Microsoft TO-DO Privacy

I have to admit I really like the new Microsoft To-DO app for Windows and Android. You can create lists of to-do’s, it has a My Day function and lots of useful detail.desktop

Once I’d created my first set of serious to-do’s I suddenly realized how much sensitive data there was in my to-do’s. While I’m ok with Microsoft collecting and analyzing usage data, how many times I use the app, what platforms, where was I when I used them etc. I’m totally against them reading, copying or sharing the to-do’s with anyone that I have not explicitly authorized.

I checked a vast swathe of Microsoft web pages to see if I can find anything specific to To-Do, no luck. These included the following:

Microsoft Privacy Statement – November 2018.

My Microsoft Privacy Dashboard.

My Microsoft Account Privacy Settings.

Microsoft Office Trust Center

Reviewed the FAQ and other product pages via Microsoft Privacy Support

Visited the Trusted Cloud Privacy Center

I couldn’t find a definitive answer anywhere. Does Microsoft scan the data inside of TO-DO’s, or for that matter DOC files, XLS files shared and in the “cloud” in order to harvest trends, ad targeting etc.

For me this will be an absolute deal killer. I’ve submitted a question to the privacy team via this form, this will be interesting to follow-up on. For me, my TO-DO’s are much more sensitive, private than anything I ever posted on facebook. My support ticket number: 1463236572. Here is the text of my question.

Microsoft TO-DO is a new app for Windows and Android etc. I’ve searched the various privacy and trust dashboards and cannot find anywhere that allows me to be sure that the CONTENT of my TO-DO’s which could be highly sensitive, is not shared or read by Microsoft for any purpose except back-up and sharing among systems I choose.

For example, I may have a TO-DO that includes make bank payment to Jeff and includes his bank routing code and account number. How can I be sure you will never scan and retain or copy such data for purposes I have not explicitly authorised?

| Update 5th March 2019:  Microsoft were actually pretty good at replying, and pretty concise. Their reply came in less than 24-hours and said:

Hello,

Except as described in our Microsoft Privacy Statement, we won’t disclose your personal information to a third party without your consent. We do not use what you say in email, chat, video calls, or voicemail. Nor do we use your documents, photos, or other personal files. As of its longstanding commitment to privacy, Microsoft provides resources to help you protect your part online information. Please find additional guidance at the Privacy at Microsoft page.

Best Regards,

Microsoft Privacy

Which I read as they never process your actual data files, and sell the information contained in them. Which includes .doc, .xls, etc. So, that’s carry on with Microsoft To-Do.

15-Seconds of fame from Facebooks 15-years.

Marketplace recently tweeted asking how social media had changed or impacted your life. Of course I had a response.

They emailed today to ask if I’d record a voicemail, and used a segment of it in todays show for a segment called: “thefacebook.com” went live 15-years ago today.

In addition to what went on the show, what I also said was:

I had a facebook ID for longest time, probably from 2008-9, and following all the privacy violations and everything else, I closed my facebook account and deleted my data 2-years ago.

I do have an Instagram account but use it very sparingly; I’ve had a livejournal account since 2003, it was mostly to track my triathlon training, racing and travelling, I still have it but don’t use it these days, I’m getting old.

I’ve mostly reverted to doing everything I used to do, before facebook. There are websites that do everything that facebook does, they are different websites rather than everything being all on thefacebook, which gives Facebook way too much information, in my view.

Your infrequent reminder, Facebook is evil

They figured out how do you tweak people’s vanities and their passions and their susceptibilities and their desires in order to keep them on the site.

Source: The Central Question Behind Facebook: ‘What Does Mark Zuckerberg Believe In?’ : NPR

If you have not heard it, the above NPR Fresh Air interview by Dave Davies with Evan Osnos, a New Yorker Staff writer is well worth the listen.

Since that interview, we’ve had two more announcements of significance from Facebook.

October 11th, the evil empire announced that they’d disabled some 66 accounts or what Facebook described as:

dozens of accounts and profiles belonging to Russian database provider SocialDataHub

SocialDataHub provides analytical services to the Russian government. Facebook said SocialDataHub were “scraping” peoples information. Who knows how much information, how they used it, or who they sold it too. Facebook don’t. It looks live another 50-million accounts at least. [Check here if your account was compromised.]

