Now that you are a pro at stopping spam on your phone and in your inbox, here are some thoughts on sharing what you've learned with library patrons

 

Transcript

Davis: Dan, thank you so much again for joining us for the series. It’s been really great to talk with you, as always.

Dan: It’s such a fun set of topics. Well, fun to talk about, not really all that fun to navigate.

Davis: I know, I do it all the time, and I feel the same way. I’m wondering if you wouldn’t mind reflecting back on the series a little bit. What would you say are the two or three biggest takeaways that you’d like to leave folks with today?

Dan: There are a few that come to mind. You don’t have to answer every call you get, and the call that looks like it’s coming from your area likely isn’t. Especially if it’s not from a number you know. We all carry mobile phones and are getting better at keeping them charged, so this chance of getting a call from a different number is very rare. Let it go to voicemail and listen in after the fact. Confirm with the purported caller via a number you know to be theirs before fulfilling the request that they made.

Data has both material and indirect value and that we should protect and defend it as such.

Same thing with email. They’re getting so good at looking legitimate that it’s hard to tell the real from the scams, but you can always ask the person that’s supposedly asking you for information by a known method of contact before clicking on the link or opening the attachment.

And, finally, data is being collected all the time and everywhere, but you can still take some actions to limit or shape the data that’s collected about you. There are plugins and extensions that limit data sharing in your browser. You can enable privacy-based DNS services to block access to sites that silently collect the data behind the scenes, and you can choose browsers that support privacy and not those that are actively helping collect it.

Davis: Great advice, thank you so much. Here’s a question on the opposite end of the spectrum. What if I wanted to do a deep dive on these issues? Where should I go to learn more on data privacy?

Dan: I really recommend the Electronic Frontier Foundation — eff.org — who are actively researching educating and advising on matters related to privacy as a civil liberty and are very visible on the scene. You can also look to the Federal Trade Commission at ftc.gov for more information on legislation and enforcement, which, by the way, is increasing since early 2021, as well as register your phone on the on the donotcall.gov Federal Do Not Call Registry.

Data is being collected all the time and everywhere, but you can still take some actions to limit or shape the data that’s collected about you.

Davis: Perfect, and just for those listening at home, we will drop those resources below this video, so you can check them out when you’re ready. Dan, final question: we are hoping to reach public library staff with these videos most especially. What advice might you give to someone in public service who is providing resources on privacy to the public?

Dan: Educate your communities. Privacy and data protection are fundamental parts of the library. Extend that ethos and mindset out to the patrons in your community, and share the idea that data has both material and indirect value and that we should protect and defend it as such. Keep doing what librarians do: research and educate.

Davis: I think I’m gonna have that printed on a bumper sticker. Dan, I’m so excited that you and I will be chatting, actually in just, like, five minutes or so, on series four. So I’ll see you then, and I’ll see everyone who’s watching later as well. Take care.

No doubt our data is already out in the world. But how can we use the internet safely in light of this?

 

Transcript

Davis: Hello, Dan and hello, everyone watching. I think it is a safe bet that most of us have been on the receiving end of spam calls and spam emails and spam text messages, so it’s pretty much a given that our information is already out there. But Dan, what steps can I take to keep my information from spreading any further?

Dan: Well I mentioned data brokers briefly in episode two. Let’s talk about them a little more now.

In the US, there’s a really bustling industry in gathering and selling access to data about residents. This information includes things you’d expect, like name and address, but it also includes product and lifestyle preferences, and purchases you’ve made as part of a dossier of on you and your life. This data is purchased by advertisers and other third parties interested in targeting specific demographics of people.

Most data brokers have an opt-out process, which can be manual and time consuming, and there are a lot of them in the US. So asking each one one by one to have your data removed from sale is the way to go, but keep in mind that even if you do opt out, the data about you that they’ve already sold to others isn’t pulled back, so it can and will continue to be used by those third parties.

Davis: Ah yes, the data broker industry. We talked about that at length in our second series of episodes with David Huerta. But Dan, you and I talk a lot about how web pages and apps are often designed to trip people up. Can you share more about that?

Keep a close eye out for what you’re clicking. Don’t be impatient and just click “I agree” and carefully read the things you’re agreeing to.

