Communicating data collection and how technology works to family who just doesn’t understand

I’m honestly not sure how best to categorize this new post, but I think this matches the topic the best.

Yesterday, I was with family for my birthday. And at one point, my aunt made a snarky comment about how I wouldn’t let them put Life360 on my phone because the government’s tracking it. A few problems with this. First, the government is probably buying data from them truthfully, but it’s not like some sort of tinfoil hat conspiracy like she made it out to sound because they’re probably not wiretapping this or something like they are the telecom phone lines. Besides, I work for the federal government and I am issued government mobile devices and anytime I carry those with me, I am being tracked and obviously that doesn’t bother me. To me it’s the principle: the government tracking me on their device is one thing, but they don’t have a right to my device. At any rate, I remember several times where our Level1Techs friends shared links of instances of Life360’s atrocities and data breaches. Secondly, she made a comment about how it’s just her location and she doesn’t care if anyone has just her location. Clearly, she doesn’t understand the technology behind it. How can I communicate effectively to family members how the technology actually works and why it’s bad and why it’s more than just location data? How can I communicate how much “just location data” reveals?

The second instance was talking to my uncle about my goal of setting up a local security camera network. And he was like, but how will you access it. I can absolutely access it like they can. One point he made was well it’s connected to the internet just the same as our Night Owls. But no it’s not the same. You and I know that, but how do I communicate those differences? I’m just looking for stuff to back up my arguments too. I recall watching a Black Hat conference about how easy it is to hack even the enterprise cameras, and I bet nothing has changed. But really I’m just missing things and I’m not even as technologically competent as that presenter, though tbh I’d love to be. Well anyway. there’s probably been some links with friends about various problems with security cameras, but I don’t remember them.

I have given up on this subject.
The moment IT-sec comes up, I just shut up unless directly asked.

“Normies” and other tech-illiterate people just do not have the will to understand the basic concept of “if they can let you in, they can let anyone in”.

Don’t bother trying to communicate “how it works”. Smooth brains won’t retain technical details like that, and you’ll just annoy them if you keep bringing it up.

Pretend to be “the bad guy” and come up with ways to abuse the data… abuses that family members can relate to.

Location data reveals patterns of movement, like when you are or aren’t at home. This can easily be used to work out routines (like work, school, or shopping) where you won’t be at home. Perfect time to burgle the house. Location data can reveal when a child is walking home alone from school, or waiting at a bus stop. “Hello cutie. Want a lollipop?”

Location data reveals shopping behaviour. If you frequent expensive stores, someone can easily deduce that you have lots of disposable income, and that your home probably contains valuables worth stealing. If you visit “K9 Munchies” or “Wet Noses Vets” on a regular basis, they know you own a dog — but if you don’t visit a vet on at least an annual basis, they know you don’t have a dog and that breaking into your house would be that much easier.

Location data reveals assets. If you visit “Northside BMW” every six months for servicing, they know you drive a Beamer/Bimmer/Beemer. Worth stealing from your driveway, or from the carpark when/where you go shopping? If you stop at charging stations on a regular basis they know you own a Tesla or some other EV. They might then steal it, key it, spray “Elon Sucks” on it, or set it on fire and then pull away rolling coal.

Location data exposes the social network. If you visit friends on a regular basis, then their names, addresses and even phone numbers can be ascertained (by doing something as simple as stealing mail). It’s then trivial for someone to socially engineer you into doing almost anything. Imagine getting a call from an unknown number, but when you pick up the person on the other end says “This is Steve. I’m an EMT. Your friend Josie has been involved in an accident at the corner of 3rd and 6th. She’s asking for you. Can you come and be with her as we go to the hospital?” Or a text from an unknown number: “Hi. This is Sarah. I just got carjacked! They got my handbag, purse, phone, everything. Am sending this from the phone of a witness. Can you come pick me up? Corner of 3rd and 6th.” You’re not just exposing yourself to abuse, you are exposing your friends as well. Are they OK with that? Have you even bothered to ask?