The October 8th, Facebook announced their “Portal”, basically a tablet and web cam that allows you to make video calls to other Portal-users, and follows you around the room. Facebook of course says Privacy is

‘Very, Very, Very Important’

But let’s be honest, are you really willing to stay on facebook? Who in their right mind would allow facebook to live video them and not screw up the privacy, and even if they don’t, they’ll be analysing the Sh*t out of everything in every frame to identify things to sell to advertisers about you.

Can facebook do this securely and respecting your privacy? You bet your life not.

#DELETEFACEBOOK Start doing it now. #DELETFACEBOOK, and the women you will wow. (With apologies to Cole Porter).

https://www.facebook.com/help/delete_account

My other facebook posts.

Delete your Google+ profile

Google+ is what happens when you try to take on an incumbent, don’t communicate your vision, and then leave the rotting carcass to fester and be eaten by the maggots. In this case the maggots were a

security vulnerability that exposed the private data of up to 500,000 users

It turns out Google knew about the vulnerability back in March 2018, but decided not to disclose it as, as far they know, it hadn’t been exploited. If your data was upto date and complete, there was enough there to perform a rudimentary phishing attack.

In my case, my phone number, location and a number of other items were out of date, so I didn’t wait to find out what Google were going to do, I just went ahead and deleted my Google+ account. Google has also announced they will kill Google+ although it’s not clear completely what will be removed.

In the post Google+ world, it’s been clear for a while that Google is moving much of the community and information sourcing features into Google Maps.

Here is a link if you want to go ahead and delete your Google+ profile instead of waiting for Google to clean up the mess.

Source: Delete your Google+ profile – Google+ Help

Why You Shouldn’t Use Facebook to Log In to Other Sites – The New York Times

This is a good explanation of why it is way past time to stop using your Facebook ID to login to other sites. Personally while I still occasionally wish I could login to facebook to check on relatives, otherwise I don’t miss it at all.

No matter what facebook do, there will continue to be security and privacy breaches like this. Facebook wanted to become “the web” and along with that aspiration, they also became a focal point for all the hackers, scammers, and those wishing to game the system.

#deletefacebook

 

Source: Why You Shouldn’t Use Facebook to Log In to Other Sites – The New York Times

Privacy: Europe vs the USA

On a day when the likelihood is you’ve been bombarded with GDPR emails from companies you’ve done business with, or just whose websites you’ve registered with, there is no better comparison of the difference between how the European Commision and the USA are dealing with our privacy.

While the new General Data Protection Regulation comes into force tomorrow (May 25th), which isn’t as many think, a reaction to the Facebook privacy scandal, the regulation which took seven years of negotiation, and will force changes in a braod range of industries, including, but not limited to technology, advertising, medicine and banking.

Here in America, we learned this month that a company called LocationSmart is buying the real time cell phone location data obtained from the country’s largest cell giants, including AT&T, Verizon, T-Mobile, and Sprint.

We only learned, because Securus, a prison technology company, who use the data from LocationSmart, had their website tested by a researcher who was able to access the cell phone location of anyone, without consent. Apparently, while the explicit selling of cell phone location data to the Government is banned/illegal, selling it otherwise is not. We don’t even know who they are selling it to, or what it is used for.

Big business is just about making a buck. In the same way as Facebook mostly didn’t care who got your data, and what they did with it, provided facebook got their money, that made it OK. The same has been true for decades for the cable and telephone, cell phone companies.

Europe vs Facebook

The questions that Zuckerberg never answered, including this:

How will you be remembered: As one the three big internet giants along with Steve Jobs and Bill Gates who have enriched our world, or as the genius who created a digital monster that is destroying our democracy and society?

https://gizmodo.com/mark-zuckerberg-played-parliament-for-fools-and-theyre-1826227452

The Popularity Of ‘Westworld’ Points To Our Anxiety About AI

“If things play out with AI the way that they have done with Facebook, we’re in a lot of trouble.” Jonathan Nolan

Source: The Popularity Of ‘Westworld’ Points To Our Anxiety About AI, The Show’s Creators Say | Here & Now

The Data that Google has

In the push-back over the Facebook privacy scandal, many are also asking questions about the data other platforms have. Many commentators draw a parallel to Google. For my part, this is valid at least as far as tracking, visiting locations etc. goes. Since I have a Google Phone, with a Google Fi service, and I use Google Maps, I pretty much expect them to track me.

