I Have Trust Issues With Tech Companies
In light of the recent LinkedIn acquisition by Microsoft, I started to think (worry) about the current line-up of top tech companies. All of them collect, use and “sell” our data in varying degrees. Some are sneaky about it while others are bolder and more upfront. Some shy away from the discussion while others have made it a talking point for their business model. Since I am a customer of all of these tech companies, I thought I would weigh in on which company I trust from most to least and why. Remember, this list starts with the companies I trust most and goes down to the one I trust least in the hopes that I can get readers to look below the headline. But just because a company is on top of the list does not mean I implicitly trust them either. So here we go…
Millions use Twitter everyday and I am no different. In fact, if I didn’t use Twitter as regularly as I do, I wouldn’t even include them on this list. They have a checkered history when it comes to profit and their CEOs are still playing musical chairs. But I tweet and retweet everyday in the hopes I can engage with at least one solid follower per day. You would think that managing 20,000+ followers would lead to more conversations and business than I could ever need but alas, Twitter is mostly noise pollution so I cannot allow myself to spend more than 15 minutes per day in there. But enough about their flaws, let’s talk about their security flaws or lack thereof. Actually, since I don’t generally reveal personal details on Twitter (I tweet for my company and various projects), I feel a little more secure on Twitter than on other social networks. That’s not to say that I haven’t had any security issues. Two of my accounts have been compromised a few times now but this is not necessarily a bad thing. No harmful tweets went out and no passwords were changed without my knowledge once I set up 2 factor authentication on Twitter. The breaches actually felt more like false alarms on Twitter’s part – kind of like when your bank flags a purchase you actually made with your credit card. It’s inconvenient but it’s also assuring to know they are actually looking at these things.
But with all the celebrities on Twitter, they’ve had more than their share of publicly facing hacks. If it’s not the celebrity of the day, it’s sometimes even a tech journalist like Wired’s Matt Honan getting hacked and that is scary. I’m not sure if I trust Twitter more than any of the companies below but I do trust that if my account is ever breached or that my data is ever used to sell something to me, it will have a minimal effect on my security and privacy. This is partly due to the fact that I limit the amount of personal data I offer to twitter and partly due to the fact that Twitter just isn’t profitable. They obviously haven’t found a way to monetize my (or anyone else’s) data…yet. For now, I’m interpreting Twitter’s loss as a win for me.
I’ve been an Apple customer for longer than most of the people reading this blog have been alive. I have never had a reason to distrust them but after decades of computers, devices, iTunes and cloud services, they know an awful lot about me. They’ve held my credit card permanently on file since the iTunes store’s inception back in 2003 and I’ve never had any unauthorized purchase I could trace back to Apple. My user data feels safe, at least that’s what Apple tells me. I’m an iPhone user so I know my data (almost everything to know about me) lives and dies on my device unless I use iCloud – which I do. Once I open up the device to the convenience of the cloud, I understand that my data, while still encrypted, is more vulnerable than data that does not leave the device. But the trust factor doesn’t just rely on actions, it’s also about intent. And of all the tech companies, Apple’s been the most fervent in championing their user’s data security and so they also have the most to lose should they not deliver on that promise.
That’s not to say that Apple hasn’t had a rocky relationship with security in the past. Between things like iCloud celeb-gate and multiple recent security flaws on iOS devices and Macs, Apple has talked the talk more than walked the walk. And while iCloud wasn’t ever really hacked, Apple was late to require things like 2 factor authentication which only made the hacker’s jobs easier. In recent legal battles with the FBI, Apple has sealed their place as the tech industry’s security mouthpiece. Apple’s marketing prowess is partly to blame for this but it is also important to note that Apple’s iPhone is also the only end-to-end hardware encrypted smartphone used by nearly a billion people. They’re not perfect but Apple has earned their reputation as a security forward company for me so I do trust them more than most companies.
When I go through my credit statements, I am amazed at just how much business I do with Amazon. I make purchases for my company as well as personal ones for myself and family and friends. It adds up to tens of thousands of dollars every year for the past decade. So it’s kind of amazing that my credit card isn’t compromised every other day. I still receive plenty of phishing emails posing as Amazon and am bombarded by ads for items I just looked at or purchased at Amazon all over the web. So Amazon has access to my credit cards and addresses and of course they know my purchasing patterns but do they really know me?
