Weaponizing Your Fitness Tracker Against You: Health, Fitness, & Location Tracking in a Post-Roe World

all right everybody thank you for being here um it's been a great it's been a great conference so far you're about to hear an amazing talk um wendy is amazing she's one of my favorite people and she's going to give you an awesome talk today quick couple pieces of housekeeping uh number one silence your cell phones we don't want to hear them you don't want to hear them um please no recording because we are recording no you know please don't you don't need to um beside that we're gonna if there are time there's time for questions at the end i will come to you with this lovely scepter of questioning and you will speak into it so that this can go out on

the youtube stream if there's not time for questions wendy will be happy to take your questions off the air which is to say out of this room so the next people can come by with no further ado the woman you come to see wendy knocks everett [Music] okay hi everyone uh you can all hear me cool so i'm going to give a talk that i proposed in uh in may of this year and i was like hopefully this is going to be completely irrelevant it'll just be like a cool little you know interesting on the side um as everybody's aware that it's not actually a situation um so i am or sorry there's been a lot of um

attention paid to this sort of stuff when like people are all of a sudden realizing like that rights that we thought were pretty well established and our privacy is not uh as sacristan as we had thought and so i am a fitness tracker user i had a fitbit in 2010 um i still wear an apple watch i have a peloton bike i have a scale at home that talks to wi-fi i've got a bunch of examples in here for my own personal data and i'm a cso at a startup in the healthcare space i know a ton about hipaa probably far more about hipaa than i would ever want to know and i've done some threat models of

fitness trackers and so forth over the years looking at sort of privacy impacts and so forth and so this talk is going to go through a lot of things you're going to hear me talk a bunch about data that fitness trackers and so forth collect and one thing i'm going to actually talk a lot about is that this talk is somewhat irrelevant uh law enforcement is not actually yet using a lot of this data it's so important that we realize what gets collected and what the protections are but this has not really been used in any prosecution so far this talk is a little bit more speculative and to inform people and to have you think about

things i am a lawyer i am not your lawyer but i do want you to take one piece of advice away from this which is do not ever consent to the search of a phone or a computer or anything anytime you are pulled over by police or so forth the one thing you say is i want uh to talk to my attorney i do not consent to the search of this car i do not consent to the search of this phone and so as i mentioned we're going to talk a lot about all the very personal data that you know your apple watch and so forth collect and it's still not really being used this obviously could change things are

very fast moving i've had to change this talk a couple times over the last two days because of things that are happening but so far it's been all text messages and searches and so forth so i'm going to do a very little bit on this i actually did a talk at b-sides in 2018 where i went very deep into how warrants work how wiretaps work how prtts work and so if you're interested in this please go find that talk happy to answer questions about it if you go watch it and email me or so forth but i'll just give you a little bit of a flavor of what this is when police are going after the search

history and text messages and so forth so a subpoena is one of the lowest burdens of proof essentially um but it doesn't give you as much information it gives you metadata the fourth amendment obviously is written in colonial times and so they thought about this is like well it's not that private the addressing information on the outside of an envelope everybody can see it and so if you just want to get to and from information like we shouldn't need that high of a burden of proof um obviously anybody who studies stuff like world war ii with the enigma and so forth you can see that network analysis and so forth will actually give you a

ton of information but we also have computers now to help us with that but generally subpoena is a lower standard less information less privacy protection warrants give you full content and so there's a higher burden for that these are mostly what are used if someone's going to get text messages and so forth and you need to show probable cause that a crime has been committed in order to get this full content data related to that uh law enforcement has started realizing there's all this cool new tech out there with all this juicy information that they could get so they've started using uh keyword warrants which are very problematic from a civil liberties standpoint you're not starting with a

person you're saying i want to find everybody who googled for um like this abortion drug i want to find everybody who googled for abortion clinics in a certain state and so you're basically fishing for your suspects i am going to tweet out my slides so there's a lot of urls and links in here um i am at 1dck on twitter so you can find the slides after so if you want to feel free to take pictures of the slides up here but i will tweet them and geofence warrants are also very problematic um these are somewhat similar to the cell site location information warrants the police have done giving everybody that connected to a particular cell

