Early in the second part of PBS’s (highly recommended) ‘United States of Secrets‘ documentaries, The Guardian‘s reporter Ewan Macaskill recalled Edward Snowden’s reaction in his Hong Kong hotel to a simple question: Do you mind if I record our interview on my iPhone?:

Ewan Macaskill — excerpt from PBS ‘United States of Secrets’ part 2 MP3 file

I’ve referred before to my uneasiness about what a sufficiently-motivated (I hope) security agency or other entity is able to learn about, say, me (or you!) though our smartphone or internet connection — the bulk surveillance nightmare that Edward Snowden revealed a year ago.

An enterprising National Public Radio reporter called Steve Henn decided to find out … Project Eavesdrop: An Experiment At Monitoring My Home Office

When my iPhone connected to the network, suddenly a torrent of data began flowing over the line. Porcello was monitoring my traffic in his office across the country in Vermont.

“Oh, jeez,” he said. “You are not opening apps or anything?”

The iPhone was just sitting on my desk — I wasn’t touching it. We watched as my iPhone pinged servers all over the world.

“It’s just thousands and thousands of pages of stuff,” Porcello said.

My iPhone sent Yahoo my location data as unencrypted text. The phone connected to NPR for email. It pinged Apple, then Google. There was a cascade of bits.

Oh dear. Yes, I use the built-in weather app … with its little YAHOO! symbol at the bottom … and yes, I gave that app permission to use Location Services (along with only a few other apps).

But it didn’t occur to me that it would be routinely telling Yahoo where I am located — and transmitting that data unencrypted — even when I’m not actually checking the weather. Data like that is sooo hackable, as Yahoo mail demonstrated recently. Ger-rump!

Oh, you blabbermouth Yahoo!

Oh, you blabbermouth Yahoo!

Before Edward Snowden’s revelations about bulk surveillance and storage, I was quite relaxed about location services, as you can see in 2011’s Despite that, your honour, I wasn’t ACTUALLY there where I (naively?) reproduced this …

Oh dear. Now everyone can see how much time I spend at Simon Lusk’s place.

Oh dear. Now everyone can see how much time I spend at Simon Lusk’s place.

But I am … considerably less comfortable now.

– P