Systems can be described by their patterns and the interconnected effects from the outcome of those patterns. Patterns exist in the seemingly chaotic behaviors of the incredibly large and infinitesimally small.

This week I was at a conference in Santa Monica, CA. As I sat at the conference table I suddenly saw an alert on my phone of a nearby friend asking (I later found out) for the wi-fi password. My ‘think fast’ brain didn’t consider quickly enough the full ramifications of my share approving touch. After all, the wifi password was on the table top in front of me, clearly not being protected information. Moments later my thinking caught up to my action and my ‘think slow’ brain wondered, “How in the hell did that happen?”

Apple has made Privacy a key pillar in their market strategy of late.1 Privacy seems to belong to a set of concepts, like trust, that most people concern themselves with only when they find it is broken. Commendably Apple has taken as stand against providing back-doors (programmatic weaknesses) in their products at the behest of governments, such as the U.K.2 that would have included UK citizens certainly, but also those of other countries as well. As is typical in matters of security like this however, details are limited. Given this privacy stance therefore, I was perplexed as to how this completely un-initiated action appeared on my device.

I have most notifications off, my friends know this and are mildly conditioned against the expectation of an immediate response. My phone is usually on silent, I do not use NFC, or Airdrop. I turn on bluetooth only when I’m using my headphones or driving in the car. I’m mindful about these things, though I do have find my phone turned on which has twice saved me from having to buy a replacement device. I also use iCloud, which has made upgrades remarkably convenient and consistent. I do not have many apps on my phone, far less than most, preferring instead to use Safari private windows. I’m mindful, though not a zealot, about limiting my digital leakage of data for myself, but also of those whose contact details I’ve been entrusted with.

I have been suspicious for sometime about just how private this last bit of data, contact information, was. For some time I have seen the ‘update contact information’ suggesting changes to those Contacts for whom I have a different photo or name entered. As I sat there contemplating, I suddenly realized that Apple is not only saving my contacts (which I’ve asked them to do via iCloud), but they’re also indexing them and providing a service based upon them. This I’ve most certainly not asked them to do.

They are combining user contacts, with their location data, from Find my iPhone I presume and are now initiating actions based upon this information. I angered in on this last point, the initiation bit. I already knew I didn’t initiate this action, the sharing of the passcode. When I asked the contact listed in the alert he too issued a strict denial. Upon further discussion, he also shared the following details about other instances.

A day later I finally found out how I think this occurred. My airdrop setting was set to “allow” for contacts.3 This ‘feature’ was enabled post iOS 10 and I have no idea whether this was an opt-in/out setting update or migration. This means that Apple is continuously scanning your immediate area for other devices (like air-tags) as well as your contacts the effects of this scanning can be quite concerning. The rise of these technologies is creating new concerns such as digital stalking4 , NFC theft5 , surveillance6 which was a serious concern with Google Glass.7 It is not only the big-tech companies, network service providers have flagrantly violated user privacy.

In February of 2020 the Federal Communications Commission (FCC) fined the 4 major US mobile wireless carriers USD $200m for illegally selling access to customer location data without consent. The affected carriers were ATT, Verizon, TMobile, and Sprint. A fine representing 3/100ths of a percent of their combined market valuation (USD$630 billion), less than $0.50/subscriber (492 million total wireless subscribers). I’m sure they’re very sorry and would never again consider abusing their customers for financial gain. Forgive me, I’m not going to wade through all their disclosures and calculate, if it is even possible, the revenue they received from selling out their customers.

Which leads me to the pattern I’d like to highlight, that of break first, then ask for forgiveness. Just because you can, doesn’t mean you should. This fuels my curiosity as to what has changed. Why have consumers, whose privacy are systematically abused, seem to have shifted so dramatically. Have they simply given up caring due to fatigue? Did they ever, really care? Are they laboring under a false idea of security? Or have they simply resigned, believing they can do nothing about it? Might it be a bit of each or something else all together?