversations, recorded via their respective digital assistants Alexa and Siri. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/what-if-the-companies-that-profit-from-your-data-had-to-pay-you-100380">What if the companies that profit from your data had to pay you?</a>
</strong>
</em>
</p>
<hr>
<p>More recently, <a href="https://www.nytimes.com/2019/11/04/business/secret-consumer-score-access.html">a New York Times article</a> exposed how much fine granular data is acquired and maintained by relatively unknown consumer scoring companies. In one case, a third-party company knew the writer <a href="https://www.nytimes.com/by/kashmir-hill">Kashmir Hill</a> used her iPhone to order chicken tikka masala, vegetable samosas, and garlic naan on a Saturday night in April, three years ago.</p>
<p>At this rate, without any action, scepticism towards online privacy will only increase.</p>
<h2>History is a teacher</h2>
<p>Early this year, we witnessed the <a href="https://www.gizmodo.com.au/2019/02/apple-is-removing-do-not-track-from-safari/">bitter end of the Do-Not-Track initiative</a>. This was proposed as a privacy feature where requests made by an internet browser contained a flag, asking remote web servers to not track users. However, there was no legal framework to force web server compliance, so many web servers ended up discarding this flag.</p>
<p>Many companies have made it too difficult to opt-out from data collections, or request the deletion of all data related to an individual. </p>
<p>For example, as a solution to the backlash on human voice command annotation, Apple <a href="https://www.theguardian.com/technology/2019/oct/30/apple-lets-users-opt-out-of-having-siri-conversations-recorded">provided an opt-out mechanism</a>. However, doing this for an Apple device is not straightforward, and the option isn’t prominent in the device settings. </p>
<p>Also, it’s clear tech companies don’t want to have <a href="https://www.securityweek.com/youre-opted-default-know-when-and-where-opt-out">opting-out of tracking</a> as users’ default setting. </p>
<p>It’s worth noting that since Australia doesn’t have social media or internet giants, much of the country’s privacy-related debates are focused on <a href="https://www.smh.com.au/technology/australians-are-rightly-questioning-my-health-record-says-privacy-commissioner-20180730-p4zui3.html">government legislation</a>.</p>
<h2>Are regulatory safeguards useful?</h2>
<p>But there is some hope left. Some recent events have prompted tech companies to think twice about the undeclared collection of user data.</p>
<p>For example, <a href="https://www.smh.com.au/world/north-america/facebook-fined-us5-billion-in-cambridge-analytica-privacy-probe-20190713-p526xb.html">a US$5 billion fine is on air for Facebook</a>, for its role in the Cambridge Analytica incident, and related practices of sharing user data with third parties. The exposure of this event has forced Facebook to <a href="https://www.facebook.com/notes/mark-zuckerberg/a-privacy-focused-vision-for-social-networking/10156700570096634/">take measures</a> to improve its privacy controls and be forthcoming with users. </p>
<p>Similarly <a href="https://www.bbc.com/news/technology-46944696">Google was fined EU$50 million under the General Data Protection Regulation</a> by French data regulator CNIL, for lack of transparency and consent in user-targeted ads. </p>
<p>Like Facebook, Google responded by taking measures to improve the privacy of users, by <a href="https://blog.google/products/gmail/g-suite-gains-traction-in-the-enterprise-g-suites-gmail-and-consumer-gmail-to-more-closely-align/">stopping reading our e-mails to provide targeted ads</a>, <a href="https://www.theverge.com/2017/9/8/16276000/google-dashboard-my-account-privacy-security-redesign">enhancing its privacy control dashboard</a>, and <a href="https://www.washingtonpost.com/technology/2019/05/07/google-vows-greater-user-privacy-after-decades-data-collection/">revealing its vision to keep user data in devices rather than in the cloud</a>. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/imagine-what-we-could-learn-if-we-put-a-tracker-on-everyone-and-everything-50123">Imagine what we could learn if we put a tracker on everyone and everything</a>
</strong>
</em>
</p>
<hr>
<h2>No time to be complacent</h2>
<p>While it’s clear current regulatory safeguards are having a positive effect on online privacy, there is ongoing debate about whether they are sufficient.</p>
<p><a href="https://thenextweb.com/contributors/2018/08/05/gdpr-privacy-eroding-bad/">Some have</a> argued about possible loopholes in the European Union’s General Data Protection Regulation, and the fact that <a href="https://medium.com/mydata/five-loopholes-in-the-gdpr-367443c4248b">some definitions of legitimate use of personal data</a> leave room for interpretation. </p>
<p>Tech giants are multiple steps ahead of regulators, and are in a position to exploit any grey areas in legislation they can find. </p>
<p>We can’t rely on accidental leaks or whistleblowers to hold them accountable.</p>
<p>Respect for user privacy and ethical usage of personal data must come intrinsically from within these companies themselves. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/if-youve-given-your-dna-to-a-dna-database-us-police-may-now-have-access-to-it-126680">If you've given your DNA to a DNA database, US police may now have access to it</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/127444/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Suranga Seneviratne does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Most of us are probably having our data tracked in some form. And while there are regulatory safeguards in place to protect user privacy, it’s hard to say whether these are enough.Suranga Seneviratne, Lecturer - Security, University of SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1090592019-01-14T11:41:12Z2019-01-14T11:41:12ZChange your phone settings so Apple, Google can’t track your movements<figure><img src="https://images.theconversation.com/files/253289/original/file-20190110-43532-1j995wv.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Your phone tracks your movements all the time.</span> <span class="attribution"><a class="source" href="https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html">grapestock/Shutterstock.com</a></span></figcaption></figure><p>Technology companies have been pummeled by revelations about how <a href="https://theconversation.com/7-in-10-smartphone-apps-share-your-data-with-third-party-services-72404">poorly they protect</a> their customers’ <a href="https://theconversation.com/should-cybersecurity-be-a-human-right-72342">personal information</a>, including an in-depth New York Times report detailing the ability of <a href="https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html">smartphone apps to track users’ locations</a>. Some companies, most notably Apple, have begun promoting the fact that they <a href="https://phys.org/news/2019-01-privacy-tech.html">sell products and services</a> that safeguard consumer privacy. </p>
<p>Smartphone users are never asked explicitly if they want to be tracked every moment of each day. But cellular companies, smartphone makers, app developers and social media companies all <a href="https://www.businessinsider.com/facebook-gave-device-makers-apple-and-samsung-user-data-2018-6">claim they have users’ permission</a> to conduct near-constant personal surveillance. </p>
<p>The underlying problem is that most people don’t understand <a href="https://theconversation.com/your-mobile-phone-can-give-away-your-location-even-if-you-tell-it-not-to-65443">how tracking really works</a>. The technology companies haven’t helped <a href="https://theconversation.com/your-smartphone-apps-are-tracking-your-every-move-4-essential-reads-108586">teach their customers</a> about it, either. In fact, they’ve intentionally obscured important details to build a multi-billion-dollar data economy based on an ethically questionable notion of informed consent.</p>
<h2>How consumers are made to agree</h2>
<p>Most companies disclose their data protection practices in a privacy policy; most software requires users to click a button saying they accept the terms before using the program. </p>
<p>But people don’t always have a free choice. Instead, it’s a “take-it-or-leave-it” agreement, in which a customer can use the service only if they agree.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/253292/original/file-20190110-43541-15qs5mk.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/253292/original/file-20190110-43541-15qs5mk.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/253292/original/file-20190110-43541-15qs5mk.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/253292/original/file-20190110-43541-15qs5mk.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/253292/original/file-20190110-43541-15qs5mk.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/253292/original/file-20190110-43541-15qs5mk.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/253292/original/file-20190110-43541-15qs5mk.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Consumers often do not have a free choice when it comes to privacy agreements.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/data-privacy-technology-concept-538396183?src=d4-hzpqBFlCASOZSa-jb3Q-1-50">Marta Design/Shutterstock.com</a></span>
</figcaption>
</figure>
<p>Anyone who actually wants to <a href="https://theconversation.com/nobody-reads-privacy-policies-heres-how-to-fix-that-81932">understand what the policies say</a> finds the details are buried in <a href="http://lorrie.cranor.org/pubs/readingPolicyCost-authorDraft.pdf">long legal documents</a> unreadable by nearly everyone, perhaps except the lawyers who helped create them.</p>
<p>Often, these policies will begin with a blanket statement like “<a href="https://www.google.com/search?q=%22privacy+is+important+to+us%22+%22privacy+policy%22">your privacy is important to us</a>.” However, the actual terms describe a different reality. It’s usually not too far-fetched to say that the company can basically <a href="https://www.facebook.com/policy.php">do whatever it wants</a> with your personal information, <a href="https://theconversation.com/fragmented-us-privacy-rules-leave-large-data-loopholes-for-facebook-and-others-94606">as long as it has informed you</a> about it.</p>
<p>U.S. federal law <a href="https://theconversation.com/fragmented-us-privacy-rules-leave-large-data-loopholes-for-facebook-and-others-94606">does not require</a> that a company’s privacy policy actually protect users’ privacy. Nor are there any requirements that a company must inform consumers of its practices in clear, nonlegal language or provide consumers a <a href="https://theconversation.com/teaching-machines-to-understand-and-summarize-text-78236">notice in a user-friendly way</a>.</p>
<p>Theoretically, users might be able to vote with their feet and find similar services from a <a href="https://theconversation.com/how-companies-can-stay-ahead-of-the-cybersecurity-curve-74414">company with better data-privacy practices</a>. But take-it-or-leave-it agreements for technologically advanced tools <a href="https://ssrn.com/abstract=3141290">limit the power of competition</a> across nearly the entire technology industry.</p>
<h2>Data sold to third parties</h2>
<p>There are a few situations where mobile platform companies like Apple and Google have let people exercise some control over data collection. </p>
<p>For example, both companies’ mobile operating systems let users turn off location services, such as GPS tracking. Ideally, this should prevent most apps from collecting your location – but it <a href="https://theconversation.com/your-mobile-phone-can-give-away-your-location-even-if-you-tell-it-not-to-65443">doesn’t always</a>. Further, it does nothing if <a href="https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bounty-hunter-300-dollars-located-phone-microbilt-zumigo-tmobile">your mobile provider resells your phone’s location information to third parties</a>. </p>
<p>App makers are also able to persuade users not to turn off location services, again with take-it-or-leave-it notifications. When managing privileges for iOS apps, <a href="https://support.apple.com/en-us/HT203033">users get to choose</a> whether the app can access the phone’s location “always,” “while using the app” or “never.” </p>
<p>But changing the setting can trigger a discouraging message: “We need your location information to improve your experience,” says one app. Users are not asked other important questions, like whether they approve of the app <a href="https://theconversation.com/7-in-10-smartphone-apps-share-your-data-with-third-party-services-72404">selling their location history</a> to other companies.</p>
