This artwork hacks your phone to expose your embarrassing texts & photos

By Kitty Knowles 9 October 2015
Mark Farid phone hacking art installation at Cambridge Festival of Ideas.

Data Shadow, a new online and physical art piece by Mark Farid, hacks your phone to raise questions about data security.

You might think it’s only wannabe cheaters using the Ashley Madison affairs website who have to worry about their data, or that when hackers seize control of speeding Jeeps it’s got nothing to do with you.

In fact, thousands are at risk using NHS health apps, and the theft of information from shops like Carphone Warehouse, are all too common occurrences.

Most people just don’t realise the extent to which their data is shared, and how easily it can be accessed by third parties.  

Now, one artist has created an installation with the intent of making people consider how much data they share on their mobile phone, without even realising it.

Data Shadow, a new online and physical art piece by Mark Farid, hacks your phone and shows you the embarrassing photos and texts that are already on show – to those who know how to look.

Participants walk through the insides of a shipping container, and through a series of tasks, come face to face with their own, personal data shadow.

The piece, which will be debuting at the Cambridge Festival of Ideas later this month, raises questions over the privacy we sacrifice when using apps, cloud storage services, and social media.

We think it sounds fascinating, if a little intrusive.

The Memo spoke to artist Mark Farid to find out more:

Kitty Knowles: Can you start by explaining how companies might get your information without you knowing?

Mark Farid: So, Spotify recently changed their privacy policy so they could access your ‘non-specific’ location.

Initially they said this meant what country you’re in. Then, after more discussion, they said it meant which city. Another conversation revealed that it’s the post code I physically enter into the app.

It turns out they actually take my post code with my IP address, so whenever I use Spotify on my computer or my phone, they take that address and know geographically where I am.

Spotify’s new running feature, tracks your beats per minute. So they know how fast you’re going. They can merge my locations, with my name, my phone number, my physical address.

Paying for the service means they actually have my bank records, and suddenly this picture of me is painted incredibly clearly; to the point of if I was going through an emotionally bad time and listening to depressing music.

KK: What do you feel is wrong with all this data harvesting?

MF: It’s a moral issue, the collection of all data. If we’re not talking about it, then that’s actually agreeing with it morally.

For me, it’s to do with how advertising works. If I post lots of things on Facebook, then and you post lots of things on Facebook, but only one person ‘liked’ what I ‘liked’, but fifty people ‘liked’ yours, you are worth more to that advertiser.

So they start advertising to you instead of to me. But then what you’re seeing and reposting isn’t necessarily what you like. Slowly your interests become changed, but not through your own interest, not through your dedicated time.

It’s what advertisers and Facebook have decided that you should see.

So it’s about people losing their autonomy?

Definitely. Even the word ‘idea’, stems from the Greek ‘to see’, not ‘to think’.

So where does danger lurk? What can be done?

It’s the lack of transparency that is the biggest issue. With companies, sometimes this information is public, and sometimes it’s not.

It’s a very dangerous line, from a governmental level as much as hackers.

For me, the first thing was actually the phone hacking scandal. And the interesting thing about this is, it never actually became a scandal. It just became about News of the World, and the effects of them doing it.

In reality they were hacking into people’s mobile phones with relative ease, and we’re able to do it, and there was no real follow-up on the legal side of that.

We need regulations on technology making it much harder for people to hack into your mobile phone; the delete button on your laptop should actually delete stuff. That would put you back in control of your personal data.

If you wanted to, you can’t actually delete your Facebook account. It’s just disabled.

Because the Internet doesn’t live on your computer…?

Because it lives in a cloud storage base somewhere in America surrounded by barbed wire fences, a horrendous amount of security guards, behind loads of cages, loads of air conditioning.

The Americans discussed this last year with the fourth amendment.

It says that you need a general warrant to go into someone’s house and ask them for specific things. Basically their information or their data.

They discussed last year in Congress whether the fourth amendment applies to non-US citizens, over this data that American companies have on them. And it was agreed that the fourth amendment didn’t protect them.

That means that 95% of the world, access to the information of those who use Microsoft, Google, Apple, Facebook, you know everything we use is stored somewhere, you don’t own it.

So who owns it if I send you a personal text message? Who owns the content of that message?

It’s a good question, you know, and it obviously hasn’t been answered.

Actually everything you’re doing in virtual space is under the illusion of privacy, but it’s completely public. Just as it is in the real world.

This idea that Internet is ours. It isn’t ours. It’s all privately owned. It’s the most capitalist thing, actually, that exists.

How will Data Shadow make people think about all these ideas?

So it’s an installation within a shipping container in All Saints Garden in Cambridge.

Incredibly personal information is going being taken from you, and it’s sent out in different ways.

It’s only one person at a time. If you’ve got nothing to hide, let’s actually see if you’ve got nothing to hide.

We are trying to make it so it’s actually the most embarrassing pictures that we can find; in term of text messages it’s likely to be the most recent.

For example, you’re told to make a phone call to your other half, or ideally your mum… I don’t want to say too much.

It’s about bringing you face to face with your information, because ethically you have given us permission to see it but it isn’t clear at all what’s going to happen.

The Data Shadow holding page plays ominous messages. Pic: Data Shadow.
The Data Shadow holding page plays ominous messages. Pic: Data Shadow.

Will there be an online part to the project?

You have to wait until the 26th when the website‘s goes live ( I don’t want to tell you too much, but by clicking through we take all your digital information, and that’s a whole other part of it.

How do you want to make people who take part in Data Shadow feel?

I hope angry. I hope annoyed. I hope frustrated. And I hope people have an issue with us. I hope some people will say ‘it’s not cool of you to have done that’.

If you’ve got an issue with this, then really you do have an issue with the privacy related to it. It’s just that no one confronts you; why do you carry on letting the laws continue to be significantly worse as each year passes?

Do you think data security will become more of a theme on the art scene?

I would hope so. The ethical line of this is a very big question for the project. Is it okay for us to be doing this? I would argue yes, it’s in the public interest. But you know, if someone then questions what I just did, if their very upset about something, then actually I might have to stop.

Mark Farid’s Data Shadow installation will be open to the public between 7 October and 1 November at All Saints Garden, Trinity Street, CB2 1TQ. The project is part of the Cambridge Festival of Ideas and was commissioned by Collusion in partnership with The Technology Partnership, the University of Cambridge and Arts Council England.