Mobile Security:How to Secure,Privatize,and Recover Your Devices
上QQ阅读APP看书,第一时间看更新

Precursors to the smartphone revolution – Internet, social-networking, and spam

By and large, the conveniences we enjoy on our smartphones duplicate the tasks we could only do previously on our laptops and desktops. From tweets to spam, it all started on our computers, and only later moved into the mobile space.

Social networking

Facebook was not the first social networking site. Social networking, or the concept of using the Internet to form relationships and keep in touch with friends, may have begun as early as the mid 90s when sites such as Classmates.com and Geocities.com first gained prominence.

Facebook, the successful social networking site, was launched in 2004. Many of us already know the story of Facebook and its founder. Facebook originally began as a social networking site exclusive to Harvard students and alumni, but later expanded; first to all universities, and then to the general public. Today, Facebook has evolved into a complex and effective site which allows people to connect with one another in the online space. Members are no longer necessarily required to find and create their own friends network; Facebook has algorithms and automated processes which attempt to find friends for its members. In addition to the basic degrees method first pioneered by Friendster, Facebook also attempts to connect people based on criteria such as hobbies and geographical location.

The method by which Facebook collects this sort of information has even begun to expand beyond the details explicitly provided by members in their profiles. For example, Facebook has developed methods for monitoring external sites that its members visit. One that many may be aware of is the Facebook icon that adorns many websites. If a user clicks on one of these buttons, this provides Facebook with a method of linking a member's interests to their profile. What's more, this is done even if a Facebook member did not intend to provide such information to the site.

In 2006, Twitter launched with the concept that social networking may be best enjoyed in a smaller and more digestible format. Twitter's approach to social networking created a multi-layered network, whereby a visitor would easily be able to read both a particular member's post as well as the posts of that member's followed accounts. Of all of the social networking sites, Twitter may have been the most successful in the migration to the mobile space. The reason for this should be understandable; the screens on smartphones are smaller than laptop or desktop screens, and smartphones are often used in far more limited durations than computers.

The two-way street of social networking

It is important to remember that social networking is a two-way street. Users sign up for these services so that they can interact with friends and colleagues. However, many social networking sites are interested in collecting our personal information. As part of the relationship between users and social networking sites, users routinely provide personal information to these sites. Because social networking sites are businesses, they often consider customer information as one of their most valuable commodities.

With customer information, social networking sites are able to target their customer demographics for presentation to potential advertisers. In some cases, these sites even turn customer information into a commodity by selling it to other companies or parties. Finally, this information is useful as a method for pinpointing demographic deficiencies; Facebook, for example, may decide to expand its marketing for 21 to 45 year olds if it discovers a shrinking user base in that demographic.

This is important to you, the end user, because these practices place your personal information at risk; remember that protecting your information is one of the primary objectives in mobile and electronic security. As will be discussed in Chapter 3, Privacy – Small Word, Big Consequences, social networking sites do not always use personal information in the way you might intend. Also, these sites routinely share user's personal information with numerous third parties, thus further decreasing a user's ability to control their information.

2012 is the new 1984 – how companies track us

Companies have always been interested in the demographics of their customers. Before the rise of the Internet, one of the more common methods of assessing customer demographics was through polling. A company spokesman might contact a customer after they have purchased a product or service and ask the customer about their experience. The company spokesman would then use this polling information to create a profile which might represent hundreds or even thousands of potential customers; demographic information, such as race, gender, income level, geographic locale, and personal hobbies or interests might all be incorporated into such a profile.

Today, companies still create exactly these sorts of profiles, but their methods for collecting our demographic information might be surprising; they do so by tracking our computer and smartphone activities. Do you shop on Amazon or at the online stores for Target or Walmart? Do you download music through iTunes? How about social networking sites? Do you use Facebook, LinkedIn, or Twitter? If the answer to any of these questions is yes, then you have provided some or all of these companies with demographic and personal information about yourself. Just like the polls mentioned previously, many company websites use monitoring algorithms to collect information on their visitors in an effort to understand their demographics. So, you might be wondering; how do they get this information? You may think that because you didn't purchase anything from Amazon or because you provided incomplete or inaccurate information on your Facebook account, that the company does not have your personal information. However, you would be surprised at exactly how much information a company is able to collect regardless of what you choose to provide. For example, you may have only browsed the products on Amazon.com, but not actually purchased anything. What you may not know is that sites, such as Amazon often have monitoring algorithms that trace their visitors back to their geographic point of origin. What's more, by browsing for certain items, Amazon can infer what age group you're likely to be in, what your gender is likely to be, and even whether you're married or have children. This may not worry you, but consider this; if you have an account on Amazon, they can use this information on your browsing habits to target you for particular sales. Some companies, though not necessarily Amazon, even sell these profiles to other companies.

Facebook and customer tracking

The tracking habits of social networking sites can be even more worrisome. Let's consider the activities of Facebook. As a part of a Facebook profile, a user is requested to provide numerous personal details, including age, race, sex, marital status, geographic location, alma mater, and so on. Many users do not complete all of this information, choosing only to provide those details that they consider necessary for connecting with their friends. However, what many of us don't know is that Facebook can infer some of these details because the site monitors both your activities and the activities of your network of friends. The company can infer, for example, your geographic location based on the geographic location of your friends.

The danger of this sort of a practice has, unfortunately, been demonstrated by several scandals that have marred Facebook's reputation in recent years. In 2007, Facebook launched Facebook Beacon , which was a system that monitored the activity of Facebook members both within their profiles and through external sites, such as Fandango. What this means is that, if you purchased some tickets through Fandango, Fandango might, as a partner with Facebook Beacon, send this information to Facebook. The purpose of Facebook Beacon was to target advertising efforts to their members. Facebook addressed privacy concerns by arguing that no information was collected without a member's explicit approval, but they failed to specify that such approval was interpreted through acceptance of the privacy agreement. Practically, this means that every Facebook member's personal information could be collected and released to other Facebook partner companies, because everyone with a Facebook account was required to accept the privacy agreement upon signing up (http://www.zdnet.com/blog/btl/facebook-beacon-update-no-activities-published-without-users-proactively-consenting/7188).

Though Facebook Beacon was discontinued not long after its launch, other privacy scandals have continued to rock the company. In 2012, a number of users discovered that what they thought were private messages were appearing publicly on timelines (http://hypervocal.com/news/2012/facebook-bug-hack-private-messages-timeline/#). In 2011, Facebook even had to settle a lawsuit with the FTC, admitting that they had engaged in deceptive privacy practices; between 2007 and 2011, Facebook had altered their privacy agreement numerous times. Some have argued that this practice was an attempt to mislead users about their privacy rights. After all, how many of us really read the privacy agreements on websites, such as Facebook in any great depth before clicking on Accept? The manner by which these same companies, as well as hackers and other criminals, track our activities on smartphones and other mobile devices is covered in greater detail in Chapter 3, Privacy – Small Word, Big Consequences.