Would You Let Me Hold Your Wallet? Protecting Your Privacy

I asked a police officer if I could hold his wallet. He obviously said no.

I told the officer that if he let me hold it, I would not glance at his license or look at how much money he had. I’d just hold it.

You are likely wondering what would transpire to get me to ask an officer if I could hold his wallet. While this might sound like a crazy situation, my question to the officer was to help illustrate that a point he had made earlier in a presentation was flawed. Specifically, it was to help illustrate that if you download applications and visit websites, then you are likely in a similar position of being asked to hand over something important to someone asking you to trust them. Unlike the officer, if you are like most people, then you will probably not say “no” when asked if you are okay with handing over personal stuff.

The officer had just done a fantastic presentation on his role with internet safety in the local school system. He had presented information to help parents understand more about cyber bullying, internet safety, and several other student issues in a digital age. It was one comment relevant to the latest fad, Pokemon Go, that caused me to ask for his wallet, and then to write this blog.

Accessing Web Sites and Using Mobile Apps

When you use a website or when you download and use an application, you are generally are agreeing to a license or term of service (ToS) for that site or application. Many sites and nearly ever application will have you confirm that you agree to their ToS by having you click a small checkbox that often simply says you agree. If you download an app from one of the app stores, you will often get a screen that says that the app wants access to some services on your machine or phone. Chances are, you simply click the box or button and continue. This action is generally required to use the software; otherwise, if you don’t agree, then most installation ends or the page doesn’t load.

Have you ever actually read or paid attention to what you agreed to? If you have kids that are allowed to install applications, do you know what they have agreed to when an application is installed?

The Danger of Phone Apps

Many mobile applications require you to agree to give access to features on your phones. These features could be access to your contacts, to your phone, to your files, or more. Pokemon Go has gone supersonic in popularity. One of the areas where Pokemon received a lot of attention was that it requested access to features and information that didn’t seem to be necessary for playing the game. This included access to contacts, files on your mobile device and even to your calls.

Chances are, if you installed the Pokemon Go app, you clicked the button and blew past the screen asking for permission to access all of this information. The following picture shows you want Pokemon Go asks for today.

Pokemon Go

You should consider what permission you gave when you installed the application.

If you were asked for contacts, then that is access to people listed on your phone. The app might choose to contact those people. If you said okay to location, then the application can keep track of where you are, where you go, and when it was you did this. If you said okay to access to your files, then you likely gave access to everything that is on your device since everything is stored in files. if you gave access to your “phone and calls,” then you are basically agreeing to allow your calls to be monitored.

When Pokemon Go first released, contacts, files, phones and calls were included in the permissions granted by users that installed the app through the Google App Store. When Google was asked if the data on a person’s phone was going to be accessed, the reported response was that the information such as contacts and email were not being accessed. Just like I said I wouldn’t look at the officers wallet, Google said the data on a person’s phone wouldn’t be looked at.

Regardless of what a company says, if they are asking you permission and you grant it, then you have granted them access. They can say they have not accessed the information, but you gave them permission, so they could access it at any time. You removed your ability to complain when you agreed it was okay.

This is not only apps

The idea of giving away information or of giving away your rights is not limited to mobile applications. This also applies to websites. There are two common areas where people tend to misunderstand or ignore what permissions or access they’ve given away. These are in:

  1. Creating accounts
  2. “I Accept” check boxes for Terms of Service (ToS)

Do I own accounts I create on the web?

When creating an account on a site, whether it is on a service like an online email provider, a localized forum, or a social media site, you should be aware of who owns the account. Most people assume the account is theirs. They also assume it is private. Depending on the terms of service, all of these assumptions could be wrong. For example, there are some email services that can monitor your activity and then use that information to market to you.

When you create an account on the internet, it is important to realize that you are creating that account on a machine. This is a machine owned by someone else, and often owned by a company. As such, it is their machine, so they have any access to what is there that they want. This can include anything you happen to put into your account.

Accepting Terms of Service

Relevant to an account you might create is a site or apps Terms of Service (ToS). A site’s ToS is a list of rules that you agree to by either agreeing to a request, or simply by accessing a site. On many cases, you are asked to check a box saying you agree to the terms. If you say no, you are often bounced off as site. As a result, many people simply check the box and continue.

Reading the terms of service is wise. Most will state what the site or company plans to do with the information you provide. The information you provide might not be obvious. It can be as simple as your IP address along with browser information, such as your location, the machine you are using, and other sites you have possibly visited. If you create an account, that ToS will also define the privacy they are willing to provide.

The ToS might have other statements in it as well. The following is from a popular home services site:

“You agree to promptly pay <site> One Thousand Dollars ($1,000) for each item of Content posted in violation of this Agreement.”

Per this clause, if you use this site, you are exposed to being fined for thousands of dollars. This is not as unusual as you might think, but you’d only know that if you read what you are agreeing to.

Conclusion

You need to be aware of what you and your kids are agreeing to when you click on buttons or use a site. In many cases, the information you give away could be equated to handing your wallet to a stranger. This is true of all applications and all sites. You should always try to be aware of what you are agreeing to in the digital world. Not everyone is as trustworthy as your local police officers.