<p>And many users don’t know that even when their name and contact information is removed from location data, even a modest location history can <a href="https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html">reveal their home addresses</a> and the places they visit most, offering clues to their identities, medical conditions and personal relationships.</p>
<h2>Why people don’t opt out</h2>
<p>Websites and apps make it difficult, and sometimes impossible, for most people <a href="http://science.sciencemag.org/content/347/6221/509.full">to say no</a> to aggressive surveillance and data collection practices. In my role as a <a href="https://scholar.google.com/citations?user=O5jENBMAAAAJ&hl=en">scholar of human-computer interaction</a>, one issue I study is the power of defaults.</p>
<p>When companies set a default in a system, such as “location services set to on,” <a href="https://chicagounbound.uchicago.edu/cgi/viewcontent.cgi?article=1184&context=public_law_and_legal_theory">people are unlikely to change it</a>, especially if they are unaware there are other options they could choose. </p>
<p>Further, when it is inconvenient to change the location services, as is the case on both iOS and Android systems today, <a href="https://www.nngroup.com/articles/minimize-cognitive-load/">it’s even less likely that people will opt out of location collection</a> – even when they dislike it.</p>
<p>Companies’ take-it-or-leave-it privacy policies and default choices for users’ privacy settings have created an environment where people are unaware that their lives are being subjected to minute-by-minute surveillance. </p>
<p>They’re also mostly not aware that information that could identify them individually is resold to create <a href="https://theconversation.com/solving-the-political-ad-problem-with-transparency-85366">ever-more-targeted advertising</a>. Yet the companies can legally, if not ethically, <a href="https://www.brookings.edu/research/why-protecting-privacy-is-a-losing-game-today-and-how-to-change-the-game/">claim that everyone agreed</a> to it.</p>
<h2>Overcoming the power of defaults</h2>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/253290/original/file-20190110-43538-m9duzu.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/253290/original/file-20190110-43538-m9duzu.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=426&fit=crop&dpr=1 600w, https://images.theconversation.com/files/253290/original/file-20190110-43538-m9duzu.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=426&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/253290/original/file-20190110-43538-m9duzu.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=426&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/253290/original/file-20190110-43538-m9duzu.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=535&fit=crop&dpr=1 754w, https://images.theconversation.com/files/253290/original/file-20190110-43538-m9duzu.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=535&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/253290/original/file-20190110-43538-m9duzu.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=535&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Monitor your phone’s default settings.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/close-man-using-3d-generated-mobile-430745644?src=s1_-hhp3cvVqzzC59yoLqQ-1-16">Georgejmclittle/Shutterstock.com</a></span>
</figcaption>
</figure>
<p>Privacy researchers know that people <a href="https://dx.doi.org/10.2139/ssrn.2103405">dislike these practices</a>, and that <a href="https://escholarship.org/uc/item/5hw5w5c1">many would stop using these services</a> if they understood the extent of the data collection. If invasive surveillance is the price of using free services, many would rather pay or at least see companies held to <a href="http://www.pewinternet.org/2016/01/14/the-state-of-privacy/">stronger data collection regulations</a>.</p>
<p>The companies know this too, which is why, I argue, they use a form of coercion to ensure participation.</p>
<p>Until the U.S. has regulations that, at a minimum, require companies to ask for explicit consent, individuals will need to know how to protect their privacy. Here are my three suggestions: </p>
<ul>
<li><p>Start by learning how to turn off location services on your <a href="https://support.apple.com/en-us/HT207092">iPhone</a> or <a href="https://support.google.com/accounts/answer/3467281?hl=en">Android</a> device. </p></li>
<li><p>Turn location on only when using an app that clearly needs location to function, such as a map.</p></li>
<li><p>Avoid apps, such as Facebook Mobile, that <a href="https://www.theverge.com/2018/3/25/17160944/facebook-call-history-sms-data-collection-android">dig deeply into your phone</a> for as much personal information as possible; instead, use a browser with a private mode, <a href="https://www.mozilla.org/en-US/firefox/new/">like Firefox</a>, instead. </p></li>
</ul>
<p>Don’t let default settings reveal more about you than you want.</p><img src="https://counter.theconversation.com/content/109059/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The Center for Internet and Society receives funding from multiple organizations; information is available here: <a href="http://cyberlaw.stanford.edu/about-us">http://cyberlaw.stanford.edu/about-us</a></span></em></p>Most tech companies make it difficult for users to say no to aggressive surveillance practices. But it is helpful to know about the default settings on your smartphone and how to change them.Jen King, Director of Consumer Privacy, Center for Internet and Society, Stanford UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/928272018-06-03T20:23:13Z2018-06-03T20:23:13ZGrowing cities face challenges of keeping the masses moving up, down and across<figure><img src="https://images.theconversation.com/files/220043/original/file-20180523-51105-1d1gvl4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Cities are growing vertically as well as horizontally, so infrastructure needs to ensure people can move up and down as well as across the city.</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/avlxyz/16317398660/in/photolist-HmbAo-AKFN4B-drxSUL-6ziAjt-Hmfnn-Hmcaq-7jbxv-HmfGv-HmfrB-Hmffx-6A98sg-7jbQ3-9pJVPe-HmeQg-Hmfc4-Hmcku-3Xss1r-8r4pyt-7CwjK3-JzURC-HmbSm-4UE1ub-HmfKe-HmfXH-zA6MBs-88zMov-qRUW8E-K4Asz-88D2kG-Hmg5g-88zNt8-HYMpRU-GY34H-Hmbeq-6FrR5P-7TAywZ-9rG5ER-6FvYpE-Hmg9V-iRDjN-88zPbF-HmcDN-88zN6Z-GY36R-88D1Ay-HmbgJ-3cUWND-">Alpha/Flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by-nc/4.0/">CC BY-NC</a></span></figcaption></figure><p><em>This is the first article in our new series, <a href="https://theconversation.com/au/topics/moving-the-masses-54500">Moving the Masses</a>, about managing the movements of large numbers of individuals, be they drivers or pedestrians, shoppers or commuters, birds or ants.</em></p>
<hr>
<p>Cities worldwide face the problems and possibilities of “volume”: the stacking and moving of people and things within booming central business districts. We see this especially <a href="https://www.smh.com.au/national/nsw/half-a-million-commuters-on-the-road-to-sydney-s-four-big-jobs-hubs-20180522-p4zgvs.html">around mass public transport hubs</a>. </p>
<p>As cities grow, they also become more vertical. They are expanding underground through rail corridors and above ground into the tall buildings that shape city skylines. Cities are deep as well as wide. </p>
<p>The urban geographer <a href="https://www.penguinrandomhouse.com/books/251591/vertical-by-stephen-graham/9781781689974/">Stephen Graham describes cities</a> as both “vertically stacked” and “vertically sprawled”, laced together by vertical and horizontal transport systems.</p>
<p>People flow in large cities is not only about how people move horizontally on rail and road networks into and out of city centres. It also includes vertical transport systems. These are the elevators, escalators and moving sidewalks that commuters use every day to get from the underground to the surface street level. </p>
<p>Major transport hubs are where many vertical and horizontal transport systems converge. It’s here that people flows are most dense. </p>
<p>But many large cities face the twin challenges of ageing infrastructure and increased volumes of people flowing through transport hubs. Problems of congestion, overcrowding, delays and even lockouts are becoming more common.</p>
<p>Governments are increasingly looking for ways to squeeze more capacity out of existing infrastructure networks.</p>
<h2>Can we increase capacity by changing behaviour?</h2>
<p>For the last three years, Transport for London (TfL) has been running standing-only escalator trials. The aim is to see if changing commuter behaviour might increase “throughput” of people and reduce delays. </p>
<p>London has some of the deepest underground stations in the world. This means the Tube system is heavily reliant on vertical transport such as escalators. But a long-standing convention means people only stand on the right side and allow others to walk up on the left.</p>
<p>In a trial at Holborn Station, one of London’s deepest at 23 metres, commuters were <a href="https://www.telegraph.co.uk/news/uknews/road-and-rail-transport/12016428/Tube-station-abandons-stand-on-the-right-escalator-rule.html">asked to stand on both sides</a> during morning rush hour. </p>
<p>The <a href="http://www.gizmodo.co.uk/2017/03/the-results-are-in-the-holborn-escalator-trial-proves-that-it-is-better-to-stand-on-the-escalator-well-sometimes/">results of the trials</a> showed that changing commuter behaviour could improve throughput by increasing capacity by as much as 30% at peak times. But this works only in Tube stations with very tall escalators. At stations with escalators less than 18 metres high, like Canary Wharf, the trials found the opposite – standing would only increase congestion across the network.</p>
<p><img src="https://cdn.theconversation.com/static_files/files/147/escalator-hype-sml.gif?1527814909" width="100%">
</p><figure> <figcaption>By standing only, 30% more people could fit on an escalator in the trial at Holborn Station.</figcaption></figure><p></p>
<p>The difference is down to human behaviour. People are simply less willing to walk up very tall escalators. This means a standing-only policy across the network won’t improve people flow uniformly and could even make congestion worse. </p>
<h2>Is people movement data a solution?</h2>
<p>With the introduction of ticketless transport cards it’s now possible to gather more data about people flow through busy transport hubs as we tap on and off. </p>
<p>Tracking commuters’ in-station journeys through their Wi-Fi-enabled devices, such as smart phones, can also offer a detailed picture of movement between platforms, congestion and delays.</p>
<p>Transport for London has already conducted its first <a href="http://www.gizmodo.co.uk/2017/09/london-underground-wifi-tracking-heres-everything-we-learned-from-tfls-official-report/">Wi-Fi tracking trial</a> in the London Underground.</p>
<p>Issues of privacy loom large in harvesting mobile data from individual devices. Still, there’s enormous potential to use this data to resolve issues of overcrowding and inform commuters about delays and congestion en route.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/rpSNLRYj27o?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">London’s transport authority hopes the data from tracking users’ phones will help ease congestion, plan better timetables and improve station designs.</span></figcaption>
</figure>
<p>Governments are also increasingly turning to consultancy firms that specialise in simulation modelling of people flow. That’s everything from check-in queues and processing at terminals, to route tracking and passenger flow on escalators.</p>
<p>Using data analytics, people movement specialists identify movement patterns, count footfall and analyse commuter behaviour. In existing infrastructure, they look to achieve “efficiencies” through changes to scheduling and routing, and assessing the directional flow of commuters.</p>
<p>Construction and engineering companies are also beginning to employ people movement specialists during the design phase of large infrastructure projects.</p>
<p>Beijing’s <a href="https://www.forbes.com/sites/outofasia/2018/01/10/beijings-new-daxing-international-airport-set-to-be-worlds-largest-but-business-aviation-an-afterthought/#692b0e2e68ef">Daxing airport</a>, due for completion in 2020, will be the largest transport hub in China. It’s also the first major infrastructure project to use crowd simulation and analysis software during the design process to test anticipated volume against capacity.</p>
