Slashdot Mirror
Should Parents Shun Toys That Track Their Kids? (cbsnews.com)
An anonymous reader quotes CBS News:
Parents are realizing that it's not just Santa who's keeping tabs on their kids. Many popular high-tech gadgets that may end up being given as holiday presents can actually track, monitor and record children. Because of that, there are some gifts Felicity and Alden Eute won't have under their Christmas tree. Their mother, Emily, has banned all tech gifts this season. "My husband and I both agree kids don't really need to be on technology or on social media," Emily said. "None of these extra gadgets that just expose you to things kids shouldn't be exposed to at their age."
While federal law requires a parent's permission to track and collect data on children under 13, a Federal Trade Commission complaint filed this week alleges widespread violations through apps that "send persistent identifiers to third parties without giving direct notice to parents." That means things like location data, phone numbers and contact information could be exposed, according to Serge Engleman of the International Computer Science Institute. The institute's surveillance system, under the direction of Engleman, collected evidence that is now before the Federal Trade Commission.... It's not only apps where there are potential violations. "Any kind of interconnected robot-type toys...interactive games that you may play online are collecting data," said Scott Pink, a privacy and cybersecurity specialist.
While federal law requires a parent's permission to track and collect data on children under 13, a Federal Trade Commission complaint filed this week alleges widespread violations through apps that "send persistent identifiers to third parties without giving direct notice to parents." That means things like location data, phone numbers and contact information could be exposed, according to Serge Engleman of the International Computer Science Institute. The institute's surveillance system, under the direction of Engleman, collected evidence that is now before the Federal Trade Commission.... It's not only apps where there are potential violations. "Any kind of interconnected robot-type toys...interactive games that you may play online are collecting data," said Scott Pink, a privacy and cybersecurity specialist.
If you think it's okay for a soulless corporation to have as much information as possible about your child (which they will sell and exploit to the fullest extent) then go ahead and buy them the spy toys. If you think this is abhorrent behavior that should not be supported in any way shape or form then you should not only shun them but condemn them and ensure your friends and relatives understand the problems with these toys.
Anons need not reply. Questions end with a question mark.
I do not know of any direct physical toys either, but there are plenty of phone apps geared quite clearly at children, that do extensive tracking and advertising.
As a blanket that also includes this latter category, I would whole heartedly assert that "Yes, parents should snub such things." with an additional "People in GENERAL should snub such things."
So, that fitness tracker? Yeah... You shouldn't use that. There is no justifiable reason for it to report your use data to some mothership. The exact same functionality (to the end user) could be accomplished by the device logging GPS pings, then that data being given to and parsed by an offline application, which then reconstructs the jogging path. The potential perk of "I dont have to worry about data backup!" of this "clearly critical" /s data is not suitably wondrous as to make it trump the major bad of advertisers knowing where you jog, how often, and what stores you pass every day.
Similar story with nearly all such "Oh yes, our tracking is 'essential' to the function of the device!" bullshit devices. As such, people should shun the ones that report to a mothership.
Of course, that will never happen, because in the real world convenience is king. (doubly so to idiots that refuse to learn better.)
I mean, fear mongering is fine. But seriously could you not find even ONE example of the abuse of privacy for a kids tech toy?
That's the problem with big data: the threat is so massive and so diffuse that it's both very hard to find clear-cut evidence for it, and it's often too big to believe.
With "localized" dangers, it's simple: for example the pervert neighbor watching your child with a pair of binoculars. Easy problem to identify. Catch the perv in the act, problem solved.
With surveillance IoT toys, it's a lot harder to identify the problem. The toy maker could be building a database on your child's habits and behaviors in good faith. But what tells you they won't sell it to Facebook who'll get to "open a file" on your kid early? If the toymaker's database gets stolen and sold on the dark net, pervs can buy it and use it. And gee, do you want even a benevolent company virtually living with your child?
