B12 Solipsism

Spreading confusion over the internet since 1994

Archive for the ‘privacy’ tag

Smart TVs Just as George Orwell Envisioned

without comments

You Are Being Film
You Are Being Film. 

As I mentioned recently, I’ve been immersed in dystopian novels. George Orwell would mutter I told you so about these latest Smart TV revelations if he was still around.

Careful what you say around your TV. It may be listening. And blabbing. A single sentence buried in a dense “privacy policy” for Samsung’s Internet-connected SmartTV advises users that its nifty voice command feature might capture more than just your request to play the latest episode of Downton Abbey. “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party,” the policy reads.

Samsung’s privacy policy notes that in addition to voice commands being transmitted, information about your device, “including device identifiers,” may also be beamed over the Internet to the third-party service, “or to the extent necessary to provide Voice Recognition features to you.”
McSherry called that bit of qualifying language “worrisome.”

“Samsung may just be giving itself some wiggle room as the service evolves, but that language could be interpreted pretty broadly,” she said.

(click here to continue reading Your Samsung SmartTV Is Spying on You, Basically – The Daily Beast.)

Samsung eventually admitted the 3rd party:

Samsung has confirmed that its “smart TV” sets are listening to customers’ every word, and the company is warning customers not to speak about personal information while near the TV sets.

The company revealed that the voice activation feature on its smart TVs will capture all nearby conversations. The TV sets can share the information, including sensitive data, with Samsung as well as third-party services.

Samsung has updated its policy and named the third party in question, Nuance Communications, Inc.

(click here to continue reading Samsung warns customers not to discuss personal information in front of smart TVs.)

Lonely Zenith
Lonely Zenith

Hmm, sounds familiar. Remember this from a few weeks ago:

Consumers have bought more than 11 million internet-connected Vizio televisions since 2010. But according to a complaint filed by the FTC and the New Jersey Attorney General, consumers didn’t know that while they were watching their TVs, Vizio was watching them. The lawsuit challenges the company’s tracking practices and offers insights into how established consumer protection principles apply to smart technology.

Starting in 2014, Vizio made TVs that automatically tracked what consumers were watching and transmitted that data back to its servers. Vizio even retrofitted older models by installing its tracking software remotely. All of this, the FTC and AG allege, was done without clearly telling consumers or getting their consent.

What did Vizio know about what was going on in the privacy of consumers’ homes? On a second-by-second basis, Vizio collected a selection of pixels on the screen that it matched to a database of TV, movie, and commercial content. What’s more, Vizio identified viewing data from cable or broadband service providers, set-top boxes, streaming devices, DVD players, and over-the-air broadcasts. Add it all up and Vizio captured as many as 100 billion data points each day from millions of TVs.

Vizio then turned that mountain of data into cash by selling consumers’ viewing histories to advertisers and others. And let’s be clear: We’re not talking about summary information about national viewing trends. According to the complaint, Vizio got personal. The company provided consumers’ IP addresses to data aggregators, who then matched the address with an individual consumer or household. Vizio’s contracts with third parties prohibited the re-identification of consumers and households by name, but allowed a host of other personal details – for example, sex, age, income, marital status, household size, education, and home ownership.  And Vizio permitted these companies to track and target its consumers across devices.

(click here to continue reading What Vizio was doing behind the TV screen | Federal Trade Commission.)

Continuous Video Recording in Progress
Continuous Video Recording in Progress

You didn’t realize that your habits were worth so much money to the corporate surveillance world did you? Too bad the data mining industry doesn’t share in any of the profits they’ve harvested from your habits and propensities.

Plus the whole listening to you every second might not always be in your own best interests:

Upon further investigation, however, police began suspecting foul play: Broken knobs and bottles, as well as blood spots around the tub, suggested there had been a struggle. A few days later, the Arkansas chief medical examiner ruled Collins’s death a homicide — and police obtained a search warrant for Bates’s home.

Inside, detectives discovered a bevy of “smart home” devices, including a Nest thermostat, a Honeywell alarm system, a wireless weather monitoring system and an Amazon Echo. Police seized the Echo and served a warrant to Amazon, noting in the affidavit there was “reason to believe that Amazon.com is in possession of records related to a homicide investigation being conducted by the Bentonville Police Department.”

That warrant threw a wrinkle into what might have been a traditional murder investigation, as first reported by the Information, a news site that covers the technology industry.

While police have long seized computers, cellphones and other electronics to investigate crimes, this case has raised fresh questions about privacy issues regarding devices like the Amazon Echo or the Google Home, voice-activated personal command centers that are constantly “listening.” Namely, is there a difference in the reasonable expectation of privacy one should have when dealing with a device that is “always on” in one’s own home?

The Echo is equipped with seven microphones and responds to a “wake word,” most commonly “Alexa.” When it detects the wake word, it begins streaming audio to the cloud, including a fraction of a second of audio before the wake word, according to the Amazon website.

A recording and transcription of the audio is logged and stored in the Amazon Alexa app and must be manually deleted later. For instance, if you asked your Echo, “Alexa, what is the weather right now?” you could later go back to the app to find out exactly what time that question was asked.

(click here to continue reading Can Alexa help solve a murder? Police think so — but Amazon won’t give up her data. – The Washington Post.)

Luckily, my “dumb” tv still chugs along…

 

Update: the Samsung story is from 2015, the Amazon and the Vizio stories are more recent. Main point still stands however…

Written by Seth Anderson

February 16th, 2017 at 9:54 am

Checking In On Wired’s Ad-Blocking Experiment

without comments

Speaking of privacy and technology, Wired Magazine’s Mark McClusky boasted to Ad Age that everything is going great with their ad blocker gambit.