<p>The advice of people movement specialists can have significant impacts on physical infrastructure. This involves aspects such as the width of platforms, number and placement of gates, and the layout and positioning of vertical transport, such as escalators. </p>
<h2>Movement analytics is becoming big business</h2>
<p>People movement analytics is becoming big business, especially where financialisation of public assets is increasing. This means infrastructure is being developed through complex public-private partnership models. As a result, transport hubs are now also commercial spaces for retail, leisure and business activities.</p>
<p>Commuters are no longer only in transit when they make their way through these spaces. They are potential consumers as they move through the retail concourse in many of these developments.</p>
<p>In an era of “digital disruption”, which is particularly affecting the retail sector, information about commuter mobility has potential commercial value. The application of data analytics to people flow and its use by the people movement industry to achieve “efficiencies” needs careful scrutiny to ensure benefits beyond commercial gain. </p>
<p>At the same time, mobility data may well help our increasingly vertical cities to keep flowing up, down and across.</p>
<hr>
<p><em>You can find other articles in the series <a href="https://theconversation.com/au/topics/moving-the-masses-54500">here</a>.</em></p><img src="https://counter.theconversation.com/content/92827/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Andrea Connor is a post-doctoral fellow on the Australian Research Council Discovery Project "Volumetric Urbanism". </span></em></p><p class="fine-print"><em><span>Donald McNeill has received funding from the Australian Research Council through a Future Fellowship on Governing Digital Cities.</span></em></p>Cities are expanding upwards and downwards, as well as outwards. With urban density also increasing, moving people efficiently around the city, often using ageing infrastructure, is quite a challenge.Andrea Connor, Postdoctoral Research Fellow, Institute for Culture and Society, Western Sydney UniversityDonald McNeill, Professor of Urban and Cultural Geography, Western Sydney UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/949782018-05-10T02:01:36Z2018-05-10T02:01:36ZHow silent signals from your phone could be recording and tracking you<figure><img src="https://images.theconversation.com/files/215995/original/file-20180423-94149-i384la.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Advertisers may track a customer's shopping preferences within a shopping centre by using ultrasonic beacons emitted from their mobile phones.
</span> <span class="attribution"><span class="source">Mai Lam/The Conversation NY-BD-CC</span>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span></figcaption></figure><p>My lounge room is bugged. My phone is broadcasting an ultrasonic signal to my blu-ray player via an acoustic side channel beyond human hearing. </p>
<p>The channel networks the two devices, similar to how a dial-up connection used to get our computers online before the days of the NBN. The same technology is behind Google’s <a href="https://developers.google.com/beacons/eddystone">Nearby API</a> through their Eddystone protocol, and is the basis of products sold by the startup <a href="https://lisnr.com/">Lisnr</a>. It’s also the reason more and more apps are requesting access permissions to your microphone.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/can-sound-be-used-as-a-weapon-4-questions-answered-83627">Can sound be used as a weapon? 4 questions answered</a>
</strong>
</em>
</p>
<hr>
<p>Aside from networking, companies use ultrasonic signals (or beacons) to gather information about users. That could include monitoring television viewing and web browsing habits, tracking users across multiple devices, or determining a shopper’s precise location within a store. </p>
<p>They use this information to send alerts that are relevant to your surroundings – such as a welcome message when you enter a museum or letting you know about a sale when you pass by a particular store. </p>
<p>But since this technology records sound – even if temporarily – it could constitute a breach of privacy. An analysis of various Australian regulations covering listening devices and surveillance reveals a legal grey area in relation to ultrasonic beacons.</p>
<h2>How does ultrasonic data transfer work?</h2>
<p>Google Nearby enables Android phone users who are in close proximity to each other to connect their devices and share data, such as documents or media. Google <a href="https://support.google.com/pixelphone/answer/6260286?hl=en">says</a>:</p>
<blockquote>
<p>To share and collaborate in apps, Nearby uses Bluetooth, Wi-Fi, and inaudible sound to detect devices around your device. (Some people can hear a short buzz.)</p>
</blockquote>
<p>These inaudible sounds are ultrasonic beacons transmitting data that is then picked up by your phone. </p>
<p>To demonstrate this technology, I recorded such a beacon being broadcast in my lounge room while watching Netflix. In the below image you can see the audio ends around the 15kHz mark with the ultrasonic beacon beginning at 20kHz, the point at which average human hearing ends.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/215787/original/file-20180421-75100-x3ti7r.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/215787/original/file-20180421-75100-x3ti7r.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=642&fit=crop&dpr=1 600w, https://images.theconversation.com/files/215787/original/file-20180421-75100-x3ti7r.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=642&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/215787/original/file-20180421-75100-x3ti7r.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=642&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/215787/original/file-20180421-75100-x3ti7r.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=807&fit=crop&dpr=1 754w, https://images.theconversation.com/files/215787/original/file-20180421-75100-x3ti7r.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=807&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/215787/original/file-20180421-75100-x3ti7r.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=807&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Audio capture demonstrating the different frequencies over a 71 second period while watching Netflix. The ultrasonic beacon is apparent in the right hand side of the waterfall diagram.</span>
</figcaption>
</figure>
<p>Since these ultrasonic sounds are the only relevant section of the data signal, it is necessary to remove the lower frequency audible signals (such as speech) that are also captured. This is done by using a high-pass filter. A high-pass filter extracts high frequencies to remain in the data and eliminates the lower frequencies. </p>
<p>This means, in theory, that while the device could be recording sound, it isn’t keeping the parts of the recording that might include conversation.</p>
<p>Different filters process signals in different ways. While filters constructed from basic electrical components do not require any storage of the signal, digital software filters require the signal to be stored temporarily.</p>
<h2>Is this kind of recording legal?</h2>
<p>In South Australia, where I am based, a <a href="https://www.legislation.sa.gov.au/LZ/C/A/SURVEILLANCE%20DEVICES%20ACT%202016/CURRENT/2016.2.AUTH.PDF">listening device</a> is precisely defined as: </p>
<blockquote>
<p>a device capable of being used to listen to or record a private conversation or words spoken to or by any person in private conversation (…) but does not include a device being used to assist a person with impaired hearing to hear sounds ordinarily audible to the human ear.</p>
</blockquote>
<p>There is no exemption provided for recording sounds and then removing the audible portion. </p>
<p>It is generally unlawful “to overhear, record, monitor or listen to a private conversation” unless you have the express permission of all parties involved. Since audio is being recorded using a standard microphone in the course of an ultrasonic data transfer, the full audio spectrum – including any conversation occurring – is being sampled at the same time. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/your-mobile-phone-can-give-away-your-location-even-if-you-tell-it-not-to-65443">Your mobile phone can give away your location, even if you tell it not to</a>
</strong>
</em>
</p>
<hr>
<p>The type of filter used is therefore critical. If a digital filter is being used to extract the ultrasonic data, the temporary storage of the full audio spectrum could be considered a recording. And that requires consent.</p>
<p>Google gives users the chance to opt-out the first time notifications are made using the Nearby service. However, this could only be construed as consent for the phone owner, not all parties to a possible conversation being recorded in private. Also, by the time the notification happens, the recording has already occurred.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/215788/original/file-20180421-75107-nk39jb.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/215788/original/file-20180421-75107-nk39jb.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=212&fit=crop&dpr=1 600w, https://images.theconversation.com/files/215788/original/file-20180421-75107-nk39jb.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=212&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/215788/original/file-20180421-75107-nk39jb.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=212&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/215788/original/file-20180421-75107-nk39jb.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=267&fit=crop&dpr=1 754w, https://images.theconversation.com/files/215788/original/file-20180421-75107-nk39jb.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=267&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/215788/original/file-20180421-75107-nk39jb.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=267&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Google’s FAQ explaining the opt-out process for the Nearby API.</span>
</figcaption>
</figure>
<h2>What about location tracking?</h2>
<p>Advertisers can use ultrasonic signals that speak to your mobile phone to establish where you are within a store. They can also correlate this data with other advertising metadata easily obtained from cookies to track your broader movements.</p>
<p>This further complicates matters regarding their legality. </p>
<p>In South Australia, a <a href="https://www.legislation.sa.gov.au/LZ/C/A/SURVEILLANCE%20DEVICES%20ACT%202016/CURRENT/2016.2.AUTH.PDF">tracking device</a> is explicitly defined as: </p>
<blockquote>
<p>a device capable of being used to determine the geographical location of a person, vehicle or thing and any associated equipment.</p>
</blockquote>
<p>Since it is generally illegal to track someone without their consent – implied or otherwise – if an advertiser is using an app combined with an ultrasonic beacon to track you and you are unaware that they are doing so, they could be breaking the law. </p>
<p><a href="https://developers.google.com/nearby/messages/android/user-consent">Google says</a> the Nearby protocol is battery-intensive due to the use of Bluetooth and wifi. As such “the user must provide consent for Nearby to utilise the required device resources”. It says nothing about the legality of needing permission to record sound or track users.</p>
<p>Google does warn that the Nearby service is a one-way communication channel with your phone never communicating directly to a Nearby service <a href="https://support.google.com/pixelphone/answer/6260286?hl=en">on its online support page</a>.</p>
<p>But since users are required to opt-out of the service, it’s hard to argue that they have given informed consent.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/215789/original/file-20180421-75093-sdrtwf.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/215789/original/file-20180421-75093-sdrtwf.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=293&fit=crop&dpr=1 600w, https://images.theconversation.com/files/215789/original/file-20180421-75093-sdrtwf.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=293&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/215789/original/file-20180421-75093-sdrtwf.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=293&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/215789/original/file-20180421-75093-sdrtwf.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=368&fit=crop&dpr=1 754w, https://images.theconversation.com/files/215789/original/file-20180421-75093-sdrtwf.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=368&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/215789/original/file-20180421-75093-sdrtwf.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=368&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Google explains that the Nearby devices do not connect directly as Lisnr technology does, however, nothing is specified about what happens to data from your phone to Google or other third-party servers.</span>
