spinofflive
Image: Tina Tiller
Image: Tina Tiller

InternetFebruary 2, 2022

What’s the privacy cost of your ride across town?

Image: Tina Tiller
Image: Tina Tiller

A new report has found that Uber gathers more user data than almost any other ride hailing app worldwide. For IRL, Dylan Reeve explores what this means, and how worried it should make us. 

Recently, VPN company Surfshark published a blog post titled ‘The most data-hungry ride-hailing and taxi apps‘, in which it looked at popular taxi-style apps worldwide, like Uber and Ola, and ranked them based on an assessment of their privacy impact. 

“Ride-hailing has become completely digital over the last decade,” the blog post reported. “And it’s not just money we pay for this convenience, but it’s also our data.”

The study ranked 30 applications from around the world according to the “data sensitivity index” the researchers created. The highest (worst) scoring was GrabTaxi, an app widely used in Singapore and Vietnam, with 114; of the services available in New Zealand, Uber scored highest with 80 points, followed by Ola with 52.8 and Didi with 38.4.

New Zealand’s other major ridesharing provider, Zoomy, was not included in the Surfshark study, but using the framework provided with the research, The Spinoff calculated a score of 31 for Zoomy’s iPhone app.

But are these numbers useful, and what are they really measuring? 

What Surfshark has done seems unique: they gathered privacy data from the Apple App Store for each of a number of rideshare apps and created a formula to measure the privacy impact for each one. The data comes from application privacy disclosures that have to be made by software developers who are making apps for Apple devices, and data points are broken into three categories: data used to track you; data linked to you and data not linked to you. 

Uber’s app privacy summary in the App Store.

Surfshark uses a pretty simplistic formula: for each of the 32 data points Apple potentially provides details about, they allocated three points for each time it showed up in the “data used to track you” category, two points for “data linked to you” and one point for “data not linked to you”. Add all those up and you get a total. Then, to account for the added privacy implications of sharing your info, they add a 20% penalty for companies that say they share your data with third-party advertisers. 

It can all seem pretty daunting and worrisome, and when you see the details laid out, it can be hard to imagine just what a glorified taxi service needs with any of it. In the old days, we called a number and a car turned up. If things went well, the sum total of our communication with the driver was just saying where we were going. So why does Uber collect so much data?

Privacy advocate and NZ Council of Civil Liberties spokesperson Thomas Beagle points out that New Zealand’s Privacy Act contains the principle that companies should only be able to collect the data that they need to use the service offered by the company. “I support the practice of collecting just enough data and no more,” he said. “If companies are failing to do so, we need to look at ways of enforcing the law.”

But who’s to say how much data a company needs in order to run a modern taxicab service? Obviously they need to know who you are. And your credit card info to pay. And I suppose they need your location in order to pick you up. And where you’re going. And maybe your phone number for future contact. And maybe they want a photo of you for your profile. And their programmers probably want info about how well the app runs on your phone.

It’s hard to say say how much data a company needs in order to run a ride-hailing service. (Photo: Nathan Stirk/Getty Images)

When the data points are all laid out it can seem excessive, but as you look at each one it is easy to understand what the legitimate use could be. So what does Surfshark’s study really tell us?

Well, not very much. For a start, it relies on Apple’s system of demanding information from developers and showing it to users, which doesn’t actually tell us a whole lot. Firstly, it is largely reliant on an honesty system of sorts, with developers ticking check boxes when they submit their software. Apple would probably catch any big omissions, but mostly they’re relying on what’s supplied. Secondly, as users, we can’t know what actually happens to any of that data once it’s collected: does it just sit in a big file somewhere, or are the software developers using it to build advanced profiles about our day-to-day lives? 

Another limitation is that Surfshark was only able to consider the Apple versions of these apps. (At this stage, Google isn’t disclosing the same type of information for Android applications, but they’ve announced plans to implement something similar in the near future.)

The Surfshark study gives you a nice overall number, but not a clear indication of what privacy you might be giving up. Is your real name more or less “private” than your email address? In the Surfshark methodology, there is no differentiation between the sensitivity of information. 

“The privacy point-scoring system is a brave attempt at creating an index, but it’s too one-dimensional,” said Beagle. “Most importantly, there’s a big difference between a company collecting the data for itself and passing it on to others, and the 20% surcharge for data sharing doesn’t reflect that.”