Ad Blockers - Wired
Ad Blockers – Wired

In early February, Condé Nast’s Wired took a stand against the rise of ad-blocking technology, which was being used on more than 20% of visits to the magazine’s website. It gave ad-blocking Wired readers two options: whitelist Wired.com, allowing ads to be served as intended, or pay $1 per week for an ad-free version of the site. “We know that you come to our site primarily to read our content,” Wired said in a note to readers at the time, “but it’s important to be clear that advertising is how we keep WIRED going: paying the writers, editors, designers, engineers, and all the other staff that works so hard to create the stories you read and watch here.”

Nearly three months in, Wired Head of Product and Business Development Mark McClusky pronounced himself pleased with the early returns.

“Overall, it’s going great,” he told Ad Age. “We’ve exceeded sort of our hopes and expectations in terms of the performance.” “The uptake in whitelisting has exceeded our expectation, the subscriptions have gone better than we projected, the abandon rate has been lower than we projected,” he said.

(click here to continue reading Checking In On Wired’s Ad-Blocking Experiment | Media – AdAge.)

Here’s the thing: in general, I support magazines and news organizations desire to stay solvent, in fact going as far as to give subscription dollars to several of them1 including even for a long time, to Wired Magazine. But the print edition of Wired was somewhere around $12 a year – by their new model, they want to charge me $52 a year to read their content. 

OVER THE PAST several years, there’s been a significant increase in the number of people using ad-blocking software in their web browser. We have certainly seen a growth in those numbers here at WIRED, where we do all we can to write vital stories for an audience that’s passionate about the ongoing adventure of our rapidly changing world.

On an average day, more than 20 percent of the traffic to WIRED.com comes from a reader who is blocking our ads. We know that you come to our site primarily to read our content, but it’s important to be clear that advertising is how we keep WIRED going: paying the writers, editors, designers, engineers, and all the other staff that works so hard to create the stories you read and watch here.

We know that there are many reasons for running an ad blocker, from simply wanting a faster, cleaner browsing experience to concerns about security and tracking software. We want to offer you a way to support us while also addressing those concerns.

Therefore, we have restricted access to articles on WIRED.com if you are using an ad blocker.

(click here to continue reading How WIRED Is Going to Handle Ad Blocking | WIRED.)

I happily use Ghostery, which is not strictly an ad blocker, but rather an enhanced cookie blocker. I just went to random Wired.com article, (http://www.wired.com/2016/05/adblock-plus-now-wants-pay-browse-internet/) and these are the trackers that Wired wants to serve me in lieu of my $52 payment:

  • Adobe Audience Manager
  • Adobe TagManager
  • Amazon Associates
  • ChartBeat
  • Disqus
  • Google Adsense
  • Google AdServices
  • Optimizely
  • Parse.ly
  • Pinterest
  • Polar Mobile
  • Rubicon
  • ScoreCard Research 
  • Yieldbot

plus one I keep turned on because I like fonts and appreciate web designers who use specific fonts: 

Typekit by Adobe

In other words, Wired wants me to agree to sell my data to these corporations in exchange for reading an article about Adblock Plus. I don’t know each of these entities, but I’m guessing most2 don’t only report to Wired – they sell the data they’ve accumulated to multiple parties. And they don’t give me any slice of the revenue.

Hmm, on balance, I’ll keep my $52, and I’ll stop clicking through to Wired articles. Sounds fair.

Footnotes:
  1. Tidbits.com, NYT, WSJ, Chicago Tribune, The Nation, Harpers, etc. etc. []
  2. or all []

Written by Seth Anderson

May 3rd, 2016 at 8:43 pm

Tech Tuesday – Part One – Selling Your Own Data

without comments

This sucky blog’s editor1 has assigned Tuesday’s topic as technology. Like all good topics, that’s a bit vague, there are lots of threads that can be collected here. 

Don't Worry - Keep Shopping
Don’t Worry – Keep Shopping…

We’ve discussed the weird state of consumer data many times, where companies such as Acxiom and thousands of others collect every scrap of information about us they possibly can, by whatever method, and then sell it to marketers. Our data, our habits, our propensities, but their profits. Seems like a bum deal, for consumers. 

So when I read the headline on this Fast Company article, I got interested. The headline and sub-head reads:

This Startup Lets Users “Sell” Their Own Shopping Data
InfoScout’s apps sell their users’ shopping data to marketers—and give those users a cut.

but that is not quite truthful. Or at least, InfoScout isn’t selling shopping data in a manner I was hoping. No, they mean that if you willingly give InfoScout information about your shopping trips by photographing/scanning your receipts, they’ll drop a few pennies in your cup now and again. If you are lucky.

San Francisco-based InfoScout offers a set of smartphone apps that lets users snap pictures of shopping receipts in exchange for incentives like credit card-style reward points and sweepstakes entries. The company digitizes the receipts with a mix of optical character recognition and crowdsourced help from services such as Amazon’s Mechanical Turk.

Then it bundles that purchase information into reports it offers to companies like Procter & Gamble and Unilever, letting them see how consumer preferences evolve over time and how discounts and promotions affect sales.

“Our ability to provide these insights back to the brands in near real time, literally within days, is something they’ve never had before,” claims CEO Jared Schrieber, who cofounded InfoScout in 2011.

Schrieber says that while brands can get some data from programs like supermarket reward card programs, those usually only track customer activity at one particular retail company.

“We’re not trying to change what people buy,” Schrieber says. “We’re just trying to observe it.”

The company says it has collected data on more than 100 million shopping trips and is processing about 300,000 receipts per day. Users can of course choose not to scan receipts that include purchases they find embarrassing, but Schrieber says many just upload every receipt, so the apps gather quite a bit of data about sensitive purchases, such as condoms and feminine hygiene products. Ultimately, what type of purchase information users feel is worth trading for a few cents or a sweepstakes entry is up to them.

