dissociatedpress.com » privacy

I Have a Deep Dark Secret

admin — Wed, 06 Feb 2013 09:04:37 +0000

If I sold you a lock and key for twenty dollars, and told you that no-one in the world would be able to unlock it except you, would you believe me? Probably not. And that’s the analogy I keep thinking of as a result of the recent launches of two services that are supposedly going to revolutionize privacy and file transfers. You may have already heard of one of these services; the infamous Kim Dotcom whose MegaUpload file sharing empire was taken down when he was arrested last year launched MEGA last month. One of the cleverest things about the new service is probably the hilarious domain name “mega.co.nz”, because the basic idea behind MEGA is simply that, as they themselves put it: “All files stored on MEGA are encrypted. All data transfers from and to MEGA are encrypted” adding that “unlike the industry norm where the cloud storage provider holds the decryption key, with MEGA, you control the encryption“. This is all fine and dandy from a basic technical standpoint, but what about the human element? As the hilarious XKCD five dollar wrench gag points out, there’s a level where massive encryption simply becomes irrelevant. I mean, it wasn’t only the technology that tripped up alleged Anonymous member Higinio O.Ochoa when he got collared by the FBI, it was pride. And his girlfriend’s breasts. And it wasn’t rubber-hose cryptanalysis that allegedly broke LulzSec leader Sabu, it was the threat of never seeing his kids again. So – including human nature as an element in the equation, could you logically trust a guy who looks and dresses like this to be selling you a trustworthy product that only has your best interests in mind? Likewise with a service that was getting some spin yesterday called Silent Circle. No, not the band Silent Circle, the app developer of tools like Silent Phone. The service promises to revolutionize mobile privacy. Some of the most impressive names in security and encryption are involved, and they swear that they will not bend to the feds when the feds inevitably get uppity about what this service actually does. But hold on. One of the developers is a former Navy SEAL. You don’t have to be wearing a tinfoil hat to ask how that is supposed to make you feel confident that the US government doesn’t have a backdoor into the service, do you? Personally, if I want to share a secret safely, I don’t think I’d do it through total strangers.

Via XKCD

Hope & Change You Can Be Bereaving

admin — Sat, 22 Jan 2011 04:35:59 +0000

A couple of years ago, I asked When Did Americans Become Such Chickenshit Crybabies?, so it was kind of a relief when Patrick Smith, the “Ask the Pilot” guy, went public with a more serious and calmly reasoned treatment of the idea. Because if you look at the entire history of airline terrorism, things haven’t changed much over the years, only our reactions have. Which is at the core of just one of many reasons I take issue with the treatment of privacy rights since the terrorist acts of September 11, 2001. All along, I’ve been of the opinion – which I consider to be informed rather than paranoid – that various parties both inside and outside of government have capitalized on public fear, whether in the interest of invasive data collection or manipulating national sentiment. With President Obama’s State of the Union address coming up next week, I’m reminded of how profoundly disappointed I am with myself for falling for his campaign rhetoric and tone in 2008. One of the only reasons I voted for the man was that I foolishly believed he was sincere about troop drawdowns, lowering America’s hostile presence abroad, doing away with some of the Bush administration’s executive secrecy, and easing up on the incessant erosion of citizen’s privacy and freedom to move about. I was disappointed when Obama supported the FISA bill before he was even elected, but blew it off to a campaign-time necessity, and believed him when he said his administration would pursue a sincere review of wiretapping policies. Well, not only have none of these things come to pass in two years, he has completely contradicted himself repeatedly on almost all of them. Last year was the deadliest year so far in the Afghan conflict, with troop increases of 3,000, and a 134% increase in drone attacks and 54% increase in related deaths. The Obama White House has endorsed Bush era secrecy on torture and rendition, been worse about wiretapping issues than Bush, and made virtually no changes regarding the inept, out of control, and revenge-driven TSA, which many travelers have described as providing an experience they haven’t encountered since the Berlin Wall days. I could go on about how the Obama health care plan was a back door corporate sellout, but I won’t. The Republicans will be spending enough time deriding the plan as a dog and pony show in the coming months. No need to throw more sand in the gears of government; American politicians seem to have things pretty well ground to a halt on their own. I honestly hope to see something inspiring from next week’s SOTU address, but only because I’m idiotically optimistic about life in general. Not because I have any rational reason to do so.