tower um so sometimes they're pulling it from that sometimes they're asking google for people who are in a certain area these were used a lot in the january 6 prosecution who connected to certain wi-fi endpoints within the capitol building and so forth also problematic from a civil liberties standpoint because you're not starting with a suspect you're like let me throw out a digital uh fishing net and see what sort of suspects might come up in it and wiretaps which is what i have the most legal experience with um are very similar to warrants for stored content and that you get the full content from them um the federal wiretap statutes say wiretaps can only be used for certain

crimes if you go look that up it's a huge laundry list of crimes there's a lot in there and de-orders there's something else that i have a ton of experience with this is basically subscriber information so you can say you know i'm going to do a subpoena to get it to and from for my communication and i'm going to do a de-order for the subscriber information from that and basically they will do hops along a network to see who's talking to who and who these people actually are google is one of the companies that tries to be pretty open about what sort of data they provide you can go to the google transparency report center and they tell you for all

these various types of law enforcement orders that i just walked through exactly what sort of information they're going to hand over uh all of that is kind of cool i'm a bit of a wiretap nerd because i worked on them and whatever i gotta say a lot of what's happening has nothing to do with wiretaps they don't take the time to get warrants uh they capture cell phones and they ask for permission to search the cell phone and then they take your cell phone um and do a forensic analysis on it there's a lot of tools out there that will basically take phones and extract text messages extract your location history i am not an expert on this stuff there's

a lot of people around who are my friend rihanna wrote a really great bed in the hill recently talking about how the federal government really wants to be serious about helping to protect women they could say that federal law enforcement will not help with these cell phone digital forensics searches because right now this is pretty much happening and so as i mentioned um people will they will get the cell phones and ask for consent to search it um and so consent bypasses all the probable cause and other protections that are in place for warrants and wiretaps and so forth so very much do not ever consent to a search of a device even if you are positive you are

innocent just do not consent okay so i promise we're going to talk about fitness trackers and i've just been talking to you about warrants and keywords and so forth so anytime we talk about fitness trackers and health people go well the us has vertical sector privacy um and health is actually one of the areas where we have a vertical sector of privacy law called hipaa um hipaa does not stand for like health information privacy or whatever it stands for health information sorry health insurance portability and accountability act originally had nothing really to do with privacy there have been some add-ons with high-tech and so forth so i'm going to go very lightly over this it protects information that originates

from doctors from hospitals from insurance companies and so forth it imposes some very minimal security requirements so i tell my dev team you know we need to do this for hipaa but we really need to do this to be secure like the hipaa requirements are pretty low key it has a bunch of administrative and technical safeguards in place like your stuff has to be encrypted oh dear so we had a uh outrageous speaker request for all the hugs so we formed a hog squad oh amazing ready thanks god everybody

[Music]

talking about hipaa and getting a hub squad is maybe the bestest

cool so why does all this matter um what use is hipaa hipaa really is uh to protect your health information so that if you work at a hospital and you have access to medical records you can't just go splunking through the medical records to see you know does my neighbor have a particular disease why was a celebrity in the hospital you can only access hipaa protected and from health information if you're authorized to access it aka providing care so forth there are a ton of exceptions in there around law enforcement though so since we just talked about warrants and wiretaps we'll go quickly through some of these these are all on the hhs website if you

want to go look at them in more detail so you can just get a subpoena for this information like we talked about um to identify or locate a fugitive uh to basically uh give over information about a victim of a crime to help prosecute it uh to alert law enforcement that maybe someone was assaulted and they've died and so now it's a murder suspect or murder investigation um in good faith if you think a crime has occurred at the hospital there's also a huge exception for like protecting the president um so someone goes to a doctor and says i want to shoot the president um they're allowed to go alert secret service that sort of stuff

and hhs has recently released some guidance around disclosures around reproductive care essentially says if you're a nurse and you suspect someone had a miscarriage as suspicious you can't just on your own go and report this to the police however there is still all the law enforcement exceptions in place so it is still valid under hipaa um for basically law enforcement to send a warrant to a hospital to ask for information if they think it's a crime in that area so is all our fitness tracker data like the fitbit and the apple watch or whatever protected by this great set of protections no basically fitness tracker information is created by us and we are not covered entities

and so therefore hipaa is pretty much off to the side um so it's a nice vertical sector privacy law that gives some safeguards do not apply to fitness tracker data almost always are there some exceptions like if you have a pacemaker um or you're wearing an insulin pump or something at the like under a doctor's otters the information from that is still under hipaa but not your fitbit or your apple watch so what is a fitness tracker these days like we say oh you know a fitbit that certainly one that's sort of the classic fitness tracker my watch tracks you know oxygen saturation my heartbeat and so forth uh my phone if you keep your phone in