GoogleIn addition, in my prior home I had Google Fiber, plus add in all the Youtube videos, if you watch movies or listen to music on Google Play; they have my calendar; all my files in Google Drive; as much as I try not to have my photos in the cloud, they’ve almost certainly got some of them in Google Photos. I typically avoid using Google Search directly, as for the most part, my search history seems a definitive list of things I’m interested in, but it’s much more subjective than that. I prefer startpage for search.

I don’t read ebooks, but they’d have them if I did; of course I use a few Google Groups; and so on. So, it’s a pretty exhaustive list. You do need to take care if you decide to download your Google information from google.com/takeout – It can get pretty big, pretty quickly if you’ve purchased books, films, music and make extensive use of drive, in addition to all the metadata, you’ll also get all the content.

Despite all this, I feel like Google have not crossed the trust boundary. They may be using and aggregating all this data to sell to advertisers, but it’s not all clear how. It certainly isn’t obvious from the adverts. So for now, I trust Google to “Don’t be evil“.

The Data that Facebook has

Much has been written about the facebook data, Cambridge Analytica sh*t show. I was among those years ago who were warning friends not to play games that require users to permit the game access to their friends Facebook profile.

However, even I couldn’t have foreseen how the data would be used. Stunning. I have my Facebook archive from yesterday, and will be going over it in the next few days. I’ll finally #deletefacebook – deleting permanently my Facebook ID later today. In another week or so, I’ll create a new ID, strictly limited to family as friends.

The worst, in privacy terms, aspect of the Facebook data privacy failure, is the accusation that Facebook was collect phone data from android phone for years. Of course, everyone accepted the facebook app permission to access the phone, but again I suspect few thought that the Facebook would track and keep data on all calls made, even those that got a busy signal, or no answer.

I went hunting for a list of all the data Facebook collected, and found this. It appears to only be available to logged in Facebook users. I thought it worth copying over here. It’s a huge list.