Users can participate anonymously or receive additional rewards for linking the app to their Facebook profiles, answering demographic questions, or taking occasional surveys.

(click here to continue reading This Startup Lets Users “Sell” Their Own Shopping Data | Fast Company | Business + Innovation.)

We have no hours. We are always closed
We have no hours. We are always closed…

InfoScout is not even alone in using this model. I recently saw a presentation that included mention of Ibotta– a smartphone app where consumers photograph their receipt and theoretically get future coupons. Or rebates, whatever.

1. Download the App Download the Ibotta app, available on iOS and Android. The app is required to submit a receipt.

2. Unlock Rebates Before you go shopping, unlock cash rewards on great products by completing simple tasks.

3. Go Shopping Buy the products you’ve unlocked at any supported store.

4. Verify Your Purchases Scan your product barcodes, then submit a photo of your receipt.

(click here to continue reading How it Works – Ibotta.com.)

If you jump through the hoops in precisely the correct way, you may get a few pennies. According to some internet complainers, Ibotta mostly uses the small print to avoid paying out.

Complaints like:

I read about IBOTTA on Facebook and decided to try it out. Downloading the app was easy and the instructions were straight forward. Two days ago I wend grocery shopping and decided to use the app for rebates on bread, milk and eggs – all of which were on my shopping list and I was shopping at a listed store. When I returned home I scanned the items as requested by the app and took a picture of the receipt. All items were accepted. Today I received an email stating that my account had been deactivated because of fraud. From what I understand I am being deactivated for taking a picture of the same receipt. Well, duh..I bought the items at the same time, so they would be on the same receipt. No where in the instructions does it say that you have to have a separate receipt for each item purchased. Plus you are going to spend more time sorting out your groceries and paying for each item separately – not worth the money they say they will pay you.

(click here to continue reading Ibotta App Reviews – Legit or Scam?.)

or like:

I downloaded the app and it isn’t terribly hard to figure out. Verified the items and got the approval for receipt. All fine. Now when it comes to actually getting paid, all that happens is a notice on the site saying “working on the site”. Seems everything works that makes them money but nothing works where they pay money.

I am guessing they are out of cash and so just stick this sign up to avoid the real issue.

(click here to continue reading Ibotta App Reviews – Legit or Scam?.)

and many, many more. 

I suppose you’ll have to decide for yourself, is willingly giving corporations intimate shopping data about you and your family worth a few pennies? Your data is much more valuable to them – building smartphone apps and Point-of-Sale and coupon redemption infrastructure is not cheap. A corporation wouldn’t invest millions unless it was worth it to their bottom line.

Not This Store
Not This Store

I’m still waiting for one of the companies that Ghostery tracks to start offering me a real cut of the sale of my data, I’d whitelist their tracking cookie, and they would pay me a percentage every month. Ha! Zero is a percent…

Footnotes:
  1. me []

Written by Seth Anderson

May 3rd, 2016 at 9:11 am

Publishers Weigh Ways to Fight Ad Blocking

without comments

ATM$ Inside
ATM$ Inside…

Adblocking software is a default installation for any browser on any computer I set up, usually using Ghostery. I am frequently amazed at the sheer amount of tracking code a typical publisher uses. Dozens and dozens of third party cookies, sometimes even more.

Browsing the web without ads is actually kind of nice. No popups stealing your screen. No autoplaying video ads making the page load as slowly as if it were being dialed up through America Online circa 1999. And millions of people seem to agree. They’ve installed extensions to their web browsers that delete the ads from most, if not all, of of the sites they visit. One popular ad blocker, AdBlock Plus, claims that it’s been installed on people’s browsers more than 400 million times and that it counts “close to 50 to 60 million active users,” said Ben Williams, communications and operations director at Eyeo, the company that makes AdBlock Plus.

Ad blocking isn’t a new issue. People have been installing these extensions for years. But those people were considered a fringe group. But that group is getting closer to the mainstream as kids who grew up browsing the web on their parents’ computers are getting their own laptops that they can customize all the way.

And advertisers’ target audience du jour — millennials — appear to be more likely to use ad blockers than any other age group. Of the survey respondents who were between the ages of 18 and 29 years old, 41% said they use ad blockers. As further evidence ad blocking isn’t abating, Mr. Williams said AdBlock Plus has averaged 2.3 million downloads a week since 2013.

(click here to continue reading Publishers Weigh Ways to Fight Ad Blocking | Media – Advertising Age.)

Nelson Muntz Furniture
Nelson Muntz Furniture

If the trend continues, the ad-supported model of web publishing will die soon. I’m not sure what will replace it – a subscription model I guess – but web publishers did themselves no favors by making ads increasingly more obnoxious. Autoplay videos are evil, and I cannot wait until Apple allows ad blocking software on iPhones and iPads.

Ad blocking extensions have been possible on Safari for Mac for a long time, but plugin architecture for Safari on iOS is much more limited. With iOS 9, Apple has added a special case of extension for ad blockers. Apps can now include ‘content blocker’ extensions that define resources (like images and scripts) for Safari to not load. For the first time, this architecture makes ad blockers a real possibility for iOS developers to make and iOS customers to install and use.

The inclusion of such a feature at this time is interesting. Apple is also pushing its own news solution in iOS 9 with the News app, which will include ads but not be affected by the content blocking extensions as they only apply to Safari. There is also clearly the potential for Safari ad blockers to hurt Google, which seems to be a common trend with Apple’s announcements recently…

(click here to continue reading iOS 9 lets app developers make ad blockers for Safari | 9to5Mac.)

Blocking ad tracking is also parenthetically about user privacy, and Apple is more likely to increase capabilities for its customers to opt out of the massive marketing databases of contemporary corporations like Acxiom, with the exception of inclusion in Apple’s own massive database of course. Apple is not a benevolent grandmother, but at least they are being more open about their marketing and data collection practices than some of their technology company peers.

