Facebook and Apple Fight is About Monetizing You

If you’ve downloaded and installed Apple’s iOS 14.3 update for iPhones and iPads, you’ve put yourself in the sights of Facebook and Apple. Called “App Tracking Transparency” feature, it labels apps in the App Store, telling users what data those apps collect and whether it’s used to track them for advertising. Facebook, which makes its money from advertising, says the feature will harm small businesses that rely on targeted online advertising.

In many cases, you’re worth pennies on the dollar, but there are hundreds of billions of pennies at stake. And while both sides try to cloak their stands in privacy and free enterprise, it’s really about “fee enterprise.”

The gist of Apple’s policy is that when you download an app from the App Store, your activity on the device can’t be tracked unless you give permission. Until now, you had to opt-out to avoid being stalked electronically online. Most people usually ignore the opt-out/opt-in option, and Facebook and other web-based operations have made a lot of money by tracking you and selling the data to companies who want to sell something you want – or have indicated you may want.

According to a recent article in Forbes, Facebook itself estimates a 60-percent swing in advertising effectiveness between targeting and non-targeted advertisements. Facebook’s ad charges the article notes, will presumably match its ad-placement effectiveness. With the company controlling about 25 percent of a $40 billion online U.S. advertising market, up to $6 billion in annual revenue is at stake in the US alone. Google and Amazon also profit immensely from tracking you and selling your data.

The bottom line is that anyone who opts out is 60% less valuable than a regular customer, and that’s part of legal proceedings before the Federal Trade Commission and in 48 states. Apple, of course, has been taken to task for its practices in handling App Store operations, including who gets to put apps there, and other technical issues. They’re not saints, but that’s a separate issue from the Facebook issue.

The Forbes article likens Facebook’s operations to Ladies Night at a nightclub. On Ladies Night, clubs let women in for free expecting that they will attract men who will pay a cover, as well as spend money on the women and themselves. In a similar way, Facebook provides users with free services in the hope that advertisers will spend money on them. Facebook is like the owner-bartender who, for $10, will tell you everything he knows about a particular woman, including her relationship status and favorite drink.

I can’t speak for how a woman might feel after reading this, but anyone can feel some outrage about being put on display and sold. Yet at the same time, we’re looking for new and interesting products or services when we go online, and we may be open to new ideas when they’re presented to us. To me, that’s Facebook’s argument. You might view Apple as the guy who senses harassment and comes over to “protect” you.

To expand the transparency/privacy conversation, you have choices. You are able to use search engines and plug-ins that block unwanted ads while you browse the web and visit sites. Websites are fighting back by not allowing you access unless you unblock the ads on their site. You may not like the choices. You may not like sacrificing privacy for convenience or vice versa. But this is all part of the opt-in/opt-out battleground over who gets to profit from you.

If you have any questions about how to configure apps to meet your privacy or convenience needs, we can help. Call us – 973-433-6676 – or email us for an appointment to walk you through the process.

Understanding MFA and Other Security Measures

We recently added a new home-user client through the Nextdoor website, and during our initial conversations, we covered a lot of security issues. The new client, an elderly gentleman, had a really good handle on his online security. There’s a lot for us to unpack as individuals and as those who have elderly parents – though some of this can apply to everyone.

First, let’s look at passwords. While this discussion is inspired by our new client, our conversation can apply to anyone because we never know when someone will not be able to access vital personal information either stored on a computer or device or in the cloud.

When we take on a new elderly client, we spend a lot of time talking about online security, including passwords, password managers and MFA. We were heartened to learn our new client knew all about using his passwords properly. He seemed to understand the system better than many of our younger clients.

When he asked about using a password manager, a subject he brought up, we advised against it. While password managers can greatly enhance online security and can be extremely convenient (think about accessing a website from your mobile phone when you’re in an urgent situation), everyone needs to know the law of unintended consequences. Every password manager has an encryption key, and if you don’t have the master password with that encryption key, you won’t get in. That includes you as the account owner and anyone who might need to get into a website.