All of this raises another question: what can we do about any of this, anyway? You’d assume, given the source of the research, that perhaps using a VPN might protect your privacy in these cases, but nope. Surfshark’s blog post offers no clear answers because, it seems, there aren’t any.

Almost all of the data in question is connected to information you provide when signing up to the application, or is somehow derived from your phone itself. While a VPN could disguise one or two small pieces of information, it does little to preserve your privacy from the developers of applications you’ve chosen to install. 

“Most people don’t read privacy agreements, they’re not going to review app privacy settings, and even if they did, it’s not like you can negotiate for a better arrangement,” said Beagle. “If you want to use the same app your friends are using, you have to accept the deal they offer, and that’s that.”

Ultimately, we each make choices about how worried we are about our private data, and which companies we trust with it. Despite improvements from Apple, and eventually Google, we still find ourselves really having only one decision to make about protecting our privacy: use the app or don’t. Beyond that, we don’t get much say in what data our phones will give up: trusting some big company with assorted private data is the trade-off we make in exchange for carrying a super-computer in our pocket – and for getting a cheap ride across town.

Unfortunately, Surfshark’s study, while presenting a simple number to look at, doesn’t actually shed much light on the bigger picture.

Keep going!
Image: Tina Tiller
Image: Tina Tiller

InternetJanuary 31, 2022

Blocking people is good, actually

Image: Tina Tiller
Image: Tina Tiller

It can sting to be unceremoniously blocked by an ex-partner or member of parliament, but as Josie discovers for IRL, they’re probably well within their rights. 

In 2013, writer Danyl McLauchlan asked then justice minister Judith Collins the Bladerunner replicant test question: you’re walking through the desert and you see a turtle lying on its back, struggling. You don’t help it. Why is that? “It was going to die anyway?” Collins guessed, failing the test.*

I retweeted this interaction, and Collins blocked me. Almost a full decade later, I’ve done a bunch of blocking too. I’ve blocked exes, scammers, and Disney+ – it’s not a personal attack. It’s just cleaning up.

Janaye Henry, an Auckland-based comedian, has more than 40 people blocked on Instagram and on Twitter. She says the list is “very long”, so she doesn’t bother adding it up. There are a hundred reasons she might block you, most of them deeply impersonal. The most common sin is sharing her name. “When I was a baby comedian in 2018, I used to look up my name on Twitter after a gig to see if anyone had tweeted about it – I blocked as many Janayes as I could so I could see myself.”

“This is humiliating to admit,” she says. “But it is my truth.”

She’s blocked people for having “bad takes”, for having the potential to one day criticise an appearance on Dancing with the Stars she’s manifesting, and for being her high school classmate. “I did not want them to know a single inner thought I had,” she says.

The last person she blocked on Twitter was just some guy with the bad luck to appear on her newsfeed when she wasn’t in the mood for a bad take. “Normally the people I block are older, because young people can learn,” she says.

Over the course of two decades our social media has become more complex, and the way we curate it has changed to match. Where we once immediately blocked someone on MSN, we can now choose to just mute someone on Instagram, or subtly remove them as a follower; a soft, inoffensive block.

Janaye Henry, an Auckland-based comedian, blocks people freely on Instagram and on Twitter (Photo: Supplied)

Richie Hardcore, a personal trainer and public speaker, has been extremely online for a long time. He’s learned the art of muting, limiting comments, and other good social media hygiene practices. “I’ve been working on actually using social media less, for one,” he says. This is easier said than done. He says he’s had to learn how to emotionally detach from his posts; he can’t take the comments personally. “Unless, of course, they are obvious personal attacks, which happens.”

“I’ve come to learn that people’s behaviour online is often a reflection of where they are at in life, rather than on who we are as the ‘poster’,” he says. Sometimes he gets ahead of this behaviour and limits comments from the outset. “Sometimes I just wanna share something and can’t be bothered with the time it takes to have a big back and forth,” he says. “People can take it or leave it.”

“On Instagram I don’t really block much, but I’ll restrict,” says Henry. “So they can see my content, they just can’t interact with it.” She only blocks when users are “creepy”, or when they become consistently hostile. “I give people the benefit of the doubt for quite a while,” she says. Where someone else would just block a hater, Henry thinks they might learn.

