More of Note to Self
It’s one thing to get fired. It’s another thing to be escorted out by security. And another thing altogether to have your boss call while you’re sitting in the parking lot in shock, and ask what you might be doing next, and if you need investors. But that’s Silicon Valley for you. Before he got canned, Antonio García Martínez was an ads guy at Facebook. Pre-IPO. He designed the ad tracking system that allows products you searched for one single time to follow you around the internet. But he was also undercover as an author, taking notes for a tell-all. The book he wrote is called Chaos Monkeys: Obscene Fortune and Random Failure in Silicon Valley. Stories of Face-versaries instead of birthdays, what it means to get an email from Zuck, and the cult of changing the world. Despite all he knows, despite ethnic-affinity targeting, he still thinks online ads are A-OK. So Manoush tries to save his ad-loving soul.
     
So, the C.I.A. has a back door to your phone. At least, according to the Vault 7 data dump from WikiLeaks. The documents—as yet unproven—say that if your device is connected to the internet, the American government wants in. And has a few tricky tools to do it. But they’ve had some sneaky tools for a while now. Just ask Daniel Rigmaiden. In 2008, Rigmaiden was arrested for filing fraudulent tax returns. And he couldn’t figure out how he was caught. He was careful. He stayed anonymous online, he used pre-paid debit cards and fake IDs. So he developed what his attorneys thought was a pretty crazy theory about government surveillance. And it turned out he was right. This week we revisit Daniel’s story. What he uncovered was more than a theory—it was a balancing act. The technology the government used to catch him was hidden to allegedly keep us safe. If criminals didn't know about it, they wouldn't be able to hack it. But does that secrecy actually open us up to other dangers? We hear from Nate Freed Wessler, staff attorney with the ACLU Speech, Privacy, and Technology Project, about a movement to give us a bigger say in how law enforcement does surveillance. Because things are moving fast. For more on what we know about the leaked documents, which WikiLeaks is calling “Vault 7,” read our round-up of the news here. And if these revelations have you thinking about privacy in a whole new way, try our Privacy Paradox challenges. You can start them any time.
     
Maybe you’ve heard, some big news hit the privacy world on Tuesday. WikiLeaks, the organization behind the DNC leak last year, released a trove of documents (ominously) called “Vault 7.” The files reveal a collection of hacking systems developed or obtained by the CIA, and, if true, these tactics are pretty startling. One tool, for example, code-named “Weeping Angel” can allegedly turn a Samsung TV into a recording device--even if it looks turned off. Many of you tweeted and emailed us to say these revelations have you side-eyeing your devices. Yeah, we feel you. So here’s a round-up of what we know so far and some suggestions of what to do and read as the story continues to unfold. First thing’s first, what happened. The New York Times broke the news, and we like their breakdown of what’s in the leaked documents, what’s true, new, and how it could affect your tech use. Signal and Encrypted Text Messaging “Vault 7” reveals the CIA can hack iPhone and Android operating systems, allowing it to intercept messages before they get encrypted by texting apps like WhatsApp, Signal, Telegram, and Weibo. The Note to Self team recommended Signal during our Privacy Paradox project as an encrypted messaging app. But does this new information mean Signal isn’t living up to its promise? No. Signal is encrypting all your messages. What the leaked documents suggest is that the C.I.A. can use vulnerabilities in the operating system to take control of your phone. Which, as Wired says, means you have bigger problems. Moxie Marlinspike, one of the developers of Signal, also pointed out to New York Magazine that there are limited uses for those so-called "zero-day" tools--every time they get used, they might be discovered and patched. So the surveillance agencies are likely limiting their use to “nation-state actors,” as Wired puts it. Apple The “Vault 7” leak suggests the CIA uses “zero day” exploits to target Apple’s iOS. That means it gets into the operating system via vulnerabilities that already exist in the software rather than using malware or viruses. But Apple says they had already patched the vulnerabilities mentioned in the report. P.S. Remember Apple’s legal battle with the F.B.I last year? It’s outdated, but gives some weight to this line in their statement: “Apple is deeply committed to safeguarding our customers’ privacy and security.” Samsung Samsung TVs are said to be targets of a particularly creepy tool detailed in the WikiLeaks documents--one that allegedly allows the CIA to turn TVs into recording devices, even when they appear to be turned off. Samsung told Buzzfeed News, “Protecting consumers’ privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter.” Microsoft, Google and Facebook’s WhatsApp are all looking into the claims as well, according to USA Today. While they have not verified specifics, U.S. intelligence officials confirm the documents themselves are legitimate. Here’s what to read while you ponder whether it’s time to trade in your connected TV for a short-wave radio… Leaks usually unearth more questions than answers. Start with these four. (The Washington Post) Julian Assange, founder of WikiLeaks - hero to villain and back again? (The Atlantic) Weeping Angel. Brutal Kangaroo. Fine Dining. Seriously, who is the mastermind behind these codenames? Oh. Doctor Who. Of course. (The Guardian) And if these revelations have you thinking about privacy in a whole new way, and you haven't done the Privacy Paradox challenges yet, you can start them any time.
If you are between the ages of 18 and 34, there’s a good chance you’ve already checked Snapchat today. This week, Manoush joins you—despite her reservations. Those reservations are not just because the Note to Self team isn’t the app’s target demo. It’s because we feel uneasy about the ways Snapchat pressures you to check it, and use it, and check and use again. And again. And again. Former Google designer Tristan Harris explains how far Silicon Valley will go to capture and control your eyeballs. And Snapchat artist CyreneQ explains how she makes her living drawing on her phone all day. For real. Also, our suggestions for apps that don’t just want to control your eyeballs. Moment helps keep track of how much time you’re spending on your phone. Pocket, which helps your read when you choose. Duolingo has a streaks feature, like Snapchat, but on your terms. F.lux adjusts your computer’s colors at night. Tristan has his own list of suggestions, too. Got suggestions? Leave a comment below. And we’re working on a show about the ways we fail to communicate when we communicate across generations. Whether you’re the awkward one, or have a tale of awkward olds, let us know. Send us a voice memo. We’ll share our own stories soon. And they are, indeed, embarrassing.
     
