We’ve all seen the film. The highly experienced, perhaps a bit older person, usually a guy (though that could be my selective memory), gets through 80 per cent of the action with barely a scratch. A short time before the grand finale, however, he lets his guard down for a brief moment and the knife goes in, the sniper picks him off, he falls to his doom, leaving the hero or heroine to finish whatever they set out to do.
Which is exactly how I felt when I actually responded to one of those ‘let us know what you thought’ emails. Not like a hero or indeed, heroine, but the hapless bloke. I can’t believe I just did that, I thought to myself. And now I’m dealing with the consequences.
It seemed innocuous enough. I’d just got off a flight with a national carrier when I received an email asking me about the experience, which had been very good. “Win some airline points, travel the world,” it said, or words to that effect. I was tempted. ‘What have I got to lose,’ I thought.
So, I filled in the five or so questions and hit ‘send’. Then ‘the thing’ happened, the clever bit, the moment that we should all be wary of. This time, I wasn’t though — my guard was well and truly down.
“To be entered into the competition, please let us know which partner offers you would be interested in,” I was asked, or, again, words to that effect. I unchecked some but, stupidly, left some checked.
Hitting ‘send’ again was that same moment where the guy in the film put his head above the parapet, realised he’d left his notebook in the alien-filled lab, reached to find he’d run out of arrows. I only had myself to blame for the onslaught of email which then followed. Whatever ‘opt-out’ settings I’d chosen, religiously, on past T&C pages were wiped away in an instant, offering my details to the general market.
After the flood
Since then, I’ve been beset by ‘offers’. It might not be so bad, were the companies buying my details actual purveyors of real products, but this does not prove to be the case. I’ve been offered iPhones galore, and some people are desperately trying to get hold of me about a string of jobs. They’re all scams.
No doubt my details were put onto a list, which was then sold to an aggregator of lists, which then sold to whoever was interested at a very low overall cost. Email is virtually free to send, and the model doesn’t care about people ignoring the messages — it’s the handful that actually ‘click’ on the offers that make it all worthwhile.
Note: clicking on ‘unsubscribe’ doesn’t de-authorise the use of the address, it simply indicates there is a real person at the other end of it. Unsubscribe and expect the volume of requests to double. Fortunately, in this digital world the virtual representation of myself (as represented by that particular email) can be killed off, albeit painfully as I re-connect to the hundreds of services that use it.
So, yes, I can’t believe I was so dumb. But it does beg the question about the kind of environment we have created for ourselves, through choice or simply because this is how things have turned out. Black Mirror may be doing a good job of highlighting future dystopias but we have created one of our own already and, in the absence of any kind of code of conduct, the big corporations are active participants.
What’s the alternative? In my own, local experience — I have helped the less technically savvy of my village deal with being scammed or find their computer is a significant node in a botnet on more than one occasion. But, as stories like this indicate, we can’t function in a way that requires us to operate a ‘virtual clean room’ in which everything is kept 100% clean, or it is all tarnished.
Like it or not, this is the binary choice we currently face and which, sadly, new legislation such as GDPR does little to protect against. Initiatives such as the Web We Want are a start but even they struggle to come up with any way to overcome this simple, yet frequent scenario: “What if the person actually agrees to let the bad stuff in, then realises what a stupid error it was?”
The answer may lie in a combination of better use of metadata, two-factor authentication or indeed a general move to a Public Key Infrastructure. It will require corporations to accept they can’t treat our data as their own, which is a challenge but by far the bigger issue is how to get the population of the world to do the sensible rather than the stupid.
While all is not lost, I hold myself up as a case in point and fear that we may be stuck with what we have already created. Now, excuse me, I have another 30 emails to delete…
Adrian Schofield sheds light on tech in South Africa
Mark Chillingworth on IT leadership