Surveillance by Keystrokes – Giving Permission to Snoop

By now, we’re all pretty used to doing a Google or Amazon search, then having ads pop up about the item you searched for.

Take that a step further: Have you walked into a business but didn’t buy anything? Then next time you check Facebook, an ad for that business appears on your feed?

Happened to me for the first time about a year ago. I went into an independent bookstore in Whitefish, Montana to make sure they still had copies of my book in stock. I left without purchasing anything.

When I got home, I happened to check Facebook. An ad popped up for that same bookstore. How did FB know I’d been there? I hadn’t Googled it. No credit card transaction had been processed to connect me to that store.

However, the smartphone in my pocket knew I’d been there.

The amount of data recorded by that device creeps me out…especially when I didn’t knowingly put the information into it.

Recently I made airline reservations on my laptop. When I opened the calendar on my smartphone to enter the flight times and numbers, they were already there. What the…? I purposely haven’t synced the laptop and smartphone to talk to each other.

Yes, it was convenient but it bothered me. What uncomfortable magic suddenly connected the two devices? It hadn’t occurred several months earlier when I last bought tickets from Delta, nor with American Airlines where I’d booked flights a week before. What had changed?

Somewhere hidden in terms and conditions, apparently a new provision allowed access to my phone. By whom? Google? Delta? The phone manufacturer?

If anyone more techie than I am (which means 99% of the population) can explain this, I’m all ears.

Stealth “permissions” sneak past us whenever we check that box: “I agree to the terms and conditions.” When you download a game, an app, or make a purchase, do you read all 47 pages of underlying legalese? Probably not. Additionally, since terms are often subject to unilateral change by the company without notice, what good does it do to read them?

We have traded privacy for convenience, one app at a time.

Smart devices invade our homes. Alexa eavesdrops 24/7 on conversations. In some instances, she has been known to broadcast private conversations to third parties, as happened to this Portland, OR family who learned their discussion about hardwood flooring had been shared with a person on their contact list.

https://www.kiro7.com/news/local/woman-says-her-amazon-device-recorded-private-conversation-sent-it-out-to-random-contact/755507974

Nicolaes Maes

So…in the privacy of your bedroom, what if you complain to your spouse about your rotten boss? Suppose the oh-so-helpful Alexa sees fit to send that conversation to that boss because s/he happens to be on your contact list. Ouch.

Never mind what else Alexa might overhear in your bedroom!

Lately my husband and I have been listening to a Michigan attorney named Steve Lehto on You Tube. He delivers short, entertaining podcasts about legal issues, specializing in vehicle warranties and lemon laws. Sometimes he goes off on an unrelated topic that catches his interest. This video addresses stealth permissions on smartphone apps.

Steve reveals that when you buy or lease an Android smartphone, it comes preloaded with certain apps including one that keeps track of keystrokes on the phone’s keyboard. Sounds innocuous, right?

Until you realize every text message, every bank PIN, and every credit card number you type is recorded. A record of those keystrokes may be available to whoever pays for that information.

Steve didn’t mention iPhones but it’s not a great leap to imagine they share similar apps.

Older devices like Blackberries have mechanical keyboards rather than electronic. You tap a key and a contact switch causes the letter to appear on the screen.

But smartphone keyboards are different. They record keystrokes electronically (known as “keylogging”) with no mechanical switch. Somewhere in cyberspace, someone is keeping track and storing every keystroke.

I don’t bank or pay bills online because hackers gallop miles ahead of safeguards. Security patches close the breach only after the horse is long gone out the barn door.

http://Embed from Getty Images

However, I do text. And that’s how the keystroke app slapped me in the face.

Last summer, an old friend visited us in Montana and left behind his small, well-worn Bible. A few weeks ago, he died in San Diego. At the time of his death we were away from our Montana home, on vacation in Florida, meaning we had to fly from Tampa to San Diego for the funeral.

We wanted to take his Bible to the memorial so I texted our neighbor in Montana and asked him to look for it among the books stacked on our coffee table. I described it as a small, turquoise Bible. The neighbor found it and mailed it to us. All good.

Shortly afterward, an ad popped up on my Facebook feed…

Amazon ad on my Facebook feed

…for a pocket Bible in turquoise.