</figcaption>
</figure>
<h2>What can I to protect my privacy?</h2>
<p>Users need to be aware of the potential to be tracked from ultrasonic beacons such as Google’s Nearby service. </p>
<p>Since this is a built-in feature of Google’s Pixel phone and other Android phones, users need to have informed consent regarding the Nearby service and the dangers of revealing data about themselves. Merely blocking app permissions which request to use your phone’s microphone will not be enough. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/7-in-10-smartphone-apps-share-your-data-with-third-party-services-72404">7 in 10 smartphone apps share your data with third-party services</a>
</strong>
</em>
</p>
<hr>
<p>One research group <a href="https://ubeacsec.org/">has released a patch</a> that proposes to modify the permission request on phones requiring apps to state when they want access to your microphone to track inaudible signals individually. This doesn’t solve the built-in problem of Google’s API though.</p>
<p>Google and other mobile phone companies should do more to ensure they are adequately gaining informed consent from users to ensure they do not fall foul of the law.</p>
<hr>
<p><em>Thanks to reader feedback we’ve updated this article at the author’s request to remove references to Apple’s iBeacon, which does not use an acoustic side channel for data transfer.</em></p><img src="https://counter.theconversation.com/content/94978/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Richard Matthews is an elected member of Council at The University of Adelaide. He is a member of the South Australian branch of the Labor Party and a Graduate Member of the Institute of Engineers Australia.</span></em></p>Inaudible sounds are being used to transmit data from our devices. While not new technology, these ultrasonic beacons may be in breach of laws regarding surveillance devices.Richard Matthews, PhD Candidate, University of AdelaideLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/925922018-03-12T06:00:17Z2018-03-12T06:00:17ZVoice assistants will have to build trust before we’re comfortable with them tracking us<figure><img src="https://images.theconversation.com/files/209867/original/file-20180312-30983-dzgs2d.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">If consumers are unsure of how that data was collected and used they are likely to reject the personalised content.</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>We’re all used to targeted advertisements on the internet. But the introduction of voice assistants like Apple’s Siri and Google Assistant mean that companies are capturing all new kinds of data on us, and could build much more detailed “behaviour profiles” with which to target us. </p>
<p>There is already a lot of <a href="http://www.news.com.au/technology/gadgets/how-google-is-secretly-recording-you-through-your-mobile-monitoring-millions-of-conversations/news-story/8089bf3084a430f4c4be46b81710c158">scaremongering</a> and pushback, as <a href="https://dx.doi.org/10.2139/ssrn.1478214">there was with targeted online advertising</a>. </p>
<p>But over time consumers have come to not only <a href="https://doi.org/10.1080/0267257X.2017.1400994">accept targeted advertising and personalisation</a>, but to see it as valuable. When advertising is relevant to our interests and needs, we have the opportunity to discover new brands and products. This is a win for both consumers and brands.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/how-facebook-and-google-changed-the-advertising-game-70050">How Facebook and Google changed the advertising game</a>
</strong>
</em>
</p>
<hr>
<p>A behavioural profile <a href="https://doi.org/10.1287/mksc.2015.0956">is a summary</a> of a consumer’s preferences and interests based on their online behaviour. Google, Facebook and other platforms <a href="https://theconversation.com/how-facebook-and-google-changed-the-advertising-game-70050">use this personalised data</a> and activities to target advertising.</p>
<p>Currently these profiles are <a href="https://doi.org/10.1509/jm.11.0316">built</a> using <a href="https://privacy.google.com/your-data.html">data</a> on search and internet activity, what device you are using, as well as data from our photos and stated preferences on things like movies and music (among many other things). </p>
<p>But voice adds a whole other dimension to the kind of data that can be collected - our voice assistants could <a href="https://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/">pick up conversations</a>, know who is home, what time we cook dinner, and even our personalities through how we ask questions and what we ask about. </p>
<p>However, <a href="https://support.google.com/googlehome/answer/7072285?hl=en-AU">Google says</a> its virtual assistant only listens for specific words (such as “ok Google”) and that you can delete any recordings afterwards. </p>
<p>Remarkably, many young consumers evidently once believed that their information wasn’t being used to target advertising at all. This <a href="https://doi.org/10.1080/15252019.2010.10722167">2010 study</a> showed that even though young people knew all about tracking and social media, they were still amazed at the thought of their information being used. </p>
<p>The people in the study thought that if their accounts were on private then no one else had access to their information.</p>
<h2>Targeting, good or bad?</h2>
<p>Most of us <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1589864">are not fully aware</a> of how and when our data are being collected, and we <a href="https://www.tandfonline.com/doi/abs/10.1080/15252019.2010.10722167">rarely bother to read privacy policies</a> before we sign up to a new platform. </p>
<p><a href="https://doi.org/10.1080/0267257X.2017.1400994">Research shows</a> that we find the personalisation of our services and advertisements valuable, although some experts <a href="https://www.cmu.edu/dietrich/sds/docs/loewenstein/PrivacyHumanBeh.pdf">suggest</a> that companies aren’t really using the full extent of targeting capabilities, for fear of “over personalising” the messages and customers responding negatively. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/smart-speakers-could-be-the-tipping-point-for-home-automation-90308">Smart speakers could be the tipping point for home automation</a>
</strong>
</em>
</p>
<hr>
<p>However, many of us have had the experience of having a conversation about a product or brand, only to be served up an ad for that product or brand a short time later. Some people <a href="https://www.gimletmedia.com/reply-all/109-facebook-spying">fear</a> that the microphones are always listening, although it is likely a coincidence.</p>
<p>There is even a theory in academia called <a href="https://science.howstuffworks.com/life/inside-the-mind/human-brain/baader-meinhof-phenomenon.htm">Baader-Meinhof phenomenon</a>. This is when you become aware of a brand or product and all of a sudden you start to notice that brand around you, for example in the ads. This is similar to the way that once you are in the market for a new red car, all you seem to see are shiny red cars on the road.</p>
<p>Baader-Meinhof theory or not, the reality is that the shift towards voice-activated search brings the potential for this information to form part of your behavioural profile. After all, if the speakers know more about you, they can cater to your needs more seamlessly than ever before. </p>
<p>Will we accept this use of data as readily as we accepted our online information being used to target us? Or is this new technology going to inflame our privacy concerns? </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/sorry-everyone-on-the-internet-youre-always-the-product-77235">Sorry everyone: on the internet, you're always the product</a>
</strong>
</em>
</p>
<hr>
<p>Online privacy concerns are <a href="https://www.tandfonline.com/doi/abs/10.1080/01449290410001715723">influenced by consumers’ ability to control their information</a> and also their perception of vulnerability. Some researchers have theorised that because speakers seem human, they need to build trust like a human would - <a href="http://aisel.aisnet.org/icis2017/Security/Presentations/19/">through time and self-disclosure</a>.</p>
<p>However, for many of us the benefits and rewards such as finding information in a quick and convenient manner far <a href="https://www.sciencedirect.com/science/article/pii/S0167404815001017">outweigh potential privacy concerns</a> that result from their personal data being used.</p>
<p>What could be more convenient or comfortable than calling out to an all-knowing omnipresent “someone”, in the same way you might ask a quick question of your spouse or flatmate? </p>
<p>At the moment, these technologies are still novel enough that we notice them (for instance, when <a href="http://www.zdnet.com/article/has-alexa-snapped-why-alexa-sometimes-laughs-or-does-other-creepy-things/">Alexa suddenly started “cackling” last week</a>). But after some time, perhaps we will come to take this personalisation for granted, always expecting ads to be targeted to us based on what we want right now. </p>
<p>What it comes down to is that brands need to build trust by being transparent about how they collect data. If consumers are unsure of how that data was collected and used they are <a href="http://doi.org/10.1016/j.jretai.2014.09.005">likely to reject the personalised content</a>.</p><img src="https://counter.theconversation.com/content/92592/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Brands need to build trust by being transparent about how they collect data.Louise Kelly, Lecturer, Queensland University of TechnologyKate Letheren, Postdoctoral Research Fellow, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/772352017-05-24T06:29:25Z2017-05-24T06:29:25ZSorry everyone: on the internet, you’re always the product<figure><img src="https://images.theconversation.com/files/170500/original/file-20170523-8930-gylwmj.png?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Both paid and unpaid apps can track your data. The apps pictured may not - but it's hard to know which do and which don't.</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/blakespot/3030107334/in/photolist-5BL6kU-5BFPqt-fjEW79-aJpw1r-9dyLV5-8DbZLX-7htGuR-9drKbj-7NE8Tp-7NJ7i7-9GE78o-7NE9sc-7NMq1m-szqHTb-8JaLoS-7NMpch-eUjEws-5sn96z-7NJ9vE-7NE8Zn-p4KxNq-aJxDRZ-5BpnGU-dQRLvb-h4rhH9-ovdNf1-aJpvWB-oAx1E8-fu6bkx-aExRJh-dPq6PW-7JezgR-aExSow-arFt71-arCNVT-arFtab-9dyLTU-81igf7-9dvGZP-aJpwfT-arCNUn-7JiuEN-9dyM1q-7NJ9Yj-7NE9ki-9dyLZf-7NJ9JE-8b51aV-7NMpDy-7NMp1A">Flickr/Blake Patterson</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span></figcaption></figure><p>Anyone who spends much time online knows the saying: “If you’re not paying, you’re the product”. That’s not exactly correct. </p>
<p>On the internet, you’re nearly always the product. And while most internet users know that some of their personal data is being collected and monetised, few are aware of the sheer scale of the issue, particularly when it comes to apps.</p>
<p>In fact, <a href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">our research</a> suggests a majority of the top 100 paid and free Google Play apps in Australia, Brazil, Germany and the US contain at least one tracker. This means data could be collected for advertising networks as well as for payment providers.</p>
<p>This is just the beginning. As voice-activated intelligent assistants like Siri or Google Now evolve and replace the need for apps on our smartphones, the question of what is being done with our data will only grow more complicated.</p>
<h2>Nothing is free</h2>
<p>The difference between what apps actually do with user data and what users expect them to do was apparent in the recent Unroll.Me scandal.</p>
<p>Unroll.me is a free online service that cleans email inboxes by unsubscribing the user from unnecessary emails. But many were dismayed when the company was <a href="https://www.nytimes.com/2017/04/24/technology/personal-data-firm-slice-unroll-me-backlash-uber.html?_r=0">recently discovered</a> to be monetising their mail content. For example, UnRoll.me was reportedly looking for receipts of the ridesharing company Lyft in user emails and selling that information to Uber. </p>