The problem is, there hasn't been a clear-cut crime committed. If there was, you can't tell because database owners are totally opaque and unaccountable. How do you do about proving something illegal is, or will be going on?
You only get to see the effects of corporate surveillance in the news when it goes spectacularly wrong. But in reality, it goes on all the time and there's nothing you or the law can do about it.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Agreed, which is why the consumer is the one on the line, as the one and only line of defense.
If the device communicates with a mothership, you should not use, nor buy it.
I would go on a limb, and say 90% (or more) of the use cases for IoT devices, DO NOT actually require a mothership; The user's home computer, with a local app, with local map data, would be MORE than sufficient to handle whatever "connected" services the satellite device offers. (Fitness trackers, etc.)
The reason the use a mothership for the communication is because a big corporation finds that data use^^ I mean PROFITABLE.
Remember when people were horrified at the idea of giving corporations personal information? I do. I want those days back.
If it's your kid to play with it, then it's a "toy".
If it's it can play with your kids (and your family), then it's not.
A computer (or a smatphone) disguised as a toy with full networking ISN'T A TOY! ... you name it.
It's a computer on the internet with microphones, cameras, GPS, wifi
Go buy dolls, Lego bricks, books (from dead trees), card games and the likes.
Your kids won't feel "different from the others".
It's you that who thinks you kids could feel different.
They are kids, they need real friends, runs and scraped knees.
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
Fake location data (for testing purposes! Or COURSE!) is incorporated into pretty much every android phone as a developer option. (sadly, you have to push the magic button a bunch of times to turn it on...)
That does not help with IoT devices though.
Thankfully, most IoT devices are in actuality-- just VERY poorly secured Linux boxes, and often times you can get root console access. A little poking, and you can make those things do Whatever the Fuck You Want. Want them to routinely tell the mothership that it should go fuck itself? Sure-- set up a recurring cron job that does exactly that. Black-hole the device right at its interface with a local hosts entry/DNSMasq/Bind9 config? Sure. You can do that too.
The fundamental problem is that you cannot get a defective end user (A user that cannot be made to understand the gravity or consequences of operating a shitty IoT gadget) to stop being a defective end user.
I take the pessimist view;
If the company does not have a truly legitimate* (as in, the operation of the device cannot be accomplish reasonably in any other fashion) reason to collect the data, they should not collect it.
Again, say a fitness tracker. This thing just needs lots of inexpensive, slow ram inside it. It just needs to log accelerometer and GPS data over time. It can store this internally in whatever encoded form it wants. It has no real need to be in constant contact with the internet. (Dont try to tell me that a complex bit of SoC like an antenna is inexpensive, compared with very slow, mass produced RAM chips.) It can communicate over a wired USB port (which is likely to be there for charging anyway), and deliver its data to an offline only application. At no point in the device's operation is it unavoidably necessary to communicate with the internet. As such, I feel such devices SHOULD NOT communicate with the internet.
By that line of reasoning, nearly everything that is IoT, should not actually BE "IoT". I am perfectly fine with that pronouncement.
We nerds have spent the better part of 20 years TRYING to do exactly that.
The problem, is that what is interesting (and thus obvious) to *US*, is NOT interesting (nor obvious) to THEM.
There is no way to MAKE them interested. Thus, there is NO WAY to "Fix" them.
There are sufficient numbers of them, that like PT Barnum put it, "One is born every minute", and the same business calculus can apply.
Yes, There is more than enough snooping going on already
J Williamson
It isn't liking big brother, but the gene is out of the bottle. The problem is these devices which do wonderful things but collect your data, and sell it to anyone willing to pay for it, are cheap. vs. having to pay high prices for a device that may not be as smart (because it can't process off so much data) and more expensive because you are paying for the full device.