Hmmm.

That unusual combination of keywords could only have come from the text I typed on my smartphone. Android recorded my private text message and passed it on to Facebook who passed it on to Amazon. Now I’m angry.

If you’re arrested on suspicion of a crime, the Fourth Amendment to the Constitution requires law enforcement to obtain a search warrant to dump the contents of your phone. The same rules obviously don’t apply to Facebook, Android, Apple, Google, Amazon, etc. because we give up those rights simply by using these convenient devices.

Keylogging apps are sold for legitimate purposes, like checking your minor children’s exploration of internet sites, or to see if they’re texting pals to sneak off to a forbidden kegger.

However, such apps are a hacker’s dream because passwords, bank PINs, credit card numbers, and other sensitive private information can become available to cybercriminals.

It’s like installing a deadbolt on your door then handing out keys to random people on the street.

Crime writers can imagine endless plots arising out of technology scenarios.

My thriller, Instrument of the Devil, was set in 2011 as smartphones first exploded in popularity. In the story, a terrorist hacks into the protagonist’s smartphone. He employs what was then secret technology to eavesdrop on her every word and track her physical location while he sets her up to take the fall for his crime—a cyberattack on the electric grid.

In 2019, those formerly covert apps are widely in use by anyone. They are everyday tools that allow tech giants to mine ever more intimate information about us.

As an author, I’m normally delighted when someone reads what I’ve written. However, as a human being, I resent this invasion into my personal communications.

A wise lawyer once told me, “Don’t put in writing anything you wouldn’t want to be read in open court.” I remember his advice now when I text because…

…Someone is always watching and listening.

 

Your turn, TKZers. Have you experienced creep-out moments due to technology? What nefarious plots can you imagine where smart devices play a role?

 

Instrument of the Devil is on sale for only 99 cents during January.

This entry was posted in #amwriting, #writers, Google, Google+ Facebook Twitter, smartphone, Steve Lehto, Writing and tagged , by Debbie Burke. Bookmark the permalink.

About Debbie Burke

Debbie writes the Tawny Lindholm series, Montana thrillers infused with psychological suspense. Her books have won the Kindle Scout contest, the Zebulon Award, and were finalists for the Eric Hoffer Book Award and BestThrillers.com. Her articles received journalism awards in international publications. She is a founding member of Authors of the Flathead and helps to plan the annual Flathead River Writers Conference in Kalispell, Montana. Her greatest joy is mentoring young writers. http://www.debbieburkewriter.com

39 thoughts on “Surveillance by Keystrokes – Giving Permission to Snoop

  1. Yes, I find this all very creepy. I don’t use my phone the way most do. While technically it is a SmartPhone (ha! Amazing how much this brand can’t manage to make a call without pulling teeth!) I only use it for talk and text. I have sometimes had to log into my email from my phone but the thing I hate about phone apps is that they tend to hide the ‘log out’ feature on mobile apps. Now ordinarily I would chalk that up to being very low on the techy knowledge scores, which I am, but I manage to figure out how to logout on a regular computer with no problems almost all the time. They shouldn’t be hiding the logout. And I hate that synching thing too.

    But this “spying on you” stuff is very prevalent when using my home computer. Say I look up a piece of exercise equipment on Amazon. Next thing I know it’s popping up in my FB feeds and elsewhere.

    I just recently had to get a new computer because my 11 yo. laptop asked to be retired. When the Geeks came & set up the new PC, they turned on an ad blocker. Now EVERY SINGLE DAY when I go to weather.com to check the weather it asks me — twice — to turn off my ad blocker. Even Yahoo mail does it. Which I ignore. Annoying.

  2. P.S. Last night before I went to bed there was some article about the recent FB post asking people to share their current vs. 10 years ago photo being posted with ulterior motives–something to do with building facial recognition d/b. Thank goodness I didn’t participate.

    • BK, you’re so right that smartphones do everything EXCEPT make phone calls!

      I avoid FB’s so-called tests, surveys, and quizzes that they want you to share with everyone on your contact list. Perfect method to spread viruses.

      Thanks for adding your experiences. So now you have to put up with ads that demand you turn off your ad blocker? Sheesh!