Dan: There’s these really interesting things called dark patterns, which rely on human psychology to encourage you to choose one option over another. Think about the last time you were asked to agree to something. The “agree” button was probably a big cheerful colored “agree!” but maybe the decline didn’t even say the word “decline.” It likely said “not now” and maybe it was even buried under a small word link entitled “customize.” You might even had trouble finding it. Regardless, it’s using look and feel and your desire to just keep on moving forward to try to get you to agree to the terms or some kind of consent at hand.

Dark patterns have become so prevalent that laws are passed to prevent them, including in Europe and California, amongst others. So keep a close eye out for what you’re clicking, don’t be impatient and just click “I agree” and carefully read the things you’re agreeing to.

Davis: You’re right, and the scary thing about this is that as users we often opt into all manner tracking simply by signing, but not actually reading, terms of service documents. And I don’t think that’s our fault, necessarily. I honestly once tried my very best to read a terms of service agreement. I spent like several hours on it, literally, and was only a tenth of the way done by the time I cried uncle. So what’s to be done about this? Are there any shortcuts that we can take as users on the internet?

Dan: I’m a bit strange in that I do try to read most of the terms and conditions I come across, but my career is in security and privacy, so I guess it’s inevitable that I read them cover to cover. I think the ones I find with sections asserting some ownership or license over content you create or upload into their system being particularly nefarious, but that’s a whole different topic.

It’s difficult to control the flow of your data, but you do still have one lever: your wallet. The power we have is to make our buying decisions with data and use in mind.

From a data perspective, the wiggle words that are used in many t’s and c’s or privacy policies that allow for the use of data in flexible ways, or the assertion that we do not sell your data even though they make agreements and partnerships to share it with others that may not include money. And since that sale isn’t fiscal, they aren’t necessarily violating that assertion. California’s privacy law, the California Consumer Privacy Act — CCCPA — has expanded the definition of “sale” to include more of these types of activities, so this is getting better slowly.

The other thing I see more and more, especially from companies focused on advertising, is a very manual process to opt out of sharing with specific providers one by one. You have to decide if you want them to have access to your data. And with different methods for each one, some are a slider and some other are cookies, you have to install the “block cookies” — yes, the irony on that is definitely not lost on me — or other manual methods. The goal is to make you just give up and let the data flow.

Davis: I think you are 100% correct about that, and thank you for saying so. Thank you so much for being part of this, Dan. Any last words of advice before we sign off for this episode?

Dan: At the end of the day, it’s difficult to control the flow of your data, but you do still have one lever: your wallet. There’s been a sharp increase in what I call “the values buyer:” one who makes purchasing decisions based on the ethics values and practices of the company they’re buying from. The power we have is to make our buying decisions with data and use in mind, and when we decide that the practices aren’t acceptable, it’s okay to walk away from that company or product and to let them know why. We live in a consumer society, and our power on this topic is in our respective wallets.

Davis: I think that’s so true. We vote with our money in the end. So thank you so much, Dan, for joining me and we’ll see you in episode 5 of this series.

Say goodby to spam... or at least, give it a try! Here are some tips for quieting your inbox and your phone

 

Transcript

Davis: Hay, Dan. I think I got my irritation across in our last episode about spam text messages and spam phone calls. They are the bane of my existence, to some extent. So how do I stop this all from happening?

Dan: We definitely both get frustrated by these spam messages. It’s hard to stop because there’s no gatekeeper to text messages, which is also what makes them great. They’re interoperable and you can use them to reach everyone in the world.

The best advice I have for good old [Glossary=”SMS”]SMS[/Glossary] is to find the setting that hides messages from people that you don’t know or have in your contact list. The message will still arrive, but you won’t see it unless you go to look for it. Sort of like a spam folder for text messages. There is something to be said for keeping your phone’s contact list up to date, though, because it means the difference between seeing the messages and calls from people you know, and not having them get buried in a hidden state.

Davis: Thanks so much, Dan. I had not considered creating a spam folder for text messages, and I’m going to do that as soon as I get off the line with you today. If memory serves, you mentioned directories of phone numbers in our last episode. How do I get my email addresses and phone numbers off of those directories?

The best advice I have for good old SMS is to find the setting that hides messages from people that you don’t know or have in your contact list. The message will still arrive, but you won’t see it unless you go to look for it.