Location data exposes medical conditions. Does the world need to know that you went to an abortion clinic, or visited a sexually transmitted diseases clinic three times in June, or made multiple trips to a specialist that only installs lapbands or performs liposuction for overweight/vain people?

Location data can impact insurance. Will your insurance company deny your medical claim on the basis of “pre-existing condition” because of visits to medical facilities in the months before the claim, or refuse to cover repairs costs following a car crash because your average speed just prior seemed to be slightly above the legal limit, or because you visited a bar?

Location data exposes sexual preferences. Why are you visiting a gay bar every third weekend? Why are you shopping at “Big Black Dildos ‘r’ Us” every-now-and-then?

Location data exposes infidelity. Why do you regularly visit a male friend 15 minutes after your husband leaves for work?

Location data can implicate you in crimes you had nothing to do with, and didn’t even know had occurred — like this and this. You can lose your job, your reputation, your friends, drown in legal fees, and none of that magically repairs itself even if you ‘win’ in court. The damage is done the moment the accusation is made.

And so-on and so-forth. If you know your aunt (or whoever) has insecurities of a certain kind, exploit them. Make it personal. Use examples that resonate. Don’t try to be time-efficient and bring this up around the dinner table with lots of people present. For it to be personal you need to be talking to them 1-on-1. Don’t overload them with lots of examples in a single conversation. Drip-feed the examples to them over time.

BUT… leave out the fine details. The human imagination will fill in the blanks with more terrifying/horrible/sad/embarrassing details than you can ever think of. Let their own imaginations do the heavy lifting. Draw the skeleton then let their imagination flesh it out. Let them convince themselves that this is something they want to avoid happening to them. Then it’s their idea; their decision.

Rest assured that no matter what immoral, unethical, depraved, sick or perverted examples of abuse you can come up with, there are millions of people out there that can come up with things an order of magnitude worse.

For someone to want to avoid doing a certain thing, they need intrinsic motivation. Relatable examples of the abuse of location data can provide such intrinsic motivation.

PS: Keep an eye out for news reports of such abuse. Your family may think the risks are all just in your over-active imagination. When Channel 7 or The Herald reports the same thing you’ve been warning them about, however, it becomes real. You’re no longer a paranoid kook — you’re a prescient guardian.

So I don’t know your family members and it’s very hard to judge their openness to learning based on this limited context. My main recommendation is to break it down to the simplest possible terms while using analogies that they would understand. Can also recommend to do your best to be non-confrontational during the conversation and to not talk down to them. The minute you do so people tend to shut down and not want to learn. Overall wish you the best of luck on this as it can be an uphill battle.

If they are combative or not receptive I’d just move on in the nicest way possible.

Or

You can do what I do for certain family members: I just tell them this is my profession, I’m not always 100% correct since at the end of the day I’m human, but you have no experience on this matter and best leave it as it is. If you want to believe whatever X company marketing BS, that’s entire goal is to extract a profit from you, then by all means feel free to. Though I don’t recommend this response unless you know what the consequences might be. I only do this with some family member because they just believe whatever their told by the first person that says it and then dig their heels in.

Best of luck with your family. Can be one of the more vexing parts of life, but just know you are not alone. My brother is a mechanic and has similar complaints all the time

I feel like giving up oftentimes. Some people simply cannot be saved.

Pick the ones you really want to save. Parents, spouse and your children. Sometimes siblings cannot be saved and does not want to be saved.

Some relatives (grandparents, aunts, and uncles) cannot afford to be on Pixels and GrapheneOS because reasons. I cannot really tell my mother-in-law to stop using Facebook just because she is the targeted audience for AI generated fake news - that is the only way she talks to her amigas. Just, you know… put them outside the homelab into their own segregated network. They can take care of themselves.

