When I wrote in my last post about Eddystone, I was not aware of Chrome already included an update to scan nearby Eddystone beacons. Chrome version 44.0.2403.65 available in Apple AppStore (not in Play Store as of writing) now let Chrome user to open an URL broadcasted by Eddystone-URL.
This change is profound ! The following are the implications
- Developer no longer needs to write IOS codes to assess functionality offered by beacons . This is a liberation from the Apple iBeacon which must use native iOS APIs.
- A web developer can now add physical object interaction to their website. Website content can be targeted to a micro location.
- Security wise, the URL is unfiltered. A curious user clicking on a broadcasted URL may be directed to malware infected website.
- Privacy wise, by enabling Eddystone and use Chrome to launch the URL. Google knows where you are even when GPS is turn off or blocked. The Eddystone beacon location is your location. Therefore Google has a better “insights” of locations and time of your activities with a 20m accuracy.
Likely Firefox and other browser will follow and enable Eddystone. Will test out this feature with my Raspberry PI BLE project and write in next blog post.
“It’s comforting to imagine that, in the end, the power of innovative technologies and business models will win out over status-quo thinking and entrenched interests, all for the public good.”
From a security and risk management point of view, a central or using the author’s words “the powers that have traditionally controlled those transactions” provides assurance on quality of service, security and privacy protections. However, with new technologies most of this assurance features could be delivered by software.
Soon will come the software defined transaction (SDT) age.
April 27, 2014
Privacy has been described as an “adjustment process” in which humans continuously adjust the views of themselves that they present to others.
Steering Committee on the Usability, Security, and Privacy of Computer Systems; National Research Council. Toward Better Usability, Security, and Privacy of Information Technology : Report of a Workshop.
WSJ runs a great article on issues with FB current privacy position. It seems FB position themselves as a repairing mechanics not as a professional architect when they work on privacy controls.
The newspaper story started with an example of involuntary disclosure of sexuality when a teenage joined a chorus FB group. Her parents was informed about her sexuality via FB. The reporter Geoffrey A. FOWLER then explained some inevitable change to privacy: “For much of human history, personal information spread slowly, person-to-person if at all.”; “Personal worlds that previously could be partitioned—work, family, friendships, matters of sexuality—become harder to keep apart.” ;”Facebook is committed to the principle of one identity for its users.” ; “increasing privacy settings may actually produce what they call an “illusion of control” for social-network users.”
After reading this article, I noticed that although FB is responsive in fixing the technical issue, they did not discuss how they design and verify privacy BEFORE launch. Millions of FB users do the test for FB for free. The largest software testing I ever know. FB improves their system after their user already suffered the misbehave of their system.
Privacy settings affect every user and FB should design each new function or each disclosure with systematic impact analysis. There should be a clear document listing how each activities is displayed to friend and the public. FB should notify the user community what impact a new system feature will bring to such disclosure.
The idea that we letting FB continuously fixing their system scares me. Privacy should start with impact analysis and robust testing before thing happen.