Categories
monitoring Security Technology

Getting a bit creepy

I spend a lot of time working with monitoring solutions, and like to measure and track things. The information we collect from our apps tells us a lot about what’s going on. Who’s using it. How frequently they access it. Where they are from. How much time they spend accessing the app etc. And then there’s a lot we can do as app owners with this data. We can measure it, trend it, slice and dice and produce nice reports. We can also action on this info. Offer people stuff based on their behaviour. Use those ‘lifecycle’ emails to improve conversion. Increase our sales. Bring people back to using our products.

I’m getting used to those supposedly-personal email from Matt, the founder of Widgets inc. who’s “just checking if I need any help using the product”, or Stuart from Rackspace who has “only one question”. I know it’s automated, but it’s fine. As long as I can hit reply and actually reach a person, that’s ok with me. I pretend to not notice.

However, I’m feeling recently that some of those emails get a little creepy. A couple of random examples:

I’m not using Twitter much. My last tweet was probably a couple of years ago. So I did get a few of those “see what you’re missing” emails. But today, the email said “See what you’re missing in Germany“. I moved to Germany two and a half years ago. Now, of course I’m aware that Twitter knows where I log in from (even if it’s rather rare), and possibly other location-based info. But it just feels creepy to email me about it this way.

Another example felt even worse – I installed an app on my android phone called MightyText — it was recommended by Linuxjournal so I felt I should trust it. I realised it would need access to my phonebook and be allowed to send and receive SMS when I installed it. It might need access to my email so I can send SMS from there too. I understand. But when I got an email a couple of days after installing the app (and not using it), it kinda hit the creepy nerve: “You have SMS waiting from Dad, Jonathan and Florian”. The mightytext guys thought it would be more engaging to take a look into my recent SMS messages, pick up recent or popular contacts and use it to get me to use the product.

(UPDATE: to clarify, after installing MightyText I did not receive any SMS messages for a few days. The email was therefore not simply notifying me of some unread messages that I missed. It basically went over my old SMS messages I received before even installing it, and generated this reminder / engagement email to me.)

To me this is crossing some invisible but very clear line. I haven’t used the product yet, and it’s already trawling through my personal stuff?

It’s hard to describe what’s the tipping point, the point where things turn from useful/entertaining to creepy. To me those two examples did cross the line. And I wish I could put my finger on exactly what makes it creepy, but it’s hard.

Perhaps it’s when the application or service makes it blatantly clear that they can read your messages, that they actually have unlimited access to all the names and numbers in your address book. That they do track where you access the site from regularly. And not only do they have this information and access, they feel that it’s ok for them to use it rather openly. And they do make it personal. It’s not some trending data aggregated over millions of customers. It’s my data, extracted and pinpointed to be used on (or as it feels, against) me.

I’m trusting you with my data. I realise there are risks involved, but please treat my data with respect. Just because you can doesn’t mean that you should. And don’t be a creep.

14 replies on “Getting a bit creepy”

“Just because you can doesn’t mean that you should.”
LOL. Let us know how that works out for you.

If the US government shows no respect for your data, why should anyone else?

I think you hit the nail right on the head, there’s definitely a fine line between enhancing user engagement and creeping people out. I think this is more widespread than most of us realize.

Most apps attempt at so-called ‘personalization’ through the appropriation of a user’s personal data, app usage, or location, end up in fact disengaging users by assuming far too much.

The reason companies should pay attention to data privacy is that unlike the US government, people have a choice whether to be a customer of a business or not.

James Blunt, that’s like the worst mindset. If someone does wrong, we should all do wrong? Why not try to set an example? Or at least do what you feel is right? You’re giving up on this world already. Lame.

What you describe, applications stealing your private address data, is done by many programs these days despite it being blatantly illegal in a lot of jurisdictions. In those where it is not illegal, it should be illegal, and it should be severely prosecuted, the same as someone who steals one’s purse, or who breaks into an office late at night and copies papers there.

I felt the same way when I checked my phone and Google Now told me it’ll take me 15 minutes to get home, despite me never telling Google where I lived. I disabled it right after that.

David M., in what part of the world are petty theft or breaking and entering “severely prosecuted”? North Korea?

I fully agree with the impression, it is creepy. I totally dispise targeted advertising in general. But all in all, you should take your thinking a step further, cause this is a bit silly – you’re OK with apps using whatever data of yours they want to use, just as long as they don’t let you know that they’re doing it? :D

@Anon

“””David M., in what part of the world are petty theft or breaking and entering “severely prosecuted”? North Korea?”””

No, the U.S.

With the “three strikes” laws, you can even get life for “petty theft” or “breaking and entering”.

Perhaps you could do a little research:

http://www.alternet.org/man-was-sentenced-die-prison-shoplifting-159-jacket-happens-more-you-think

https://www.aclu.org/living-death-sentenced-die-behind-bars-what

Josip – Not exactly. It’s not so black and white. I expect them to use it responsibly. That’s what I think is implied by ‘trust’.

I can let you into my house because I like your company, and enjoy spending time with you some time. I hope you feel comfortable, open the fridge, make yourself a drink, feel “at home”. But if you go into my bedroom and start opening the drawers, I think that’s going too far.

@Thomas
It’s not lame. When the US government ignores its own laws, then all bets are off and everyone is screwed. Doing the right thing turns into “might is right”, ie whoever has the biggest guns wins.
Privacy violation is just a symptom of a vastly bigger problem that americans are unwilling and powerless to change. Unfortunately, some people have seen it all before:
http://news.slashdot.org/comments.pl?sid=4430195&cid=45387839

I know no one will likely read this but it still creeps me out that MightyText has no address listed ANYWHERE. I used to use it when it was direct phone to computer local network. Once they started relaying it through their servers I couldn’t justify using it anymore. I don’t trust MightyText. It’s weird that a company that relays everyones sms messages doesn’t even trust you with its mailing address or any sort of business number.

That’s just my opinion. You want the full content of my correspondence but you don’t trust me with your place of business, well forget that!

Mightytext is now RELAYING all your APP notifications, so in theory they have the ability to see everything you’re up to, intercept all your comms and view all your media.

It comes down to trust now, and it’s sad to say but I no longer trust Mightytext nor any web service, people are no longer respectful or trustworthy :(

Leave a Reply

Your email address will not be published. Required fields are marked *