<p><a href="http://blog.unroll.me/we-can-do-better/">Unroll.me’s CEO apologised</a>, saying the company needed to do a better job of disclosing its use of data. But who is in the wrong? Consumers for thinking they were getting a service for free? Or the service provider, who should inform customers of what they’re collecting?</p>
<p>The question is even more intriguing when it comes to mobile apps.</p>
<p>In fact, compared to online services that usually access a few facets of a user’s personal profile, mobile apps can conveniently tap into a range of personal data such as location, message content, browser history and app installation logs.</p>
<p>They do this using third-party libraries embedded in their code, and these libraries can be very intrusive.</p>
<h2>How libraries work</h2>
<p>Libraries are third-party trackers used by app developers so they can integrate their products with external services. These may include advertising networks, social media platforms and payment gateways such as Paypal, as well as tools for tracking bugs and crashes.</p>
<p>In <a href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">our study</a>, carried out in 2015, we analysed tracking libraries in the top-100 free and top-100 paid apps in in Australia, Brazil, Germany and the US, revealing some concerning results. </p>
<p>Approximately 90% of the top free apps and 60% of the top paid apps in Google Play Store had at least one embedded tracker. </p>
<p>For both free and paid apps in the study, <a href="https://developers.google.com/ads/">Google Ads</a> and <a href="https://y.flurry.com/metrics/1">Flurry</a> were the two most popular trackers and were integrated with more than 25% of the apps. Other frequently observed libraries include <a href="https://www.chartboost.com">Chartboost</a>, <a href="http://www.millennialmedia.com">Millennial Media</a>, <a href="https://www.google.com/analytics/analytics/features/">Google Analytics</a> and <a href="http://home.tapjoy.com">Tapjoy</a>. The top trackers were also likely to be present in more than one app, meaning these libraries receive a rich dataset about the user.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/168288/original/file-20170508-14369-11herwk.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/168288/original/file-20170508-14369-11herwk.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=235&fit=crop&dpr=1 600w, https://images.theconversation.com/files/168288/original/file-20170508-14369-11herwk.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=235&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/168288/original/file-20170508-14369-11herwk.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=235&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/168288/original/file-20170508-14369-11herwk.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=295&fit=crop&dpr=1 754w, https://images.theconversation.com/files/168288/original/file-20170508-14369-11herwk.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=295&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/168288/original/file-20170508-14369-11herwk.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=295&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">A summary of the study of top-100 free and paid apps in Google Play Store.</span>
<span class="attribution"><a class="source" href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">NICTA</a>, <span class="license">Author provided</span></span>
</figcaption>
</figure>
<p>Of course, these numbers could have changed in the two years since our research was published, although recent <a href="http://sharcs-project.eu/m/filer_public/91/b3/91b327e6-1472-45e3-b0bc-ca20bdb0fe75/mobile_websites_vs_mobile_apps_-_www2017.pdf">studies</a> suggest the trend has largely continued.</p>
<p>It’s also possible these libraries are present without collecting data, but it’s nonetheless disturbing to see the presence of so many trackers in paid apps that have an alternative business model.</p>
<h2>What lies ahead?</h2>
<p>So what can you do if you don’t want to be tracked? </p>
<ul>
<li>Use your judgement when giving apps permission to access your data by first asking questions such as, “does this game really need to know my phone number?” </li>
<li>Consider using mobile anti-virus and privacy advisory apps such as <a href="https://play.google.com/store/apps/details?id=com.lookout">Lookout Security & Antivirus</a>, <a href="https://play.google.com/store/apps/details?id=com.avast.android.mobilesecurity">Mobile Security and Antivirus</a>, and <a href="https://play.google.com/apps/testing/com.nicta.privmetrics">PrivMetrics</a> (this app is a beta release by Data61). </li>
</ul>
<p>Ultimately, however, these solutions barely touch the surface of a much larger issue.</p>
<p>In the near future, apps may be replaced by built-in services that come with a smartphone’s operating system. The intelligent personal assistant by Google, <a href="http://www.androidcentral.com/google-now">Google Now</a>, for example, could eliminate the need for individual transport, messenger, news and weather apps, as well as some financial apps.</p>
<p>These services, otherwise known as aggregator platform services, could build extensive profiles that cover several aspects of our online and offline behaviour. When used, they have access to an incredibly broad range of our activities, not to mention our location.</p>
<p>Still, app users have so far been willing to exchange their data for convenience. There’s little reason to believe that trend will not continue.</p><img src="https://counter.theconversation.com/content/77235/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Name almost any app. Your data is probably being tracked.Suranga Seneviratne, Research Scientist, Data61Dali Kaafar, Group Leader, Networks Group. CyberPhysical Systems Research Program, Data61Licensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/766202017-05-03T14:42:55Z2017-05-03T14:42:55ZAlphabet’s new plan to track 10,000 people could take wearables to the next level<figure><img src="https://images.theconversation.com/files/167384/original/file-20170501-17313-1vlzuwx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">What can your data tell us?</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/download/confirm/280924796?size=huge_jpg">www.shutterstock.com</a></span></figcaption></figure><p>Verily – the life sciences research arm of Google parent company Alphabet – wants to track the health of 10,000 people. </p>
<p>On April 19, the group announced that it was starting to recruit for Project Baseline, in partnership with Duke and Stanford. Over the course of four years, Project Baseline will sequence participants’ genomes, test their blood, survey them and track biometric data such as heart rate and activity level on a Study Watch – basically, a Fitbit on steroids. </p>
<p>What I find perhaps most interesting is their plan to collect thousands of medical images, which my colleagues and I also are doing in a big data analysis of childhood brain development. </p>
<p>Ventures like Project Baseline open up new opportunities in health care, both for the researchers working with big data and for consumers who want more sophisticated ways to track their health. </p>
<p>This allows us to start asking questions like: “How should we modify our behavior based on real-time interactions? Is there something relatively painless that anyone can do to alter their risk for particular medical problems? What can make us a healthy society that may be easier or more effective than the current recommendations?” </p>
<h2>Project Baseline in context</h2>
<p>Ten thousand people is a lot. To put that number into perspective, Project Baseline will follow enough participants to fill First Tennessee Park, Nashville’s new minor league baseball stadium. </p>
<p>In the U.S., we define a rare disease as something that strikes about five in 10,000, so several rare diseases will likely be seen in Project Baseline. Hundreds of other participants will likely develop more common illnesses, such as heart disease or diabetes, over the study’s four years. </p>
<p>Big data is nothing new for medicine. Project Baseline has been compared with the Framingham Heart Study, a project that tracked 5,209 subjects from 1948 on. Just this year, Stanford University researchers presented <a href="https://www.nature.com/nature/journal/v542/n7639/pdf/nature21056.pdf">a paper in Nature</a> that analyzed 129,450 clinical images to detect skin cancer.</p>
<p>Meanwhile, the <a href="http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0169649">U.K. Biobank</a> study is currently following the health of 500,000 adults. Just a day after the Project Baseline announcement, <a href="http://www.gla.ac.uk/news/headline_522765_en.html">a study using U.K. Biobank data</a> indicated bicycling to work was associated with a 46 percent lower risk of heart disease. </p>
<p>My team is working with brain scans of up to 10,000 children, to look at how brain growth correlates with disease status, age, phenotype, genetics and other characteristics. As a biomedical engineer, I am focused on building tools that allow neuroscientists and psychiatrists to ask the hard questions and discover others we didn’t know we could or should ask. We begin to model and understand differences, and Verily is going to see the same sort of thing.</p>
<p>Researchers need large amounts of data to test many ideas and uncover subtle relationships. The less well-framed an idea is, the more data we need to collect, in order to better understand the connections between genetics, environment and health. </p>
<h2>New applications</h2>
<p>Where Project Baseline stands to break new ground in medical research that tracks people over time is in its use of wearable devices.</p>
<p>Project Baseline continues a 2014 pilot study of 200 healthy participants that included both a comprehensive health assessment and data collection through wearable devices.</p>
<p>The new study could help advance Google’s wearable devices from general wellness products – which are not regulated by the U.S. Food and Drug Administration (FDA) – to medical devices that capture specific information, with their safety and benefits proven to the FDA. </p>
<p>That’s really exciting because, while everyone loves their Fitbit, we don’t know which diseases could be mitigated by using it. We could see Fitbit and similar devices being used the way doctors advise patients to use the <a href="http://khn.org/news/self-health-care-kiosks-walmart/">automated blood pressure cuffs</a> at Walgreens: Eat a certain way, exercise a certain amount, take your medication and check the results on your device. </p>
<p>Moreover, with Alphabet/Google’s track record of affordable access to data resources (think Google Maps), Project Baseline could be a huge win for smaller companies seeking to build businesses around personal health devices. It also could open up better medical information to those in rural areas or those studying rare diseases.</p>
<p>There are implications as well for radiology, since Project Baseline will also collect medical imaging on its participants. Everybody loves to see an image. However, there is a lot of information in images that we’d like to better automatically pick out. Just as big data can improve personalized health devices, it can also boost our ability to extract subtle signs of disease in images. </p>
<h2>Doing big data right</h2>
<p>My team looks at data in anonymous ways, in order to protect the privacy of the patients who donated it. For example, in addition to removing patient names, we are careful to protect dates of visits and other information unique to a patient.</p>
<p>Verily’s newest project could have exciting implications for groups like ours, as the organization promises to provide anonymous data to qualified researchers. It will be critical for Verily <a href="https://victr.vanderbilt.edu/pub/biovu/">to build trust</a> in the anonymous nature of this data. </p>
<p>Patients generally don’t mind being seen at a teaching or research hospital, knowing that doctors will learn from their care, but they absolutely don’t want their insurance agents or co-workers to know what treatments they might be receiving. The same goes for real-time health data like the kind that Project Baseline is collecting. Verily must ensure that there is no way to connect the data back to individual subjects, just as we are doing. </p>
