privacy

Are you being stalked through your phone?

Tech and science publication Motherboard has been trying for weeks to warn a certain stalkerware company that they’ve been hacked. The app’s services are not secured, so hackers are sitting on a gold mine of exposed pictures, videos, messages and more.  

Motherboard has called out spyware providers for their deplorable security practices many times before, but these companies are all about invading privacy, so naturally they don’t care about the privacy of hacking victims.  

Stalking apps are especially vulnerable because their goal is to operate cheaply, not securely; there are hundreds vying for a slice of this business. And their customers are in no position to complain about their data being leaked – more often than not, they're using the software to commit crimes.  

What is stalkerware?

Stalkerware is what it sounds like: apps and services designed to let you track, without a user’s knowledge, things on their laptop or smartphone such as photos, messages, emails, browsing histories and GPS co-ordinates.  

Stalking apps are scarily salable. According to a study from Cornell University, there are roughly 300 apps on the market for android and iPhone.  

They’re also becoming popular with parents who want to know what their kids are up to online, but stalkerware is still mainly used by people who want to track their significant others – to find out whether a partner is cheating. And they’re commonly used by abusive ex-partners who can stalk their victims with relative anonymity. It’s invasive and creepy, and the data tracked is easy to exploit. 

Part of a bigger stalking issue

These apps and services are part of a major problem in this country, which is stalking in general. 

In just the last five years, data from StatsCan show about two million people have reported being the victims of stalking. Of those victims, only two in five report it to the police, and only a quarter of those reports ever result in charges being laid. Part of the reason for under-reporting is that more stalking is happening online, so it’s harder for police to investigate. 

Parental controls and spyware are not the same thing

Stalkerware and parental controls are very different means to the same end, which is keeping your kids safe online. Parental controls restrict the use of devices to safe situations, and block age-inappropriate websites. Stalkerware, by contrast, violates your kids’ trust by outright spying on them. 

The simplest solution is often the best

Never install stalkerware on your kids’ phones. If you’re tempted to do so, think about what that might be teaching them about what’s acceptable from authorities – it’s a slippery slope leading to an indifference about surveillance. 

 And never, ever stalk your boyfriend or girlfriend! If you care about your partner, don’t put their sensitive data in jeopardy by using these insecure apps. 

Combating the stalkerware industry

On a less personal level, payment processors such as PayPal and credit card companies should stop providing services to stalkerware firms. If they’re fined for accepting money from these apps – especially the ones that track cheating spouses – the offenses would be much harder to commit. When the cash is cut off, so is the crime.  

Services such as Find My Friends on Apple iOS devices should be updated to provide reminders to individuals on a daily, weekly or month basis if that feature is enabled on their device and whenever it is being used. GPS trackers built into modern cars should also provide audio and visual cues when they’re being tracked.

In wake of scandal and tragedy, Facebook privacy crackdown needed

It’s been a year – long enough to have forgotten the details of that Cambridge Analytica story that was all over the news last March.  

A refresher: In early 2018, Canadian-born Christopher Wylie went public with allegations that the British consulting firm Cambridge Analytica harvested private information from more than 50 million Facebook users, and shaped that data into social media strategies to support Trump’s 2016 presidential campaign. The scandal was among the first privacy issues involving Facebook, but it certainly hasn’t been the last. 

A+ for promises, D- for action

Though we have seen some efforts from Facebook to promote transparency – such as a new app to be rolled out in June that will show who paid for political ads and whom they’re targeting – Facebook is well known for making big promises about user privacy and keeping none of them. Remember when they promised a “delete your history” button in May 2018, after the backlash from Cambridge Analytica? It’s still nowhere to be seen. And that lack of follow-through is oh-so typical of Facebook. 

A wasted year

In the last year, legislators in the States have at least started to have serious conversations about what a national privacy law might look like. The American focus is on trying to rein in the power of big tech. But fast-forward 12 months and Canadian politicians have failed to create anything resembling a national data strategy. Probably because they’re more focused on winning the upcoming election than on protecting citizens’ privacy.  

What politicians should do is take Europe’s General Data Protection Regulation and Canadianize it, effectively cracking down on rule-breakers like Facebook with major fines that would have a real impact on their practices.  

Tragedy broadcast on social media

A horrific tragedy unfolded in New Zealand last week, where a terrorist attacked a mosque in Christchurch. Because Facebook is still basically a free-for-all of information dissemination, videos of the deadly shooting were live-streamed millions of times – almost instantly – on social media.  

Once digital data is created and replicated, it’s nearly impossible to control; people have created more data in the last couple of years than in all human history, and criminals are swimming in a sea of personal information that can be easily exploited.  

Who’s accountable?

New Zealand internet service providers actually blocked areas of the internet that continued to host these reprehensible materials. This was one of the most aggressive actions taken by ISPs worldwide, and it raises some thought-provoking questions regarding who should be accountable for data that’s shared online: the platform, or the internet service providers, or solely the individuals sharing it? Is there such a thing as regulated free speech? 

And while we’re on the topic: Is it really necessary for every human being to have the capability to instantly broadcast anything with zero vetting? Facebook should restrict this live-streaming capability to verified news media and individuals, so this kind of thing can’t happen in the future. 

An encouraging reaction

It was heartening to see the numbers of people across the world who refused to watch or share these violent images, in a sort of moral protest. If we really want change, though, we should be pushing our legislators to create laws that crack down on big firms that handle and distribute data.