Facebook To Demand DNA Sample For Log In

admin — Thu, 06 Jan 2011 03:24:06 +0000

Sometimes I feel like I’m Charlton Heston’s character in Soylent Green, running around screaming “it’s made of people!” while the masses around me munch away muttering through full mouths “but it’s so yummy“. Recently I asked the opinion of friends on Facebook about which e-mail client I might switch to after having a nightmarish experience “upgrading” to Thunderbird 3 (an experience that many have shared, by the way). One thing that surprised me a little was that a few tech-savvy friends said “why not G-Mail?” to which I replied “because it’s a web service not an e-mail client” and added “besides, I don’t like all my messages eternally remaining in the hands of a company whose CEO has so much contempt for personal privacy“, to which one of these friends said “privacy is an illusion”. Which let me use one of my favorite ironic quotes, i.e., Obama’s Cynicism Is A Sorry Kind Of Wisdom. Because while it’s true that certain lifestyle choices insure that most of your life is an open book, that doesn’t mean we all have to roll over, shave our heads, get our citizen ID tattoo, and start living like we’re in the movie THX 1138 or something. Call me a Luddite, but in spite of the fact that I have nothing to hide, I’m not going to give all my trust to Google and Facebook when it comes to my personal communications, and I’m certainly not going to start “checking in” with services like Foursquare or Facebook Places. I feel like there are degrees of privacy, and that we’re all entitled to maintain as much as we like or are able. I was a little annoyed that Google captured me sitting on my porch a few years ago, but I’ve since moved, and clearly, I blew my own cover in that instance out of amusement. But how would you feel about Facebook being your Internet Driver’s License? That idea doesn’t appeal to me too much, for a few reasons. First, on top of the fact that Mark Zuckerberg has already declared privacy dead, ex-Googler and Facebook COO Sheryl Sandberg agrees, and is probably more eager to sell your data than Zuckerberg is. And since that’s a Gawker Media article I just linked to, let’s just take a moment to remember what can happen to millions of us at once when we entrust our personal information to a site that thrives on verified users but doesn’t care about their privacy. Facebook has done little to improve the security of your information as they’ve grown; anyone can still easily download this Firefox plugin and start hacking nearby users’ accounts with a method called sidejacking, and Facebook’s one time password solution for mobile users has a profound intrinsic flaw that I’m surprised hasn’t gotten more attention. My recent favorite was when I went to log in and Facebook put on a little Security Theater (see nice overview of the process here if you haven’t experinced it yet ) for me by asking for another e-mail, my mobile number, and then asked me to identify my friends in a lineup. Something that apparently has created real problems when people have been asked to identify friend’s dogs and Gummy Bears to get into their account. Becoming the sole single sign-on service provider so far remains the holy grail of huge tech companies like Google and Microsoft, but now it looks like Facebook has a chance of pulling it off. How would you feel about Facebook being the primary issuer of your internet traveling papers?

TSA To Implement Cattle Prod Wielding Robots

admin — Sun, 21 Nov 2010 04:50:58 +0000

This is a still from a video of a training
session with the new TSA robots.