Before Echo came along, I would say that Amazon only knew me superficially. I’m a Prime member so I get access to a lot of content but I don’t own any Amazon devices except for Echo. Echo, AKA Alexa in my home, I mostly use to play music and set timers without having to pull out my phone but that doesn’t mean Alexa isn’t always on and always listening. It’s the ultimate AI convenience. Alexa asks nothing of me and I occassionally ask her to play music while I’m in the kitchen or even from another room, for instance. Thanks to an advanced internal microphone array, Alexa can hear every word I speak from across the room and turn it into an actionable item but that’s the problem. I understand that Alexa is always listening for the trigger word and does not take any action until she hears her name first, but that doesn’t mean she cannot be hacked to listen and record every word. It also doesn’t mean that Alexa cannot actually be re-programmed by Amazon to listen to me on behalf of the authorities. Amazon’s first transparency report was published a year ago, but is far too vague for some critics and comes very late (Amazon was the last Fortune 500 company to publish such a report). Maybe I’m just paranoid but any company that hasn’t questioned or fought government data requests publicly seems more likely to acquiesce to their demands behind the scenes. But my suspicion is only circumstantial so I will place Amazon in the middle of my trust ranking.
I own an Xbox One and have used Microsoft Office for years but I avoid Windows, not just because of its vast array of viruses and malware but it’s basic design. I’m sure Window 10 is fine but I’m happy on my Mac. Over the years, any PC user I have spoken to has simply given in and accepted invasive things like virus scanning as part of the deal when it comes to Windows. No one is saying Macs are invulnerable to malware but the notion that I have to pay extra for annoying virus scans that slow my PC’s performance doesn’t make me a happy user. Add PC fragmentation and bloatware to the mix and you get a recipe for things like Lenovo’s Superfish security blunder. But I haven’t even mentioned the 800 lb. AI gorilla in the room – Cortana.
Like Siri, Google Now and Echo, Cortana is great at listening and acting on user commands. But since Cortana is working within an operating system like Windows, she is not only listening but collecting data. She is learning about every user in ways that even Alexa cannot aspire to. That becomes troubling when you consider Microsoft’s ham-handed treatment of Windows 10 updates. Their defaults are not in the user’s best interests as evidenced by their egregious user privacy policies. But Microsoft isn’t even the worst violator of this.
The funny thing I find with Facebook is that, the more people use it, the more they seem to distrust it. Just ask any regular user of the service. Facebook has a fairly weak track record on user privacy and overall policy transparency. They have been all but shunned in places like India for their seemingly generous Free Basics program but has been called AOL for poor people by some. But like an abusive spouse, Facebook is an insular bubble for its users so the more they get abused, the more they rally and stand firm around their abuser.
The only thing worse than Facebook’s actual security and privacy issues is their reputation. They constantly find themselves being accused of manipulating data, users and user data. If it’s not the trending topics algorithm rumpus, it’s lawsuits alleging that Facebook is mining messages for profit. And that’s my problem with Facebook. We’ve come to expect and even accept such allegations against the tech giant. They’ve shifted away somewhat from being a social networking giant to more of a media company since acquiring things like WhatsApp, Oculus Rift and introducing services like Facebook Live. But at the end of the day, Facebook is an advertising company. They make money by collecting our data and selling it back to us in the form of product ads. And Zuckerberg recently laid out Facebook’s longterm plans which relied strongly on data collection and AI interpretation of user profiles. It looks like Facebook’s data business model will be business as usual for the foreseeable future.
No surprise here. I use Google for many things, partly because they do the best job and partly because they’re the only game in town when it comes to maps, streaming video and search. Sure I could use Duck Duck Go if i want to minimize my digital footprint over the web but Google Search still reigns supreme. Like Facebook, Google also shows no signs up slowing up on user opt-in privacy violations involving AI, tracking and overall data collection. In both business model and software settings, Google has (and probably always will be) defaulted to the least amount of privacy for the most user features. Google Now provides direct and even preemptive AI assistance but does so at a cost. Google scans our personal Gmails and searches to deliver these functions. Sure, they inform users about this process but they also inform users that unless these features are left ON, the latest Google hardware such as a Nexus smartphone won’t function fully if Google services are turned OFF. That’s a $600 investment that can be crippled by not complying with Google’s data collection strategy and class action lawsuit worthy. Google is currently facing an Android monopoly lawsuit in the EU over similar circumstances so it’s only a matter of time before that sentiment jumps across the pond.
At this year’s Google I/O, they made it clear that there is no turning back. Google is full steam ahead on machine learning and data collection of its users because it’s their core business. That comes as no surprise and neither did their announcement of a new video chat app, a messaging app, and smart home appliance called Duo, Allo and Google Home respectively. But once again, these new products favor data collection and weaker encryption in favor of harvesting user data. People like Edward Snowden and even one of Google’s own have come out against Google’s choice to disable end-to-end encryption by default. I can justify Amazon’s always on and listening speaker in my home but Google Home is a much harder sale. Imagine the AI assistant that knows all of my search results, email contents, photo library and videos I watch is now waiting to make purchase, travel and lifestyle suggestions to me. The creep factor just shot up to 11. For these reasons and much more, I bestow the honor of Least Trustworthy Tech Company to Google.