At Manoush’s house, there’s an object the size of a big potato chip. Which she stuck to her forehead, and used to zap her brain. This brain stimulation is supposed to calm you down. Maybe replace a glass of wine, just wind you down a little. But it turns out you can wind down a little too far. Too far to ask coherent questions of scientists you’re interviewing. In this repeat episode, hear what it sounds like when the high-octane Note to Self crew chills waaaay out. P.S. Looking for the study we mentioned? Thync’s research is all here.
     
When Graceann Bennett got married, she and her husband were terrible at communicating about sex. They were both virgins. They didn’t know how to explain what turned them on, or what turned them off. Over almost two decades, they never quite managed to talk about it. And then the marriage fizzled out. Bennett decided to code her way out of the problem. If an app was too late to save her marriage, maybe it could help someone else. In this repeat episode, Kaitlin Prest and Mitra Kaboli of The Heart take that app on a test drive. Pls Pls Me lets users share their secret desires with their partners. Who can respond with yes please, or… not so much. Things we talk about in this episode include love, sex, spanking, and peeing on people. But also kissing, intimacy, and how to communicate. But you might not want to listen with your kids. Or parents. Or at work.
     
There are different approaches to digital privacy. Technologist and entrepreneur Anil Dash tries to flood the Internet with information about himself, not all correct. Reporter Julia Angwin tries to get as invisible as possible. But like Julia says, we’re all kind of losing. Just losing in different ways. Manoush talked with Anil and Julia before a live audience at WNYC's The Greene Space. We chatted about becoming an information prepper, heterogeneity as privacy, and the perennial question: should we all get off Gmail? Also, a surprising amount of laughter. And hope.
This week, the results are in. Tens of thousands of people joined the Privacy Paradox challenge. And it changed you. Before the project, we asked if you knew how to get more privacy into your life—43 percent said you did. After the project, that number went up to 80 percent. Almost 90 percent of you also said this project showed you privacy invasions you didn’t know existed. When we asked you what this project made you want to do, only 7 percent of you said “give up.” Sorry guys! Don’t. Fully 70 percent of you said you want to push for protection of our digital rights. We have ideas for that in our tip sheet. A third of you said you’ll delete a social media profile. Another third said this project made you want to meditate. And just one more stat. We tallied your answers to our privacy personality quiz and gave you a personality profile. One-fifth of us were true believers in privacy before the project. Now half us are. Manoush says that includes her. In this episode, we talk through the results, and look to the future of privacy. With Michal Kosinski, creator of Apply Magic Sauce, and Solon Barocas, who studies the ethics of machine learning at Microsoft Research. Plus, reports from our listeners on the good, the bad and the ugly of their digital data.
     