your pocket while you're walking around it will keep track of like how often are both your feet on the ground um how fast you go up and down stairs i have this scale at home and it reports all sorts of stuff up into the cloud for me i have a peloton because i also stopped going to the gym during the pandemic and i have one of these and it talks to apple health and google fit so the fitness trackers know a lot about uh you know body attributes about us it's our heart rate and so forth they also know some other stuff that law enforcement might be interested in where you were is a really big one

and so this is not actually an example from a fitness tracker but i thought this was like a nice tweet that sort of summed up this is from the recent thing where the tim hortons app in canada got in trouble for tracking when people were coming and going from work and from home and so this is a sort of information that's just available on your phone if you have an app and you've given the application access there's also a really famous example in this area of strava leaking the private military bases um people would scroll around on the map and be looking these really empty desolate areas in the middle east and go why is

there like a little square with a whole bunch of people running and it turns out those are secret forces bases and they absolutely did not intend to do this uh you know they're very smart people but they're not you know engineers and they didn't maybe notice that this stuff was by default public uh one that was very disturbing to me is one that just came out somewhat recently um strava's flyby they're like well okay part of the problem with leaking the military bases was that you could see stuff that wasn't close to you so we'll make sure that all the location stuff is near you so if you run past someone maybe you want to find out what

the running route is it turns out a lot of people start and end their runs at their home so you could find someone's home address by running near them they didn't really learn anything from all of this they made some default privacy changes uh say you know you'd have to upload runs nearby this is from june i just you know had to pull this after i submitted this talk because you can upload completely fake fitness data into strava showing like completely unreasonable times and it will show you running routes near you and someone used it to discover a bunch of secret military sites in israel so location stuff can be very sensitive if you don't think carefully about how

it can be abused apple health also tracks location they're a little bit more privacy protective this is from a walk i did near my house and you can see there is a map there's not really any way for me to share that map publicly so it's in my apple health uh if you use peloton and you do outside walks with them they have maps and they will allow you to share it publicly so it sort of go through there but that's not by default public so it's a little better but the information is still there if law enforcement excuse me wanted to submit a warrant for it and find this tracker stuff is super uh common for people wanting to track

their bike routes and their running routes and so forth and so there's a lot of stuff on the websites for these tools that explain to you how to turn it on how do i use this to track things so in addition to the gps as we mentioned there's a lot of private health information about people's bodies that these trackers have and that they store one very interesting fitness tracker is the aura ring and they have a temperature sensor in them i will i'm sure most of the women in this room know this but for the guys your body temperature changes when you ovulate and so body temperature actually can be a very good indicator of fertility

are you pregnant are you not it's different for every woman but overall and so when i was talking about this with some friends they're like oh but aura sure the tracking your temperature but you have to very carefully take your temperature if you're trying to get pregnant it's probably not accurate enough it's not really a real risk so era is like oh no here's how you can use it to track if you're ovulating uh let us tell you how you do it let us even give you some scientific studies to show exactly how precise it is um so as i said i don't think anybody's actually using this in court so far but if you wanted to bring this evidence in

or is going to help you authenticate that data to show possibly that someone actually was ovulating stopped ovulating therefore maybe was pregnant uh so in addition to just things like aura trying to guess if you're ovulating or not because uh of your body temperature there's a ton of support in these apps for cycle tracking that's a little bit more manual there was a huge wave of articles in may june about should we be using these uh cycle apps should we delete it do we need to delete all this data um that can actually have serious health implications for a lot of women who really need to track their cycle the controversies around these actually even predates uh what happened in may

this ftc consent order is from january 2011. sorry 2021 i can totally talk um flow was releasing a lot of data to advertisers and not really letting their users know that like hey you're putting this very sensitive information into the app and you know we're sending it to advertisers and apple health and google fit finally woke up i realize a lot of women use fitness trackers and added cycle tracking just directly as like a primary uh sort of thing that can be tracked through those platforms and i think that i took this picture from google fit i actually looking at it i don't remember this is apple health or google fit but it's pretty somewhere