Apple’s senior vice president of software engineering, Craig Federighi, who was onstage to present new “proactive” artificial intelligence features of the next iPhone operating system, paused before one of the slides to make the company’s devotion to privacy clear.

Yes, he said, the new software will try to anticipate your information needs, based on things like your calendar and location — something that its rival, Google, already does. But, Federighi added, “we do it in a way that does not compromise your privacy. We don’t mine your email, your photos, or your contacts in the cloud to learn things about you. We honestly just don’t wanna know.”

He continued: “All of this is done on [the] device, and it stays on [the] device, under your control.” And Apple says that if it does have to perform a lookup [online] on your behalf, it’s anonymous, it’s not associated with your Apple ID, and it’s not shared with third parties.

In case you missed that point, Federighi immediately repeated: “You are in control.”

(click here to continue reading Walt Mossberg: Apple’s Latest Product Is Privacy | Re/code.)

Waste Your Time and Money
Waste Your Time and Money

We are talking significant revenue at stake already:

“Consumers want a faster web, significantly less tracking by unknown third parties and clean, well-lit media experiences. [Apple’s mobile ad-blocking plan] just accelerates it, and opens up a significant share of the marketplace,” said Jason Kint, CEO of online publisher trade group Digital Content Next. That significant share would significantly cut into publishers’ revenues. Take the biggest digital ad seller — Google — as a proxy. PageFair has estimated that Google, which made $59.1 billion from advertising in 2014, lost $6.6 billion that year because of ad blocking. As Vice’s chief digital officer Mike Germano said at an industry conference in New York earlier this month, “I love my audience, but fuck you, ad blockers — 20% of my revenue is gone.”

How to Get Your Business To Show Up On Google
How to Get Your Business To Show Up On Google

Written by Seth Anderson

June 19th, 2015 at 8:23 am

Posted in Advertising,Apple,Business

Tagged with ,

Dental receptionist allegedly at the center of a massive identity theft scam

without comments

Teeth
Teeth…

Speaking of health care practitioners who cannot manage to protect personal data, there is another reason to be skeptical when your dentist wants copies of your drivers license and so on…

The New York District Attorney’s Office says that a massive identity theft ring stems from a Manhattan dental receptionist who stole customers’ personal information.

Four people, including 27-year-old Annie Vuong, the alleged receptionist, now stand accused of 394 charges relating to theft of $700,000. All four say they’re not guilty.

The scheme centers around the fact that it’s actually quite easy, if you have enough of a person’s information, to create an Apple account, and with one of those, it only takes about 30 seconds to get approved for a program to buy an Apple-themed Barclays Visa card. With one of those, customers can instantly turn right back around and buy Apple gift cards, which can be redeemed in Apple’s physical stores.

(click here to continue reading Dental receptionist allegedly at the center of a massive identity theft scam.)

Written by Seth Anderson

February 7th, 2015 at 3:44 pm

Posted in News-esque

Tagged with , ,

Your Data Is Not Safe at Anthem Nor At Other Healthcare Corporations

without comments

Classless Society

The next decade is going to be a continual escalation of these sorts of crimes. Many sectors of corporations have skimped on beefing up their security practices, making data theft easier for criminals to steal consumer data.

patient medical records typically include information not easily destroyed, including date of birth, Social Security numbers and even physical characteristics that make them more useful for things like identity theft, creation of visas or insurance fraud by falsely billing for expensive medical or dental procedures that were either never done or performed on someone else. Some criminals have also tried a form of so-called ransom ware in which they threaten to reveal medical information unless they are paid.

“The whole thing is evolving,” said Barbara Filkins, an analyst with the SANS Institute, which has studied the risk to the health care sector.

Hospital systems, for example, are increasingly asking for photo IDs and driver’s licenses in an effort to block patients who have stolen someone else’s medical identity, said John Barlament, a lawyer at Quarles & Brady in Milwaukee. The use of medical identity fraud is growing, he said. “It’s a one-way trend here,” he said.

(click here to continue reading Data Breach at Anthem May Lead to Others – NYTimes.com.)

Site of the Doctors' Commons
Site of the Doctors’ Commons

From my perspective, I hate when health care providers make copies of my drivers license and write down my social security number and so on. Why? Because I don’t trust that they will keep my data safe. Especially as there is a push to digitize health records, health practitioners need to have stronger data management and destruction policies. Should a dentist I visited once several years ago be able to keep all my information for ever? I guess I need to get a fake ID for these sorts of situations.

The push to digitize patient health records in hospitals and doctors’ offices has also made medical records increasingly vulnerable, according to security experts. Moving medical records from paper to electronic form allows both patients and providers better access, but it has also made patient records susceptible to breaches, whether unintentionally or through a criminal attack.

About 90 percent of health care organizations reported they have had at least one data breach over the last two years, according to a survey of health care providers published last year by the Ponemon Institute, a privacy and data protection research firm. The founder, Larry Ponemon, a security expert, says most were because of employee negligence or system flaws, but a growing number are malicious or criminal.

Last year, 18 health care providers reported data breaches because of some form of hacking. Information at Centura Health was compromised last year after a phishing scheme obtained access to employee email accounts. The data included, in some instances, Social Security numbers, Medicare beneficiary numbers and clinical information for 12,000 patients of the facility, based in Englewood, Colo. In another case, a keystroke logger virus that infected three computers for a few weeks early last year at the student health center at the University of California, Irvine, may have captured patient’s health and dental insurance numbers and diagnoses.

Health care providers have sharply increased their spending on data security in the last year, but they remain technologically far behind other industries, say experts.

(click here to continue reading Data Breach at Anthem May Lead to Others – NYTimes.com.)

