Can you trust everything you read in the news? As tech and security breaches are a common topic in media, we thought it’d be a good opportunity to sit down and get Travis’ professional opinion about how much attention you should pay to scary headlines and how to sniff out the good info from the bad.
What’s an example of a good article? A bad one?
Not all reports are equal. Some articles are written with the intent to share (important?) information, some are written to drum up clicks and/or sell ads.
Forbes wrote what I feel is an excellent article explaining a potentially serious breach with LastPass and broke down what happened and how it could impact users in a measured and accurate manner.
On the same day, Popular Mechanic wrote what I feel is a click-bait, fear-mongering, hyperbolic article. It starts off with an attack on mobile computing in general and then digs down into “7 Apps You Should Delete from Your Phone Right Now”. An example they used as a horrible offense of one of these apps was “possibly tracking your location” in the case of an app that — wait for it — shows you the nearest gas station.
The big problem with the Popular Mechanic article is that there’s valuable information hidden within the hyperbole and rhetoric, but it’s throwing the baby out with the bathwater. People that actually take a moment to think about the writing will be turned off by the extreme ranting. Those that don’t are led to being afraid of everything.
Are there certain keywords or red flags to look out for (in poorly-written articles)? How do you sniff out fake news?
I’ve found excellent articles in unlikely places and unfortunately bad articles in places you’d think would do better. So how do you glean the wheat from the chaff?
My first stop is the headline rather than the publication. If a respected source is using a click-bait style “You Won’t Believe What These Apps Are Doing With Your Data!” or “24 Apps That Are Selling Your Data!”, skip it. There are thousands of apps that sell your data; that’s their model. Many of them straight up say so or are very clear about it. Does that make it right? Disclosure is key in my opinion, but we digress.
Other warning signs are going to be the tone of the opening paragraph. Is this an article that’s trying to warn of an event, or are they trying to scare you into a decision?
“X [subject] Has Y [traits], and Z [event] is a Result of [ABC].” <— this is OK
“X [subject] May Be Fun, but Did You Know […]?” <— a pretty big tell for me
Break it down for us. In this article, what’s inaccurate about that article?
I mentioned the gas station finding app above, and how it was written is not a really useful article for people. (Potentially teaching users to be aware of what apps track their location and making educated decisions on which ones to use would be a good idea, but that’s not what it covers.) However, they mention that Angry Birds is gathering personal data about its users to use in its ad network. This is pretty normal industry practice and not exactly groundbreaking news, but the fact that the ad network is leaking the data like a sieve and government agencies are trolling that data for “useful” information is absolutely relevant!
Perhaps instead of saying:
“Angry Birds isn’t your friend, even after all of these years,”
And instead they said:
“Angry Birds, the immensely popular game app, has been recording data that goes beyond standard demographic data for selling ads and has been leaking that data to interested 3rd parties according to Edward Snowden.”
Then perhaps their readership would have a better way to assess the level of impact the event has on them.
Additionally, showing users how they can limit the impact to themselves besides simply burning everything to the ground would show a measured response to an incident.
The Forbes article goes into detail about what platforms and use cases are impacted by the reported breach, whereas the Popular Mechanic article leaves out anything that could resemble impact data (because Edward Snowden didn’t provide it either).
When should we really be concerned about digital security in the news?
When multiple sources are publishing strongly worded warnings on the same topic, I recommend paying attention and perhaps investigating what the impact of that topic is if it isn’t already clear. An example of an important event that the end user couldn’t do much about was the Heartbleed SSL/TLS vulnerability. It was massively important and effected the way much of the encryption on the internet is managed, but there was little to nothing an individual end user could do.
Articles that talk about exploits to general software you use with advice on how to update/mitigate them, are another important category, though these tend not to make the mainstream media outlets as often. But they’re arguably more valuable.
The third category we see a lot is, “X Company Experiences Major Data Breach and Lost Y Million Records.” In my opinion, this is the same as a traffic update telling you about a major accident along your daily commute. If you’re a customer of that company, you should update your account information (change your password and/or delete your account, make sure you aren’t using that password anywhere else, and changing it there too if you are), but there are better tools for finding this sort of information than clickbait articles. Simply checking https://haveibeenpwned.com/ periodically (or using a password manager that does it for you!) is a more reliable way to get that information.
What are next steps to consider/do when you see an article that seems alarming, before freaking out?
When your friends send you an article with titles like “7 Apps to Delete IMMEDIATELY!”, treat it the same way you would any other passive-aggressive viral meme: Move on. Generally speaking I advise “Don’t feed the trolls.” But if the article is particularly egregious, perhaps responding to the misinformation could be helpful. Just remember: Don’t link the article, just reference it. Stop the spread! Remember, only YOU can stop bad info from spreading! (cue Smokey the Bear image here)
Conversely when there’s a well-written article that is spreading good and helpful information, mash that Share button to death. Like, comment, spread the word, evangelize!