no tracking, just search

Black Box Friday

Posted: 25 November, 2020 · Tweet

Since the early 1950s, the first Friday after Thanksgiving has been the designated big shopping day for a lot of individuals across the US (and this has spread to a lot of other countries). With a great deal of physical stores across the world not being able to provide normal service this year, it looks like entities like Amazon will be able to cash in from the pandemic's effects even more than they already have.

A lot of people are going to be shopping for glitzy new gadgets, a bunch of which give the appearance that they're now at bargain prices. But are purchases that you (or people you know) intend to make at risk of opening the door to more Big Tech data collection? Possibly, here's your Black Box Friday shortlist; or should we say 'watchlist':

Occulus Quest/Quest 2

Occulus produce virtual reality headsets for gaming; like the vast majority of cool ideas that eventually turn into potential tools for digital oppression, they started out in the technology department of a university, before being bought out by Big Tech. With Occulus now a Facebook product, it should be no surprise that the Quest range, which you will be able to grab off of digital shelves for a sliced price this year, has the same deeply-worrying approach to user data as the parent company. Here are a few choice notes from their data collection policy (remember this is all going to Facebook LLC):

  • We collect information about your physical features and dimensions
  • We collect information about your environment, physical movements and dimensions when you use an XR device
  • We collect information about the features you interact with on our Oculus Products.

...and how is that data used? They say

"To power social features: We use information from Oculus Products to provide user-to-user communications and other social services across the Facebook Products."

We say "to track behaviour for you know what – yes, targetting".

What's the alternative?

Pretty much all of the companies that produce this kind of technology have similar policies around collection and usage of data; unless you've got the technical werewithal to identify and block this traffic out of your network, this one is one to avoid. Pick an analog option like a Nintendo Classic Mini instead and enjoy a more retro feel to your Christmas gaming setup.

Alexa/Echo/Echo Dot

Everyone I've ever known to have an Amazon home surveillance device got it at a discount. I wonder why they do that? The thing with home surveillance technology is that the majority of people will attest to its shonky functionality in conversation. They will also accuse you of sensationalism or them having nothing to hide when it comes to the gradual creep of Amazon, Facebook, Google etc. tech into every single aspect of our private lives. From Common Sense's rundown of Amazon Alexa's privacy policy, this device could:

  • use photos to recommend new garments that will pair well with the tops and bottom the user wore
  • share data it collects with third parties for research, analytics, advertising and/or marketing, it does not state if this information is encrypted in transit… so we're guessing not
  • if paired with an IoT-enabled vacuum cleaner, it could end up mapping out your home
  • record your vocal commands, store them, and then never delete them from Amazon's databases, even if you delete them.

...and how is that data used?

The collection of data through these home surveillance devices could lead to a lot of different outcomes; the main thing outlined by the policies on Amazon's website is that this information will be used to tighten their grip on the online shopping industry. Definitely a no-go for the anti-monopolist.

What's the alternative?

If you already have one of these devices, we would suggest making it as private as possible – this article also covers non-Amazon home surveillance tech. It also, suggests a radical option: all three devices also have an additional, almost magical feature that can be used to comprehensively address every type of privacy concern: the power cord. There are also some interesting hardware projects that have come about to give people who are worried about always-on listening a better night's sleep, like Project Alias – this can even change the language that commands are communicated to the device in.

If you really like the idea of a smart home, and have some technical ability, projects like openHAB provide open source, tech-agnostic versions of this functionality that you can have a bit more control over.

FitBit Fitness Trackers – Inspire, Inspire 2, Charge

Another successful product will lose it's independence if Fitbit Inc. is gobbled up by the Alphabet data-collection behemoth by the end of this year (subject to regulatory approval). Have no fear though, Google have stated that FitBit data will be kept in a silo, away from their other sources and stores. This policy will likely stand, right up until the point at which attention has moved away from the merger – and then Google changes its policies. Your FitBit collects:

  • the number of steps you take, your distance travelled, calories burned, weight, heart rate, sleep stages, active minutes and location.

Also:

  • You can connect your Fitbit account to your accounts on other services, like Facebook or Google. If you do, the other service may send us info like your name, profile picture, age range, language, email address and friend list.

...and how is this data used?