  3. I do a lot of online research and last week I needed a visual of a “little black dress” so I googled it. A week later I get ads on FB, in my email and even a text message showing me one of the dresses I clicked on. We have given up so much for convenience.
    Oh… just this morning I researched dynamite and blasting caps…just waiting to see how THAT shows up on Facebook.

      • Patricia, doing research as a writer becomes scary. I remember back when the Patriot Act first allowed tracking of who checked out library books that contained “suspicious” information. We thought that was bad then. Child’s play compared to today.

        Fortunately the FBI doesn’t have enough agents to show up at the door of every writer doing research.

    • Debbie,

      That’s because the site you went to look for dresses stored a tracking cookie on your computer. When you went to FB, the cookie was read, and ads related to the cookie were pushed to you. FB isn’t actively monitoring what you do, but almost every site you visit, including Kill Zone, uses cookies (from what I can tell, Kill Zone uses seven different ones). Sites read cookies, and that’s what gives them the wealth of information.

      Regarding going into a store and not buying anything, all cell phone companies (and Sprint in particular) collect a massive amount of data about you. If you walk past a billboard for Sprint, you can bet sensors are collecting information about which phones walked by and when.

      Businesses use a whole suite of analytics tied to surveillance cameras, motion sensors, and other devices to know a lot about what’s happening in their stores. A simple example is the use of a “heat map.” A camera is used to determine how many shoppers go left or right when entering the store. It does this by monitoring the frequency of motion in a particular area – the higher the motion, the greater the “heat.”

      Also, I disagree that using a phone to perform certain tasks, such as banking, is less safe than using your computer to do the same thing. Yes, there are certain rogue apps (especially in the Android world) that can be malicious, but, in general, if you’re prudent about the apps you download, things are generally safe. Further, the login information you use to almost any of these services is encrypted at the app level. Finally, the login information you use on your computer is winds up in the same database that the information on your phone does, and that database is a much juicier target than an individual phone.

      I use banking apps on my phone because I believe that it’s safer. For example, I get notified by my app if anything happens to my accounts, which gives me time to react and deal with it.

      I do agree that things like Amazon Echo and Google Home are definite privacy invaders. People should be very careful what they say if they have these devices installed, because all of the speech interpretation is done on central computers (Echo and Home are really just glorified microphones connected to the Internet.)

      Thanks

      Mike

      • Mike, wow, thank you for the crash course in data collection.

        You make an interesting point that a trusted phone app for banking may be safer than your computer. The trick is knowing which ones are safe and which aren’t. I’m not knowledgeable enough to make that determination. So for now, this Luddite still writes paper checks and receives a paper bank statement by mail.

        Thanks for contributing to the discussion!

    • I think I saw something about letting Alexa and Siri learn from each other.
      I had some Dell credit and the only thing in their catalog was an Echo Spot, so I gave it, although Alexa and I don’t talk much. She gives me the weather and my calendar every morning, and reminds me to upload my “word of the day” to my blog at night.
      I’ve had her play music. For as long as I can remember, my dad had a framed record (vinyl) of a single called “The Celery Stalks at Midnight.” Thought it was a cute title, but never thought much about it. Dad passed away a year ago, and one day, on impulse, I asked Alexa to play The Celery Stalks at Midnight and was surprised that she did, and that I could actually listen to it.
      Now to see if she’ll play “Pink Shoelaces” and then, if she can, see what, if anything, that triggers on any of my other devices.
      That song was one of about 5 I could play on the piano back in the day.

  4. I am an IT guy for a living. How a phone uses it’s keyboard memory is not keylogging. But if you type “buttface” in a text too often, your phone will assume tface is what you want after your type but. On WELL BUILT apps, your keyboard will not remember or “see” anything typed in a password field.

    Free apps are a whole nother story. Many sell everything you enter into them. Email addresses, locations, app history.

    Do not believe iPhones are somehow magically safer. Apple was caught selling location data. As you move around town, your phone is locating itself by cell towers. Apple was storing that data and monetizing it.

    • Appreciate the clarification about keylogging.

      I avoid apps except for what came preloaded on my phone and never use most of them. There is no *free* lunch. Same for apps. There’s always a cost, even though it may be well hidden.

      Thanks for your input, Alan!

