"Resistance is Futile"™
Initially published on LinkedIn
TL;DR: Having wormed their way as indispensable elements of our modern daily life, a number of tech companies are now exercising their exorbitant influence to coerce the user into doing things their way. There is very little that the average user can do about this, short of joining the Amish or shifting to all open-source products (some might argue that I repeat myself). This strong-arming takes one concrete form with Google's recent update to the Android operating system (version 10).
Android 10
Take Google's latest Android operating system "upgrade". In addition to its various new features is the gem from this article's main figure:
This app won't work properly unless you allow Google Play
services' request to access the following:
* Microphone
* Phone
* Body Sensors
* SMS
To continue, open Settings, then Permissions, and allow
all listed items.
You are welcome to refuse to set these permissions, but then Google helpfully reminds you, every single time you send an SMS, that the permissions are improperly set and need to be fixed. Again ... and again ... and again ... and again... and again... and again ... you see why this might feel a little coercive?
Why should we care?
So, Google wants access to some of your phone's sensors. Doesn't every app? Why should you care?
Well, for starters, just having access to your microphone means that permissioned apps (or whoever ends up controlling them) can record any conversation within earshot of your phone, whether it's in your bedroom, your doctor's office, or your bathroom. This includes conversations by you, your friends, and your associates, which could then be used to generate deepfakes that put arbitrary words into your colleagues' mouths. Worse yet, audio data captured by your phone's microphone can also be used to log your keyboard translating keyboard sounds into keyboard characters (and thus being able to "hear" what you type - your credit card, your password, your love letters, ...).
"But wait, there's more!"
Besides silly emojis and flirtatious banter, SMS message are often used for two-factor authentication, and apps that can intercept them (either by design, or because they are compromised by third parties) can use such permissions to compromise your accounts.
Better yet, the "Body Sensors" permission gives access to health data, which includes heart-rate monitors, fitness trackers, and the like. Wouldn't your health insurance company, potential employer, or even curious date want to know whether you have a heart problem, do exercise regularly, or sleep well at night? Movement data can be linked even further to your political and religious interests, friends and consorts (both licit and illicit), or even sexual proclivities.
I have nothing to hide.
Google is a trustworthy company, and, anyway, doesn't it have access to all this data already? In the bastardized words of the old bard:
But Facebook says he was ambitious;
And Facebook is an honourable company.
'Tis true that Google has done great things, but its data will remain with the company forever ... even as the "Don't Be Evil" CEO is replaced by the "Do the right thing" CEO, and subsequently, perhaps, the "Do the right things for the most important shareholders" CEO. This type of "innocent" data can not only compromise the ability of your (and your friends) to function in the modern world, it can shift democratic elections.
Don't like it - don't use it?
But, you are under no obligation to use Google's services! They are a private company, and are entitled, in a free country, to place whatever constraints they want on their service. If you don't like what they have to offer, use a different service, or create your own.
So, Joe User has the option to either switch to a different company, which acts similarly, or take a few years to complete a PhD in computer engineering, fight through the market, and produce a competing product that no one else will use. Hardly seems reasonable!
How to respond?
Ok ... you got me there:
Those holding their breath waiting for the big tech companies to solve this problem have already long turned blue and died (to wit, the current article).
Attempts to enshrine privacy into the law have gone nowhere, and, even if they were to get somewhere, I predict that they will be quickly circumvented even before they get passed (anyone remember the CAN-SPAM act or the National Do Not Call registry?).
So ... we're left with one random professor's writing on a linked-in profile frequented by a few former students and some random colleagues. Now there's the solution we have all been waiting for!