Written by Seth Anderson

February 7th, 2015 at 12:35 pm

Posted in Business,health

Tagged with , , , ,

Tech and Media Companies Back Microsoft in Email Seizure Case

without comments

Over Under Sideways

Good for Microsoft, and good for the tech industry to rally behind Microsoft1

A broad array of organizations in technology, media and other fields rallied on Monday behind Microsoft’s effort to block American authorities from seizing a customer’s emails stored in Ireland.

The organizations filing supporting briefs in the Microsoft case included Apple, Amazon, Verizon, Fox News, National Public Radio, The Washington Post, CNN and almost two dozen other technology and media companies. A cross-section of trade associations and advocacy groups, from the American Civil Liberties Union to the United States Chamber of Commerce, and 35 computer scientists also signed briefs in the case, which is being considered in New York by the United States Court of Appeals for the Second Circuit.

“Seldom do you see the breadth and depth of legal involvement that we’re seeing today for a case that’s below the Supreme Court,” Bradford L. Smith, Microsoft’s general counsel, said in an interview.

The case involves a decision by Microsoft to defy a domestic search warrant seeking emails stored in a Microsoft data center in Dublin. Microsoft has argued that the search warrant could provide a dangerous precedent that is already leading to privacy concerns among customers. The case is especially relevant, the company says, to customers who are considering conducting more of their electronic business in the cloud.

(click here to continue reading Tech and Media Companies Back Microsoft in Privacy Case – NYTimes.com.)

Even the Faux Walls have eyes
Even the Faux Walls have eyes

You know who isn’t mentioned here or at Microsoft’s public blog page for this case? Google. I wonder why? Seems like a pretty high profile case to be siding with the US DOJ instead of privacy advocates.

Today represents an important milestone in our litigation concerning the U.S. Government’s attempt to use a search warrant to compel Microsoft to obtain and turn over email of a customer stored in Ireland. That’s because 10 groups are filing their “friend of the court” briefs in New York today.

Seldom has a case below the Supreme Court attracted the breadth and depth of legal involvement we’re seeing today. Today’s ten briefs are signed by 28 leading technology and media companies, 35 leading computer scientists, and 23 trade associations and advocacy organizations that together represent millions of members on both sides of the Atlantic.

We believe that when one government wants to obtain email that is stored in another country, it needs to do so in a manner that respects existing domestic and international laws. In contrast, the U.S. Government’s unilateral use of a search warrant to reach email in another country puts both fundamental privacy rights and cordial international relations at risk.  And as today’s briefs demonstrate, the impacts of this step are far-reaching.

Today’s briefs come from:

Leading technology companies such as Verizon, Apple, Amazon, Cisco, Salesforce, HP, eBay, Infor, AT&T, and Rackspace. They’re joined by five major technology trade associations that collectively represent most of the country’s technology sector, including the BSA | The Software Alliance and the Application Developers Alliance. These groups raise a range of concerns about the significant impact this case could have both on the willingness of foreign customers to trust American technology and on the privacy rights of their customers, including U.S. customers if other governments adopt the approach to U.S. datacenters that the U.S. Government is advocating here.

Seventeen major and diverse news and media companies, including CNN, ABC, Fox News, Forbes, the Guardian, Gannett, McClatchy, the Washington Post, the New York Daily News, and The Seattle Times. They’re joined by ten news and media associations that collectively represent thousands of publications and journalists. These include the Newspaper Association of America, the National Press Club, the European Publishers Council, and the Reporters Committee for Freedom of the Press. These organizations are concerned that the lower court’s decision, if upheld, will erode the legal protections that have long restricted the government’s ability to search reporters’ email for information without the knowledge of news organizations.

(click here to continue reading Business, Media and Civil Society Speak Up in Key Privacy Case – The Official Microsoft Blog.)

Footnotes:
  1. not a sentence I’d thought I’d type []

Written by Seth Anderson

December 15th, 2014 at 3:16 pm

Americans Cellphones Targeted in Another Secret U.S. Spy Program

without comments

Conversation In Front of 110 N. Wacker Drive
Possible Criminal Conversation In Front of 110 N. Wacker Drive

Devlin Barrett of the WSJ reports that the U.S. Justice Department is collecting data on phones through a novel approach: fake cellphone towers on airplanes that fly around the country. Warrants not necessary, of course, because when you clicked through the EULA terms on your new smartphone, you agreed that you gave up all rights to privacy. Well, probably, because who actually reads those things?

The Justice Department is scooping up data from thousands of mobile phones through devices deployed on airplanes that mimic cellphone towers, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations.

The U.S. Marshals Service program, which became fully functional around 2007, operates Cessna aircraft from at least five metropolitan-area airports, with a flying range covering most of the U.S. population, according to people familiar with the program.

Planes are equipped with devices—some known as “dirt boxes” to law-enforcement officials because of the initials of the Boeing Co. unit that produces them1—which mimic cell towers of large telecommunications firms and trick cellphones into reporting their unique registration information.

The technology in the two-foot-square device enables investigators to scoop data from tens of thousands of cellphones in a single flight, collecting their identifying information and general location, these people said.

(click here to continue reading Americans’ Cellphones Targeted in Secret U.S. Spy Program – WSJ – WSJ.)

Eye see u Willis
Eye see u Willis

Sounds great. Warrants are so old fashioned, so 20th Century. 

Or as Digby adds:

But never fear, they’ve assured us that they are only using it to catch bad guys.They have no interest in anything you might be doing.  Well, unless you’re doing something wrong.  If you are an upstanding citizen there’s little reason to worry that the police might be re-routing your phone calls without your knowledge right? Why should you care?