  5. Debbie, the elements you describe are half the plot to destroy us all. The other half, the more dangerous half, I would argue, is the unfettered ability of tech companies like Google, Facebook, Youtube, Twitter, et al, to shape what billions of people see, and in turn, what they come to believe. Take the case of the young man this weekend in the MAGA hat, interacting with a tribal elder. The young man is receiving death threats, even though it’s been revealed that the interaction was far more complex.
    Think about how relatively few people are controlling what the rest of us see…
    There’s clearly a plot line or two there.

    • Edward, we are living in a world that’s gone far beyond the wildest imaginations of Orwell, Asimov, and Kafka. One hundred years from now, I wonder what the history books/devices/chips will say about our times. Or will history even be recorded anymore?

      Thanks for adding to the discussion.

  6. The sad state of the modern world.

    Spyware, malware, ad tracking, ad targeting and data sniffing are much more likely to be on news sites than “bad sites”. CNN, Fox, Yahoo, NYT, every local TV and newspaper station’s website is linked to every ad site imaginable. There is a Firefox add on called Lightbeam. It will show you all of the sites you are sharing info with when you visit a site. Don’t start with Yahoo or your local news.

    • Alan, I agree that news sites seem to be the most toxic. Weather sites also slam ads like crazy.

      Privacy is a quaint old-fashioned notion. Sigh.

  7. I’m with BK Jackson here. I’m in that generation where I should be on my phone 24/7, both in a professional capacity and a personal one, yet it’s the one thing that if I could do without it, I’d get rid of it in a pinch.

    I railed against having to get a smartphone way back in 2010 because my flip phone worked perfectly well enough– except that it didn’t hold battery power. I got a cheapie smartphone on pre-pay. Fast-foward to 2017 and I’ve replaced that phone with another one because the battery kept dying. I’m still on pre-pay, don’t use any data or wifi, and don’t have any social media apps installed (though I have a poetry app, a note-taking app, and a red-filter app).

    I’m a firm believer in being able to talk and text on a phone– and that’s it. I’m sure friends and family get annoyed because I’m not glued to my phone enough to answer their texts in a timely fashion (and because texts cost money, which is expensive when you’re on pre-pay).

    I have a tablet I use for Facebook and messaging overseas family. I also use it as my ebook and my alarm clock (nothing better than waking up to soothing music rather than the ear-splitting BUZZ BUZZ BUZZ of an alarm clock). But, again, that’s it. I don’t use my tablet in bed to read; I’ll sit on the couch, then go to bed.

    Call me old-fashioned, but I like being able to have conversations with people; I don’t feel the need to be connected all the time. I go to family functions or dinner with friends/family and notice most of them are on their phones. I feel left out, not important enough to talk to, and not interesting enough for someone to put a phone down and converse with.

    Having said all that, I’m still online and/or on a computer quite a bit. I’m a budding writer, so doing lots of research on craft, story structure, characters, plotting points, and little details for the book. When I am online, I use ad blockers to keep ads from bothering me and sharing my data. However, I’ve learned that incognito browsing tabs are not as incognito as I thought- they don’t keep local data (browser/search history, cookies), but you’re just as visible to the online world.

    Scary indeed. I wonder what will happen if/when we’re forced to be connected and that one anomalous/abberant purchase or online search will send alarm bells to a vast surveillance system. What then?

    • Mollie, at your next gathering, I’ll meet you in the corner and we’ll enjoy a face-to-face chat! You sound like an interesting person I’d like to talk with.

      When my husband and I go to a restaurant, we’re surrounded by young couples, noses buried in their devices the whole time even though they’re obviously on a date. We just shake our heads and go back to our conversation–the old-fashioned kind with eye contact and words coming our of our actual mouths.

      • Thanks, Debbie! Sounds like a plan when I (eventually) visit Kalispell. I have a friend up there I’d love to see when I’m in the US next!

        As much as I love my better half, he looks at his phone when we’re at the table in a restaurant. Drives me nuts, and makes me wonder what young people who are beginning to date are going to talk about.

        The more scary-interesting thing here is that eventually, we’ll be matched up with our partners based on the data of what we like/don’t like. That might make for an interesting sci-fi/dystopia novel…

        • Mollie, what a great story idea about matching partners with data. You better start writing that book right away…before it comes reality!

