Apple Publishes Mobility Data

Apple published an interesting visualization of data they have on the number of times Apple Maps users looked up directions and how the frequency has changed during the pandemic.

The Mobility Trends Report is not only a great way to show the value of Apple’s aggregate data but also an opportunity for the company to explain it’s privacy policies.

Privacy is a fundamental human right. At Apple, it’s also one of our core values, so Maps doesn’t associate your data with your Apple ID, and Apple doesn’t keep a history of where you’ve been.

This data is generated by counting the number of requests made to Apple Maps for directions in select countries/regions, sub-regions, and cities. Data that is sent from users’ devices to the Maps service is associated with random, rotating identifiers so Apple doesn’t have a profile of your movements and searches. The availability of data in a particular country/region, sub-region, or city is based on a number of factors, including minimum thresholds for direction requests per day.

Apple – Our Commitment to Privacy

Social Shaming in Cape Town

Cape Town South Africa is facing the third year of an unprecedented drought. Water levels have dropped to such levels that city officials predict the city wells will run dry sometime in 2019. There is, of course, a ban on filling your swimming pool or washing your car and individual consumption is limited to 50 liters/day.

In order to “raise awareness” the local government has created The Water Map where anyone can see how much water their neighbors are using.

Dark Green is within limits, Light Green is over

Zara Nicholson, spokesperson for the Mayor, said, “This behaviour-modification tool attempts to acknowledge good savers and encourage those who have yet to join the efforts.”

So far there’s been no mob-based Mad Max event and city officials say that consumption has fallen.

Connected Address Book Prototype

Joseph Smarr’s blog post, Turns out we still need Plaxo (or something like it) had me digging through my archives for some screenshots taken from an old prototype I worked on a few years back. The concept was simple and combined the double opt-in privacy features you get from Facebook with the simplicity of a phone address book.

The story starts with two phones, Boris’ on the left and Sarah’s on the right. The owner of the phone has a public card they can edit (outlined in yellow). By tapping on it, they can add whatever information they feel comfortable sharing to the public. Updating this info on your phone copies it up to the public directory. On it you see a photo, name, and latest status.

Step One: Two phones, Boris on the left, Sarah on the right.
Step One: Two phones, Boris on the left, Sarah on the right.

Boris decides he wants to search for Sarah. He begins to type and the list of matching entries narrows until Sarah’s entry is highlighted.

Boris searches for Sarah.
Boris searches for Sarah.

Tapping on Sarah’s entry, Boris can view Sarah’s public card. This info is stored on a server, tied to her phone number. Think of it as the white pages in the cloud, like a DNS record for people, matching IP addresses to domain names.

Sarah's public card.
Sarah’s public card.

Boris has the option to save the public contact record to his local phone book. This action sends a notification to Sarah (it says “New Contact” below Boris’ name as a status) that Boris has saved her public card to his phone book. It’s like a Facebook friend request but more functional.

Notification shows Boris has saved Sarah's contact card.
Notification shows Boris has saved Sarah’s contact card.

Tapping on Boris’ name in the list view, Sarah can pull up Boris’ contact card. Because Boris has already saved Sarah’s card to his phone, Sarah has the rights to view Boris’ full contact card with additional information such as his phone number and email address. Sarah has the option to Accept or Decline Boris’ connection request.

Boris' full contact card is unlocked on Sarah's phone.
Boris’ full contact card is unlocked on Sarah’s phone.

Sarah accepts Boris’ connection request so now Boris has access to Sarah’s full contact card and “unlocks” additional information on Sarah’s profile such as her phone number and email address.

Boris now has access to Sarah's full contact details.
Boris now has access to Sarah’s full contact details.

Now that both Sarah and Boris have saved the other’s contact card to their phone, they unlock private information that is only available to their connections. The act of saving a contact card can be either via the look-up method above or even by calling someone and that person saving the phone number from their call log to their address book.

Completing double opt-in, both Boris and Sarah have full access to each others full profile.
Completing double opt-in, both Boris and Sarah have full access to each others full profile.

Later, if Sarah wants to “pull back” her contact details from Boris’ phone, all she has to do is delete Boris’ contact card from her address book. Once she does so, her contact card on Boris’ phone reverts back to its public profile.

