February 19, 2014
Who says kids don't value privacy? And who says they won't pay for it? WhatsApp and Privacy
One of the interesting elements for me here is that kids were okay giving WhatsApp their data, for then (for now?), knowing there would be no ads, because it created "parent privacy" though the app, and reduced their costs sending TXT messages through the telcos.
I pay $20 a month for a flat rate of unlimited TXT msgs, SMS, *and* unlimited free cell-to-cell calls. I did it for the calls.. which anytime are 10cents during the day. I moved my plan from the 4th highest minutes, to the lowest, because almost all my calls are to other cells.
However, because I went from 500 texts (and 25cents for each additional) to unlimited, I now use about 2k texts. But every text is listed, time, date, phone number, on my bill, and that's easily sortable online if you log into the cell company's website. And my telco and many other apps have access to those messages.
Parents that want to track their kids, just sort the calls, track the times, etc.
Kids are paying $1 to both stop any additional costs for texting, and to stop the tracking.
I think this is a very interesting development.
What data does WhatsApp see in your phone?
Your phone has more intimate data about you than Facebook, in many ways because it's implicit, not explicit. WhatsApp doesn't need you to tell them your favorite movies or where you live; they know through the discussions, they know your real friends list based upon contacts and activity in your phone.
Here is the list of the data you agree to give WhatsApp for an Android install:
Your SMS messages
Storage -- contents of your USB storage
System tools: all shortcuts -- plus modify shortcuts including installing them and uninstalling them
Your location: AGPS and GPS
Microphone: record audio
Camera: take pictures and video, see your photos and video
Your application information: retrieve any running app, find all apps
Your personal information: read your own contact card
Your accounts: add or remove accounts, create accounts and set passwords, use accounts on the device
Network communications: connect and disconnect from wi-fi, full network access
Phone calls: direct call phone numbers, read phone status and identity of phone
Your social information: modify your contacts, read your contacts
Sync settings: read sync settings, read sync statistics, toggle sync on and off
System tools: modify system settings, test access to protected storage
Affects Battery: control vibration, prevent phone from sleeping
Your applications information: run at startup
Network Communications (a second listing): Google play billing service, receive data from Internet, view Wi-fi connections, view network connections
Your accounts (second listing): Find accounts on device, read Google service configuration
That's a lot of info. I would argue that this is more personal information that what you post voluntarily on FB.
But I think the kids were looking for Parent-Privacy, not Privacy from Telcos, the government or data aggregators mostly. And WhatsApp gives it to them, and reduces the costs of text messaging on the phone to $1 year.
Brilliant, and worth every penny of the $16-19b Facebook paid, What'sApp is reported to have 450m active users.. divide that into 19b and you get $45 a user.. or $16b is $35 a user.
When Flickr was bought, Yahoo paid $111 a user. With revenue of $25 a person x 60,000 paid users.
Myspace was $36.
Instagram was $28.
Skype was a whopping $264.
See more at Statista.
I don't know how many paid users WhatsApp has, but the service is free the first year, then $.99 a year after that. I suspect we'll find out how many at the next quarterly call Facebook has, because I can't find anything with that number out there now.
But WhatsApp sold for an amount that is comparable for a "consumer" service. And reasonable, even if $19b is a mind-blowing number in the scheme of things.
February 09, 2014
Data Privacy Legal Hack-A-thon, Day 2: Projects
UPDATED: As we get down to the wire on presentations tonight at 5pm, the room is quiet and everyone is working hard. One of our judges, K. Waterman is walking around, conversing with whomever has a minute. And we have settled out to these project teams:
Safe Sign-up: This will encrypt volunteer signups for events, especially protests, so that there is not one place that would have all the people at the event. Event organizers would have 5th Amendment protection for this information. By: Zaki Manian, Restore the Fourth, SF.
Bring your Own Chat: A secure zero-knowledge chat application using only Drop Box. By: Daniel Roesler, Restore the Fourth, SF. The project can be found here at Github: https://github.com/diafygi/byoFS.
Privacy Enhancing Toolkit: A toolkit for encrypted communications, file storage and sharing. By Judi Clark & Jenny Fang.
Bitcoin Privacy Documentation: Developing a framework for thinking about the privacy of financial transactions using Bitcoin. By: Alice Townes, Richard Down.
Mobile Privacy Shield: Intercept and display all the async calls for websites using a Firefox add-on. By: @nyceane.
I'm working on a presentation for tonight at the closing for the ON project and consent receipt.. not to be judged... just to show the concept to the room.
February 08, 2014
Data Privacy Legal Hack-A-thon, Day 1
We have five (5) projects going in San Francisco at the Data Privacy Legal Hackathon. After an initial introduction phase,
and discussions, teams broke out and are all quietly working away.
We have 3 groups and 2 individuals who are working on projects..
After we talked a bit, he realized the value of the parts I'm working on with the Consent Map, Consent Receipt and various tools to make that happen, like the API project to the map. We went over the whole ecosystem we all propose and he sees the complementarity.
Here is a diagram of that shows some of the different products that we discussed above:
But that group is more interested in getting privacy policies structures and visualized than the other side of the transaction which would look at terms an individual would submit, like Do Not Track. However, they recognized that there is a need for a consent receipt at the end of either side setting a term.
There is also a bitcoin thing for more private transactions for identity privacy (ie, taking things outside the financial networks, where you still have some kind of identity inside bitcoin, to taking things outside the identity systems in bitcoin..). I don't totally understand it but that's what they are talking about and trying to figure it out.
There is an https server project, and another individual project that I haven't yet discussed with the maker.
I'm working on the consent receipt. Other groups are likely want to hook into the consent receipt when they have their pieces.