          Do look me up when you’re in MT. We’ll go for a hike in Glacier Park–no cell service–it’s heaven.

  8. I use DUCKDUCKGO as my browser because I hate Google’s invasion of privacy.

    I also don’t keep my cell location on (although I know there’s a GPS embedded for emergency reasons).

    I disable or delete apps that I don’t want or use that came with my phone. Phones come loaded with useless apps & I resent the interference.

    I use a Norton VPN to stay secure inside & out of my encrypted home service.

    I wish we could opt out of this invasive surveillance. Big brother is making money on our backs.

    Scary post, Debbie, but definitely intriguing for writers.

    • Hi Jordan, a trusted pal used to work at AT&T and she’d regularly clean out the unwanted apps on my phone but, alas, she moved away. Can I send my phone to you instead? 😉

      I’ll look into DUCKDUCKGO but Google already knows everything about me so it’s probably too late.

      I fear Orwell was too optimistic.

      • DUCKDUCKGO has improved. I don’t miss other browsers.

        If you stick with google, it would be fun to mess with their data with weird author research.

        • A couple of one-liners spring to mind:

          “When I die, delete my browsing history” and “Pay no attention to my browsing history; I’m a writer, not a serial killer”.

          Admittedly, I do my fair share of weird author research. I’m sure I’m on someone’s surveillance list.

  9. *cue one long shriek and the smashing of all my electronic devices*

    Thanks, Debbie! I guess it’s better for me not to live in ignorance? *sigh*

    Great post, great comments.

      • My wife is connected with a laptop, tablet and smart phone. I have a smart phone too, but I carry it in case of emergency and to receive an occasional phone call. No text, etc. It does have a translation app that I occasionally will pop up to get a foreign-word translation (by Google). That’s all of maybe five seconds.

        I long for an old-fashioned house phone and answering machine, the mystery and intrigue of being DISconnected when I’m away from the house (and the phone). I often leave my cell phone at home when I’m away (!!!) and am somehow happier when I do.

        But it still isn’t quite the same as returning home to anticipate who called, what sort of message they left, etc.

        Someday someone’s going to kick the big plug out of the wall. It will be interesting to me to see how many people all but disintegrate when they’re suddenly detached from the collective. (grin)

        • Harvey, I too wonder about what will happen when someone “kicks the big plug out of the wall.” Someone is probably writing *that* book as we speak, maybe even a TKZer!

          Funny how, as the world gets more “connected,” people become increasingly disconnected from each other.

          Thanks for chiming in.

  10. Debbie, I just bought a Kindle Fire tablet. Love it, but when you read the permissions that some apps want in exchange for a “free download” it’s scary. Especially Facebook! They’re the worst offender of privacy.

    I use an iPhone, which I think is more secure than Android. As of yet, I’ve never had anything I’ve texted show up in an ad or anywhere online. I’ve also never experienced the horror of technology invading my in-person life like you have. Alexa’s on my Fire, though, and she listens in even more than Siri. Siri has freaked me out, though. So much so, I wrote it into SCATHED.

    I better be careful what’s discussed in front of Alexa. Thank God I didn’t upload my contacts! That little voice warned me to separate the tablet from my other devices. Although, when I’m not looking, they’ll probably pair anyway. Oy.

    • Yup, Sue, “free” is anything but.

      Like you, I deliberately try to keep certain info isolated from various devices but they sneak around behind my back and hook up anyway.

      While the loss of privacy creeps me out as a human being, as a writer, it’s rich story fodder. SCATHED is on my TBR list.

  11. Debbie,
    What a thought-provoking and scary post. Thank you! I read many of the comments and appreciate your readers’ updates and tips.

    Sometimes I have a bit of fun when I research habits and haunts for my characters. Google gods must think I’m an acne plagued teen with bi-polar disease, ice fishing near an Antebellum mansion who buys too much hardware for routine household repairs. Oh, and I lie about my gender, age, and sexual preferences all the time.

    • Ann, that sounds like a character for your next novel!

      TKZers are terrific sources of information on all kinds of topics. I learn a lot from comments.

      Great to see you here. Thanks for stopping by.

Comments are closed.