Technology Companies Need to Stop Treating User Privacy as a Second-Class Citizen
It has become a well-known secret that anyone who intends to benefit from any modern technology needs to, first of all, disabuse themselves of the illusion that he or she even remotely has a control over their privacy. In the past year, however, the state of digital security has exacerbated rather dramatically. Companies, whether big or small, have time and again conducted deplorable activities and tried to justify them through reasons which are usually accompanied by a standard, mediocre response.
OnePlus is one of these and has had a relatively concerning spell. It began from October 2017 when the China-based OEM was found quietly collecting a lot of data regarding how its users operate their phones. OnePlus’ response to this started with the company’s co-founder saying “We take our users – and their data privacy – very seriously” and ended with him promising that it will terminate most of these “features” from now on.
Almost exactly a month later, OnePlus was yet again at the center of a privacy blunder when a security researcher discovered a critical oversight which had left a backdoor in the operating system. A familiar statement was released which ensured users that the function will be dropped in a forthcoming update.
Most recently, OnePlus had “accidentally” added a feature designed solely for their Chinese customers to the global version of OxygenOS. It essentially transferred every text the user copied on the phone to a database in China. “We will be updating our global OxygenOS beta to remove this feature.”, commented a spokesperson later. OnePlus, however, is not the only one who has followed this standard practice in order to put these accusations and security disasters to rest.
Google, not long ago, was caught tracking its users’ whereabouts even when the location setting was turned off. In its defense, the search engine juggernaut admitted and basically sent out a similar explanation (/apology) which also revealed they were doing so for roughly a year to deliver notifications more quickly and has ended the practice AFTER the original report came out.
Google had another incident which involved a handful of Home Mini devices. The smart speaker was, due to an error, recording audio from its surroundings all the time. For the uninitiated, Google stores the conversations only when the user invokes the voice assistant by saying the hotword. Naturally, Google attempted to do some damage control through the usual steps.
In addition to these, there has been a multitude of instances in the last year where user’s privacy was breached and taken lightly with these generic statements which dismissed the fault as an oversight. Apple, for two consecutive times, overlooked a major loophole on MacOS. Uber bribed hackers to stay mum about a data leak which compromised 57 million accounts. A few Twitter users were targeted by a bug that published their location despite the option being disabled. Facebook casually introduced a slew of algorithms which scan every post, picture for various purposes. Netflix thought a tweet highlighting the granular control it exercises over user habits would be okay. You get the idea.
At some level, however, many of us knew this was coming. As technology services extend their arms into more granular aspects of our life for enabling advancements like machine learning, user privacy was bound to be endangered. In addition to that, the influx of smart home devices aggravated the situation even further.
But a few companies seem to have taken this accord as granted. Even if user security is expected by users nowadays to be at stake, ignoring its consequences and treating it as a second-class citizen is rather unacceptable, at least in my books. More than a dozen of leading technology companies have made inexcusable mistakes in the last year itself, multiple times in the case of a few like OnePlus, Google and Apple.
What’s more alarming is that most of these companies have yet to place user privacy at the forefront of their products. Security features are usually offered and added as supplementary to the service or gadget’s portfolio. This approach was passable before but not anymore. The rise of digital crime has led to an environment where even a tiny oversight can cause critical harm. One of the more prominent epitomes of this is the recently discovered CPU vulnerability because chip makers have been following the same design they’ve been for twenty years. The patch is expected to significantly impact the performance of a multitude of computers and high-end workstations.
Therefore, I feel, it’s time companies take a step back and rethink how their products treat personal data. Now, I’m not here at all suggesting they should pause development on new technologies. On the contrary, all I’m trying to convey is that instead of leveraging the fact that the user is fine gambling its data for better, more contextually aware features, they should consider overhauling the underlying algorithms to build a relatively sturdier and secure ecosystem this year.