In fact, we really need to re-think that whole 4th Amendment thing altogether. When you think about it, you shouldn’t object to the police ransacking your house and your car without any probable cause either. They could be looking for someone they know is in your neighborhood. If you have nothing to hide in your home why would you object? Sure, they might find something they think is suspicious in your house when they go on their fishing expedition but maybe you shouldn’t have suspicious things in your house if you don’t want the cops finding it, eh?

This is what we call liberty.

(click here to continue reading Hullabaloo- Secrets and more secrets .)

Do All Photographers Need a Warrant?
Do All Photographers Need a Warrant?

Mariella Moon of Engadget writes

These dirtboxes are also sophisticated enough to mimic a particular provider. If a drug dealer under surveillance uses Verizon, for instance, then the machine pretends to be a Verizon cell tower and connects only to all the carrier’s subscribers in the area. Once a target’s phone is identified (at which point, connections to other people’s phones are dropped), the box can pinpoint his location within 3 meters and down to a specific room. The WSJ’s sources wouldn’t reveal how often planes loaded with these boxes are deployed (they have a flying range that covers the whole country’s population, by the way), but they said the Cessnas fly out regularly to target a handful of criminals per flight.

Obviously, the more densely populated the target area is, the more data the boxes collect, but it’s unclear what steps are in place to safeguard innocent people’s information. It’s also unclear at this point if they’ve ever used the newer dirtboxes’ capabilities, which include jamming phones and extracting messages, photos and other data remotely. If you’re thinking, “Hmmm fake cell towers? Those sound ominously familiar,” it’s because this isn’t the first time authorities used them. In fact, this dirtbox project sounds like a larger, airborne version of a previous one, wherein feds placed fake towers called “stingrays” in moving cars.

(click here to continue reading Flying fake cell towers target fugitives, but can ID your phone too.)

City of Chicago Emergency Management Surveillance Vehicle
City of Chicago Emergency Management Surveillance Vehicle

Footnotes:
  1. Boeing subsidiary Digital Recovery Technology Inc. or DRT []

Written by Seth Anderson

November 15th, 2014 at 12:38 pm

Facebook Is the NSA of Corporate America

without comments

Over Under Sideways
Over Under Sideways

Speaking of Big Data and Facebook, the marketing and privacy experts at Mark Zuckerman’s data mining company have come up with a new way to make money off of you: turning on the microphone on your mobile device, and listening in to your life as you live it.

The social network appears to be preparing to serve ads to users based on a Shazam-style feature that picks up via the microphones on devices with Facebook’s app installed—watching Breaking Bad? Check out this ad for the new drama on AMC. Listening to OutKast? Try Ludacris.…

Facebook’s ad strategy is getting more sophisticated every week; with the new tool (which Facebook stresses is optional, though you know how it is: if people like it and it’s convenient, that’s better than mandatory), it’ll have far more information about something Nielsen, Acxiom and other data giants conduct huge panel studies to determine: user media habits. Not the media habits users write down in diaries, but what people actually do and might not self-report to anyone but their friends—who marathons Murder, She Wrote until 3 in the morning or listens to nothing but Ween for three straight months.

  • It’s totally fair to wonder where the data derived from the recordings—song title, album, etc.—is stored and where it goes. Based on the fact that this is being used for marketing, the short answer seems to be “to people who are willing to pay to know what you’re into.” 
  • It’s hard to make this not creepy. Facebook is using your cell phone to listen to you and serve you ads. It’s doing it all in the name of user convenience, of course, but it’s still doing it. 
  • Marketers are going to love this. Dynamic ad serving has been a pipe dream for so long, and Facebook’s multi-billion-person user base is everyone’s favorite thing for that specific purpose.

(click here to continue reading Listening to Beyoncé? Facebook Has an Ad for You | Adweek.)

Or Pay The Price
Or Pay The Price

From the WSJ:

Facebook on Wednesday added a feature to its mobile app that identifies music and television shows playing in the background and suggests users share them with a larger audience.

The feature was the latest in a series of changes by Facebook to nudge users to divulge more—and more-specific—personal information on the social network. This week, it introduced a feature that allows users to prompt their friends to divulge more information about themselves. Last year, the social network allowed users to categorize posts by activity.

Facebook uses the data to sell targeted advertisements. The more detailed the information it gathers from users, the more personalized—and expensive—advertising the company can sell.

The recent changes represent an effort by Facebook to prod users into sharing more information about themselves. In recent years, the company has added categories, like “watching,” “eating” or “listening,” that users can add to their posts. In April it created a “traveling to” category, allowing users to post their travel destinations. A “nearby friends” feature, also rolled out last month, lets users know when their Facebook friends are in the vicinity. Turning on the feature lets Facebook track users wherever they go, even when the app is closed.

This week, Facebook began allowing users to request their friends’ relationship status using the new “Ask” button.

Advertisers like the additional data.

(click here to continue reading Facebook Adds Feature to Identify Music, TV Shows – WSJ.com.)

Continuous Video Recording in Progress
Continuous Video Recording in Progress

Amusingly, Facebook announced on the same day:

Responding to business pressures and longstanding concerns that its privacy settings are too complicated, Facebook announced on Thursday that it was giving a privacy checkup to every one of its 1.28 billion users.

 …

“They have gotten enough privacy black eyes at this point that I tend to believe that they realized they have to take care of consumers a lot better,” said Pam Dixon, executive director of the World Privacy Forum, a nonprofit research and advocacy group. Ms. Dixon was briefed in advance about the latest changes.

For most of its 10-year history, Facebook has pushed — and sometimes forced — its users to share more information more publicly, drawing fire from customers, regulators and privacy advocates across the globe.

(click here to continue reading Facebook Offers Privacy Checkup to All 1.28 Billion Users – NYTimes.com.)

Sure, sure they are.