Dan: This is purposely not easy. Purposely because the people who create lists and collect consumer data about Americans make their living by keeping this type of data in their lists. You can, however, request from each individual provider that your data be excluded from the data they sell. They do have to oblige if they’re a law-abiding company but it may take a long or be a time-consuming process, or it might take a while to take effect. Search for lists of consumer data companies and begin to tick them off one by one. There are services that claim to do this for you for a fee, but I don’t know of any that I’d trust to do this on my behalf.

Davis: Yeah, you’re probably right. And that also means more tasks on our privacy to-do list. It seems like it never ends. But how effective is the Do Not Call Registry? Remember when that was a thing? Is it still actually around?

Dan: It is still a real thing, and it’s worth doing. There’s a hefty fine in the US for violating the Do Not Call Registry, so I found it does work well, but it’s not perfect. There are some groups that are not required to adhere to the list. But take a look on donotcall.gov to learn more.

Davis: Thank you. So let’s talk about emails, which is my favorite topic and I’m sure it’s yours too. By and large our email providers are catching these things and marking them as spam. But in other cases, there’s an option to click the “unsubscribe” button on unwanted emails. How often are these emails actually spam? And is it safe to click the unsubscribe button on what appears to be a mass email?

Dan: Here I have to give a favorite answer of mine and of lawyers: it depends. Sometimes, the “unsubscribe” links at the bottom of emails are used by attackers to gather intelligence about whether your email address is live, and also can be used in a similar manner to any link you click from a bad actor, a way to convey malware, or take you to a site you didn’t expect.

However, if the email comes from a reputable source and the domain matches [you should be good to go]. For example, you don’t want to receive emails from your local grocery store, and you use the techniques we discussed in the last episode to confirm it actually came from your local grocer, then you can likely click the “unsubscribe” button safely and exit their marketing mailing list.

But if you get a random email from a prince in a faraway country promising you unrealistic wealth, don’t use the included “unsubscribe” link if there even is one. If there’s an email you don’t want to get any longer but aren’t confident enough to use the unsubscribe link, you can also use your mail application to create rules to redirect messages from that source straight to the delete folder.

Search for lists of consumer data companies and begin to tick them off one by one. There are services that claim to do this for you for a fee, but I don’t know of any that I’d trust to do this on my behalf.

Davis: Yeah, that is another round of excellent advice, thanks so much.

So this is a total humble brag, but I got a promotion last a couple months ago and now I’m a “director,” which sounds very fancy but I assure you it’s basically the same job. And I’ve noticed since then that I’m getting more and more requests for my time and energy from people that look like they’re writing personal emails to me, but may actually be sent en masse. Does telling the sender, does replying to the sender and saying, “please remove me from your list” actually get people to get me off their list?

Dan: It may. This is mostly due to how some of the world’s spam and data protection laws are written to specifically address mass mailings. So a trend lately seems to be that sales people, on behalf of their marketing teams, are doing more direct one-to-one emailing, which is not held under the same scrutiny, even though the content may be exactly the same. If this is happening as part of a marketing campaign, even if sent directly by Bob Jones the sales person, they and the organization have to comply with any applicable privacy or spam laws. If you can confirm the sender is actually being part of that organization, then feel free to reply and say “you know what, I don’t really want any more marketing from you. Please opt me out from all future materials” and they likely will do so.

Davis: Okay, so that’s both my worst case scenario and my best case scenario in one answer, so thanks so much for that. But if things get really out of hand, should I change my email address? Should I change my phone number? What is like defcon scenario for these things?

Dan: Well, you can and it may help. And you certainly can try. But also be aware that the pool of numbers to choose your new phone number from may contain one that somebody in the next town over released for the exact same reason. So it may be better or it may very well be worse. I have one phone line that this problem has only gotten worse with each number change.

Now email is a little easier to find a new silent home, but you will still have the chore of telling people about your new email address. When you change either your phone number or your email, also remember that if you have multi-step authentication tied to those addresses and numbers, and if you cease to have access to them, you may also have trouble getting into the services you use every day. If you do shift away from a number or an email address, make sure you have all related access changed to the new locations before you turn off either the account or the phone line.

Davis: Thank you so much, Dan. I’m not quite to the stage where I’m ready to give up my email address or my phone number just yet, but if and when I do come to that point, I’ll be sure to revisit this video. So thanks so much for that, and I’ll see you in the next one,