Wow, is it just me or is this a mountain-out-of-a-molehill situation? This is not fundamentally any different than “report spam” for email, or a user posting “is 800-xxx-xxxx a legit number?” online, or sending a contact card to a few million of your closest friends.
I appreciate the situation that the journalist found herself in, but if she wants her number to be a secret, she needs to make sure the people she calls know that, too.
I will file the information in this article as “good to know,” not “omg disaster”.
> is it just me or is this a mountain-out-of-a-molehill situation?
It's just you.
The example of the journalist is a very good example of exactly why this is such an extreme issue, but it really starts with the small things. What if you want to call someone, and not tell them your name? well, f#$£ you then, the app already told them. Don't want everyone knowing where you work? well f$%& you again, maybe somebody added that with your name in the app (just as the example of the journalist).
So now you call, say, your beloved grandma and your number shows up as "Henry the drug dealer". Maybe you don't even deal drugs, but someone a) thought it'd be funny or b) wants to hurt your reputation.
Or even worse, imagine you call a company regarding an application for a job. It's already a big enough problem that someone else posting a picture of you doing something stupid while drunk can ruin your chances of getting a job; now we're talking about attaching random, possibly personal, possibly untrue information to your phone number for everyone to see without even informing you.
Let's go back to the world where there is no internet. Imagine someone spreads a rumor about you. Or a praise. People might have heard this, before they even met you. It can be illegal, harmful, or beneficial, but it's under the control of the people you interact with.
If you meet someone for the first time, and the person heard from someone that you're dealing drugs, and you tell her you don't, and ask them where they heard that, they might trust you over the rumor, and you'll try to eradicate the rumor.
There are differences, mainly in that the call receiver has greater power to reject the call based on the information they have.
I think the real story is in the interaction and how the app behaves, for the receiver. Were they aware that they were putting Chloe into the database? The article doesn't say. Without this, it's hard to judge whether the same thing couldn't have happened in a world without internet (imagine a small village). It doesn't seem to be entirely black and white.
Sure, the mechanism is the same, but the scale and effectiveness are not.
In your scenario, if someone wants to spread rumors about you in bad faith, they have to spend a lot of time and resources to make sure everybody you might interact with knows about the rumors.
A service like TrueCaller makes this much easier, which I personally think is very problematic. And as others have noted, another issue is that people even might not do this in bad faith. Just as a little prank, without realizing the potential consequences.
Truecaller is one of those "it just works" apps. It is completely transparent to the user. You can use it as a dialer to make and receive calls.
A lot of people don't understand that it's silently uploading their contact lists, personal information and call behavior off to the internet.
The customer service agent in the article from truecaller is correct about the usefulness of the app. A friend of mine was able to track down the owner of a fraudulent dishwasher service center in Bangalore because of truecaller. The photo and name of the owner in the app attached to the business mobile number.
> A lot of people don't understand that it's silently uploading their contact lists, personal information and call behavior off to the internet.
At least in the case of the tags, is that true? How do they think it works then when they get a call from a new number and it has the person's name / other information?
uh... I'm pretty sure if I went around telling everyone my friends telephone number, and what they work as, I'd get in trouble with the police rather quickly.
Each of your examples exhibit a broken model of what a phone-number is. You are arguing that people should be able to use a single unique id (their telephone number) anonymously. This is not how the world works and it is terrible opsec.
It’s quite different. A report spam function wouldn’t include (or shouldn’t include!) the identity of a person. If it does then it’s going over and above a spam filtering service.
Reporting a number as spam should then just result in future recipients seeing a “Probably Spam” or “Spam” etc based on reported levels on Spam vs Non-Spam reports for the number.
But I do agree that the journalist should have practiced better opsec and advised her sources that they probably don’t want her name to show up on their phone if she calls them at an inopportune time such as when around the very people she is investigating.
Also, disabling outbound caller ID would have helped.
But I do agree that the journalist should have practiced better opsec and advised her sources that they probably don’t want her name to show up on their phone if she calls them at an inopportune time such as when around the very people she is investigating.
How do you secure against something that you're not even aware exists?
Maybe outsourcing operational security? But how can a journalist aford that?
You quoted my example about the journalist calling the source while the source is around the people she is investigating. That’s a situation the journalist should be well aware of.
I would expect journalists to have some opsec training by their newspaper/publisher given maintaining confidentiality is a given in this line of work. Even if they didn’t have such formal training, I’d expect them to pick up a few things like this with experience.
I would expect journalists to have some opsec training by their newspaper/publisher given maintaining confidentiality is a given in this line of work.
I agree. But I still think it's a tall order to expect a journalist to know every service and every app, which may violate their privacy and protect against such entities.
And then there are things, which you just can't control, even being aware of them.
As a for example: How do you, as a journalist, prevent that your pictures are tagged by others on Facebook?
Yes, this does seem like a bit of an edge case and I think it's probably served to highlight that people who need to protect their privacy need to take extra steps to preserve their anonymity... in this case telling sources to obfuscate her identity in their phones.
The reality is that phone databases like this are an invaluable tool in the war on robo & spam callers. I think that there should be an option in these databases to be able to tag numbers as spammers without the need to have their identity preserved. I don't use TrueCaller (I'm a YouMail user) but see numbers flagged all the time as "Real estate scam" or "Probably a Canadian Pharmacy" come up without revealing a name or affiliated company.
I appreciate the situation that the journalist found herself in, but if she wants her number to be a secret, she needs to make sure the people she calls know that, too.
I will file the information in this article as “good to know,” not “omg disaster”.