At the moment, with the exception of devices that have been given out as a part of an employee wellbeing programme (this is another thing we'd recommend resisting; it's unlikely that a lot of good would come from your employer knowing health data), the majority of this stuff looks to be being used in order to improve services on both a meta and personal level. Looking to the future, it's wise not to take Google at their word when it comes to matters of privacy.

What's the alternative?

This is a difficult one because of the extremely sensitive nature of the data that these devices can collect. If you completely trust Apple - something which is becoming harder and harder to do - then an Apple Watch paired with an iPhone might settle your mind. Other projects have come and gone in the FOSS and pro-privacy spaces, but there is nothing of note. Garmin enable you to use a large quantity of their device's functionality without creating an account and therefore trails of linked data. There is also a bridge for Android, available from the FDroid store, which allows you to use some devices without needing to connect to proprietary/closed source tools.

Facebook Portal

Aren't new things supposed to have more functionality? Portal is a one-of-its-kind, a device which seems to have almost solely been constructed as a physical version of an application, this being Facebook Messenger. You can use the SuperFrame functionality to display pictures from your Instagram or Facebook profile in your home, as well as using the Portal browse the Web, someone at Facebook missed the memo on smartphones. The Portal collects:

  • the same kinds of information as when you use Facebook products on your other devices ... including the fact that you logged into your account or how often you use a feature or app
  • [it can also include] the frequency and length of your calls

...and how will this be used?

To target ads, Facebook's bread and butter. There is definitely a bigger narrative here around a network, which has seen a slight decline of recent, putting out devices that tie users into messaging platforms such as Facebook Messenger and WhatsApp in order to keep the flow of data coming in.

What's the alternative?

As it says on the Privacy section of the Portal Amazon page: clear and simple settings mean you're always in control. You can easily disable the camera and microphone; a clear and simple solution to the problem of having more Big Tech devices in your house is to not buy them. Load up your computer with some privacy-protecting software (Little Snitch for example) and use things that aren't Facebook or Amazon-adjacent for talking to friends and family: messengers such as Signal (also does video calls) or Threema, and video-calling software such as Jitsi.

Google Nest Audio/Mini

If you hadn't already cashed in on your FREE home surveillance speaker through Spotify this year (why do these companies always want to give these things away?) then you might be looking to grab some of Google's audio technology in order to supercharge your sound setup. Let's take them at their word that the wake word is needed for Google to activate (a bunch of people have verified this via wireshark) and ask yourself what benefit you gain from increasing your data surface with Google via your usage metadata? And are you technologically savvy enough to protect against people who could benefit from hacking an always-with-power microphone that sits inside your home? From the Google Assistant Data security and privacy page:

  • if you have enabled the Web & app activity setting, Google Assistant and Home apps can use your search history to provide you with better, more helpful answers
  • your device contacts or activity on Google sites and apps (if permitted)
  • information from your Calendar
  • your current location.

..and how will this be used?

The available policies on the Google site indicate that there is a decent amount of control delegated to the end-user; this being said: Google stores data about your interactions with Google Assistant on its servers, which reside in its data centres and depending on your settings, when you interact with your Assistant by voice, we may use the text of those interactions to inform your interests for ad personalisation.

What's the alternative?

On the page linked above their policy outlines how the question and answer functionality works by showing how the device answers the question: when is my mum's birthday? For which we'd recommend remembering the date and using a calendar. For the speaker functionality, if you really care about audio quality, a Google device (or any smart speaker) is not the way to go. Much better to buy from a company that focuses on manufacturing good-quality audio equipment, rather than companies attempting to bundle data-collection with mid-level bass response. For the smart capabilities, tools like Mycroft on Raspberry Pi can provide you with an open-source, privacy-focussed alternative, as well as a fun Christmas project – let's face it, having interesting tinkering projects to occupy your time is probably not a negative this year.

And Finally

There are a load of different Big Tech entities who are vying to get onto you and your family's Christmas list this year. Regardless of where you spend your money, make sure that you've had a deep think about what these devices will be hoovering up in the way of data, and if there are things that you can do to mitigate this. Obviously the easiest way to keep surveillance tech out of your house and out of your life is to avoid indulging in it in the first place. Get yourself something more independent to fill the gap, set yourself a project to complete involving tiny computers, or find a local maker or shop that's not doing too well in the current climate. We're sure they'd be much happier to see you than a faceless, data-guzzling monolith.