A few weeks ago, I lost the key tag that had been given to me a few years ago when I became a member of an American chain of fitness centers.
I didn’t think it would be a problem to replace it, although I thought I might need to pay a small fee. But when I showed up at my local gym to request a replacement, the receptionist told me that the company no longer provided key tags. To be admitted, I would need to download the company’s app to a smartphone.
She proceeded to tell me all the benefits the app would provide. For instance, it would give me safe, contactless check-in to avoid those nasty COVID viruses. It would allow me to reserve a racquetball court. I could even schedule personal training.
To her surprise, I declined to download the app. Fortunately, I was able to check in using the throwaway cellphone number I routinely use for these sorts of things. But occasionally, I get pushback. For instance, the fitness center’s assistant manager recently informed me that his facility is penalized by the corporate office for admitting members that don’t use the app.
Indeed, just about everywhere I go, someone wants me to download their app. The other day, I was shopping at a grocery store. When looking at strawberries, I noticed that to get the best price, I needed to download the store’s app. It wasn’t enough to sign up for a VIP card, which I had done using a fake name and my throwaway cellphone number.
And that got me thinking…why are companies like these so anxious to have me download their apps?
As anyone who knows me or has read my work knows, over the last few decades, I’ve developed what may seem (and could be) a compulsive desire to protect my privacy. That journey began nearly 50 years ago, when I discovered that law enforcement could obtain records of bank transactions that I thought were confidential simply by issuing a subpoena that essentially says, “Gimme.”
Thus, when I purchased my first smartphone around 15 years ago, I was in no hurry to download apps from the (in this case) Apple App Store. My presumption was that every app I downloaded would invade my privacy in multiple ways.
And I was right. Consider this account by Joanna Stern from The Wall Street Journal on how Facebook, with nearly three billion users worldwide, follows you through the day on their app.
“Get the little red Sudafed pills,” my mom says after I sneeze. That afternoon: An advertisement for Sudafed PE [on Facebook].
The story of how that Sudafed ad got to me begins at Walgreens. As I bought tissues and Afrin, I keyed in my phone number so I could get loyalty points.
Information about the contents of my shopping bag began to spread. A third-party data collector—likely Nielsen-Catalina Solutions—added it to the purchase history it acquires from Walgreens.
Johnson & Johnson, maker of Sudafed, paid the data broker for that information. With the use of Facebook’s tools, the information from my loyalty card—email, phone number, etc.—was matched with my Facebook account. (Data brokers run personal information through an algorithm before uploading so it’s not identifiable, Facebook says, but it still can be matched with Facebook account information.)
Then via Facebook, Johnson & Johnson decided to target adults ages 25 to 54 who bought Sudafed or a competing brand. In other words, me.
With all this data, you might think that Facebook would be a honeypot for law enforcement information requests. And you’d be right. In just the last half of 2021, Facebook received nearly 60,000 such requests in the United States alone.
The one thing we will give Facebook credit for is that it’s become (or been forced to become) somewhat more transparent. This article discusses the tools you can use to find out everything Facebook is willing to disclose that it knows about you.
Even worse privacy policies apply to a company Facebook owns – WhatsApp, the world’s most popular messaging app, with more than two billion monthly users. Facebook claims that WhatsApp chats and conversations are protected by end-to-end encryption; i.e., your data is secured by encryption from the time it leaves your device to the time it’s received by a recipient device.
But in practice, it doesn’t always work that way. In 2021, a ProPublica investigation revealed that Facebook has hired an army of more than 1,000 workers to monitor WhatsApp messages. They review millions of messages users have flagged as potentially violating the platform’s terms of service. The flagged messages, which aren’t encrypted, are first analyzed by Facebook machine learning algorithms. Those determined worthy of a human review are then routed for a human employee to examine to determine if they constitute hate speech, blackmail, terrorist threats, child sexual abuse material, etc.
This data can then be shared with law enforcement, along with the names and profile images of a user’s WhatsApp groups as well as their phone number, profile photo, mobile phone ID and IP address, and any related Facebook and Instagram accounts.
One of the most high-profile criminal cases WhatsApp data helped Uncle Sam build was against a Treasury Department employee who leaked records from the Financial Crimes Enforcement Network (FinCEN). The records demonstrated how Uncle Sam systematically ignores the flow of allegedly criminal proceeds through US megabanks. (We wrote about this leak earlier this year.)
It might seem like we’re unfairly picking on Facebook and WhatsApp, but in truth, as soon as you download an app on your smartphone, you run the risk that it will take the same cavalier approach to your data. Before installing an app, ask yourself, “Do I really need or want this app?”
The safest strategy is to avoid installing bank, social media, or business email apps on your smartphone. If it’s stolen or hacked into, even if the thief gains access to the apps on it, they won’t be able to transfer money out of accounts you control, post messages to your social media feeds, or send or receive business emails.
In the meantime, if you need to get access to any of these accounts on your smartphone, you can log in through its browser. It’s more secure this way, rather than through an app. However, in some cases, the only way to access your account on a smartphone will be through the app.
Fortunately, some developers have developed apps that are designed from the ground-up for privacy. For instance, here at Nestmann, we’ve replaced WhatsApp with Signal. It’s a messaging app that provides end-to-end encryption for your chats and conversations.
Because of the way Signal is designed, the data that mainstream messaging apps collect, sell, and make available to law enforcement doesn’t exist. The company compiles no information about users, messages, or contacts. Even if presented with a subpoena or court order, Signal has no way to retrieve this data. Signal also has the distinction of being the only messaging app recommended by NSA whistleblower Edward Snowden, who calls it the world’s most secure messaging service.
Another precaution we suggest is never to use credentials from one app to log into another one. Google or Facebook both encourage this, but it means you can more easily be tracked as you browse the internet. Instead, create a unique password for each site and use a password manager to keep track of each one. This precaution also protects the integrity of these accounts if your device is stolen, and the thief succeeds in unlocking it. In addition, turn off push notifications for these accounts, especially if they show up when your screen is locked.
Also, when you install a new app, disable any feature you don’t actually use, such as location tracking and background app refresh. Disabling these features can also save you money because your smartphone won’t be using as much data.
Finally, if you really care about privacy, throw away your smartphone. Replace it with a burner—a cheap mobile phone and prepaid voice and internet service purchased with cash. Follow this link to learn where to buy one and set it up.