How do New York Times journalists use technology in their jobs and in their personal lives? Nick Confessore, an investigative reporter, discussed the tech he’s using.
You’ve written a lot about data privacy and the misuse of people’s online data. How do you protect your own data privacy in your work?
I’m not a privacy expert, just a normal person who has done some reporting on how tech platforms handle personal data. So the answer is: I protect my privacy as well as I can — which is not very well.
Most of the ecosystem of mobile phones and apps, as well as the advertising technology that permeates the mobile and desktop web, is designed to extract a large amount of your personal information. The whole thing is effectively unregulated and almost impossible to escape without a fair amount of planning and technical expertise.
I use an iPhone, because Apple has some reasonable tech in place to protect your privacy. (Android phones, running Google’s operating system, are voracious and arguably unscrupulous collectors of information about their owners; an Android phone with Chrome open sends your location back to Google about 300 times a day, according to one study.) I’ve turned off location tracking for almost all of the apps I use, and I’ve tried to limit what Google apps I have on my iPhone.
For search, I mostly use DuckDuckGo, a privacy-optimized search engine that chooses not to collect or save certain kinds of data about the people who use it. I use a browser plug-in from the Electronic Frontier Foundation, the digital civil rights group, called Privacy Badger, which tells me when a site I visit is letting third parties look over its shoulder at what I’m doing.
Despite my in-house lamentations, The Times uses Gmail for its corporate email services, which means I have both a personal and a business Gmail account. I also use the Chrome browser on a PC desktop, because I found other browsers were less stable. (I’m thinking of going back to Firefox.)
So what do I do? Whatever I can. In my privacy settings, I’ve turned off — or “paused” — all of the Google services associated with my Gmail accounts that track me or collect my data. I never sign into another website or service using my Facebook account, a feature Facebook has used to track its users’ browsing activities off the Facebook platform. I’ve tweaked all the privacy settings on Facebook and other services that I can find.
For all that, I have no doubt that a true privacy expert reading this article will laugh at all the things I’m missing. And that’s kind of the point: In the United States, and in some other countries, the deck is stacked against consumers.
Have you changed your use of social media after writing about some of the data practices of Facebook?
When I started reporting on Big Tech, a lot of the public criticism about social media focused on Twitter, a relatively small platform that happens to be popular among the American political and journalistic elite. Two years later, a lot of the criticism focuses on Facebook and Google — and Twitter is by far the social media platform I use the most.
That’s partly because I don’t find the Facebook experience all that engaging or fun. But partly it’s for security. Once I started reporting deeply on Facebook, I deleted all Facebook-owned apps from my phone, including Instagram. I don’t know exactly who has access to the data those apps collect, but while meeting with confidential sources, I don’t want to risk that an app on my phone might be sending Facebook my location.
The social media app I really miss is Instagram. I always had a private account, and I accept requests only from real-life friends and family. So it’s an ocean of sanity and genuine relationships compared with Twitter, which is a hell of random angry people. But when I log in — once or twice a week at most, usually on my wife’s phone — I’m now hyper-conscious that every like, thumb click and scroll may go into my permanent Facebook record.
Is deleting Facebook an effective way to protect privacy?
Not in the slightest.
It may interfere with Facebook’s ability to track you as a consumer. But almost every website you visit or app you have on your phone is to some extent tracking where you go and what you do.
Deleting Facebook may not even stop Facebook. Kashmir Hill at Gizmodo has written about “shadow profiles” — dossiers that Facebook builds about people using information it culls from the inboxes and cellphones of their friends, work colleagues and acquaintances. Facebook may know a lot about you even if you never open a Facebook account.
What are some of the tech tools of the trade for an investigative reporter?
I don’t do anything really elaborate. The main thing I do differently is conduct virtually all of my sensitive work communication over Signal, the encrypted messaging app. It’s an easy way to have reasonably safe conversations with sources who need protection.
When I write about politics and campaigns, I rely on in-house data tools to query federal data on campaign contributions and expenditures. (Hat tip to Rachel Shorey, Chase Davis, Jeremy Bowers and many other colleagues.) I’ve also used tools at the National Institute on Money in Politics, which maintains a database that covers state-by-state lobbying and campaign finance. I also love a site called Citizen Audit, which provides searchable copies of the tax returns for nonprofit organizations. It’s basically Google for “dark money.”
More recently, I’ve come to rely on LinkedIn. When you’re writing about companies, it is an invaluable way to track down former employees who might be potential sources. People at companies will often describe in their LinkedIn profiles particular projects they worked on, products they developed or initiatives that the company conducted — often information that is otherwise not public.
The most important tool of all? A telescoping back scratcher that I got at a store called Flying Tiger. I keep it in my pencil mug, and it is awesome.
If you could invent a product to help people protect their online privacy, what would it be?
I’m going to answer this one the long way. The United States has no basic consumer privacy law. So every individual has to be in charge of navigating the entire commercial-surveillance-industrial-complex on his or her own. Which is to say, it’s practically impossible for any nonexperts to protect their privacy in a meaningful way.
The privacy expert Ashkan Soltani, whom I’ve quoted in some stories, compares it to ordering a cup of coffee at a Starbucks and being told that the coffee may be loaded with arsenic, but that it’s up to you to figure out whether or not the coffee is safe to drink.
I’ve come to the view that no effective privacy-protection product is really possible without clearer — and probably more stringent — laws governing what data companies are allowed to collect and what rights I have to control my own information. If such laws did come into play, it would open the door to interesting private-sector privacy solutions. For example, California recently passed a law allowing consumers to “opt out” of many kinds of online and offline data collection. With such a law in place, new businesses can sell subscription services that would, for a fee, do all the opting out for you.
Outside of work, what tech do you and your family love to use and why?
We’re a pretty analog family. Aside from the requisite phones, laptops and iPad, I don’t have a lot of gear. Most of the gadgets we do have I don’t actually like.
Sonos is a great-sounding speaker with an inexplicably unwieldy user interface that makes me want to throw my phone out the window. (Hey, Sonos, why can’t I just play my songs directly from my phone’s Music app?) The Nest learning thermostats never seem to actually learn anything. (Also, the Nests give Google the equivalent of a couple of cameras in my home.)
I’ve shied away from voice-activated speakers like Amazon Echo. I find these devices extremely creepy. For now, the only such device in my home is in my older daughter’s room. She really, really wanted a Google Home.
I have a few guitars and a nice big tube amplifier that I never get to turn on, because it’s New York, I live in an apartment and I want my neighbors to like me. We cook a lot but don’t have an Instant Pot. Don’t @ me.
Orignially published in NYT.