Mar 31, 2012

Tech Reporters Are Also a Weak Link in Our Privacy System

I threw a few barbs at John Brownlee yesterday for the way he reported on Girls Around Me – an app that lets you spy on women in your physical vicinity using their Facebook and Foursquare data.  Happily, Foursquare blocked the app from its API in short order, but for a short time the world felt sinister.

I wanted to go a little more into why the coverage itself bothered me and why it makes me uneasy about the state of tech journalism, women in tech, and online privacy.

 

Run and Hide

First, let’s be clear what we’re talking about here. Girls Around Me is an obscure app. Before Brownlee’s story, I’d never heard of it, and I’m guessing you hadn’t either. Even the people in his anecdote hadn’t heard of it before. It is not the next Angry Birds.

That doesn’t mean that the damage this app could do is any less terrible, and I’m really glad we heard about it from Brownlee and not in connection to a rape case. It doesn’t mean there aren’t holes in the way Facebook and Foursquare handle private data and vet their API users. But it does mean that none of the three companies involved in serving it – Apple, Facebook, and Foursquare – were likely to have seen this particular app in the sea of hundreds of thousands. We already know it was violating Foursquare’s TOS in the way it handled its data, which makes it more likely it’s violating the others as well.

So it seems like what we’re really looking at here, is an app that flew under the radar until someone made people aware of it, and then it got blocked.

Here is what bothers me about the way Brownlee handled this story. He assumed that Girls Around Me was technically legitimate; that it wasn’t breaking any terms of service at all. Instead, he promoted it!  He even wrote that he didn’t want to get the app developers in trouble.

So I’m writing about it now. Not because Girls Around Me is an evil app that should be pulled from the iOS App Store, or because the company that makes it — Moscow-based i-Free — is filled with villains. I still don’t believe that there’s anything wrong with what this app is doing, and the guys at i-Free are super nice, and certainly don’t mean for this app to be anything beyond a diversion. So, the reason I’m writing about Girls Around Me is because I finally know what to say about it, and what it means in the greater picture.

Girls Around Me isn’t an app you should use to pick up girls, or guys for that matter. This is an app you should download to teach the people you care about that privacy issues are real, that social networks like Facebook and Foursquare expose you and the ones you love, and that if you do not know exactly how much you are sharing, you are as easily preyed upon as if you were naked. I can think of no better way to get a person to realize that they should understand their Facebook privacy settings then pulling out this app.

This is a journalistic no-no. Claiming that the major players can’t, or won’t, do something about an issue is a big claim that should have been fact checked and documented to hell in the reporting. This is especially dangerous because, even though I criticized Brownlee initially for being clueless about the seriousness of the problem, I believed him when he said Girls Around Me was unlikely to be challenged. He’s a mobile tech reporter, and I’m not. But it turns out that the core assertion of the story is not true; we shouldn’t approach it as though it were.

The story was also a model of bias.  It may not be true that Girls Around Me is an inevitable threat to your privacy, but that helps to make an editorial point and shift blame away from the creators of the app, and more toward its victims.  Throughout, Brownlee makes jokes about gawking at pictures of his female neighbor in a bikini, and says he didn’t initially write about the app because he thought it was funny.

In the end, he insists that the only thing women can do to keep from being stalked with this technology is to hide from view. This assertion propagated across most of the reporting on Girls Around Me, even after Foursquare stepped in to block it.

This message – that this is just how the world is and you’ll have to fend for yourself, tough luck if you don’t – is a toxic narrative in reporting on all kinds of women’s issues.  Better change your privacy settings I guess. Better not walk around in that part of town. Better not go out wearing that. Better not talk to strangers. It creates a thousand little holes in your rights, which should be watertight.

This is bad for privacy because those strategies are ineffective. Putting the burden of protecting private data on the individuals only lightens the burden on the people who are in the best position to ensure our privacy, and who have an obligation to do so: the social media companies. Worse, refusing to criticize people who actually use those tools to invade our privacy makes the entire point moot.

Brownlee described Girls Around Me as a joke app, “in good fun,” and a “diversion,” but I’m stumped for the punchline. Is the joke that Facebook users are stupid? Are stalking and date rape funny? Is spying on strangers in good fun? A diversion from what, exactly?

 

The Internet and Journalism

For me, the bigger issues here go above and beyond privacy. I’m not a mobile tech journalist, but I work for a small newspaper, so to me all the things Brownlee didn’t do stick out.  He could have asked Foursquare or Facebook to respond, or at least tipped them off about the existence of the app.  He could have asked the app’s makers, who he apparently knew, what their intentions were in making it, or what they think about its possible criminal uses. He admits there was no time pressure; why not take another day to get a full story?

He also could have given the Facebook and Foursquare API terms of service a quick read through.  I did.  Here’s a couple of parts of the Foursquare API policy that Girls Around Me could be reasonably said to violate.

You may not track a user’s check-in history or retain any data derived from a user’s check-in history without first making the desired use clear to the user and obtaining affirmative consent to that use from that user. This includes tracking users via “here now” or top visitors of a venue.

 

  • You must prominently notify and obtain affirmative consent from the user before his or her location data is collected or used by your application and/or website. The notification must clearly disclose that both you and Foursquare collect and use the user’s location data;
  • You must respect a user’s foursquare user settings.
  • You must obtain affirmative consent from the user who provided the data before using it for any purpose other than displaying it back to that user on your application and/or website.

 

Note that these aren’t even the TOS provisions that the app was blocked under, they’re just the first relevant things I saw while skimming it. And if that’s not enough, Foursquare can block it anyway.

Foursquare may revoke your authentication credentials at any time, for any reason or no reason, with or without notice, and without liability to you or any other person.

If I had to discuss this in a news piece, I would have reported that the app may violate the Foursquare TOS, not that it was unlikely to be challenged. Not that I didn’t think it was “doing anything wrong.”

The truth is that regardless of the venue for their words, tech journalists are the first to hear about things like Girls Around Me; things that affect big issues like privacy. They have an obligation to communicate it to the rest of us, to inform our actions and opinions to the best of their ability. That means unbiased, factual reporting that goes deeper than casual observation. It also means taking these issues seriously, even if you think they’re funny. Even if they only affect some random women you’ll never meet.

Personally, it does not make me feel better to know that this threat to my privacy has been neutralized – because I know that there are holes in the net of social media privacy, sure.  No matter how closely we guard our privacy, hackers and opportunists will be working to violate it.  But mostly I’m uneasy knowing that the next time something like this comes along, tech journalists might just download it and giggle.

Comments are closed.