We told him it would be preferable to write all his passwords in a book. It doesn’t need to be locked in a safe, but it should be kept in a secure place – and at least one other trusted person should know where it is. This is critically important for the elderly or anyone else who may need someone to manage their affairs because of some impairment or death.

Second, let’s look at forms of security generally known as two-factor authorization (2FA) or multi-factor authorization (MFA).

We discussed using MFA for his online banking and financial activity, and he said: “That is so easy, everyone should be doing it.”

I agree wholeheartedly. It’s not that complicated to use it once you set it up. In most cases, you can link the authorization to a specific device or devices, such as a computer, tablet or phone. When you do that, you can sign into a website account from the authorized device(s) without going through the authorization every time – or you can set it up to require authorization every time. It becomes difficult if somebody is trying to sign into your account from another device, but of course, this is what the process is designed to do.

The way most MFA processes work is that when you sign in from a device, a code is sent by text message to a phone or to an email address. Once you receive the code, you enter it on a designated page associated with the website. The complication will come if someone is truly signing in on your behalf from an “unknown” device. That person will need access to the authorization message.

Another security measure that works for iOS devices is Apple’s iCloud Keychain. Functioning like a password manager to some extent, it allows you to use your device access code to activate a complex password to enter a secure website.

We can help you understand all the benefits and pitfalls of using MFA. The big problems, obviously, are to make sure you don’t lock yourself out of your account and know what do to if your phone is not working. Call us – 973-433-6676 – or email us to get comprehensive information about MFA and password managers and to configure your systems to work best for your needs.

The Ill Winds of Solar Winds

Look for a continuing fallout from the breach of Solar Winds, the giant technology management company that was responsible for the high-level federal government systems that were hacked last year. The hack is top of mind because some of our most sensitive systems were hacked, but businesses were affected, too. It’s time to look at the world of big data management.

The lesson we all need to learn from the hack of Solar Winds is that nothing is truly, truly safe. We don’t know where government agencies and private industry systems were breached – and how badly they were breached – and when it comes to the government systems, we’ll probably never know. But I don’t think we’re going out on a limb by saying that 1.) Solar Winds will need to work extra hard to regain the confidence of customers (and their customers, too) and that if 2.) they don’t succeed in repairing their systems and reputation, they’ll join a lot of other companies on technology’s garbage heap. From our various industry contacts, we had heard customers wanted to leave Solar Winds for reasons other than security.

The big data management companies should be subject to much more scrutiny by government oversight and by their customers. Strict government oversight similar to what we do to monitor CIA activity is necessary because of the extremely critical and sensitive nature of government work. Industry regulation is required to set standards for performance and accountability.

How much oversight and regulation are needed is a political question. What is not political is the need to keep our systems secure and, where possible, insist on transparency in letting us know when things go wrong. Dependency is critical because every system is so intertwined. It’s easy to see it if you look at it like a wheel. In the case of Soar Winds, look at them as the hub, and then look at every organization in their customer list as spokes connecting the hub to the rim. The rim is everyone who does business with any one of the spokes.

Solar Winds and its customers are not the first victims of sophisticated hacking, and unfortunately, they won’t be the last. Google has experienced problems, including an email issue last month, and Microsoft has had its share of issues. Look at what our nation went through with security for our elections.

As individuals we can demand that big data management companies take greater care, but we also need to own our security and asset protection. A lot of it is technology-based. We’ve implored everyone over the years to keep all operating systems, networks and application software up to date – to make sure you download and install updates, security patches and bug fixes. We’ve implored everyone to have all data securely backed up and to have a plan to get your assets – like money in your bank account – when you need them.

Beyond that, be critical of information requested when you fill out forms. Why does somebody need your social security number? Even for a job application, does your prospective employer need that information before they’re ready to do a background check or pay you? Don’t be afraid to question a request or demand a satisfactory answer. For companies where you have critical relationships, like your bank, maintain personal contacts. Know that you can pick up a phone and actually talk to a real human being when you’re concerned about your asset. We can help you with the technology part of security. Call us – 973-433-6676 – or email us for a security audit or to discuss applications and processes that can keep your computers as safe as possible when a big data manager is breached.