What info is available? What is it? Where can I find it?
About Me Information you added to the About section of your Timeline like relationships, work, education, where you live and more. It includes any updates or changes you made in the past and what is currently in the About section of your Timeline. Activity Log
Downloaded Info
Account Status History The dates when your account was reactivated, deactivated, disabled or deleted. Downloaded Info
Active Sessions All stored active sessions, including date, time, device, IP address, machine cookie and browser information. Downloaded Info
Ads Clicked Dates, times and titles of ads clicked (limited retention period). Downloaded Info
Address Your current address or any past addresses you had on your account. Downloaded Info
Ad Topics A list of topics that you may be targeted against based on your stated likes, interests and other data you put in your Timeline. Downloaded Info
Alternate Name Any alternate names you have on your account (ex: a maiden name or a nickname). Downloaded Info
Apps All of the apps you have added. Downloaded Info
Birthday Visibility How your birthday appears on your Timeline. Downloaded Info
Chat A history of the conversations you’ve had on Facebook Chat (a complete history is available directly from your messages inbox). Downloaded Info
Check-ins The places you’ve checked into. Activity Log
Downloaded Info
Connections The people who have liked your Page or Place, RSVPed to your event, installed your app or checked in to your advertised place within 24 hours of viewing or clicking on an ad or Sponsored Story. Activity Log
Credit Cards If you make purchases on Facebook (ex: in apps) and have given Facebook your credit card number. Account Settings
Currency Your preferred currency on Facebook. If you use Facebook Payments, this will be used to display prices and charge your credit cards. Downloaded Info
Current City The city you added to the About section of your Timeline. Downloaded Info
Date of Birth The date you added to Birthday in the About section of your Timeline. Downloaded Info
Deleted Friends People you’ve removed as friends. Downloaded Info
Education Any information you added to Education field in the About section of your Timeline. Downloaded Info
Emails Email addresses added to your account (even those you may have removed). Downloaded Info
Events Events you’ve joined or been invited to. Activity Log
Downloaded Info
Facial Recognition Data A unique number based on a comparison of the photos you’re tagged in. We use this data to help others tag you in photos. Downloaded Info
Family Friends you’ve indicated are family members. Downloaded Info
Favorite Quotes Information you’ve added to the Favorite Quotes section of the About section of your Timeline. Downloaded Info
Followers A list of people who follow you. Downloaded Info
Following A list of people you follow. Activity Log
Friend Requests Pending sent and received friend requests. Downloaded Info
Friends A list of your friends. Downloaded Info
Gender The gender you added to the About section of your Timeline. Downloaded Info
Groups A list of groups you belong to on Facebook. Downloaded Info
Hidden from News Feed Any friends, apps or pages you’ve hidden from your News Feed. Downloaded Info
Hometown The place you added to hometown in the About section of your Timeline. Downloaded Info
IP Addresses A list of IP addresses where you’ve logged into your Facebook account (won’t include all historical IP addresses as they are deleted according to a retention schedule). Downloaded Info
Last Location The last location associated with an update. Activity Log
Likes on Others’ Posts Posts, photos or other content you’ve liked. Activity Log
Likes on Your Posts from others Likes on your own posts, photos or other content. Activity Log
Likes on Other Sites Likes you’ve made on sites off of Facebook. Activity Log
Linked Accounts A list of the accounts you’ve linked to your Facebook account Account Settings
Locale The language you’ve selected to use Facebook in. Downloaded Info
Logins IP address, date and time associated with logins to your Facebook account. Downloaded Info
Logouts IP address, date and time associated with logouts from your Facebook account. Downloaded Info
Messages Messages you’ve sent and received on Facebook. Note, if you’ve deleted a message it won’t be included in your download as it has been deleted from your account. Downloaded Info
Name The name on your Facebook account. Downloaded Info
Name Changes Any changes you’ve made to the original name you used when you signed up for Facebook. Downloaded Info
Networks Networks (affiliations with schools or workplaces) that you belong to on Facebook. Downloaded Info
Notes Any notes you’ve written and published to your account. Activity Log
Notification Settings A list of all your notification preferences and whether you have email and text enabled or disabled for each. Downloaded Info
Pages You Admin A list of pages you admin. Downloaded Info
Pending Friend Requests Pending sent and received friend requests. Downloaded Info
Phone Numbers Mobile phone numbers you’ve added to your account, including verified mobile numbers you’ve added for security purposes. Downloaded Info
Photos Photos you’ve uploaded to your account. Downloaded Info
Photos Metadata Any metadata that is transmitted with your uploaded photos. Downloaded Info
Physical Tokens Badges you’ve added to your account. Downloaded Info
Pokes A list of who’s poked you and who you’ve poked. Poke content from our mobile poke app is not included because it’s only available for a brief period of time. After the recipient has viewed the content it’s permanently deleted from our systems. Downloaded Info
Political Views Any information you added to Political Views in the About section of Timeline. Downloaded Info
Posts by You Anything you posted to your own Timeline, like photos, videos and status updates. Activity Log
Posts by Others Anything posted to your Timeline by someone else, like wall posts or links shared on your Timeline by friends. Activity Log
Downloaded Info
Posts to Others Anything you posted to someone else’s Timeline, like photos, videos and status updates. Activity Log
Privacy Settings Your privacy settings. Privacy Settings Downloaded Info
Recent Activities Actions you’ve taken and interactions you’ve recently had. Activity Log
Downloaded Info
Registration Date The date you joined Facebook. Activity Log
Downloaded Info
Religious Views The current information you added to Religious Views in the About section of your Timeline. Downloaded Info
Removed Friends People you’ve removed as friends. Activity Log
Downloaded Info
Screen Names The screen names you’ve added to your account, and the service they’re associated with. You can also see if they’re hidden or visible on your account. Downloaded Info
Searches Searches you’ve made on Facebook. Activity Log
Shares Content (ex: a news article) you’ve shared with others on Facebook using the Share button or link. Activity Log
Spoken Languages The languages you added to Spoken Languages in the About section of your Timeline. Downloaded Info
Status Updates Any status updates you’ve posted. Activity Log
Downloaded Info
Work Any current information you’ve added to Work in the About section of your Timeline. Downloaded Info
Vanity URL Your Facebook URL (ex: username or vanity for your account). Visible in your Timeline URL
Videos Videos you’ve posted to your Timeline. Activity Log
Downloaded Info