I’m not at all ashamed to admit that I have a profound fear of flying. It’s not that I’m afraid of flying per sé; in fact, I’ve skydived, gone hang gliding, been in a hot air balloon, and actually love being in any kind of flying vehicle. If I could afford it, I’d love to get a pilot’s license. No, my fear of flying is a very recent development, and is restricted to a fear of flying on a major airline, especially in America. Mostly because I’m afraid of how I’d react to the latest advancements in TSA procedures. And so really I guess my fear is for the well-being of TSA personnel. I really, really do not understand people who accept the newly-instituted TSA pat-down policies. I mean, I can understand why President Obama says they’re frustrating but necessary, and why John Boehner brags he’ll be flying commercial airlines more than his predecessor. Obama gets to go straight from Air Force One to Cadillac One, and Boehner – like other politicians – is exempted from all the ass-grabbing going on. What I don’t understand is why apparently 4 out of 5 Americans support the new scanners. It’s hard to decide which recent incidents are most appalling. The woman who had her breasts exposed while agents laughed? The 4-year-old boy who was strip searched? Or in light of the UCSF scientists’ letter highlighting radiation risks, perhaps the recovering cancer patients like Thomas Sawyer, who had his urostomy bag knocked loose, leaving him covered in urine, or the former flight attendant and breast cancer survivor who was forced to remove her prosthetic breast. Or maybe the absurdity of patriotic soldiers returning from the wars that are supposed to be saving us from the terrorists having their nail clippers confiscated. Keep in mind this was one of 233 people toting assault rifles, pistols, and machine guns. For a much saner and complete roundup by an actual security expert, see this Bruce Schneier post from the other day. More images and video below.

The boy in the video below seems pretty calm compared to the girl in this one.

He must have read a copy of this:

Did You Know Transport Canada Is Now A Division Of Homeland Security?

Is nothing sacred? Muslim TSA Worker Frisks Catholic Nun

This is the nun a few hours later in detention with the TSA robots:

Google And The CIA Invest In “Temporal Analytics Engine”

admin — Sat, 31 Jul 2010 12:56:40 +0000

Love it or hate it (and in spite of occasionally hilarious results) the Google auto-complete feature can be uncannily accurate when guessing the rest of what you’ll type. So wouldn’t it be great if in the future, Google would know what you’re searching before you even search for it? If this sounds more like the movie Minority Report to you than reality, you should take a look into the kind of marketing and data mining methods that are in common usage on the web. For those of you who miss the “Big Brother” vibe of the Bush era and the Patriot Act, ponder this: Google and the CIA are both investing in a company called Recorded Future that “goes beyond search” to “visualize the future, past or present” using what Recorded Future calls a “Temporal Analytics Engine”. Although a disturbing alignment of interests, this isn’t so far from what other companies are already doing. Dig deep into the links in the recent WSJ feature What They Know to learn about who’s poking and prodding your browser, and which tracking technologies are at work. The days of simple cookies are over; these services use Bugs, Beacons and Flash Cookies (more on these insidious Adobe doodads below) not only to store information about which sites you visit, but even what you type while you’re there, or in the case of Flash Cookies, to re-insert the conventional cookies you’ve deleted without telling you! And we’re talking about “harmless” sites that you visit all the time, like Dictionary.com and CNN. While one might argue that you’d be happy to be served up ads based on the things you actively look at – which is a big part of what the intention is with these technologies – there are a few problems with that line of thinking. First of all, for people like me, this is an utterly useless approach; I do a lot of research looking at things that really don’t interest me. So when I write a piece about the billions being made by Farmville, for instance, I then get fed a constant stream of REALLY dumb ads targeting people who play web-based games and shop at Walmart. Another problem is that these third party services are often based on predictive marketing, and attach your data in ways that really DO very nearly identify you specifically with IP addresses and other information. BlueKai, for instance, is “aggregating valuable shopping and research behaviors across the Internet” to build “the world’s largest database of intentions”. Yes. You read that right. A “database of intentions”. If this stuff doesn’t trouble you, try putting what these companies are doing in a real-world scenario. Imagine going to the mall, buying something at The Gap, and then having a little attendant walk up and say “I’m just going to follow you around and watch what you buy, so we can improve your experience here at the mall today”. That would of course be annoying and unsettling, but wouldn’t it be even creepier if you knew a team of attendants were doing it with remote surveillance techniques? Below are some basic tips for easily blocking these rather invasive marketing tools.