<p>In addition, the deep level of these medical records can open unlimited possibilities in computer-guided health care. But, for any such work, it’s essential that you are able to check your results. If, for instance, we suspect that a particular brain area develops earlier than another, we can design the model in one data set, then show with another subgroup from the data that, in this population that we studied, our finding still holds true. Project Baseline will provide a wealth of data to develop new hypotheses and to replicate results from other studies.</p><img src="https://counter.theconversation.com/content/76620/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Bennett Allan Landman receives funding from the National Science Foundation (NSF) and the National Institutes of Health (NIH). </span></em></p>Project Baseline opens up new opportunities in health care, both for the researchers working with big data and for consumers who want more sophisticated ways to track their health.Bennett Allan Landman, Associate Professor of Electrical Engineering, Computer Science, Biomedical Engineering, Radiology, Image Science, and Psychiatry and Behavioral Sciences, Vanderbilt UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/690262016-12-08T02:11:30Z2016-12-08T02:11:30ZProtect your privacy during turbulent times: A hacker’s guide to being cyber-safe<figure><img src="https://images.theconversation.com/files/148462/original/image-20161202-25653-5bctr2.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">If only it were this easy.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/pic-516573574/">'Keyboard' via shutterstock.com</a></span></figcaption></figure><p>Protecting individual privacy from government intrusion is older than American democracy. In 1604, the attorney general of England, Sir Edward Coke, ruled that <a href="http://groups.csail.mit.edu/mac/classes/6.805/admin/admin-fall-2005/weeks/semayne.html">a man’s house is his castle</a>. This was the official declaration that a homeowner could protect himself and his privacy from the king’s agents. That lesson carried into today’s America, thanks to our Founding Fathers’ abhorrence for <a href="https://theconversation.com/feds-we-can-read-all-your-email-and-youll-never-know-65620">imperialist Great Britain’s unwarranted search and seizure</a> of personal documents. </p>
<p>They understood that everyone has something to hide, because human dignity and intimacy don’t exist if we can’t keep our thoughts and actions private. As citizens in the digital age, that is much more difficult. Malicious hackers and governments can monitor the most <a href="http://www.barrons.com/articles/no-such-thing-as-privacy-in-the-modern-campaign-1455944517">private communications, browsing habits and other data breadcrumbs</a> of anyone who owns a smartphone, tablet, laptop or personal computer.</p>
<p>President Trump’s <a href="http://townhall.com/columnists/timsummers/2016/02/19/you-have-something-to-hide-n2121644">criticism of</a> <a href="http://www.theverge.com/2016/2/17/11031910/donald-trump-apple-encryption-backdoor-statement">encryption technology</a> and <a href="http://fortune.com/2016/11/09/trump-encryption-surveillance-policy/">interest in expanding government surveillance</a> have <a href="http://www.forbes.com/sites/valleyvoices/2016/11/30/how-a-trump-presidency-will-erode-cyber-privacy-and-national-security/">technologists and civil libertarians deeply concerned</a>.</p>
<p>As an ethical hacker, my job is to help protect those who are unable, or lack the knowledge, to help themselves. People who <a href="http://rave.ohiolink.edu/etdc/view?acc_num=case1427809862">think like hackers</a> have some really good ideas about how to protect digital privacy during turbulent times. Here’s what they – and I – advise, and why. I have no affiliation or relationship with any of the companies listed below, except in some cases as a regular user.</p>
<h2>Phone calls, text messaging and email</h2>
<p>When you’re communicating with people, you probably want to be sure only you and they can read what’s being said. That means you need what is called “end-to-end encryption,” in which your message is transmitted as encoded text. As it passes through intermediate systems, like an email network or a cellphone company’s computers, all they can see is the encrypted message. When it arrives at its destination, that person’s phone or computer decrypts the message for reading only by its intended recipient. </p>
<p>For phone calls and private text-message-like communication, the best apps on the market are <a href="https://www.whatsapp.com/">WhatsApp</a> and <a href="https://whispersystems.org/">Signal</a>. Both use end-to-end encryption, and are free apps available for iOS and Android. In order for the encryption to work, both parties need to use the same app.</p>
<p>For private email, <a href="https://tutanota.com/">Tutanota</a> and <a href="https://protonmail.com/">ProtonMail</a> lead the pack in my opinion. Both of these Gmail-style email services use end-to-end encryption, and store only encrypted messages on their servers. Keep in mind that if you send <a href="https://tutanota.com/blog/posts/encryption-percentage">emails to people not using a secure service</a>, the emails may not be encrypted. At present, neither service supports PGP/GPG encryption, which could allow security to extend to other email services, but they are reportedly <a href="https://protonmail.com/support/knowledge-base/sending-a-message-using-pgppgp/">working on it</a>. Both services are also free and based in <a href="http://dx.doi.org/10.1145/2852233">countries with strong privacy laws</a> (Germany and Switzerland). Both can be used on PCs and mobile devices. My biggest gripe is that neither yet offers two-factor authentication for additional login security.</p>
<h2>Avoiding being tracked</h2>
<p>It is less straightforward to privately browse the internet or use internet-connected apps and programs. Internet sites and services are complicated business, often involving loading information from many different online sources. For example, a news site might serve the text of the article from one computer, photos from another, related video from a third. And it would connect with Facebook and Twitter to allow readers to share articles and comment on them. Advertising and other services also get involved, allowing site owners to track how much time users spend on the site (among other data).</p>
<p>The easiest way to protect your privacy without totally changing your surfing experience is to install a small piece of free software called a “browser extension.” These add functionality to your existing web browsing program, such as Chrome, Firefox or Safari. The two privacy browser extensions that I recommend are <a href="https://github.com/gorhill/uBlock">uBlock Origin</a> and <a href="https://www.eff.org/privacybadger">Privacy Badger</a>. Both are free, work with the most common web browsers and block sites from tracking your visits.</p>
<h2>Encrypting all your online activity</h2>
<p>If you want to be more secure, you need to ensure people can’t directly watch the internet traffic from your phone or computer. That’s where a virtual private network (VPN) can help. Simply put, a VPN is a collection of networked computers through which you send your internet traffic. </p>
<p>Instead of the normal online activity of your computer directly contacting a website with open communication, your computer creates an encrypted connection with another computer somewhere else (even in another country). That computer sends out the request on your behalf. When it receives a response – the webpage you’ve asked to load – it encrypts the information and sends it back to your computer, where it’s displayed. This all happens in milliseconds, so in most cases it’s not noticeably slower than regular browsing – and is far more secure.</p>
<p>For the simplest approach to private web browsing, I recommend <a href="https://www.f-secure.com/en_US/web/home_us/freedome">Freedome by F-Secure</a> because it’s only a few dollars a month, incredibly easy to use and works on computers and mobile devices. There are other VPN services out there, but they are much more complicated and would probably confuse your less technically inclined family members.</p>
<h2>Additional tips and tricks</h2>
<p>If you don’t want anyone to know what information you’re searching for online, use <a href="https://duckduckgo.com/">DuckDuckGo</a> or <a href="https://search.f-secure.com/">F-Secure Safe Search</a>. DuckDuckGo is a search engine that doesn’t profile its users or <a href="https://duckduckgo.com/privacy">record their search queries</a>. F-Secure Safe Search is not as privacy-friendly because it’s a collaborative effort with Google, but it provides a <a href="https://search.f-secure.com/about">safety rating for each search result</a>, making it a suitable search engine for children. </p>
<p>To add security to your email, social media and other online accounts, enable what is called “<a href="https://www.turnon2fa.com/">two-factor authentication</a>,” or “2FA.” This requires not only a user name and password, but also another piece of information – like a numeric code sent to your phone – before allowing you to log in successfully. Most common services, like <a href="https://www.google.com/landing/2step/">Google</a> and <a href="https://www.facebook.com/TurnOn2FA">Facebook</a>, now support 2FA. Use it. </p>
<p>Encrypt the data on your phone and your computer to protect your files, pictures and other media. Both <a href="https://ssd.eff.org/en/module/how-encrypt-your-iphone">Apple iOS</a> and <a href="http://www.greenbot.com/article/2145380/why-and-how-to-encrypt-your-android-device.html">Android</a> have settings options to encrypt your mobile device.</p>
<p>And the last line of privacy defense is you. Only give out your personal information if it is necessary. When signing up for accounts online, do not use your primary email address or real phone number. Instead, create a throw-away email address and get a <a href="https://www.google.com/voice">Google Voice number</a>. That way, when the vendor gets hacked, your real data aren’t breached.</p><img src="https://counter.theconversation.com/content/69026/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Timothy Summers is the CEO of Summers & Company, a cyber strategy consulting firm. That company does not conduct intrusion response work, but does advise clients about minimizing risk of future cyberattacks. He also has provided input to other companies in support of their development of cybersecurity training programs.</span></em></p>People who think like hackers have some really good ideas about how to protect digital privacy during turbulent times. We can learn from them.Timothy Summers, Director of Innovation, Entrepreneurship, and Engagement, College of Information Studies, University of MarylandLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/585122016-05-15T19:46:37Z2016-05-15T19:46:37ZProtecting your privacy if you use a route mapping app<figure><img src="https://images.theconversation.com/files/121834/original/image-20160510-20595-4uiy81.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Route mapping apps such as Strava are popular with cyclists, but you need to protect your privacy</span> <span class="attribution"><a class="source" href="http://www.shutterstock.com/gallery-1368298p1.html?cr=00&pl=edit-00">Shutterstock/antb</a></span></figcaption></figure><p>There are plenty of smartphone apps that can help map your movements as you are driving, cycling, running or just out for a good walk. Many of these apps encourage you to share your route publicly on websites or with friends on social media.</p>
<p>Some people even go to extreme lengths to pre-plan their routes to produce maps with entertaining shapes.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/OsMMysaZRyg?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
</figure>
<p>What many people don’t realise is that by using such apps, you could be giving away information that could be abused by others.</p>
<p>For example, in the UK last year, police in Hull revealed how <a href="http://www.hulldailymail.co.uk/Burglars-using-cycling-8216-fitness-route-planner/story-25921158-detail/story.html">a spate of bicycle thefts</a> was linked to hi-tech thieves who used such app information to track expensive bikes online. Since many of the routes people recorded started and ended at home, the thieves were able to pinpoint the location and type of bicycle being used.</p>
<p>This is not an isolated case. There have been several other thefts prompting <a href="https://www.noworriesinsurance.com.au/blog/bike-theft-linked-gps-apps">warnings from insurers</a> that people should think more about their privacy when using such apps.</p>