If we wanted to fight against privacy parents should had stood up 20 years ago. But then computers were these scary things that were too advance for them to touch. And technology policy was only in the domain of geeky nerds who didn't have anything better to do with their lives.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
If the toy can do anything as sophisticated as tracking people, then it is not a toy. Give the kid something that will actually stimulate their minds instead of yet another over-hyped, pre-built, can't-take-apart boring piece of crap.
Those who do not learn from commit history are doomed to regress it.
Before I answer this question, I will ask you a rhetorical one of my own:
Which is more valuable to society-- Shareholder value, or social stability and cohesion?
From a "Shareholder value trumps all things!" viewpoint, there is NOTHING that should stand between an insurer, and having the absolute most accurate and up to the millisecond data about those they insure, allowing them to rescind a policy the very nanosecond that the insured violates the terms of their insurance agreement, (but continues to pay in up until that very nanosecond).
From a "Social stability and cohesion is more important that some rich fuck's pocket book" perspective, the ability of an insurer to make such decisions, with such perfect knowledge, is NOT in the public interest, because it means many many people who believed in true earnestness that they have purchased assurance of coverage for healthcare/damage/loss, will in fact-- NOT have that assurance, and will thus NOT be prepared, and this will cause a significant burden to the society.
So, which position do you personally feel is more important? It will greatly affect how I should answer your question.
Your comment is also focused on those behaviours that you can control. Imagine instead the situation where you had an erratic heartbeat event while you were 4. That even was detected by your fitness device and as a result, at the age of 21, no insurer will give you life insurance or your life insurance has exclusions for any heart conditions or is prohibitively expensive. This is despite never having any other issues, never being diagnosed with any heart conditions and despite being otherwise healthy in every way,
So you think you ought to get a discount on your health insurance for healthy living. Do you also think it is fair that you pay way more premium for your pension (if you have a collective one), and that you pay more tax if your country offers a state pension, because you are much more likely to live to an old age than the candy eating fatass? I think it was the BBC who did a short study into this and came to the conclusion that when you add everything up it's you, not the fatass, who is getting a sweet deal. Of course that depends a lot on how your country manages pensions and health care.
In socialized/universal health care the situation may get even worse if you take people's life styles into account. Since everyone is insured by law without exception, the government may simply decide to curb cost by outlawing unhealthy living. No more smoking, no more fatty foods, no more candy bars. No more drinking either. Oh, and no more jogging for you either since it's murder on your knees and we don't want to have to replace them when you get older.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
You really are fixated on whether people are fat or not aren't you.
How about considering things other than being fat. And then have that kid raised well, well education, well exercised, well integrated into society etc. Just because the had a toy when they were 4 or 5 should not be able to be used against them when they are older. And just because there might be other things that a parent screwed up it doesn't mean you can justify anything.
The societal norms I am talking about are things like the separation between juvenile criminal records and adult ones. Or that we don't allow minors to vote, drive or drink alcohol.
Well socialised healthcare is something that I 100% agree with and fortunately live somewhere that has it.
I also think you give competition too much credit. Insurance underwriting is highly concentrated into a small number of organisations. The vast majority of insurance offerings are underwritten by less than 20 companies world wide.
They prepare children early for the upcoming and partially already established surveillance society where the only privacy you have is in your head. Well, until they crack that, they are already hard at work on it. The earlier the kids learn that privacy, freedom, individuality and such things are a historic aberration that does not and cannot last and that they need to hide who they are at all times, the better their chances in life.
Yes, this new wave of upcoming authoritarianism and fascism is utterly horrible but so many completely stupid people are cheering it onward that it very likely cannot be stopped. Just as before when such catastrophes happened.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Of course, you have a point in saying that collecting data allows for service improvement. However, the example you chose is pellicular. Do you really think that Google search results have improved so much in the last 20 years ? Personally, I do not. Granted, the web is a much bigger place now than it was 20 years ago, and with the way social networks are linked today, the old pagerank algorithm would not be as effective now as it was. Nevertheless, the collection of a aweful lot of data seems to be required just to return wikipedia as the first result of a query.
