Gotta catch some privacy settings

In July, people went into collective rhapsodies of delight over Pokemon Go, the game that nearly brought the world to a halt. People were playing while driving, walking into each other on the street because they were so absorbed, and otherwise disrupting the world around them. Others were forging bonds with random players that they encountered in their wanderings. Pokemon Go, as an immersive game that also drew people outside and forced them to interact with the built environment, was a huge success, and a very distinctive and intriguing piece of media.

Almost immediately, some problems developed: Pokemon Go was blamed for some robberies and attacks, for example, and multiple police departments felt obliged to put out safety tips to remind players to use situational awareness and stay alert while enjoying themselves. Fun becomes much less fun when you’re viewed as a soft target for attacks, after all.

But the real problems began to manifest when people stopped to evaluate and reconsider their privacy settings with respect to the game. Like most apps, Pokemon Go doesn’t run in a vacuum, and as such, it has to request permissions from the user to use other elements of the phone’s software. Most users click those permission requests without really thinking about it, and they were shocked when they realized how much the app had access to.

A couple of issues arose here. The first was that the app was clearly overstretching its boundaries, demanding access to information and tools that it didn’t actually need to operate — and suggesting that Nintendo might be collecting data for purposes other than allowing people to play an entertaining game. This is actually quite common with a huge range of apps — check out your permissions settings and you might be surprised, and also confused (why does a puzzle game need access to my email? how is my location relevant to book recommendation software?).

It would make sense for Pokemon Go to need camera access and location access, but it went much, much deeper than that. Which should have been a reminder to users — and everyone else — to audit their permissions settings and see if anything else on their phones is perhaps going places it doesn’t need to. Because the only reason to do that is to collect user data, but brings us to the core issue here.

You know how we are always saying that consumers are becoming the product? This is a classic example of how that happens. The user data companies collect is extremely valuable. Some of them are using it internally in product development, marketing, and advertising. Others are selling it, and you don’t have any control over who they sell it to and where it goes. That’s how you end up with things like geofencing, the use of highly targeted advertising to people within a very limited area, like, oh, anti-abortion propaganda shoved in the faces of people waiting at abortion clinics.

As the game exploded, Nintendo must have been salivating over the value of all the user data it was collecting. Each phone serves as a theoretically anonymised record of spending patterns, app usage, browsing history, and more. And while companies can’t sell data as ‘this is from John Doe’s phone,’ but instead must do so in large lots that obscure individually identifying information, the data on your phone, or anyone else’s, is incredibly valuable.

Which brings up some interesting questions and tensions. Many app developers who provide free or low-cost apps might argue that this practice helps them improve their products and recoup development costs, because nothing in life is free, and the developers, designers, support staff, and myriad others involved in app production need to be able to eat and pay their rent. In that sense, consumers are effectively being asked to sell themselves in service to a product they like, and want to keep using.

But should the cost of fun be a major compromise to your privacy? Your phone data is valuable not just because of what it represents in the abstract (‘let’s see what a 23-year-old female Pokemon Go player from Boston browses for on the internet, purchases, plays, does for work…’), but because it is your data. You as a person have a right to enjoy privacy, especially when invasive levels of permissions can start to blur the line between anonymity and exposure — when patterns can be mined and linked, people can dig up a lot more information about you than you realize. (If, say, that anti-abortion ad gets served to the same phone over and over again, suggesting that someone works at or very near an abortion clinic.)

These are questions that we need to be asking because there’s a growing expectation and demand that everything should be free. We get offended when we’re asked to pay for things, and yet we also hate advertising. And we get offended by invasions of our privacy (as we should), but we don’t always make the connection between free services and the sale of users as commodities. Nothing in life is free, but you have to decide how much you are willing to pay for things you enjoy — and you have to be aware that what you pay isn’t always obvious in dollars and cents.

Image: A Wild Pikachu Appears!, Sadie Hernandez, Flickr