If you’re using Firefox, tracking and blocking basic cookies is super easy with Ghostery. After you download and install it as a plugin, it shows you what services are tracking you, offers a link explaining what they do, and options for blocking or not blocking them. Ghostery is partnered with Better Advertising, which “was founded to ensure that the advertising industry’s voluntary initiatives meet the needs of consumers, government and advertisers”. Ghostery provides fairly unobtrusive little tabs to display and manage tracking activity:

Flash Cookies

These are a little trickier, and insidious enough that they’ve inspired a lawsuit. You can’t actually control these directly on your computer, even though the Adobe software that makes them work is installed on your computer. You have to go to this page on Adobe’s site, and use the rather confusing tool they’ve provided. It’s confusing enough that they provide a note that says “The Settings Manager that you see above is not an image; it is the actual Settings Manager. Click the tabs to see different panels, and click the options in the panels to change your Adobe Flash Player settings“. When I went to the page, I quickly got an alert box like this:

When I told it to keep running, it eventually did this:

When I finally got it working, the choices were a little confusing, like this one.

And after all this talk about companies trying to guess my future actions, this threw me for a second:

You Will Soon Be Dead To Me, Facebook

admin — Sun, 09 May 2010 03:50:34 +0000

Rest In Peace, My Love

We asked recently if Facebook was “over”. Well, the results are in. And the answer is no. I think “dead” would be more accurate. Sure, hundreds of millions of people will continue to use it, but hundreds of millions of people still use Hotmail. And toilet paper. And other things that they don’t necessarily enjoy using, but kind of have to. So why am I suddenly going so harsh on Facebook? Well, partly it’s my own whiny techno-ennui. It just became boring to me some time last year, after doing the one thing I valued it for, which was reconnecting with some valued old friends, and meeting a few new ones. But mainly because of two other things. First of all, the fact that the people behind Facebook have no interest in the user other than as a data mining resource, as evident in their constantly eroding privacy policies and repeated interface changes that do nothing but bury content and confound users about what their privacy settings are doing. Bet you didn’t know Facebook even censors your Inbox messages, did you. The other main reason is that while they do all of these things that are geared toward user data collection to increase their market value, they’ve managed to position themselves as a “utility”, but one that falls short in dozens of ways while distracting many people from more flexible and purposeful forms of communication. Although different users experience the phenomena in different ways, the illusion of being “in touch” with people on Facebook is a compelling one, but in my and many of my friends experience, an illusion that profoundly detracts from real communication, and occasionally actually impedes work when someone is dumb enough to use it as a primary communication channel. But what finally got me in terms of all these interface and privacy changes was the recent rollout of Community Pages. Try some of the paranoia-inducing things listed on this page, and you’ll see what I mean. I’m gearing up to archive my content and contacts, and delete my posts (which FB makes rather difficult), and completely backburner my account as a real tool. How about you? Are you over it? I’m not being melodramatic, by way, just check out Gizmodo’s Top Ten Reasons You Should Quit Facebook.

You probably saw a pop-up box like this recently. Mine at first had no “Ask Me Later” option.

Privacy & Social Network Contact Management

admin — Wed, 13 Jan 2010 12:52:38 +0000

Online privacy? Puh! The future
probably lies with initiatives
like the DataPortability Project

