If we try to abstract the behavior of making intimate relationships nowadays, we find out they are marked by the hunting of sensitive data about a potential partner because Internet has given us the possibilities to achieve it. A very good and obsolete example on this topic are social networks, what’s commonly and problematically known as “Facebook Stalking”. When you recall on that, using Google-fu you can extract a lot of guidelines on how to stalk properly on your desired person, even more, there are a lot of tips coming from specialized pinky magazines or sites (Vanity Fair, Cosmopolitan, etc.) on how to do it properly. Some other sites/Apps combine certain elements of dating with data of user’s location to match people in the proximity like Tinder or Grindr and the stalking can be completed.
I have written several articles highlighting the concerns about privacy and people using digital technologies. Every time we try to raise awareness specially when talking about the social sites/networks, but in my opinion these all stays quite superficial and limited to obvious areas where privacy may be at risk. However, I consider important to alert more subtle methods of attack as well, particularly the ones coming from very close relationships not necessarily romantic ones.
Our family might seem immune to such problems, since it represents the most personal, and protected sphere in our lives. Parents regularly monitor their children in the aim of caring for them, so some degree of parental monitoring is essential to ensure children’s safety. On the other hand, some have raised alarms that normalization of parental monitoring/surveillance suppresses important childhood freedoms, as well as children’s access to information. But in many current contexts, the positions may be turned, as young kids can be the treats to their parents. Quite often, children are the smartest tech consumers of their families, and they have total control of the devices their beloved ones possess. With this irresponsible power they may gain access and put at risk sensitive information about their parents at any moment.
Unfortunately, there are applied signs of how these protected spaces can be used in ways that threat privacy already. For example, there are many famous vendors exploring domestic monitoring that would allow parents to spy continuously on their children, deploying machine learning/AI techniques to evaluate whether they are misbehaving or not. The use of lightweight GPS ankle bracelets allows the location of children, so they can always be tracked. More recently, the rising of the Internet of Things provides numerous opportunities for domestic abusers to spy on and harass people. All of these are worrying indications that home is no data protection heaven, and more attention needs to be paid to the scope for privacy to be undermined there, because as we can imagine, there are many ways in which people with intimate relations can compromise the privacy of those close to them, even with the best intentions. The line between watching and watching over is a blurry one.
To start to think about how these threats can be addressed, we need to identify common features. One is that, unlike traditional attackers, intimate attackers may have multiple motivations, including beneficent ones, often tied to a complex bundle of emotions. Rather than seeking economic gain, they are more likely to be driven by a desire to seek knowledge about, or control over, another person. One important consequence of this is that traditional cost-benefit analysis of threats and resources is unlikely to be applicable here.
Another important feature to be mentioned is the fact that attacker and victim not only know each other but tend to spend time in the same physical space. Again, that’s unlike traditional attacks, where strangers try to break in from outside. This physical nearness means, it is much easier for an attacker to execute a privacy offense, like watching passwords over someone’s shoulder or reading messages that display on the other’s screen. Basically, they have already broken the perimeter, so measures like two factor authentication, encryption or strong passwords are already bypassed. Even if almost the whole family maintain digital security on their own devices, they can be indirectly monitored via devices controlled by a shared child as well. Furthermore, unlike a distant privacy threat whose access to the victim is entirely digital, an intimate attacker may expose a victim to other forms of attack like sexual, emotional, or financial.
Intimate relationships frequently involve complex patterns of influence and control, which can make attacks much easier. Attackers may also use intimate knowledge of the victim to gain access to accounts. Much of this information is shared freely during a relationship (again not only romantic ones) and may be shared without consent afterwards. Intimate social knowledge negates certain forms of authentication, which often rely on knowledge of a person’s history and social life, under the assumption that attackers would not have access to such information. For example, the person who pays for a family phone plan can probably access data about everyone involved. Perhaps, people who are in intimate relationships with their victims tend to know extremely personal information about the latter, because that is part of the definition of intimacy. It is precisely this kind of supposedly “secret” data that online services like banks use in order to authenticate users, or any financial service which tries to secure their operations with intimate inquiries of their customers.
Carrying out this analysis is useful, because it provides the basis for a discussion of what engineers and designers can do to limit the risk and harm of these kind of attacks. While many of the threats we have described here are technically unsophisticated, we should not misread this as an indication that they are easy to solve. Not at all. The social complexity and heterogeneity underlying intimate threats make them very challenging to address technically, which is, perhaps, why they are often ignored by engineers and designers. Some aspects of this problem must be mitigated by law and policy. Other practical suggestions put forward by the researchers are to allow people to change their privacy and sharing preferences more easily in order to reflect the dynamics of their intimate relationships, rather than assume that such things never change. It’s also important for designers to recognize that families are not monolithic units: they are made up of individuals, each with their own privacy needs and rights. A device may be shared, but that does not mean that all the information on it should be. In particular, the purchaser of the product is not necessarily the only user and should not automatically be given administrative power over others.
With all these privacy erosions, defining what is private and intimate is a subjective matter, and it is even more complicated when the interaction with potential attackers is so adjacent. Privacy became a socio-technical matter, nevertheless it is not reduced to a selection of a series of parameters, but it is much more sophisticated. Privacy has traditionally been valued because it protects intimacy in so much as it grants the control over information flow and space which enables us to maintain different degrees of confidence. Nevertheless, nowadays there is a growing phenomenon of intimacy performed in public. More and more people are exposing their intimate lives through Facebook which is public by default. This practice can be both empowering and risky, and if we add the potential attackers we have in our own household, plus the increasing necessity of permanent hyperconnection with our peers, a lot of concerns about privacy emerge.
Therefore, more research is necessary in order to map intimacy failures facilitated by our close ones and (re)define intimacy in the context of social media in contemporary society - whether or not it comprises sharing intimate data with those who are part of our innermost circle.