<h2>Privacy zones may not be that private</h2>
<p>One approach is to mask the specifics of your “wearabouts”. Strava, for example, is a fitness app that allows people to set up a <a href="https://support.strava.com/hc/en-us/articles/216918777-Privacy-Settings#zones">privacy zone</a> to hide the start and the end points of their trip.</p>
<p>Users can enter their home address (or any other place they don’t want others to know they have visited) and create a radius of exclusion around that location.</p>
<p>The app hides the portion of a user’s activity that starts or ends in their privacy zone. But this feature, like many others that rely on not sharing data in a structured manner, simply doesn’t work, at least not against tech-savvy thieves. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/122005/original/image-20160510-29544-blpph1.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/122005/original/image-20160510-29544-blpph1.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/122005/original/image-20160510-29544-blpph1.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=402&fit=crop&dpr=1 600w, https://images.theconversation.com/files/122005/original/image-20160510-29544-blpph1.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=402&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/122005/original/image-20160510-29544-blpph1.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=402&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/122005/original/image-20160510-29544-blpph1.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=505&fit=crop&dpr=1 754w, https://images.theconversation.com/files/122005/original/image-20160510-29544-blpph1.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=505&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/122005/original/image-20160510-29544-blpph1.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=505&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">A privacy zone created around Brisbane’s central post office in this example (green circle). The portions of the routes that are inside the privacy zone (dashed red lines) are not shared with the public. Note how three different routes exiting the privacy zone would be enough to pinpoint the central ‘home’ location.</span>
<span class="attribution"><span class="source">Google Maps screenshot, modified.</span>, <span class="license">Author provided</span></span>
</figcaption>
</figure>
<p>Assume you have created a privacy zone around your house (or Brisbane GPO, as above) with a radius of 500 meters (noting that the issue will arise with any given radius). When you leave home, the data as amended by the privacy zone feature shows your starting point as being 500 metres away from your actual home. </p>
<p>Each time you pass through a new point 500 metres away (assuming you don’t always pass through the exact same point when leaving or returning home), you provide a new data point 500 metres from your home.</p>
<p>Over time these data points can be plotted on a circle, and some simple geometry can determine the radius of the circle and the centre of the privacy zone: your house.</p>
<h2>You might be sharing more than you think</h2>
<p>Even if you are a privacy-aware person and do not share your route data with strangers, there are chances that several apps and services are infringing on your privacy (sometimes unintentionally).</p>
<p>If you use sat-navs or mobile phones, then many of these devices <a href="http://news.bbc.co.uk/2/hi/science/nature/7733919.stm">share your movements with other apps</a>, albeit in an anonymised way (your movements are shared without attaching your name to them), to <a href="https://www.ncta.com/platform/broadband-internet/how-google-tracks-traffic/">improve traffic estimates</a> and to identify the location of the traffic jams to reroute you through shorter paths.</p>
<p>In addition to these devices that share data behind our backs, we are used to sharing anonymised data. We provide anonymous feedback to our teachers or bosses. We submit anonymous feedback to app developers when they crash.</p>
<p>But anonymsing data most often doesn’t work in preserving your privacy. It turns out that four anonymised spatio-temporal points (each spatio-temportal point is a measurement of your position at a different time of day) are enough to <a href="http://www.nature.com/articles/srep01376">uniquely identify (figuring out the name of) 95% of the individuals</a>. These identifications mostly rely on us being creatures of habit.</p>
<h2>What can you do?</h2>
<p>The good news is that sometimes there are convenient fixes for unintentional privacy leaks. For instance, if you want to use the privacy zone idea, you should set the centre of the privacy zone at a random location in your neighbourhood, but within the radius of privacy zone around your home.</p>
<p>This way, the thieves cannot centre in on your home inside the privacy zone. Remember if you do this, you should not frequently change the centre point (since you provide more information to the thieves).</p>
<p>Another fix is something that apps such as Strava could develop in the future. It could allow the use of random shapes for the privacy zone.</p>
<p>The common theme between these two fixes is randomness, which takes away hidden structures that can be used to identify your private information (without your knowledge).</p>
<p>We need to remember that there is always a trade-off between privacy and utility. I can stop sharing everything by not using any online services and connected devices, but then I will be lost every time that I am driving to a new location.</p>
<p>Sometimes, it is perfectly fine to share a bit to receive great services. For instance, I personally would be happy to share my position in real-time on my way to work and back so long as no one can infer where my home is (everyone can figure out where I work by a simple Google search, so that’s not an issue).</p>
<p>The first step in preserving our privacy is to understand how much of it we are losing, such as the extent to which privacy-preserving features actually work, and any unintended consequences of their design.</p>
<p>In this quest, an important thing that we need to remember is that common sense might not align with reality: privacy zone and anonymisation don’t work, at least not without careful consideration.</p><img src="https://counter.theconversation.com/content/58512/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Farhad Farokhi receives funding from the University of Melbourne and the Australian Research Council. </span></em></p>If you use one of the many apps to map your walking, jogging or cycling route then you could be giving away information that could be abused by others.Farhad Farokhi, Research fellow, The University of MelbourneLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/570442016-04-15T02:00:40Z2016-04-15T02:00:40ZAustralia’s waterbirds are disappearing – but nuclear physics can help save them<figure><img src="https://images.theconversation.com/files/118236/original/image-20160412-21989-1nowvr.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Straw-necked ibis gather to breed. </span> <span class="attribution"><span class="source">Kate Brandis</span>, <span class="license">Author provided</span></span></figcaption></figure><p>When wetlands flood they become full of life. They are spectacularly beautiful and noisy. There is nothing quite like the sound of a wetland when thousands of birds come together to take advantage of the newly created habitat.</p>
<p>Ibis, spoonbills, egrets, herons, cormorants and pelicans all congregate in large numbers, tens to hundreds of thousands, to breed when wetland conditions are good. These gatherings of birds are spectacular, but a mystery remains: where do they come from, and where do they go?</p>
<p>These questions aren’t trivial. <a href="https://www.ecosystem.unsw.edu.au/content/rivers-and-wetlands/waterbirds/eastern-australian-waterbird-survey">Over the past 30 years waterbird populations have declined</a> as opportunities for breeding have disappeared, mainly <a href="http://www.sciencedirect.com/science/article/pii/S0006320708000451">due to water resource development</a>. </p>
<p>Worldwide, wetlands have been lost or are under threat from water resource development, agricultural development and climate change. In Australia we have <a href="http://link.springer.com/article/10.1023%2FA%3A1008495619951#page-1">lost an estimated 50% of wetlands since European settlement</a>. </p>
<p>The loss of wetlands has serious implications for wildlife. Many species are wetland-dependent throughout their lives while others, such as some species of waterbirds, rely on wetlands as places to breed.</p>
<p>Knowing which wetlands waterbirds use when they aren’t breeding will help us figure out which places we need to protect. So the Centre for Ecosystem Science, UNSW and the Australian Nuclear Science Technology Organisation have developed a new technique to analyse Australian bird feathers using nuclear physics. </p>
<p>Now we want you to <a href="http://feathermap.ansto.gov.au/">send us waterbird feathers</a> so we can build an Australia-wide map of where our waterbirds go. </p>
<h2>High-tech tracking</h2>
<p>Traditional tracking methods such as leg banding and satellite trackers have had limited success and can be expensive. So we looked for a cheaper and more effective method. And what could be easier than collecting bird feathers? </p>
<p>Feathers are made of keratin (the same material as human hair and nails) and as they grow record the diet of the bird in chemical elements. Once fully grown, feathers are inert – they no longer change. </p>
<p>Chemical elements (carbon, nitrogen, hydrogen, oxygen) exist in a number of different forms known as isotopes. Some isotopes of some elements are radioactive, but many elements have stable, non-radioactive isotopes. The relative proportion of different isotopes can be <a href="http://www.pnas.org/content/95/26/15436.full">explicitly linked to a specific location</a>, as has been done for monarch butterflies in North America.</p>
<p>To test whether this could be applied to Australian wetlands and waterbirds I did a pilot study in 2010-11. Widespread flooding in the Murray-Darling Basin resulted in colonial waterbirds breeding at a number of wetlands including the Gwydir wetlands, Macquarie Marshes and Lowbidgee wetlands. These three wetlands are geographically distinct, spread across the Basin from north to south. </p>
<iframe src="https://www.google.com/maps/d/u/0/embed?mid=zXUWIAKxCpHk.kEeaM7o1lrDI" width="100%" height="480"></iframe>
<p>We used feathers from chicks and juveniles, because they are eating food from only the wetland where they were hatched and so provide a unique signature for that wetland. </p>
<p>We tested the feathers using two techniques: one to look at the elemental composition of feathers, and the other to measure the amount of two particular isotopes, carbon-13 and nitrogen-15.</p>
<p>Results from these analyses showed that we were able to distinguish between the three wetland sites based on the elemental composition of the feather and the isotopic composition. </p>
<p>Either technique showed the ability to distinguish between wetland sites. Combined, they should be able to provide greater spatial accuracy in identifying the wetland at which the feather was grown. With the knowledge that wetlands have their own unique elemental and isotopic signature, we are expanding the study nationally. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/118237/original/image-20160412-21989-1l2w9sl.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/118237/original/image-20160412-21989-1l2w9sl.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/118237/original/image-20160412-21989-1l2w9sl.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/118237/original/image-20160412-21989-1l2w9sl.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/118237/original/image-20160412-21989-1l2w9sl.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/118237/original/image-20160412-21989-1l2w9sl.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/118237/original/image-20160412-21989-1l2w9sl.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/118237/original/image-20160412-21989-1l2w9sl.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Sunset at an ibis colony.</span>
<span class="attribution"><span class="source">Kate Brandis</span>, <span class="license">Author provided</span></span>
</figcaption>
</figure>
<h2>Building a ‘feather map’</h2>
<p>The Feather Map of Australia is a citizen science project that aims to map the signatures for as many wetlands across Australia as possible. To do this we have asked interested members of the public to collect feathers from their local wetlands and contribute them for analyses. </p>