I was amused recently when people expressed surprise that Mark Zuckerberg publicly declared privacy a thing of the past, and wondered if the alleged tell-all by a former Facebook employee was for real. Please, people. How can you possibly expect to share vast amounts of personal data online using shopping sites, Facebook, and cloud services like Google Docs and then expect to maintain any semblence of true privacy? This apparently may be a generational issue, and personally, I find myself bridging the generations on this one. This whole issue was driven home hard for me recently, and here’s how: As part of my work over the past ten years, I’ve experimented casually with forms of social networking going all the way back to the now-defunct GeoCities.com. Although I’ve often consulted with clients to implement the various available tools, I’ve done little to use them myself in a purposeful way; although I’m a very social person, I’m also a very private person. As an example, although I’ve logged into Facebook daily for over a year, I don’t use it as a serious business tool, and don’t very often share serious personal thoughts on issues there. I’ve mostly used it to reconnect with old friends, meet a few new ones, and banter humorously with them. I also only have about 150 friends, because I’m not what what in pop lingo has been called a Facebook Friend Whore. In spite of this, and in spite of not being active on LinkedIn, Xing, or other more business-oriented sites, I have a primary network of about 300 valued contacts, and an extended contact list of maybe 1500 people. So while preparing to launch some new projects this year, I was aware that I’d have to update and verify my contact lists, which I try to do annually. The problem? Like me, you may have noticed (depending on your tech lifestyle) that – because of the pervasive adoption of texting, Skype, and Facebook – your e-mail volume and phone time have dropped off significantly over the past year. A lot of casual connecting – which is the very basis of successful networking – happens on sites like Facebook. Historically, I would maintain most of my contacts in Outlook or Thunderbird, and export this info to Excel to “massage” the data. This became profoundly problematic this year, when I was reminded that Facebook and other sites make it nearly impossible to export your contacts. In fact, they may shut down your account if you use certain tools to do so. So after doing a bunch of research, I ended up doing a manual cut-and-paste of a lot of info, and once again, massaging it in Excel. Why? Because although professional contact management tools like Act!and Goldmine are starting to integrate social networking, they’re not quite there. And the alternative? The soon-to-be-booming market for Social Network Aggregation. Mashable.com lists 20 supposed options here; my personal pick for brand of the year is Profilactic. Yeah. Social networking. Put a sock on it. Next they’ll launch “Profilactate.com, a place where you can get together with friends, and breastfeed“. Seriously though, as of this writing, one of the more viable services of this type is Plaxo which entices you with the ominous tagline “Plaxo-Your address book. For life” (my punctuation). There are others in the works like Neodex or Stronico. The problem? Why on Earth would I spend months or years building a network of valued and categorized contacts, and then *upload them to someone else’s server?!? I’m keeping that data to myself, thank you very much. I think we’ll see this become more of a common concern this year, after the new citizens of the Nation of Facebook realize what they’ve really been doing the last few months, giving little thought to where all their status posts and banter ends up, i.e.: in Google’s index, for all the world to see. There are a couple of initiatives to deal with these issues, like OpenID and The DataPortability Project, but the simple fact is that we’re entering an era with a completely new definition of “privacy”, and you may as well get used to it.

The UK Government Is Always Happy To CCTV You!

admin — Thu, 24 Dec 2009 14:16:50 +0000

The other day, I made a joking reference to how Santa has no trouble figuring out who’s naughty and who’s nice in England each year, because of all the surveillance cameras. After receiving a roomful of blank stares, I quickly discovered that out of 11 people in the room, not one of them was aware of the number of CCTV cameras in use in the UK. Like me, everyone in the room was American, so our xenotardedness can be forgiven, but I thought it might be interesting to any other fellow ignorant Americans to take a look at the spread of Big Brother in the UK. The installation of CCTV cameras in the country began in earnest in 1993, in response to the Bishopsgate Bombing (see a full history here) and today there are an estimated 4.2 million cameras in use across the country, meaning a typical citizen is captured on camera 300 times a day (or every six seconds, according to this article). So has it been effective? Apparently not ; only 3%-4% of crimes are solved with the help of the cameras, and much like capital punishment, they fail to act as a measurably effective deterrent. So who’s watching the images from all these cameras? Until recently, apparently no-one, or at least no-one who knows what they’re doing, in any case. Extracting the images in an efficient and timely fashion for use as evidence in court has led to the system being referred to as an utter fiasco because of its poor implementation and lack of training in this regard. And what about the citizens of the UK? I’d love to hear more about the average person’s view, because although there are activist organizations like NO CCTV and Big Brother Watch, the major media never reveals a real national sentiment. A classic example stateside of course being the Bush years, when even fairly rabid Republicans would mutter incessantly about the administration, but the media portrayal of the period would reveal little of the “street sentiment” to a person abroad. My personal feeling about this kind of surveillance is that it would only be acceptable if the entire country looked like the sets in George Lucas’ film THX 1138.