The Fear of Zika

mosquitoThe Zika virus has many people concerned about epidemic outbreaks across the world. Recently, a person I know posted that they were concerned with the number of reported cases of Zika in Chicago. Being in the Midwest, it seemed to her that the spread of the disease happening, and that we should be frightened for our lives. Even at a recent school board meeting, the topic of the Zika virus came up as something that schools needed to address. The fear of Zika is growing, but is it justified?

My school district is being asked to have a plan regarding protection for the Zika virus. As a result, information was presented to the school board on the Zika virus showing that the fear has been blown out of proportion to the risk. This is not to discount that there can be severe issues with Zika; there can be. The fear around this, however, needs to be put into perspective.

First, the Zika virus is spread primarily through mosquitoes, and primarily by the Aedes species of mosquitoes. It cannot be transmitted from person to person with normal contact, so if someone in Chicago has the virus, others in Chicago don’t need to ostracize that person. Being that the Aedes mosquitoes are primarily found in the tropics and very southern parts of the United States, those of us in the Midwest have very little to fear. In fact, while there have been people who have traveled outside of the United States that have contracted the virus, until recently there have not been any reports of anyone getting Zika while in the United States. Recently, a case in Miami (the hotter, lower areas of the US) was reported.

If you were to get bitten by an Aedes mosquito and get the Zika virus, there is about an 80% chance you wouldn’t even know it. Of those that do get the virus, 80% show no symptoms. Even those that do show symptoms generally don’t get sick enough to go to the hospital. The general symptoms include fever, rash, joint pain, and red eye. Some people also get muscle pains or headaches. While the symptoms can last for a few days up to a week, the virus itself last about a week for most people, although it can remain longer.

The Zika virus is real. For those of us in the Midwest, the risk of infection is near zero unless you travel out of the country or to the very southern regions. With such a near zero risk, what should be feared more than the Zika is that there are people who will sensationalize a topic to levels of causing excessive fear as well push schools create plans for protective measures on something that is unlikely to ever happen.

The state of Indiana has even allocated $3.6 million in funding to protect Hoosiers from the Zika virus over the next five years. It is amazing how much money fear can drive.

# # #

Note:
While the Zika virus is currently low risk, the West Niles virus is one that does happen in the Midwest. This post is based on publicly available information, as I’m definitely not a mosquito expert!

 

Update (8/22):

Mosquito-borne Zika cases have been found in two neighborhoods of Miami-Dade County. These are the first areas in the US, although other very southern states have potential exposure.

Perspective: Getting it Right

As we listen to the news and see various reports of incidents, it is important to remember that people see things differently. This past year there was a MEME that showed the dress that was seen as two different colors. In truth it was one dress that was specific colors, but the image could be seen differently based on the colors around it.

Similarly – the following picture shows a train. Many people see it going into the tunnel. Others see it coming out of the tunnel. If you look at it, you can actually manipulate (with your mind!) which direction it is going. It is a matter of perspective.

Just like the train’s direction and the color of a dress, before you jump on the bandwagon for a story you read in the news or hear others talk about, make sure you are seeing it from all possible perspectives before speaking out!

iSTEP – The “Standardized” Test that is not so Standardized

The expectation is that something that is standardized would be the same for all those that deal with it.

In the last few months, I’ve attended school board meetings (HSE) as well as a Listening Tour put on by our school superintendent. In these meetings, there have been a lot of questions and many answers regarding the iStep tests. The result of this information is that it is clear that the execution of the iSTEP test does not lead to the level of standardization that one would expect across the state of Indiana. In other words, the iSTEP test is not very standardized.

While Wikipedia is not the ultimate resource, it does define “standardize test” as follows:

“A standardized test is a test that is administered and scored in a consistent, or ‘standard’, manner. Standardized tests are designed in such a way that the questions, conditions for administering, scoring procedures, and interpretations are consistent and are administered and scored in a predetermined, standard manner.”

The iSTEP is believed to be standardized, and thus it is positioned to be used in evaluating teaches as well as determining if kids should progress or have remedial work done. Unfortunately, issues have been raised that draw into question whether the iSTEP really is standardized. I’ll address the two that break the concept of being a standard test:

  • Computer versus paper Testing
  • Consistent questions

Computer versus Paper Testing

Kids took the test on paper or a computer. Not all kids used the same medium for taking the test. While you could argue that reading a question on the computer is not that much different, with the current iSTEP the computer program is enhanced. This will therefore differ how questions are asked on the computer from how they are asked on paper. The end result is that the computer enhanced test is not delivered in a manner constant with the paper test.

Consistent Questions

A standardized test would ask all kids the same questions. According to what was stated at the HSE School Board meeting, two different forms were used on the test. Additionally, these two forms had questions that were different. As such, the idea of consistent questions was violated for some of the kids taking the test. Even if the differing questions are not a part of the scoring, the questions that are different would impact the thinking of the child taking the test – a ‘butterfly effect’. Having two different forms with different questions completely shatters the idea of standardized.

It would be hard to argue that the student taking the enhanced computer test in a quiet room is getting measured equivalently to the person taking the paper test in a classroom with others around. When you add that it was noted that there were issues of consistency this past year with questions on the paper test also being different from the computerized test, the delta becomes even greater. The end result is that the iSTEP fails to pass the definition of a standardized test.