<p>Once analysed, we will have an isotopic map of wetlands against which we can track waterbird movements. Feathers collected from chicks and birds that don’t move large distances will provide us with a signature for that particular wetland. We can then analyse the feathers of birds that do travel long distances and match the signature in their feathers against those of wetlands, telling us where these birds have been. </p>
<p>The signature will not tell us all the movements a bird has made, but it will tell us where it was when it grew the feather. And this will also give us information about the health of the wetland based on what food the bird has eaten and how long it took to grow the feather.</p>
<p>Knowing the movements of waterbirds helps identify wetlands that are important waterbird habitats. This knowledge can be used to provide information to policymakers and land and water managers for improved water delivery, wetland management and decision-making, and ultimately protect wetlands and waterbirds. </p>
<p><em>Read more on how to <a href="http://feathermap.ansto.gov.au/GetInvolved/index.htm">send feathers to scientists</a> and help build the Feather Map of Australia.</em></p><img src="https://counter.theconversation.com/content/57044/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Kate Brandis receives funding from Australia Nuclear Science Technology Organistion and the UNSW.</span></em></p>Bird feathers can tell us a lot about their owners and the places they visit.Kate Brandis, Joint Research Fellow, Centre for Ecosystem Science, UNSW and Australia Nuclear Science Technology Organisation, UNSW SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/501232016-02-21T19:03:22Z2016-02-21T19:03:22ZImagine what we could learn if we put a tracker on everyone and everything<figure><img src="https://images.theconversation.com/files/101520/original/image-20151111-21201-de6ac4.jpg?ixlib=rb-1.1.0&rect=595%2C70%2C3552%2C2151&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Imagine if all these people were gathering valuable data for public benefit?</span> <span class="attribution"><span class="source">Scott Cresswell/Flickr</span>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span></figcaption></figure><p>We can learn a remarkable amount of information about an individual, such as their health or safety, and about the surrounding environment simply by placing a tracking device on them.</p>
<p>For example, consider the recent <a href="http://www.bbc.co.uk/news/world-asia-china-33844084">Tianjin chemical warehouse explosions</a>, which killed 173 people. Investigators found that the explosions occurred because the warehouse was storing hazardous material <a href="http://www.pddnet.com/news/2016/02/chinese-investigators-blame-illegal-chemicals-tianjin-port-explosion">both unsafely and illegally</a>. </p>
<p>What if authorities had received early warning of this illegal stock limit, or of the condition of the nitrocellulose which sparked the fire when it dried out and overheated?</p>
<p>This is where tracking can help solve problems and, most importantly, save lives. At CSIRO’s <a href="http://www.csiro.au/en/Research/D61">Data61</a>, we have developed a personal safety badge for ensuring safety in the workplace. </p>
<p>The badge tracks the wearer’s position both indoors and outdoors via Bluetooth and GPS, and picks up exposure to harmful gases and radiation through dedicated sensors. The primary aim of the badge is to detect any elevated levels of exposure to chemicals or radiation and to notify the worker and the employer for remedial action.</p>
<p>Workers using the safety badge effectively become mobile sensors that can tell us what is happening in the entire workplace site. Because they move around, the badges can sample the area at different locations and times, allowing us to cover the site much more effectively and affordably than with current fixed sensors. </p>
<p>If workers at chemical warehouses such as Tianjin were wearing such badges with the appropriate sensors, elevated levels of harmful chemicals could have been detected early to alert the authorities and prevent any disasters from occurring.</p>
<h2>Micro in size, macro in potential</h2>
<p>Tracking of individual animals is equally insightful. We placed tiny solar-powered tracking devices on flying foxes that included GPS and other sensors that could monitor temperature, pressure, solar exposure and sound. </p>
<p>The information from these sensors not only tells us a great deal about how bats disperse seed across the landscape, but also gives us insight into the animal’s capacity to spread viruses.</p>
<p>The tagged animals also effectively become mobile environmental sensors. They can reveal valuable information about the environmental conditions in large swathes of the landscape for which we never before had access to. </p>
<p>For instance, temperature data from moving sensors tells us about conditions at the locations where the animals are travelling. A microphone can even capture the soundscape from remote and inaccessible areas.</p>
<p>Similarly, one can place trackers with gas or noise sensors on public transport fleets, such as shared public bicycles, buses, trains, trams and ferries. These vehicles then provide a mobile pollution or noise monitoring infrastructure for the city for minimal cost.</p>
<p>As sensors shrink in size, it will become feasible to incorporate more of them on the trackers. Sensors that detect threats to human health or the nation’s biosecurity will soon find their way into these tiny devices. As a result, the mobile trackers will be able to provide early warning of harmful threats in their vicinity.</p>
<p>Naturally, ethical and legal questions around privacy, data ownership and reuse will have to be considered in both public and private sectors.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/101517/original/image-20151111-21223-gsrks0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/101517/original/image-20151111-21223-gsrks0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/101517/original/image-20151111-21223-gsrks0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=328&fit=crop&dpr=1 600w, https://images.theconversation.com/files/101517/original/image-20151111-21223-gsrks0.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=328&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/101517/original/image-20151111-21223-gsrks0.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=328&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/101517/original/image-20151111-21223-gsrks0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=412&fit=crop&dpr=1 754w, https://images.theconversation.com/files/101517/original/image-20151111-21223-gsrks0.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=412&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/101517/original/image-20151111-21223-gsrks0.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=412&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">We already gather a lot of information about our selves via devices such as FitBit.</span>
<span class="attribution"><span class="source">Denis Kortunov/Flickr</span>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span>
</figcaption>
</figure>
<h2>Playing phone tag</h2>
<p>However, tracking need not rely on dedicated devices. The smartphones and wearable devices we carry every day already track our location and record information about our environment. While the public has become increasingly aware and concerned with the privacy implications, there is a silver lining for tracking people.</p>
<p>In fact, recent research has shown that location information for mobile phone use can help pinpoint the <a href="http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3675794/">sources of infectious diseases</a>, such as <a href="https://theconversation.com/au/topics/malaria">malaria</a>, at a national scale. A similar approach could be applied to other outbreaks of infectious disease. In fact, global airport traffic patterns can predict the timing of the spread of an epidemic across countries and continents.</p>
<p>In Australia, we are working on projects that use multiple types of available data on people movement, from geo-tagged Tweets to mobile phone records, to predict and preempt the spread of mosquito borne diseases like <a href="https://theconversation.com/au/topics/dengue-fever">dengue fever</a>. Such efforts offer clear potential benefits to public health outcomes, from reducing the infection rates to higher confidence in government responses.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/112098/original/image-20160219-1274-1tttvr7.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/112098/original/image-20160219-1274-1tttvr7.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/112098/original/image-20160219-1274-1tttvr7.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=330&fit=crop&dpr=1 600w, https://images.theconversation.com/files/112098/original/image-20160219-1274-1tttvr7.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=330&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/112098/original/image-20160219-1274-1tttvr7.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=330&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/112098/original/image-20160219-1274-1tttvr7.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=414&fit=crop&dpr=1 754w, https://images.theconversation.com/files/112098/original/image-20160219-1274-1tttvr7.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=414&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/112098/original/image-20160219-1274-1tttvr7.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=414&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Mobile phones can reveal useful information, such as where locals (blue) and tourists (red) take photos.</span>
<span class="attribution"><a class="source" href="https://www.flickr.com/photos/walkingsf/4671519459/in/photolist-bih5kZ-87NKYX-rDpvJS-6akRDL-9NBTQp-9NCE48-9NEKvf-5nQjPo-bsAMRW-5nQ4FW-ow7KT4-5ZkYbp-5Zqc1C-d1ooZj-4eRh8T-4CVeF7-2M3Ls5-6NShHf/">Eric Fischer/Flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span>
</figcaption>
</figure>
<h2>Eyes everywhere</h2>
<p>However, the benefits need not come at the cost of loss of privacy for individuals. It is critically important that such human tracking efforts follow strict ethical frameworks in the use of data. For instance, eliminating any identifiable information from any study is a first step, but this is insufficient.</p>
<p>Movement patterns of individuals could be used to infer their identity by tracing their most frequented locations to street addresses. Fortunately, the studies that use people movement as a proxy for disease spread can typically proceed on aggregate data from the population.</p>
<p>In that scenario, the patterns of individual movement are combined to capture how the major flows are occurring within the landscape. These flows can then be used to project the areas of highest risk of disease spread and guide targeted management actions in response to those risks.</p>
<p>Two domains where such tracking might yield the first benefits are health and biosecurity. This technology could be applied to track the geographical progress of infectious diseases, assisting with both prevention and preparation. </p>
<p>Electronic tagging of consignments of goods entering the country could assist with biosecurity, allowing us to quickly pinpoint the source of pest incursions. Transport is not far behind, with map-based applications offering updates on traffic conditions in return for sharing your position and speed.</p>
<p>Information is incredibly valuable, and tracking technology can provide a wealth of information about us and our environment. It already does so for wildlife, and it can do the same for people.</p>
<p>If we can solve the privacy and security issues, then the technology to track ever smaller things for longer durations can provide a wealth of data for building new services of public benefit. </p>
<p>The question remains: how much privacy are we happy to give up for the potential benefits new tracking technology can do for mankind?</p><img src="https://counter.theconversation.com/content/50123/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Raja Jurdak does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>If we can solve the privacy issues, placing trackers on people and the things we make can teach us a great deal about ourselves and the world around us.Raja Jurdak, Group Leader of Distributed Sensing Systems, CSIROLicensed as Creative Commons – attribution, no derivatives.