You are being obtuse, so I will spell it out for you in very simple terms.
An advertiser is interested in getting money from retailers, who wish to sell a product.
They offer a service to those retailers: "Hey, we know about your customers, and can help them to know about (pssst-- no really, we know how to kajole them into buying!) your product, so that you do more business! For a nominal monthly fee, we take care of it for you!"
The retailers, of course, do not want to spend money they do not have to. They want the most return for their dollar spent, so they go for the advertising firm that is best able to translate dollars spent into positive dollar increase in sales.
The retailer, thus-- has a natural motivation to maximize the predictive qualities of the data they collect/obtain. The more predictive, (and the less they have to pay for access to that data), the more money it makes them, because their service is more valuable to the retailers.
Like the retailer, the advertiser is very picky about whom they purchase or obtain their data from. Paying to get the data they need to make predictions about consumer spending, so that they best can target them for their client's products, is a cost center for them. They want to get the best possible data, at the lowest possible price. They themselves are a business. They want to make profit too. These people are already masters of statistics and statistical analysis. It is kinda "their fucking job" to be experts in that. As such, they are VERY much aware of how sample size, and bias in collection affect the predictive qualities of the data they seek to obtain.
An average site operator, or IoT creator, necessarily creates and stores data about their users. Advertisers are interested in that data, because more data points that can be cross-referenced create useful inferences. (This is what "big data" really is. Knowledge of when you go to the loo, can have predictive effects in otherwise seemingly unrelated activities, such as who you will vote for, what kind of meal you like to consume, or even what you like to watch on TV. Having access to *ALL* of that data, to look for associations, is how big data works. Advertisers know this. This is why they want that data.)
The IoT company may or may not be itself an advertiser. (GOOGLE!!)
The IoT company often operates on a shoestring, as you state. As such, they are looking for additional ways to make income. Advertisers say "Oh, that's some interesting data you have there. Would you be interested in... Selling it to us?"
The kind of data collection that the IoT company collects (Voluntary vs Mandatory-- Selective vs Comprehensive, et al) determines the value of that data to advertisers, and thus dictates the market value of that data-- EG, how much *more* money the operator of the service for that IoT device COULD be making, by partnering with an advertiser.
Thus-- "More lucrative."
AGAIN, because you seem to be an idiot.
1) There are significant technological barriers at the moment, because IPv6 adoption is low. This inhibits the ability of such devices to function.
2) Adoption of IPv6 will fix this problem, and allow the devices to be deployed in exactly that manner.
If you want an example of an attempt at such a product-- How about a Western Digital MyCloud NAS?
It's a consumer grade device, that claims to be able to give you a personal cloud storage platform, on a consumer grade price point.
Due to the IPv4 saturation problem (which again, forces people to use NAT firewalls, which demand stateful connections!), this technology requires the use of a mothership to broker the VPN tunnel it creates for the user. Does the user know it is creating a VPN tunnel using OpenVPN? NO-- THEY SURE THE FUCK DON'T.
If it were an IPv6 native device, it would have no need whatsoever for the mothership.
The headaches caused by the IPv4 problem make this device's support forum a constant litany of angry customers being dissatisfied. Despite that, WD sold them like hotcakes.
Again, with strong IPv6 adoption, those headaches would not have happened, and there would have been may happy customers.
You are making a logic error, in that you are ascribing false causality to why these devices are currently not flying off shelves like free beer. You ascribe it, falsely, to difficulty of user setup, instead of technical issues causing fuckups and bad performance, which ultimately stem from the current status quo of the internet at large.
A status quo that can, and would, go away with IPv6 widespread adoption.
Perhaps the information collected on children isn't of much interest or value to their parents. If something has no value to you personally then what do you care if someone "exploits" it?
Well, I'm not a sociopath and I wouldn't want it to happen to me, so yeah, I care.
Anons need not reply. Questions end with a question mark.