Sarah deletes Boris from her phone book, her phone number & email are hidden again.
Sarah deletes Boris from her phone book, her phone number & email are hidden again.

There are many versions of this type of system. As Joseph mentioned, Facebook offers this if you look at the About section on anyone’s profile. Google+ also allows you to manage access to private information based on which circle you save someone to. Even Plaxo had the concept of Work & Home card and you could chose who had access to what.

My point is that no one manages their personal contact details as part of a social network. The only way you’re going to get people to keep their data current is if their card is in front of them every day as part of their daily interaction with people.

Every time you call or text someone using the system above, you’re going to leave a link to your public calling card on their phone. As people interact with your card, they are going to be unlocking additional details that will help build their connection with you. Let’s say your work address or busy/free space on your calendar is part of that additional information that gets unlocked. You’re going to want to keep this information accurate.

There are all sorts of holes you can poke into such a system. For example, I can write my profile to look like some celebrity and save a bunch of people to my phone book and hope to dupe someone into counter-saving my profile to their phone and thus revealing their private information. To counter this, maybe you need to verify people’s names with a text message with a link or code that ties their name to their phone number.

Also, once someone unlocks your profile, there is no real way to take it back as they can take a screenshot and save that info as a photo.

Yes, there are holes but as a start what do you think. Is it intuitive? Does it make sense? The concept of your phone number as the equivalent of an IP address tied to a directory that contains further details is attractive. If we can get over the fact that a phone number isn’t really private and should be used as one-half of a key opens up many possibilities.

I’d love to hear your thoughts.

Privacy Wall

I wrote the following post on Friday and was going to mull it over for a bit but then this article came out in today’s Washington Post that made the issues raised here all the more timely.

An interesting topic was brought up that was glossed over in coverage of Friday’s Search SIG. John Battelle warned that the search engine industry is eventually going to hit a privacy wall. In pursuit of the perfect search result (which we all know is relative) it’s implicit that a search engine needs to know a bit about the person running the search. The more a search engine knows about you, the more relevant the results. If you identify yourself as a car fanatic and type in “jaguar,” an informed search engine can skew the Jaguar car information over the stuff on big black cats.

As search engines pull in increasing amounts of information to gain context, there is going to be a point where the search engine companies begin to tread into a grey area where the rules and practices of how to handle private information have not been worked out. Every site has it’s privacy policy but who takes the time to read through these anymore? It would  be helpful to have a debate about this now. Who owns your information? What are best practices on how it’s stored? How can your data be used in aggregate? What are the opt-out procedures? Can there a simple way to indicate the level of privacy control, through the use of icons, much in the same way that Creative Commons indicates copyright control?

We are ever more connected to the data cloud called the internet and mobile devices will prompt more and more of us to upload our information such as calendars & contacts into this cloud so we can access it anytime and anywhere we want. How many of you have clicked that little “sync” button in Plaxo and later realized that every contact you’ve every met now joyfully reminds you every year of their birthday? It’s so easy to forget what pieces of information you’re throwing around and how that data is used and shared.

Battelle calls for search engine companies to kick off a debate on guidelines & best practices around privacy before something terrible happens that forces the government to step in with heavy-handed regulations that would bog down development of the social web. I would argue that this debate over privacy is already happening with the cases of Choicepoint and Westlaw earlier this year. Joi Ito has also posted at length about the privacy debate as it related to a program to roll out a National ID database in Japan.

Clearly the elephant in the room as we all dance down the road to one big inter-connected nirvana. Being absolutely clear to the public about the trade off between sharing personal information and greater utility is an important point that should not be glossed over in the name of progress.

UPDATE: John Battelle has an op-ed piece in the Sunday San Jose Mercury News on the topic. Related to privacy, I also point you to Barton Gellman who has written at length about “national security letters” in The Washington Post. These letters, which are authorized under the USA Patriot Act, give US agents broad powers to ask for and receive personal information in the pursuit of national security and obligates the provider of the information to keep the disclosure secret. Over 30,000 of these letters have been served and including the case of an orange alert in Las Vegas at the end of 2003. In order to try and locate a potential terrorist threat, the hotel records of an estimated 1 million guests at Las Vegas hotels were sent to the FBI for a data mining exercise.

In this case, what happened in Vegas didn’t necessarily stay in Vegas.