Why is this important?

Ever since Google released Android 6.0 Marshmallow back in 2015, Android users have been able to revoke or deny specific permissions to apps. Don’t want that flashlight application to access your location? Just change a setting. Don’t want the latest game to access your contacts? Flip the switch. Don’t want your chat app to listen in on what you’re saying via the microphone? No problem.

But one permission users can’t deny is Internet access—no matter how much you don’t want that flashlight app to phone home and tell its creator about every tap, swipe, or launch. While Apple doesn’t provide this option in iOS either, we have bigger concerns that Google’s targeted advertising-based business model gives it less incentive to stop creepy tracking. Limiting Android apps’ ability to track users would be a big step in the right direction. (And of course, if Google gave users this option, then Apple would have no excuse not to.)

Instead of having no choice but to share their data with the creators of every app they ever use, Android users should be able to deny and revoke apps’ permission to access the Internet. Your move, Google.

Why is this important?

The good news is that Apple CEO Tim Cook already thinks that encrypting iCloud backups is a good idea and seems to want to implement it in the future. Here’s what he said about allowing users to encrypt their iCloud backups in an interview with Der Spiegel (translated):

SPIEGEL ONLINE: Is the data also secure with your online service iCloud as on the devices? COOK: There our users have a key and we have one. We do this because some users lose or forget their key and then expect help from us to get their data back. It is difficult to estimate when we will change this practice. But I think that will be regulated in the future as with the devices. So we will not have a key for it in the future.

The future is now, Tim. While some users may find it helpful for Apple to be able to recover their backups when they forget their passwords, that’s not true for all users. It’s time to let users choose security and encrypt their iCloud backups so only they have the key.

Why is this important?

When a user gives Facebook their number for security purposes—to set up 2FA, or to receive alerts about new logins to their account—that phone number can become fair game for advertisers within weeks.

And that’s not all. Facebook is also grabbing your contact information from your friends. This means that, even if you never directly handed a particular phone number over to Facebook, advertisers may nevertheless be able to associate it with your account based on your friends’ phone books.

As Facebook attempts to salvage its reputation among users in the wake of countless scandals, it needs to put its money where its mouth is. Stopping all non-essential uses of 2FA numbers and “shadow” contact data would be a good start.

Why is this important?

Read our original ask to Slack:

By default, Slack retains all the messages in a workspace or channel (including direct messages) for as long as the workspace exists. If you are using a paid workspace, you can change that and set shorter retention periods.

Slack’s rationale for quietly keeping your old messages is to have them ready for you just in case you later decide to upgrade to a paid workspace, which does not have a limit on the number of messages that can be available for you to search and view. But many groups are simply not likely to make that switch. Instead, users should be able to decide for themselves what messages they want Slack to keep and what messages they want Slack to delete—particularly once those messages become inaccessible to them.

Why is this important?

People talk about sensitive things in their direct messages, and when Twitter receives a warrant for the contents of these messages, it can hand them over to governments and law enforcement. Twitter could make direct messages safer for users by protecting them with end-to-end encryption.

End-to-end encryption ensures that a message is turned into a secret message by its original sender, and decoded only by its final recipient. That means nobody but the end users would be able to read those messages, and Twitter would no longer be in a position to hand over private messages to law enforcement.

Many other popular messaging systems are already using end-to-end encryption, including WhatsApp, iMessage, and Signal. It’s a no-brainer that Twitter should protect your DMs too.

Why is this important?

Read our original ask to Venmo:

Even a “social” payment app should give its users the choice of just how social they want to be. While Venmo offers a setting to make your payments an transactions private by default, there is no option to hide your friend list. No matter how many settings you manually change, Venmo shows your friends toanyone else with a Venmo account. Venmo should give users a setting to make their friend list private or visible only to their friends.

Venmo is a payment processing app that lets you send and receive payments. But the social features that have made it so popular are also its fatal privacy flaw: every transaction and friend list on Venmo is public by default.

This can paint a detailed picture of your life. The Public By Default project demonstrates the startling detail of Venmo information, from who you live with to where you like to go out to the minutiae of your daily habits and routines.

To hide your transactions, you can dig into the settings and set them to private. But there’s nothing you can do on Venmo to hide your friend list. Even Facebook allows you to control the visibility of your friend list. It’s time for Venmo to do the same.

Why is this important?

As if this weren’t sketchy enough, AppFlash comes pre-installed on many Verizon phones and while you can disable it, you cannot delete it.

But wait, there’s more! A review of Verizon’s privacy policy for this app shows that AppFlash affirmatively requests the right to collect contact and location information, and does so even when the app is not in use. And sure, AppFlash’s FAQ states, “We do not sell, rent or share precise location data that identifies you with others for their own purposes,” but given the telco’s history of data-sharing, we don’t have a lot of faith in Verizon’s promises.

Verizon should abandon AppFlash and stop trying to monetize its customers’ browsing and app usage.

Why is this important?

Read our original ask to WhatsApp:

If you no longer want to be in a WhatsApp group, you can leave or even block the group. But what if you don’t want to join that group in the first place? WhatsApp should get your consent before someone else is able to add you to a group.

Without a chance to decide whether or not you want to accept a group invitation, you are automatically added. This exposes your phone number to all the members of the group, and potentially even makes you part of someone else’s disinformation campaign.

WhatsApp has recently taken several steps to make groups safer, including introducing a new protection to prevent users from being repeatedly added to groups they’ve left before. We want WhatsApp to go further and make sure its users can affirmatively choose whether or not they want to join a group in the first place.

The power to simply say “yes” or “no” when someone adds a user to a group would put users back in control of their WhatsApp chats and personal phone number privacy from the start.

Why is this important?

Windows 10 Home Edition does come with a built-in encryption solution, but only for some users. Called “Device Encryption,” it only works if you have certain hardware and if you sign into your computer with a Microsoft account—which means you have to trust Microsoft with the backup keys. This is bad encryption design by Microsoft: users should never have to give their encryption keys to a third-party.

Other versions of Windows 10 don’t require you to back up your key to Microsoft’s servers. And some Windows 10 Home users may find it helpful to have a backup key stored on Microsoft’s servers, so that they can recover the contents of their computers even if they forget their passwords. But other users may have different concerns, and may not be technically savvy enough to remove the backup key and generate a new one.

That’s why Microsoft should update Windows 10 Home Edition. All its users should be able to encrypt their devices using built-in tools that don’t require them to jump through hoops to revoke Microsoft’s power to decrypt their devices without their consent.