On a positive note, you can use all these CCTV cameras to make your band’s video. Manchester band The Get Out Clause did this by performing in front of public cameras and then gathering the footage with “Data Protection Act” requests:

Probably the greatest accomplishment of all these cameras is that they managed to capture an eight foot tall alien on tape:

Posters like this apparently don’t do much more than being creepy…..

…because apparently the cameras on this bus in the 2005 London bombing weren’t even working:

Some images from NO CCTV and Big Brother Watch:

Your Facebook & Twitter Activity Is Tracked More Closely Than You Think

admin — Tue, 25 Aug 2009 12:53:06 +0000

Next time you’re Twittering your thoughts, making a status post, or taking a quiz on Facebook, remember that not only are you creating part of an eternal online identity and probably sharing your information with more people than you thought (especially see question 3 in that ACLU quiz), you’re also helping shape marketing and political decisions. We’ve written jokingly about Googlewanking and Googlewashing before, but the two latest big things on the web – Social Media Monitoring and Sentiment Analysis – are making the web a different place. On the abstractly interesting side of this, sentiment analysis sort of renders the typical CNN or Time user poll (typically called a Voodoo Poll) even more absurd than they were. Online polls have always had major shortcomings, but the main one was that of limited demographic diversity, i.e.: only dorks who take CNN polls take CNN polls. A recent classic example of their susceptibility to gaming and inaccuracy was when “moot”, the 21-year-old college student and founder of the online community 4chan.org, became the “World’s Most Influential Person” in a Time user poll. The difference with these newly evolving data mining tools is that they remove the obvious errors caused by selection bias or gaming by monitoring the unsolicited expressions of millions of users’ thoughts and feelings directly. On a personal level, another big difference is that whereas even a couple of years ago it took considerable effort to “dig through the noise” to find specific pieces of information, it is now routinely done on a large scale by companies competing aggressively in this arena (here’s a list of 10 of them, and here’s a much longer list) often to define or defend a brand. How this plays out for searching for information about individuals can be quickly demonstrated by services like 123people.com. Enter a name, and they quickly scour photos, videos, phone numbers, email addresses, weblinks, social network profiles, biographies, Instant Messenger, microblogs, blogs, news, and general documents to display info about a person conveniently on one page. This sort of thing is so easy to do that MIT student Aaron Zinman, for instance, built an art installation around the idea (thanks for the link, Hava). I’m not so concerned about this on a superfical level; thanks to all the other Ian Grays being such busybodies on the web, I’m semi-invisible in many of these searches, and I kind of like it that way. But what kind of online identity do you have?

Google Voice, iPhones, And SpyPhones

admin — Sat, 08 Aug 2009 14:50:43 +0000

I just got an invite to try Google Voice, and after giving it a quick test run, I was left a little uneasy. I’m not really a tin-foil hat type, but I’m often reminded of William Burroughs’ remark that “A paranoid is someone who knows a little of what’s going on”. The uneasiness kicked in as soon as I clicked on the “accept” link, and had to decide whether or not to use one of my existing G-Mail accounts. Should I use my business account? My personal account? I knew that to test the service, I’d be entering both my mobile and land line numbers. Which meant I’d be linking pieces of my Google search history with my e-mail content, two phone numbers, and my name. And storing it all in one place on a Google server. I opted to create a new G-Mail account. In spite of Google Voice’s amazing features, I’m going to have to ponder exactly how to put it to use, because the same things that make it cool make it creepy. You can record calls, transcribe them to text, do conference calls, and even pick up as someone leaves a voice message, just like an answering machine. All in one place. Which is exactly the issue. All in one place. On a Google server. I know we’ll all eventually have shaved heads, a number instead of a name, and be constantly under surveillance like in the George Lucas movie THX 1138. For now though, especially given the random Google privacy blunders that have already occurred, the insidious behavior of AT&T, and the way Google is invading every aspect of our lives, I’ll hang on to the last shreds of my illusions of privacy. Speaking of AT&T and Google: although Google’s already found a workaround to being blocked as an iPhone app, we should be thankful that AT&T and Google are still competitors. Remember. AT&T’s a telephone company. Not a communications company.