How To Cheat The Algorithm

Experiment 6

Dear Esteemed Colleagues and Friends,

Earlier this month, the Biden administration introduced a new bill to severely restrict the use of TikTok in the U.S. due to concerns about American’s privacy and safety on the app. Just last week, TikTok CEO Shou Zi Chew was interrogated by the House of Energy and Commerce about his app’s privacy practices and possible surveillance by the Chinese Communist Party (CCP). Of course, dear reader, the app is spying on its users. But so are all of our social media apps and favorite sites. Instead of concerning ourselves with the future of TikTok, let’s concern ourselves with our right to privacy, online and off.

Yours Truly,

Mad Black Scientist

Experiment 6:

Observation:

When you walk into a store today, the store will count how many people came in, how many people bought something, and what they bought. This helps retailers understand which location is popular, what styles people at each location are interested in. The data collected helps the store make decisions on what styles to sell, how many items to keep in stock, and to get more information on their customer base. However, when you peruse different sites or apps on your device, those sites can take even more invasive data. They know how long you’ve been on their site, what you’re looking at, how long you’re looking at it, what site you were on before, and the site before then. This monitoring has another sinister definition - surveillance.

So how does it work (1)?

1. Companies contract with a Mobile Measurement Partner (MMP), a 3rd party that collects and organizes data on the app to give an overview of the companies market performance.

2. When you click on a retailer’s advertisement on Instagram, for a split second you will be redirected to the MMP’s site.

3. This is where they track a unique id that is associated with your device. If you have an iPhone it’s called an IDFA, AAID for android, or GAID for google phone.

4. This IDFA won’t report personal information back to the retailer, but they can send your location, IP, and the identifier tied to your phone.

5. This allows apps and companies to target specific ads based off of your location and what you interact with online.

6. Advertisers can also track which phones you’re near, and those phones’ online habits in order to tailor advertisements to you that your friends may be interested in.

What’s so marvelously malevolent about this surveillance is that its virtually unnoticeable how your every move is being watched and fed into an algorithm meant to distract and influence you.

Question:

Is it possible to cheat the algorithm?

Hypothesis:

Maybe there are things we can do individually to cheat the algorithm… but there’s a lot of money being spent to keep it in place.

Experiment:

The main risks to this surveillance is two fold - one is that you are being actively surveilled, and two is that any information you share has the possibility to be tracked back to your I.D.

To demonstrate the first risk, let’s review an experiment done by Robert G. Reeve in 2021 (1) :

Robert is staying at his mom’s house for a week, and suddenly getting ads for his mom’s brand of toothpaste on Twitter. He has never previously googled this brand, or bought it online. So how did Twitter know that he would buy this?

1. Robert bought some toothpaste at his local grocery store.

2. An MMP was buying the grocery store’s reward card data to track consumers and their purchases. Robert and his mom shop with a rewards card.

3. The MMP can match the grocery store’s data on Robert with his Twitter account because he gave both the Grocery store and Twitter his email.

4. The MMP is also taking similar data on his mother!

5. Because his phone’s location is in close proximity to his mom’s phone location, the MMP can suggest items to Robert that it has concluded his mom would also like.

6. Now Robert gets ads for items his mom regularly buys.

We noted in this experiment that Robert’s email address was shared through this data sharing. This is extremely common. Now what would happen if your email, address, or phone number are shared between companies?

1. Fenty Beauty has a data breach

2. I previously put my address, name, and number in Fenty’s system for them to send me a new lipgloss.

3. Now my address, name, and number are associated with my device’s IDFA.

4. Any other company, site, or agency who has access to my IDFA can cross reference it with Fenty’s breached data and find my personal information and location.

Now that’s scary, and not worth a twenty dollar lipgloss.

Conclusion:

“Your data isn't just about you. It's about how it can be used against every person you know, and people you don't. To shape behavior unconsciously.” - Robert G. Reeve (1)

In 2020 Apple announced a new update to iOs 14.5 that would restrict access to IDFAs. If you go to your privacy settings you can actually choose whether or not you want apps and retailers to be able to track you through your phone’s identifier. I highly recommend that you don’t allow any apps to track you.

However, retailers, apps and marketing agencies immediately started looking for loopholes. One to note was developed by China’s Advertising Association. The CAA developed a new ID that could be tagged to your phone called CAID (3). Tiktok was reportedly testing this system, and that could be what landed them in such hot water with the U.S. government. But they aren’t the only ones trying to find a way around your privacy settings.

Our online infrastructure was built to enable our constant consumer habits. And this infrastructure came at the cost of our daily privacy. While it may seem benign for stores to monitor our daily habits to sell us toothpaste; imagine what local police departments, state governments or the federal government could do with this information. While Apple’s technology is a step in the right direction, we need new technology and policies to continue to protect ourselves online.

References:

1. IDFA 101, Intercept (2021)

2. Robert G. Reeve Twitter Thread on Privacy Tech (2021)

   

   Robert G. Reeve @RobertGReeve

   I'm back from a week at my mom's house and now I'm getting ads for her toothpaste brand, the brand I've been putting in my mouth for a week. We never talked about this brand or googled it or anything like that. As a privacy tech worker, let me explain why this is happening. 🧵

   3:32 AM ∙ May 25, 2021

   ---

3. Tiktok Wants to Keep Tracking iPhones With State Backed Work Around, Patrick McGee & Yuan Yuang (2021)

4. Identifier for Advertisers, Wiki

Glossary:

1. IDFA - Identifier for Advertisers

2. GAID - Google Ad Identifier

3. AAID - Android Ad Identifier

4. MMP - Mobile Measurement Partners, a company that acts as a 3rd part provider to attribute collect and organize app data to deliver a unified overview of a brand’s campaign performance.