by Brandon Butler
Tracking, Invading, and Spying: Oh, my! 1/1/2020

Let’s wrap up the week with the news of how companies are invading your privacy, tracking your behaviors, and spying on you. Because they are.

We start with Bruce Schneier’s post on the SoCal grocery store Ralph’s obsessive and creepy tracking of every aspect of their customer’s lives:

Ralphs says it’s gathering “behavioral information” such as “your purchase and transaction histories” and “geolocation data,” which could mean the specific Ralphs aisles you browse or could mean the places you go when not shopping for groceries, thanks to the tracking capability of your smartphone.

When I lived in LA I shopped at a Ralph’s that was right around the corner from where I lived. Every time I checked out they tried to get me to sign-up for one of their loyalty/tracking cards to save 10¢ on a loaf of bread. I’d take the card, promise to fill it out, get the discount, and promptly place the thing in the trash right outside the store.

Next up, Bill Budington at the EFF is reporting on the Ring doorbell app’s excessive use of tracking software:

An investigation by EFF of the Ring doorbell app for Android found it to be packed with third-party trackers sending out a plethora of customers’ personally identifiable information (PII). Four main analytics and marketing companies were discovered to be receiving information such as the names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data on the devices of paying customers.

The danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user’s device. This cohesive whole represents a fingerprint that follows the user as they interact with other apps and use their device, in essence providing trackers the ability to spy on what a user is doing in their digital lives and when they are doing it. All this takes place without meaningful user notification or consent and, in most cases, no way to mitigate the damage done. Even when this information is not misused and employed for precisely its stated purpose (in most cases marketing), this can lead to a whole host of social ills.

Ring is a privacy fiasco. Every week there’s something new and creepy about the company. Although I wonder: if Ring had remained independent from Amazon, would they still be endlessly spying on their users and sharing camera access with the police? I can’t understand why anybody would buy a camera or install an app from Ring. I guess cause it’s cheap? This is a gross company I’d never trust to watch my home.

Kate Cox at Ars Technica is reporting on Facebook’s new “Off-Facebook Activity” tool that shows you all the ways Facebook gathers ridiculously invasive amounts of data about you:

Off-Facebook Activity is exactly what it sounds like: interactions you have with other entities, such as an app on your phone or a retailer you shop at, that Facebook receives data about. Facebook attaches that data to the rest of the information it has about you and uses it for marketing purposes.

Don’t think you can escape this data collection by deleting your Facebook account, either. They’re still collecting it and stuffing it all into a shadow profile. California users can request to see this data, have it deleted, and ask Facebook to never sell this data under the California Consumer Privacy Act. Otherwise, if you have a Facebook account, you can use their tool to see just how much activity Facebook has on you from elsewhere on the Internet, but there isn’t much you can do about it. Gross!

Finally, some ha-ha “good news,” Charlie Osborne at ZDNet is reporting that anti-virus company Avast, which has spent the last few years harvesting browsing histories and location data of their users, has decided that since they’ve been caught red-handed they’re going to shutdown the data collection subsidiary and lay off everyone. The CEO of Avast says:

“While the decision we have made will regrettably impact hundreds of loyal Jumpshot employees and dozens of its customers, it is absolutely the right thing to do. I firmly believe it will help Avast focus on and unlock its full potential to deliver on its promise of security and privacy.”

What a bunch of bullshit. This guy’s been harvesting user data for years and only today, after he’s busted by Motherboard and PCMag, does he decide that NOT spying on users is “the right thing to do.” And I love the guilt trip in here, too: “Well, now that you caught me I’m gonna have to lay off all these people. It’s really your own fault, Internet.” What a scumbag.

Congratulations! You survived another week on the Internet. Have a slice, you’ve earned it.