Privacy is a relic 🔓

From the dark web to campaign poll stations, there are little data leaks everywhere

This is edition 256 of Beyond The First Order, a premium daily newsletter that demystifies the hidden models, incentives and consequences of the most significant events across India and Southeast Asia

A 🔒 paid newsletter that demystifies the hidden models, incentives and consequences of the most significant events across India and Southeast Asia. Someone sent you this? Subscribe to BFO

Good morning,

What do faceless tech corporations and soulless political parties have in common? Unmitigated access to your data that they’re not afraid to use. In an ironic twist, Truecaller’s business is booming in India, despite Indians getting fewer spam calls. Uber’s over-reliance on tech and optimisation might be hurting its India business. The government’s U-turn on the small saving schemes is best captured in a pithy poem. In fact, that’s how all financial news should be reported. 

Let’s Monday hard, my friends.

What is it that you truly want to keep private?

What information about you do you think is truly private?

Your name, mobile number, email ID, gender, relationship status, occupation, date of birth, address, Facebook ID and likes? 

Over 533 million Facebook users had that leaked by a hacker for free. The data was originally leaked in 2019.

“While data breaches are initially sold in private sales for a high price, it is common for them to be sold for lower and lower prices until they are eventually released for free as a way of earning reputation within the hacker community.
"As is the case every time, people began to sell for cheaper and cheaper until it leaked for free," Gal told BleepingComputer in a conversation.”

Your passport details, debit and credit cards, and tax filing identities? 

Close to 100 million Indians who were users of one of India’s leading digital payment services, MobiKwik, reportedly had that leaked earlier this year. MobiKwik, however, vehemently denies the leak.

“Over the past month, several users, independent security researchers and news organisations have reported that data - over 8.2 TB in size - of MobiKwik users has been put on sale over the dark web with an asking price of 1.5 Bitcoin which is approximately equal to INR 65 Lakhs. This data leak contains Know Your Customer (KYC) details, passport details, addresses, email ids, phone numbers and aadhar card details of around 10 Crore Indians and violates their right to privacy. The data breach follows a number of other data breaches that have affected Indians.”<br />

Your national identity number (Aadhaar) linked to your voting constituency and polling booth?

The Madras High Court is currently hearing a case that alleges that the BJP, India’s current ruling party, somehow built a database of voters in Puducherry containing all of this. It said this “appears to be a serious breach”.

The BJP then harnessed WhatsApp to invite voters into carefully curated groups based on this information.

“In his petition, he stated that since March 4, several Puducherry residents have been receiving SMSes with an invite link to join a WhatsApp group. Adding that he also received one such message, the petitioner said, “Out of curiosity, I clicked on the invite link to find the source of that SMS. The link points to a constituency-booth level WhatsApp group (For instance, named BJP-PUD-Law-11-12, meaning Bharatiya Janata Party-Puducherry-Lawspet constituency number 11-booth number 12), the constituency and the booth the receiver of the SMS belongs to.” He alleged that several such booth-level WhatsApp groups have been created by the party to target the voters.
The petitioner also stated that when he asked the admin of the WhatsApp group in question about how they obtained his phone number, he was told to approach the Puducherry BJP office to know more about the SMS or the WhatsApp group. “I asked him, in particular, why my name was added in the group. He replied that not only my number, there are WhatsApp groups for around 952 booths in the union Territory of Puducherry and all the voters are added in the respective WhatsApp groups,” the petition said, adding that he also received calls from random unknown phone numbers that gave him his name, booth and his constituency correctly without him having to reveal any of it.”

In the neighbouring state of Tamil Nadu, which is currently going through elections, there are allegations that a political party is using voter data to not just send targeted messages but also send money via Google Pay.

So, I’ll ask you this again: what information about you do you think is truly private?

And what do you do to keep it that way?

Indians are getting fewer spam calls. But they still can’t get enough of Truecaller

No country is as big on Truecaller as India. 

Three-quarters of the caller-identification service’s 200 million daily active users (DAU), as of October 2020, were in India. This is despite Truecaller’s questionable track record on privacy. 

Small wonder, then, that the Swedish company calls India its home market

Also not surprising is the fact that the IPO-bound company’s website is among the most popular in the country. It had nearly 225 million unique visitors in February, according to data released by data provider Comscore last week. 

Indians love Truecaller because we are assaulted by spam calls. Or we were. India had more spam calls than any other country in 2017, according to Truecaller. But by 2019, India had fallen to #5. And in 2020, India slid even lower, to #9—the number of spam calls fell by a third to 16.8 calls per user on average. 

This is the company’s reasoning for the sharp decline in spam calls: 

Strict curfews and lockdowns in India made it much harder for telemarketers to go to work, or utilize the equipment they need to carry out large scale spam campaigns. This could partly explain why the total number of spam calls have decreased in India as compared to previous years.

This, when Truecaller’s unique visitors have surged 13% since January 2020. And Truecaller continues to be one of the top free apps on Android, despite competition from Google’s Phone app. 

Similarweb’s usage rank is based on current installs and active users. If Indians are receiving fewer spam calls, what explains the continuing popularity of Truecaller usage? The growing smartphone user base in India could be a reason. Also, even if you are getting far fewer spam calls, you may not bother to uninstall Truecaller. After all, how often do you remove an app from your phone?

But is there more to India’s love for Truecaller than meets the eye? Write to us if you think there is. 

Small savings, big retreat

On the evening of 31 March, the Indian government announced a sharp cut (upto 1.1 percentage points) in the interest rates of small savings schemes for the April to June quarter of 2021. But in a lightning-fast U-turn, it rolled back the cuts the very next morning; it blamed the rate cut on “oversight”.

Source: Ministry of Finance. Memorandum dated March 31, 2021.