Written by Seth Anderson

May 22nd, 2014 at 10:07 am

Posted in Advertising,Business

Tagged with , ,

Facebook, Google Face Backlash Over Logins

without comments

Cougle, Google's neighbor
Cougle, Google’s neighbor

Personally, I never, ever use logins that depend upon Facebook. I have run across a few iOS apps that insist upon Facebook logins, and I deleted them rather than give up my information. I have on rare occasion used the Google login, but I’d much prefer using my own login credentials, even if it involves creating yet another password. Since I use 1Password these days, creating and maintaining unique passwords isn’t as much of a burden as it used to be.

Facebook and Google are battling to be the gateway through which users connect to websites and mobile apps. But users and businesses may be losing interest in such “social login” services.

Consumers worry about broadcasting their preferences and habits to companies and across their social networks. Businesses are torn between making life easier for users and letting Facebook and Google see the resulting data.

“A few years ago, there was a frenzy, but the interest has peaked,” says Sucharita Mulpuru-Kodali, an analyst at Forrester Research who studies social login. “There’s the fear of, ‘Oh my God, I’m going to click something and God knows what’s going to show up on my Facebook wall.’ ”

The social login buttons allow consumers to log in to other websites and apps using their usernames and passwords, for example, from Facebook Login or Google+.
But a Forrester survey of 66 large and midsize companies finds that only 17% use social-login buttons, and more than half have no plans to do so. Forrester hadn’t previously done a similar survey, but Ms. Mulpuru-Kodali says social login offerings are no longer appealing to retailers and users.

(click here to continue reading Too Much Information? Facebook, Google Face Backlash Over Logins – WSJ.com.)

The One Chord Song Lasts A Lifetime
The One Chord Song Lasts A Lifetime

I think also more consumers are realizing that Facebook and Google are not creating these tools to make consumers digital lives easier, but instead to enable Facebook and Google to collect data on consumers that they will then sell to businesses. Why make the process any easier for Big Data? Especially since Google and Facebook have repeatedly made errors that benefit their own business practices, and only apologize when the “error” becomes public, or the FTC files a complaint.

One reason users hesitate is privacy — the fear that logging in to the real-estate website Zillow through a Facebook button, for example, might inadvertently reveal the house you looked at, and its price, to your social network. Facebook says this can’t happen without a consumer’s express permission. But many users are wary because of the social network’s mixed record on privacy.

Some large brick and mortar retailers are concerned that letting Facebook or Google put code on their website might lead to the Web giants collecting their purchase data. Google says it doesn’t collect this information1.

(click here to continue reading Silicon Valley Is Waging a War Over Your Online Identity. But Is It Worth It? – Digits – WSJ.)

Footnotes:
  1. but won’t swear to it in court []

Written by Seth Anderson

May 22nd, 2014 at 8:14 am

Posted in Advertising,Business

Tagged with , ,

California Urges Websites to Disclose Online Tracking

without comments

 Tired Of Keeping Track

Tired Of Keeping Track

Kudos to Attorney General Kamala D. Harris, let us stipulate that this becomes a national trend, and soon…

Every major Internet browser has a feature that lets you tell a website that you don’t want it to collect personal information about you when you visit.

And virtually every website ignores those requests. Tracking your online activities — and using that data to tailor marketing pitches — is central to how Internet companies make money.

Now California’s attorney general, Kamala D. Harris, wants every site to tell you — in clear language — if and how it is respecting your privacy preferences. The guidelines, which will be published on Wednesday, are intended to help companies comply with a new state privacy law that went into effect on Jan. 1. That law requires sites to prominently disclose all their privacy practices, including how they respond to “do not track” requests.

“This guide is a tool for businesses to create clear and transparent privacy policies that reflect the state’s privacy laws and allow consumers to make informed decisions,” Ms. Harris said in a statement.

(click here to continue reading California Urges Websites to Disclose Online Tracking – NYTimes.com.)

Eye see u Willis
Eye see u Willis

Though this is a voluntary rule, and there are lots of lobbyists chewing on Congress-critters ears to block this practice from expanding, the publics’ opinion is very clear, so maybe by the time the aliens land, or the oceans reach the Midwest, we’ll have action:

The California guidelines for the Jan. 1 privacy law are voluntary. Other efforts to establish more binding privacy protections — either through federal or state laws or through industry self-regulation — have failed to win enough support to pass.

In an attempt to nudge the process along, two of the leading web browsers, Mozilla’s Firefox and Microsoft’s Internet Explorer, began giving users the option of sending a signal that tells all websites they visit that they don’t want to be tracked. Apple’s Safari and Google’s Chrome later added similar options.

But despite pledges by the advertising and technology industries to find a way to honor such requests — and endless discussions at an industry standards group, the World Wide Web Consortium, that was supposed to come up with a common set of rules — little progress has been made. This month, a White House advisory group again called for limits on tracking.

Do Not Track
Do Not Track 

Today, virtually no site respects “do not track” requests coming from web browsers. The only major company that honors the signals is Twitter.

Yahoo, which was one of the first companies to respect “do not track” signals, announced last month that it would no longer do so. Part of the company’s turnaround strategy depends on personalizing its services and advertising, which requires — you guessed it — tracking you across the web.

For what it’s worth, I still use Ghostery, despite it breaking functionality of some websites like Crain’s Chicago, or Nordstroms…

Written by Seth Anderson

May 21st, 2014 at 8:23 am

Police Keep Quiet About Stingray A Cellphone Surveillance Tool

without comments

Eye see u Willis
Eye see u Willis

Ahh, our National Security State keeps chugging along, snatching us up in its tentacles…

Police across the country may be intercepting phone calls or text messages to find suspects using a technology tool known as Stingray. But they’re refusing to turn over details about its use or heavily censoring files when they do.

Police say Stingray, a suitcase-size device that pretends it’s a cell tower, is useful for catching criminals, but that’s about all they’ll say.

