Big Tech Blocks Data Privacy Settings in Two Ways
This week, a data privacy app called Jumbo launched out of beta for Apple iOS. The tool is designed to manage complex privacy settings across a number of platforms including Google, Facebook, Amazon (Alexa), and Twitter. The platform was covered extensively in the news because, for the most part, without a Ph.D. in each of the above platforms’ user interfaces, it would take the average person about 5 hours to get the settings to where Jumbo can take you in 3 minutes.
I’m not an investor in Jumbo and have no relationship with the company (here’s a smart Medium author who does.) That said, I’ve been looking for applications and solutions to the broad questions about solving data privacy because innovation in this space has not progressed at the pace it should. Why is that?
The Not-So-Hidden Barriers to Privacy
Privacy is a battleground in big tech. For many businesses, building a data platform that gathers information is often worth more than the actual service being provided. This is certainly true for Pokémon Go, arguably one of the best examples of a data-mining experiment with global, addictive appeal. But to some degree, every major platform that gathers and mines data for use in advertising or other revenue-generating activities is guilty of taking raw-data-fuel from users and converting it to profit.
…the first barrier to data privacy by Big Tech is an impossible user journey in their design.
This need to feed on data is at fundamental odds with user data privacy. It is one thing to build privacy “options” into your platform, it is something entirely different to optimize that user journey. Facebook, Google, Twitter, and Amazon do not invest at all in making privacy controls simple. To be fair to them, it just doesn’t align with their business model and it clearly isn’t a focus for them. Even their Intelligent Assistants have no direct ability to help you solve privacy settings.
Q: Hey Siri, can you turn off my location services?
A: I can’t do that CHRISTIAN, but you can change it in Settings: [link]
– Siri telling me to fend for myself
Facebook alone has 40+ privacy settings, and as someone who has reviewed them extensively, I can tell you it is confusing as hell. So take 40 on/off switches (some are more choices than that), multiply it by the 20 apps on your phone that have similar settings, and you will find 2^800 (6.668014e+240) combinations of on/off settings for your privacy levels. That is the number “6” with 240 zeros after it, in case you don’t speak geek. Remember, that is just for the privacy settings. The act of actually deleting some of your histories is another labyrinth user journey.
So the first barrier to data privacy by Big Tech is an impossible user journey in their design. Make it hard enough for users to literally just say “stop freaking tracking me” and most people give up. The second barrier (and the reason for my article title) is the lack of API access, or advanced programmatic interface, to the privacy controls themselves.
APIs For Privacy Are Non-Existent
Jumbo’s app is pretty straightforward. A user of Jumbo enables the app to manage privacy settings for any supported platform (like Facebook) by entering their user credentials. From there, Jumbo logs into each platform and then mimics a user tapping the various menu controls to set the new privacy levels desired. In other words, Jumbo (or any app trying to access privacy controls across platforms) does not have API access to these settings. Instead, Jumbo is essentially “tapping” the buttons as you would. And herein lies the problem.
Facebook can stop them from doing this.
So can Twitter, Amazon, Apple, Google, and just about any other program because most platforms specifically state in their terms and conditions that this is not a permissible activity. And then…
17. We may enforce against your app or website if we conclude you have violated our terms or are negatively impacting the Platform, and we may suspend your app or website, with our without advance notice, while we investigate suspected violations of our terms. We may or may not notify you in advance. — developers.facebook.com/policy/
To again be fair to these major platforms, letting programs emulate human activity is one of the simplest ways bots and automated clicking programs completely ruin your data and much of your value proposition. These automated programs are behind a ton of “click-fraud” where devices are set up to run these exact types of routines. So Facebook can both block apps like Jumbo from doing this, and they can also just stop it by putting a Captcha-type solution in front of their privacy controls, which is usually enough to stop this type of activity.
The good news is that Facebook’s new focus on building a privacy-minded internet will mean that they are surely going to expose a robust API to all of their privacy settings, right?
[queue crickets. crickets]
The issue here is that data platforms that host massive quantities of personal data have never wanted programmatic access that would essentially prevent them from gathering data. Data is their business and the imbalance of value that they get from your “free” personal data is just too great to have some pesky little apps get in the way.
We applaud Jumbo’s simple interface and approach to giving users more control over their data on the world’s biggest platforms. This is a step in the right direction. But so long as Facebook, Google, Amazon, and even Apple limit, throttle, or downright refuse to build APIs that allow programmatic control over privacy, the real innovation in data privacy will remain hidden.
This brings us to two very important questions all data privacy advocates need to be on the watch for:
1) Will Facebook (or any of the other platforms) block the Jumbo App?
2) Will Big Tech (and small) ever open up a robust API for controlling privacy settings?
We will all be watching.