between the two of them you can just go in and enter the data so i've been tossing around a lot of terms about apple health and so forth these are the four really biggest players in this field and they all inter-operate so when i ride on my peloton i send the data to apple health and then it sends it to google fit so they all have apis and work and so your data's kind of replicating out among there one of the other reasons why these are sort of the big ones in the field is that each one of these also supports a lot of third-party apps um these are things like the peloton is actually a third-party app in this uh

strava is somewhat a third-party app on uh you know fitbit and so forth and there's tons of other different apps you can get to plug in like sleep trackers meditation so forth there's also wildly bettering quality this is my favorite fitbit app like we came across this and we were doing you know looking over various apps in the field this app literally does nothing but put a roach on your fitbit watch and have it dance around i at first saw this i was like oh this is like one of those flashlight mobile apps that really steals your contacts but it appears not to it actually doesn't ask for very many permissions it literally just puts a

road check on your watch and dance around but if it wanted to it could have access to all of your health information there's a lot of trust that's happening here and the way that this is governed in the google health and google fit apple health so forth sort of space is through permissions and there's wildly varying permission models among these apple health is really good in that it gives you the chance to app by app share what data goes so this is my scale asking for permissions i'm unsure why my skill needs my body temperature uh but i have it turned on because i was too lazy to turn it off i could individually toggle these off and on

it also allows it so you can see all the stuff again i'm unsure why my scale keeps reporting my height because so far as i know it doesn't have a laser height measurement but there i continue to be somewhat short google fit on the other hand has much coarser permission sets so you can basically give it access like vital health or not and it's a little harder on app by app to say like yes to temperature no heart rate they do however give you some really nice ways to delete data if you decide you no longer trust google fit no longer want to use it they have google takeout and a bunch of other stuff but right

from within the app you can go in and delete a bunch of saved data and so one of the other nice ways to see all the data that these apps support and that you can save and whatever is to go through their developer nodes so i've spent tons of time going through developer sdks uh in the health space and looking at like what could i be storing in this system um so here i can track cervical mucus which is something that people look at if you're pregnant if you're trying to become pregnant um this would all be obviously so far self-reported i believe you could write an app that attempts to auto write this i can report the results of an ovulation

test if i wanted to i can report spotting if you're looking to prove that someone had a miscarriage this might be some data that you would want to look at and it google fit has an api to read and write it so one of the other things in addition to the primary health stores and the third party apps is embedded ad libraries because this is the mobile ecosystem that we live in and it's actually not often displaying ads to you like there are certainly apps that will show you ads this is much more uh the apps collecting data and sending it to third parties who then want to use the information to market to you

apple health has recently done a bunch of basically ux improvements to surface to you what sort of permissions stuff is going to request this is the moody cycle tracker showing you roughly what types of data it's going to to collect this is another one which i cannot remember i should oh flow this is flow showing you uh what sort of data you're going to collect you can see it's a little different um the data linked to you location and usage and so forth here we had a bunch of other stuff that is not linked to you so this is a much more privacy protective app than this one and so flow had the ftc consent decree it's part of why i went

and i was like i'm curious what they're showing that they're using and so you as a user can educate yourself and say like oh well i'm a little concerned about all this data being linked to me and flow holding it you know maybe i'm okay with this being in apple health uh data centers because apple health has a really good legal team they have strong protections and we're gonna actually talk about how apple health stores this stuff but who knows what flow does maybe flow has a server uh under a developer's desk plugged in like at their home like i am unsure what their security and privacy protections are hipaa does not apply so you know we're

not necessarily even encrypting this stuff the other one that is not as invasive as ad libraries but is also somewhat of a problem is the crash analytics and usage and so forth stuff that you can include in your apps a lot of developers include third party things that will basically clack track how people use the apps or where our error is occurring they're really good for helping developers make the app better because they give them a lot of useful data side effect of that in a health app is that they're gonna know what was on essentially the screen where the error happened uh maybe you know your heart rate spiked really high and it couldn't handle a heart rate

of you know 199 beats per minute and so therefore you overflowed some field and so now they have that information also and so again this is just an apple health app screenshot sort of showing that it's collecting usage information and it's linking it to your account so you can collect it a little bit more anonymously or tied to a particular phone

so we're putting a lot of trust in the companies that hold this stuff um and we think a lot of times uh in the field about protecting from like hackers uh protecting you know from accidental data breaches and so forth we don't always think about protecting from the government um unless you know you've been in the civil liberties space for a long time this is a little bit more of a new angle on some of this and so there's been a lot of talk about you know like what is microsoft going to do what is amazon going to do and part of the reason why i had to redo this talk this week is i believe on monday this came out