What gives?

Bitterly fought key state elections are underway. The last thing the government wants now is voter anger over rate cuts in small savings schemes. These schemes are run by the government. Offered by the post office and some banks, they include popular investments such as the Public Provident Fund (PPF) and National Savings Certificate (NSC).

They are, perhaps, the last bastion of still-decent interest rates when rates have fallen sharply across other popular options such as bank fixed deposits. It doesn’t help that inflation has been rearing its head again.

But the government’s retreat on small savings schemes may only be temporary. All said, regular rate resets—up or down—in small increments are more easily digestible for investors than bunched-up big cuts at one go that cause much angst. 

The government can’t really afford any more “oversights”. 

A hasty overnight retreat
The govt had to beat
Now, it’s quite a feat
Lighting fire under one’s own seat

Oversight, it seems
The opposition beams
Elections, it screams
Perfect for the memes

Small savings schemes, yes
It was a funny mess
Better to say less
About the window-dress

The sharp cut in rate
Might have sealed the fate
Of many a candidate
So, that’ll have to wait

But the govt takes a hit
When it can’t, even a bit
Its finances, hardly fit
Can’t swallow, can’t spit

It wants to borrow cheap
To avoid trouble deep
But the saver’s woe and weep
Adds to the pressure heap

Inflation’s on the rise
Bank rate cuts not so nice
Savers paying the price
Negative real rates, rolls the dice

Small schemes, saving grace
Decent rate, it still pays
But the govt may stop the race
When it runs out of ways

Quarterly reset, it was to be
G-sec link, the formula key
But never followed, you see
Jitters, big and wee

A stitch in time saves nine
Bunched up cuts not fine
Savers will then whine
Time to redo length & line

The driver-Uber face-off

On Wednesday, a tweet by Shaik Salauddin went viral. Salauddin is the national general secretary of the Indian Federation of App-based Transport Workers (IFAT), a worker’s organisation that represents app-based transport and delivery workers.

The tweet was about a 22-year-old Uber driver named Srikanth who could not log in to his driver’s account after returning from a pilgrimage. Srikanth had shaved his hair and beard as a part of a religious ritual. Uber’s face recognition technology could not identify his face after the makeover. 

Uber denied having problems with its facial recognition technology. Instead, the company said it was the driver’s repeat violation of “community guidelines” that led to him losing access to the Uber app. The company did not reveal the exact nature of the violation. 

But before the tweet went viral, Srikanth had visited the Uber office several times in the last 34 days and had been met with “no response”, according to a press statement by the Telangana Gig and Platform Workers Union. 

The statement goes on to add that it is not just Srikanth, but “many have been doing the rounds of Uber offices in their cities, but there is no manager or any staff that can take decisions to solve their complaints.”

This problem—miscommunication or facial ID glitches—may not have arisen in a pre-Covid world. Over the course of the past year, ride-hailing companies have gone through significant changes. Travis Kalanick, when he co-founded Uber over a decade ago, created a highly decentralised organisation that gave city heads immense power to make decisions. 

These city heads and the operations under them played a key role in ensuring enough supply of drivers on the platform in their respective cities. They formed the core of the supply team inside ride-hailing companies. 

But Covid-19 changed ride-hailing from a supply-constrained market to a demand-lacking one. And this had a profound impact on the way these companies functioned—they became centralised. The “supply teams” were no longer required, and city heads became regional and state heads. With the business hit, ride-hailing companies decided to focus on costs. 

Ola and Uber also began relying more and more on technology to onboard drivers on to their platforms rather than relying on foot soldiers who closely interacted with drivers. Documentations, driver tutorials, and orientations were done offline pre-Covid. These roles stopped making economic and practical sense to ride-hailing companies amid lockdowns. 

In his statement, Salauddin added that “this case illustrates the acute need to create systems which penalise platform businesses for their technological failings and make them liable to compensate workers for their losses and foregone earnings.”

The association has also complained to the Prime Minister and state governments regarding the issue. At a time when ride-hailing companies are on the backfoot, regulations looming large, and widespread unemployment, union folks may just get their way. 

That’s a wrap for today. Have a great week ahead 🙂

Stay safe,

[email protected]


Read the full edition. Sign up now.

Receive our premium newsletter, Beyond The First Order delivered to your inbox every weekday for the next 30 days.

If you’ve already signed up, just enter your email below or login using Facebook or Google

Recent Editions of Beyond The First Order


How often is Beyond The First Order published?

Five days a week. From Monday to Friday.

Do I need to login to the website to read the newsletter?

Nope. We send the day’s edition right to your inbox, where you can read it in full.

I have already paid for a subscription to The Ken. Do I need to pay separately to read this newsletter?

Nope. Paid, premium subscribers of The Ken get our newsletters delivered for free.

My corporate or campus has paid for a subscription to The Ken. Do I need to pay separately to read this newsletter?

Nope. You have complete access to our newsletters for free.

How do I pay to access your newsletters?

In two ways. You can buy a premium subscription to The Ken here which will give you access to all our stories and newsletters. Or you can purchase each newsletter for Rs. 99 or $2/month.

What modes of payment do you accept?

We accept all major international credit and debit cards. Your payment will automatically recur every month if your card supports it. You can stop this anytime from your Account section.

How are your newsletters different from your stories?

Our stories are typically long, originally reported, narrative and analytical in nature. Our newsletters are more timely and help you connect the dots on recent events.

I am a premium subscriber to The Ken but I am not receiving your newsletters. Can you help?

Sure. Just write to us at support at the-ken dot com. We’ll get this fixed.

Can I claim GST credit for this subscription?

Of course. Just enter the GST details during checkout, and you’ll get a GST invoice from us.