You've made it. It's final chapter of the 5-day Privacy Paradox challenges. We hear from the one and only Sir Tim Berners-Lee, the inventor of the World Wide Web. And we set some terms for ourselves about how we want to live online, and what we—all of us, together—can do to create the web we really want. And while you're thinking about the future, take our Exit Strategy Quiz to find out how far you’ve come, and get a tip sheet with actions—big and small, individual and collective—to re-invent the internet to work for us. Sir Tim thinks we can do it. And hey, he already did it once, right? And if you haven't already—sign up for the 5-day newsletter here to get details on each day's action step. Don't worry if you're signing up after February 10th, we'll get you the challenges on your schedule. The project lives on!
Many of you told us that the Privacy Paradox challenges freaked you out. But you were happy to take back even just a little control. Want to go further? Here's what you can do to protect your personal information. We also heard from you that this problem is bigger than you realized. Keep reading for our ideas on what we can all do, together, to create the web we want to see in the world. THE BASICS Change your privacy settings on your browser and in social media. Here's how on Chrome, Firefox, Twitter and Facebook. Try the new Firefox iOs app for private mobile browsing. Create strong, unique passwords. Join Signal, an encrypted texting app. More on why here, download here. Turn on two-factor authorization for your key accounts (like email). It’s a simple additional layer of protection against hacking. Fun bonus: Write a letter to a friend on paper. Seal the envelope and mail it. So private. Do movie night and watch The Lives of Others, or Josie and the Pussycats. Double feature! Read (or re-read) 1984 by George Orwell. Everyone's doing it. Watch John Oliver’s 2014 segment explaining net neutrality. After it aired, nearly 4 million public comments were made to the FCC. GET SERIOUS Okay, you have strong passwords. And two-factor on all your accounts. And you’re using Signal. Well, it’s on your phone. Right? Then here are your next steps. Start using a password manager for all your super-strong passwords. Try browsing with Duck Duck Go, a search engine that never stores your search data. Take the Tor browser for a test drive. Learn how to guard against phishing and malware (who knew about the inline images?). Install the https Everywhere plugin for your browser, to minimize what data gets sent without encryption. Fun bonus: Take a break from any voice activated technology you have. Read the ten original amendments in the Bill of Rights. Peruse the report President Obama received from the bi-partisan Commission on Enhancing National Cybersecurity. Manoush likes Principle #7: Because human behavior and technology are intertwined and vital to cybersecurity, technologies and products should make the secure action easy to do and the less secure action more difficult to do. GO HARDCORE You’ve done the basics and then some. You have the stamina and want to take it to the next level. Remove your information from data brokers. It's not easy, but there are paid services and DIY guides. Consider a YubiKey (or two, don’t want to lose it!). Pay with cash for a day. Try out facial recognition camouflage. Start the switch to open source software. Fun bonus: Read up on or follow someone who is working on the decentralized web. Make a faraday pouch for your phone. Stop emailing with a friend and agree to only meet in person. Make Manoush and Martha’s “Digital Thumbprint Cookies.” Well okay, they're just thumbprint cookies. But make them and serve them at a cryptoparty, maybe. Three Things You Can Do to Protect All Our Digital Rights This isn’t all on you. These are society-level problems that require collective response. Here’s some ways to take action. 1. GO STRAIGHT TO THE TOP Let your Congressperson know you care. Find an EFF campaign you like and sign. Not happy with what a tech company is doing with your info? File a privacy complaint to the FTC. Help the technologists and researchers building better tools. 2. CHECK OUT THESE (NON-PARTISAN) GROUPS WORKING ON PRIVACY Electronic Privacy Information Center World Wide Web Foundation Access Now 3. TALK ABOUT PRIVACY OPENLY At workTalk to your IT department what the protocol is if you get hacked or doxxed. Ask team members to check with whom they’ve shared documents outside the company. Have a team meeting out of the office or off-the-record to promote open discussion. At homeShow parents, kids, or grandparents how to put a password lock on their phone and change privacy settings. Consider getting everyone on the texting app Signal. Talk to kids especially about why having a private inner life is vital. With all the other people in your lifeAsk your babysitters, doctors, teachers, accountants and anyone else relevant to be mindful of protecting your personal information. Have them ask you before they post pictures of your kids or tag you in photos. Just telling them you have privacy on the brain could make them more conscientious. 4. BONUS FOR TECHNOLOGISTS Lend your skills to projects like Solid, Simply Secure, Time Well Spent or other good causes. Sign a privacy oath. Or start another for your field. Read your company’s Transparency Report and pass it on. This should go without saying, but just in case: We’re not suggesting that you use any of these tools or tips to hide illegal activity or nefarious deeds. We’re suggesting you use them because the U.S. Constitution affords us a right to be secure in our persons, houses, papers and effects. And digital privacy is the 21st Century version of that.