there's a teenager in nebraska who had her mom helped her self-manage an abortion her friend went to the police told them about this the police came and interviewed her she scrolled through her phone while they were there and so the police got a warrant this came out i believe tuesday i think i put the slide in on tuesday they released the warrant saying well we saw them scroll through the phone and we believe there's evidence evidence of a murder in the facebook messages that she showed us and they went to facebook with a warrant for facebook message data about a murder and uh the message were released and so uh the police are saying that this shows that yes she did

have an abortion i think they said 24 weeks which they say it's illegal in nebraska um and so i put this in mostly to show that still we are not really looking at fitness tracker data yet like it's great that we're aware of all this and we do need apple health and google fit and whatever protect this information if police become interested in it but that's not even where the fight is right how the fight is over you know messages and whatever but they do have all our health information and it's apple is pretty open about uh like google what sorts of data they will turn over in response to what sorts of legal requests that come

in apple's legal process guide again that's a link you're welcome to click on it when i put the slides out we'll give you extensive information about what you would get and you know in return for a warrant and so forth apple stores all health data in cloud kit which is what they use for icloud and so it is actually end-to-end encrypted and it's fairly limited uh what apple can actually see this is very similar to the problem that have happened with the apple versus fbi fight where the messages were encrypted and apple's like we're sorry we can't give you the plaintext of this because we don't have access to it this is similar to if you use signal or some other

end-to-end encrypted messaging service and apple has recently put out some guidance about how they protect users health data um talking about you know its end and encrypted we use very high standards of security protect it and so forth google also put some stuff out saying yes we also protect health data one of the things that google noted is that google fit is a fairly small player in this space but google maps is huge a lot of people use location history i actually have location history on my phone i found i found it super useful if i want to be like oh my gosh i was on vacation this place i went to this really great donut

shop and like i want to go back when i go back three years later let me go like look roughly at the dates and see where i was and so i personally have found a lot of use out of it so i keep it on but this is again you need to think carefully about should i turn it off for a few days should i bring my phone with me um i know people generally recommend like if you are in one of these situations don't do something weird like you always use your phone all of a sudden you don't because that can look suspicious um but that's a little bit outside the purview of this talk but so they realize

that this location data is very sensitive i don't want people to have to make these uh choices about like do i incriminate myself and not bring my phone or incriminate myself by bringing my phone and so they're on their end deleting a lot of location data in sensitive areas um they are basically improving the sort of information if they show you about what the health apps track so very similar to those apple health screenshots that i showed they're doing some work there too and they have um basically a little verb about how they push back and over broad warrants um so i know from my time working in this stuff that there are all kinds of ways

that lawrence can be goofy and you can either choose to be like okay i'm going to read this as it really should have been and give you the data or i'm going to reject the entire warrant on a technicality and so they try to push back a lot of technicalities that can be very expensive it's a lot of attorney attorney time so google can do this but a lot of the smaller folks uh can't and also remember uh this data is also in the smaller third-party apps uh and so i was like i wonder if any of them are putting out guidance like apple and google just did uh it turns out not really this is flow's privacy policy

they know like hey we secure your data and they actually say like hey you might not want to delete your data because then our app might not function the way that the way that it's supposed to aura ring has some stuff up where they talk about locations and period protection whatever they don't say a lot about what they're going to do in response to warrants that come strava also has some stuff up talking about the information that they have not really a lot about hey what are we going to do if we get a warrant for someone's location information showing that they were near an abortion clinic or not so as we've been mentioning a lot of this fitness tracker stuff

really is just circumstantial evidence was a person pregnant are they now not pregnant did they go near an abortion clinic this is not like a text message saying i went had an abortion so one of the things people are concerned about is the states where abortion is illegal after six months sorry six weeks or so um that they will try to find like the date of a woman's last period and use that to prove that you know we know an abortion happened and it happened after a certain date that is illegal in this state and so there is a lot of concern about what they could infer from the fitness tracker data again i have not seen any cases where

this has happened yet but we're also still very early days um one of the scenarios here that people worry about is traveling to another state to have an abortion so did you go to that state were you pregnant when you went to this state are you now not pregnant um there's been a lot of speculation about what might happen here what will happen with uh crimes across state lines and so forth another one is i'm at home and i order uh millwater pills or i get a hold of pills some other way and i do a self-managed abortion at home this is probably where they're gonna look for search history um probably what really seems to be

