The EFF is doing something called hashtag fix it already, which they're calling. Picking a bunch of issues they feel a bunch of companies need to fix to get their security and privacy acts together. They call it, #FixItAlready:
A new way to show companies we're serious about the big security and privacy issues they need to fix. We are demanding fixes for different issues from nine tech companies and platforms, targeting social media companies, operating systems, and enterprise platforms on issues ranging from encryption design to retention policies.
And you, I really… I shouldn't…. It's all shades of cute. Now, don't get me wrong, almost any move forward when it comes to privacy and security is a good move. Here's the list:
- Android should let users deny and revoke apps' Internet permissions.
- Apple should let users encrypt their iCloud backups.
- Facebook should leave your phone number where you put it.
- Slack should give free workspace administrators control over data retention.
- Twitter should end-to-end encrypt direct messages.
- Venmo should let users hide their friends lists.
- Verizon should stop pre-installing spyware on its users' phones.
- WhatsApp should get your consent before you're added to a group.
- Windows 10 should let users keep their disk encryption keys to themselves.
On one hand, it looks almost completely based rando. Like, just pick something, anything, and throw a spotlight on it, and try and get some hype going, regardless of how it fits into a logical progression or any larger strategy or context. On the other, almost any move forward.
When it comes to iCloud and Apple, as I've said before, I agree completely. People should absolutely have the ability to toggle a switch in settings that encrypts everything locally before it hits Apple's servers, just like iMessage and all the other real-time transmissions.
But… as I've also said before, it's a much subtler and more nuanced conversation and it's dangerous and, frankly, irresponsible to just tell people to encrypt everything. Which is why experts don't.
So, again again, yes please. Give people who know the risks and want the protection, who would rather lose access to their own data than have anyone else gain access to it, the ability to flip that switch. But leave it off by default and educate the hell out of anyone and everyone by the time they find it and even think about switching it.