I don’t want to watch the world burn but I oftentimes find that people (like friends) just want to splash themselves with gasoline, just to spite you. Just let them.

The flip side is I am being pulled back into Facebook against my will due to work related reasons and professional license renewal reasons. Its absurd. The medical society I belong to has stopped posting on their official website in favor of Facebook. I dont get news to my own professional peril. Its f*cked up! I left all social media since 2018 for a reason…

You are referring to a generation, which, from one side, didn’t have much information integration (electronics actually being electronics), meaning that the subject is alien to them.

From the other. I see two things here:
a) at certain age you literally stop caring about such things (oh no, people will think that I like “My Little Pony”…resemblances are coincidental). “Want to collect info about me? Sure, I don’t care”.
b) “collecting data” isn’t a new concept, introduced with smart electronics. It existed before, but in a different manner. And people didn’t really worry about it.

(my favorite social engineering experiments and research has always been multi-player… mmorpg video games. Put a bunch of rats in a room, and silently pull levers to see the outcome)

But that’s on “their side”.

wouldn’t let them put Life360 on >MY< phone

Well. Here things become different. You are your own person, and as silly as this may sound - you don’t need to explain to anyone your choices (literally, to no one. Maybe just to yourself. But that’s it.

And this statement does raise concerns from others - the “how dare you?!”, followed by “now you must explain yourself in-front of me, so I may judge your choice making”(sounds familiar?).

So the simple resolution to your sitation is - “No”. For the follow up question of “why?”, the answer is quite simple - “Because I chose not to”(some people, following this trail of conversation, got a quire more rood answer).

For the overall topic of data security.

I can see both sides - overthinking what a cookie in a browser, stating that you visited website abc, is a concern. Yes, if to put those together, one would see that you visited a,b,c sites, and were browsing such pages. But be it even cornbub, that information isn’t really interesting.

On the other hand… on my left hand (pun intended)… I have a Xiaomi bracelet. It tracks my activity, my sleep, and I would imagine GPS. And all of this is getting sent to China at some point. The sleep, activity is something, that would generally be interesting for a social study… but GPS data is basically a record, which shows where I walk, ride, work… but also where I am at the moment.

And that draws similarity to those restriction bracelets.

Apart from that… well, any application can be a backdoor, which may end up in suspicious (who even needs malware, when we have governments) services running on your system (be it even a phone). And that service, once connected to a wifi network, can spread.

Aaaand basically collect much more interesting things.

But from the other other side… most of people use facebook and stuff. People literally put their pictures, videos on their pages. And the silly part is - they use photos instead of avatars, and real names.

A few years ago I got a call from a guy from the university (he wanted to make a reunion). Funny part is - I changed my mobile number after graduating, had zero contact with those people and so on). And I have zero social accounts.

Apart from one - linked in. I do not have a picture there (for which I am being asked from time to time), but it does have my name and number (which I removed after that day).

I’ve had some success with showing folks all the exif data attached to the photos they post on social media and then asking if they would be comfortable telling every stranger in the area this same info.

I also have some very close folks who don’t see the issues with the current state of data collection and that’s fine too. I don’t engage in activity that doesn’t fit my current threat model and if asked am happy to share and encourage the same. But at the end of the day it is the individual’s right to handle their digital life the way they see fit, regardless if it is harmful or not. I will defend that right every chance I get, even if I don’t agree with the outcome from every user.

I am pretty much the same way. I’ve been talking to these people for years about this stuff, but usually I just get everyone frustrated and argumentative; so at one point I stopped. I didn’t bring up the Life360 thing, but I felt the need to justify my reasoning – especially because she was wrong about why. In the instance of my uncle, Thursday, I was just talking about a goal that I wanted to achieve with my homelab. Which of course he was like well how are you going to access it? During the course of the conversation, I got really close to being like: Well you guys didn’t believe I knew what I was talking about in 2019, and now my skills and IT-sec knowledge has me a job making more than every one of you did.