Dr Jaimee Stuart, a cyberpsychologist – yes, we have those now – and senior lecturer at Queensland’s Griffith University thinks blocking is fine as a first response. “The platforms that we go on provide us with the ability to protect ourselves in some ways, so I would say yeah, go and block that person,” she says.

“One of the reasons I think people think blocking feels so extreme is that it may hurt a relationship. But I would argue if you’re considering blocking someone in the first place, there’s something already going wrong here.”

In meatspace, when you want someone out of your life it can take months of ghosting, moving cities, or – if you’re direct – sitting them down for a friend divorce. Online, you just click a button. “When it’s got a big red button on it that says ‘block’, that can feel very final,” says Stuart. “And that can be painful.”

While Henry’s block list is largely people she doesn’t know, there are still relationships to protect. She’ll engage with critical direct messages, but the story changes when it’s in the comments section. “I’ll restrict people pretty fast when they’re getting out of line on my videos, because while I know that I can see it and feel truly nothing towards it, I know that’s not true of other people who are going to be engaging with the video,” she says. “My responsibility in holding the space online is to keep it clean and not filled with people’s bullshit opinions.”

“Of course this is one sided, because it’s my personal account. I’m not holding an open forum.”

It’s a personal account, but she’s a public figure. There’s long been an assumption that because you’ve put yourself in the public eye, you must be accountable to the public at all times. Because Instagram and Twitter are both such personal spaces, fans and haters alike can develop parasocial relationships that drive them to send messages or leave comments that should be an easy block.

Stuart says that regardless of your position in society, you have a right to feel safe. “Even those in the public eye still have that same right. There is no obligation for people to put anything or everything about themselves out there.”

Richie Hardcore, a personal trainer and public speaker, has been trying to practise good social media hygiene (Photo: Supplied)

Of course, this can be a little different for politicians. In the US, a federal appeals court ruled it was unconstitutional for then president Donald Trump to block people for criticising or mocking him. For MPs, blocking your constituent is the online equivalent of stopping them from entering your office. Obviously, constituents can still come to your actual office, and comparing Judith Collins to a Bladerunner replicant is not a legitimate piece of political feedback.

Dr Edward Willis, a lecturer at the University of Auckland’s law faculty, says New Zealand is a little less restrictive than the US.

“Constitutionally speaking, MPs are deliberately given a wide discretion to determine how they discharge the functions of their office, including how they engage with constituents,” he says. “From that perspective there isn’t any legal restriction on how MPs use Twitter. There’s not much more to it than that.”

If you’re not a politician, there’s no obligation to have your profile open to members of the public at all. “I don’t know who had the idea that we should be constantly accessible to people, and we should be constantly open to receiving criticism and advice and praise,” says Henry. “I think it’s perfectly healthy and normal to limit who’s in that pool of people.”

Hardcore says he’s happy to have a debate in good faith, but his patience and open-mindedness isn’t endless. “If what people say is untrue, or defamatory towards me, who I’m posting about or groups, or just straight-up shitty and rude, I’ll block them,” he says. “We don’t have an obligation to engage with everyone. As I said to someone lately, I wouldn’t let a bunch of strangers lecture or yell at me in the street, in person, so why would I do that online?”

He refers to a phenomenon called online disinhibition, where having a computer screen between you and the world can cause you to say things online that you’d never say to someone’s face. “They don’t see the pain their words can cause when they tell you to kill yourself,” says Hardcore. “When people are anonymous, and they don’t have to see the emotional and psychological damage they cause, they can go all out to hurt another human being on socials.” 

He points out cyberbullying of this nature could be related to rising mental health concerns for New Zealand teenagers, who are still learning how to set boundaries in real life, let alone cyberspace. “It’s important to know the difference between a discussion or argument, and when someone is deliberately malicious and hurtful, and to put boundaries up accordingly,” he says. “Blocking people is a great boundary!”

While some folk might consider being blocked – particularly by a high-profile person – an achievement, it’s usually not. That’s a troll mindset. We’re important to those we have real-world relationships with. We’re all just turtles in the desert, being ignored by Judith Collins.

*Judith Collins has since clarified that she is “always kind 2 turtles”.

But wait there's more!