Earlier this week, it was reported that Pokémon Go, the most explosive gaming phenomena in recent history, was taking full access to iPhone owners' Google accounts. Early coverage claimed this included permissions for viewing, changing, and deleting email, photos, documents, and more. Later coverage claimed it was just profile information. Either way, Niantic, a former Google startup, quickly pushed out an update to fix the problem.
But most people didn't seem that concerned about it to begin with. They simply wanted to play.
This isn't the first time our data has been potentially or detrimentally exposed. Wikipedia has a page devoted to privacy concerns surrounding Google, for example.
Some of the more memorable examples include the opt-out Google Buzz, an early attempt to compete with Twitter as a micro-blogging platform, leaked contact and even location information, including to the worst possible people. Also a few years ago, Google recorded 600 GB of data from public and private Wi-Fi networks during its Street View mapping expeditions. Most of us weren't too concerned about that, either. We went on using those and future services, happy for the convenience they provided us.
Google, through its own ad network and its DoubleClick acquisition also passively tracks us across the web. If we want to use its virtual assistant, Google Now, it requires us to actively surrender unprecedented amounts of access and information, including email and web history, for online processing.
It's by no means unique to Google, of course. Facebook — see Wikipedia as well — and Instagram, famously, have updated their terms of service with data grabs so ill-advised, public outcry forced them to backtrack. Yet, each time, they seemed to push more and more, and we seemed to care less and less.
Government agencies have also been pushing for more access to more data, often when laws granting permission to do so are unclear, absent, or in opposition. Even when there's an outcry, each new encroachment seems brasher and more invasive than the one before.
Even if we trust the companies accumulating all our data — even if Google and Facebook and Niantic and all the others are the most trustworthy companies in the history of history — it wouldn't matter. Every time our data is accumulated by an additional party, there's an additional risk it will leak.
Modern computing, especially when it involves massive online services, is extremely hard. Even if we give every company and agency every benefit of every doubt, the sheer complexity dictates bugs will happen, poor decisions will be made, our data will be mistreated, and our rights violated.
Whether it's Google sharing location information that should never have been shared or government agents spying on the private pictures of their ex-significant others, once that data is collected, it's a matter of when, not if, a mistake or malfeasance will occur.
Worse, when it does happen, our initial reaction might be outrage, but our longterm reaction is surrender. Every accident, every bug, every missteps makes the horrific seem mundane, damage feel superficial, and complaints sound whiny and ungrateful.
Asking for it
Not all privacy erosion is accidental either. Earlier this year, Apple stood its ground against what the company felt was an unreasonable assault on privacy by the U.S. government. It caused enough controversy and garnered enough attention that Apple's approach of end-to-end encryption for all communications started to be emulated by other companies, including Facebook's WhatsApp.
A short time later, though, Google announced yet another new messaging service, Allo, where encryption was not only off by default, but actively gamed against by its biggest new feature — chat bots. Google showed off a bunch of whiz-bang new features, only available when privacy mode is kept off.
Apple began to reduce Google's role in search and services on iOS, making direct deals with providers like Wikipedia, Wolfram Alpha, and Yelp. Now Google makes a keyboard for iOS where everything we type is funneled straight back to Google and we thank them for the convenience that provides.
"What's the best way to get something from someone? Ask them for it." It's the cornerstone of social engineering attacks and the way innumerable accounts have been hacked. It's also the way exponentially more data has simply been traded away.
What's even more terrifying is that the popular media narrative shifts happily along. The story changes from companies like Google or Facebook making ever-deeper dives into our privacy to companies like Apple risking obsolescence and irrelevance by falling behind on artificial intelligence and machine learning because of their stance on privacy.
Recording every aspect of our lives is no longer seen as horrifying or even creepy. Rather, standing up for privacy is cast as antiquated and foolish.
Rage against the dying of our rights
I'm incredibly tempted by many of the new games and services. They're designed to be tempting. But I'm also terribly concerned by the continuing and accelerating destruction of my personal privacy. I'm concerned enough to take steps.
When Google Now demanded to track my web history to enable the service on my Nexus, I opted out and did without. When Pokémon Go wanted full access to my Google account, I made a throw-away Google account with nothing in it to access. When I decided I no longer wanted my email scanned by an ad network, I switched my personal account from Gmail to iCloud. I also decided to never upload anything I deemed truly personal to anything attached to a social network of any kind, including Google+ or Facebook.
I use Apple Pay because it's convenient but also because I'm tired of having to replace credit cards whose numbers have been compromised by retailers. I use iOS because I prefer its interactivity model and apps, but also because I admire the lengths Apple has gone to — including bifurcated data processing and new technologies like differential privacy — to minimize the amount of data taken, and maximize the privacy when taken.
It might sound silly — it might even be silly — and pointless, given the multiple vectors for acquisition and identification available to the giant online services these days. But I think it matters that it matters.
Anything else is a surrender. The continued destruction not only of privacy but of concern for privacy.
If we were writing a sci-fi movie about a dystopian future where a populace simply allowed its privacy to be stripped away, we couldn't come up with a better framework than continued mistakes, fun games, and handy services to explain away and sugar coat it all.
But this isn't a movie and there aren't any mustache-twirling villains. There are simply companies and agencies who see accumulating our data as invaluable, and individuals who see their personal data as having little or no value.