happening in these sort of cases is what happened in nebraska where you tell someone that you had a self-managed abortion and they go to the police so i've seen a lot of stuff out there saying honestly the best advice here is to think very carefully about who you trust and who you talk to and again this tends to be search history and text message or you know facebook message sort of stuff so a lot of this uh like in all things since computer security comes down to it depends uh what is your risk model um i am still using fitness trackers i'm also extremely lucky to live in washington state and i'm a very privileged person where i could up and

fly to other states or i could probably go to canada very easily if you are a teenager living in texas or so forth you're in a very different situation than i'm in and one of the things that's very scary with these is pretty much any woman could be subject to an ectopic pregnancy if they accidentally got pregnant and those are always fatal if they are not handled and there's a lot of state abortion bans that are trying to include these so this is non-opsec talk uh but i'll throw a little bit in here um new york times had a fairly good article that was written you know mostly to a general public that talks about a

handful of things like turning off location sharing although again think carefully about turning it off just for two days um resetting mobile tracking ids on your phone so that you can't necessarily be tracked across all these different apps um telling google to just never store location history and so forth there's a group called digital defense fund that does amazing work here if you're interested in this stuff they are really who you want to talk to and read their guidance they have a wonderful abortion privacy link up on their website and this is a really great graphic that they made um and talks about all kinds of ways to protect yourself like these are the experts

i know about hipaa and i know somewhat about threat modeling fitness trackers i am not an abortion privacy person i mean i guess maybe i kind of am since i give me this talk but not really these are the experts this is who you really want to go talk to and these folks have done some vetting of period tracking tracking apps and i went and looked at them and i agree these are probably your best bet if you need to use a period tracker um because they're not tracking that much and they're very privacy protective it's like apple health is end to end encrypted and you have apple's attorneys and some of these are tracking just

locally not syncing it into a cloud so if you want to use one those are pretty good options but again really it's this fitness tracker stuff is kind of cool as a privacy nerd it's interesting to look at but this is not where the real threat is the threat is text messages and so forth and they're looking at search history so throw up a couple resources these are people who are actually experts in this um kendra maggie and emma did a really nice medium post fear uncertainty and period trackers that really goes through a lot of this and they have sort of a follow-up talking about like how period trackers could be used to try

to prove women are pregnant um it's great and so that's my talk i think i have some time for questions cool okay and somewhere around there is a mic

all right if you ask a question if i can't hear i'll ask you to come up closer to me and i will try to repeat it so who has one

okay the question was i talk a lot about end-to-end encryption as a way that companies can protect user privacy and there's a question are there any laws about that like he said specifically about deleting data oh wow that is the canon the worms uh kind of somewhat was avoiding here uh if you work in this space you're probably aware there's a lot of push to say that law enforcement has to always be able to get into messages it sort of comes from an apple versus fbi fight with terrorism there's a lot of concerns about csam child sexual abuse material and so forth these are very legitimate concerns um they still have very far-ranging privacy issues and obviously if you have

end-to-end encryption that is intentionally broken by law enforcement that is in my definition no longer end and encrypted i do not trust law enforcement to keep the whatever escrow keys they use private uh you can all go read about matt blaze's fun with the clipper chip um i'm a huge fan of encryption history so yeah well that is a huge policy sort of fight that is happening in the us and uk and in australia and i have given talks on it i'm not an expert on that uh write to your senators and tell them we still need and then encryption because it does more good than harm

foreign

so the comment was that you can just not collect data so those period trackers that i showed at least yuki and drip sort of take that approach that is very hard in our ad driven ecosystem i spent many years at amazon as a developer working on personalization recommendations i'm well aware of the business need to collect a lot of information it is such an uphill fight there are people who like you know try to fight that i use u-block origin in my browser which blocks a lot of stuff and i still get ads follow me around the internet and i'm like okay come on i'm using chrome with this ad walker why do i see the same pair of

shoes on every or you know forced into my facebook feed or on instagram and so forth so yes uh but i really don't like privacy and security advice that sort of puts the fault on users i prefer policy changes and so forth and so i yes that's a way to protect us but it it's not a really realistic answer any other

no other questions all right awesome thank you so much for coming to my talk you