- cross-posted to:
- pulse_of_truth@infosec.pub
- cross-posted to:
- pulse_of_truth@infosec.pub
“App developers can encrypt these messages when they’re stored (in transit they’re protected by TLS) but the associated metadata – the app receiving the notification, the time stamp, and network details – is not encrypted.”
Many services and companies argue that metadata is not personal data, but even if that were true by definition of the word, the means to correlate metadata to a real person have existed for how long now?
Just knowing that I receive messages, at certain times, in a certain app, might not be a lot on its own, but as soon as you cross-reference that with other users, it becomes a surveillance goldmine.
And that’s what many people seem to miss, I think.
Individually, there might not actually be much, depending on how you use your device. But the word individually gets thrown out the window in our world where everything is interconnected 24/7.
I was talking to a friend recently about how the mechanisms of surveillance capitalism reminds me of a dark and a hollow version of how communities work. Earlier in the conversation, she used the phrase “communities are when 1+1 = 3”, i.e. when the collective output and capacity is greater than the sum of its parts. Data works a lot like that — you’re completely right that overemphasis on the value of individuals’ data misses the point