For example, they won’t disclose details about contracts with the device’s manufacturer, Harris Corp., insisting they are protecting both police tactics and commercial secrets. The secrecy – at times imposed by nondisclosure agreements signed by police – is pitting obligations under private contracts against government transparency laws.

Even in states with strong open records laws, including Florida and Arizona, little is known about police use of Stingray and any rules governing it.

A Stingray device tricks all cellphones in an area into electronically identifying themselves and transmitting data to police rather than the nearest phone company’s tower. Because documents about Stingrays are regularly censored, it’s not immediately clear what information the devices could capture, such as the contents of phone conversations and text messages, what they routinely do capture based on how they’re configured or how often they might be used.

(click here to continue reading POLICE KEEP QUIET ABOUT CELL-TRACKING TECHNOLOGY, BY JACK GILLUM, News from The Associated Press.)

Cops on Bikes
Cops on Bikes on Cellphones

Note that this works on everyone’s cellphones, regardless if you are a criminal suspect, or just a teenage girl texting your friends. Who needs warrants, right? The old United States that celebrated civil liberties as a constitution right has been superseded by 9-11 and the War on Terra.

ACLU Staff Attorney Nathan Freed Wessler writes:

It appears that at least one police department in Florida has failed to tell judges about its use of a cell phone tracking device because the department got the device on loan and promised the manufacturer to keep it all under wraps. But when police use invasive surveillance equipment to surreptitiously sweep up information about the locations and communications of large numbers of people, court oversight and public debate are essential. The devices, likely made by the Florida-based Harris Corporation, are called “stingrays,” and unfortunately this is not the first time the government has tried to hide their use.

So the ACLU and ACLU of Florida have teamed up to break through the veil of secrecy surrounding stingray use by law enforcement in the Sunshine State, last week filing a motion for public access to sealed records in state court, and submitting public records requests to nearly 30 police and sheriffs’ departments across Florida seeking information about their acquisition and use of stingrays.

As two judges noted during the oral argument, as of 2010 the Tallahassee Police Department had used stingrays a staggering 200 times without ever disclosing their use to a judge to get a warrant.

Potentially unconstitutional government surveillance on this scale should not remain hidden from the public just because a private corporation desires secrecy. And it certainly should not be concealed from judges. That’s why we have asked the Florida court that originally sealed the transcript to now make it available to the public. And that’s also why we have asked police departments throughout Florida to tell us whether they use stingrays, what rules they have in place to protect innocent third parties from unjustified invasions of privacy, and whether they obtain warrants from judges before deploying the devices.

Although secret stingray use has increasingly been exposed by the press (and by the ACLU), public details are still scant. Our new work in Florida is part of national efforts to understand how law enforcement is using these devices, and whether reforms are needed to protect our privacy from law enforcement overreach.

(click here to continue reading Police Hide Use of Cell Phone Tracker From Courts Because Manufacturer Asked | American Civil Liberties Union.)

Transformers 3 Soldier extra
Soldier on a Cellphone (Transformers 3)

via

Written by Seth Anderson

March 27th, 2014 at 9:04 am

Senator Rockefeller Warns Marketing Data Giants: You’re On Notice

without comments

Video Flag Z by Nam June Paik
Video Flag Z by Nam June Paik

We’ve long been dismayed by how powerful and secretive the massive data broker corporations have become. Our data is collected, often surreptitiously, then repackaged and sold to other corporations, and we don’t get a percentage of the profits, nor any real notice that this is happening.

Good news, maybe, from Washington, as reported by Kate Kaye of AdAge:

Today the Senate Commerce Committee held a long-awaited hearing about the consumer-data-broker industry.

“We have a feeling people are getting scammed or screwed,” said Senator Jay Rockefeller, D-W.V., whose office sent inquiries to several data brokers in the past year. He called out data giants Acxiom, Epsilon and Experian, threatening to use more forceful ways of getting them to divulge information about how they do business and with whom.

One concern shared by Mr. Rockefeller and privacy advocates is predatory marketing activity conducted by financial firms or other companies targeting vulnerable groups such as the impoverished or immigrant populations. Another concern is the practice of scoring individuals determined by algorithmic data analysis and serving them with tailored offers. In some cases that could involve higher interest rates for loans or dynamic prices for products based on prior web behavior or demographic data.

“To date they have not given me complete answers,” said Mr. Rockefeller of Acxiom, Epsilon and Experian. “I’m putting these three companies on notice today…that I am considering further steps and I have steps I can use to get this information.”

Mr. Rockefeller sent letters to data companies such as Acxiom, Datalogix, Epsilon, Experian and Transunion in June, then broadened the inquiry to include media firms — typically big collectors of behavioral web data — like About.com, Babycenter.com, Cafemom.com, Time’s Health.com and Conde Nast’s Self.com.

 

(click here to continue reading Rockefeller to Marketing Data Giants: You’re On Notice | Privacy and Regulation – Advertising Age.)

Bares paying attention to…

Written by Seth Anderson

December 19th, 2013 at 11:04 am

Photo Republished at AT&T offers gigabit Internet discount in exchange for your Web history | Ars Technica

without comments

Eyeing John Marshall Law School

My photo was used to illustrate this post

AT&T is watching you browse. AT&T’s “GigaPower” all-fiber network has launched in parts of Austin, Texas, with a price of $70 per month for download speeds of 300Mbps (which will be upgraded to a gigabit at no extra cost in 2014). The $70 price is only available if you agree to see targeted ads from AT&T and its partners, however. Interestingly, AT&T labels the Internet service with targeted ads as its “premier” service while calling the service without targeted ads “standard.”

click here to keep reading :
AT&T offers gigabit Internet discount in exchange for your Web history | Ars Technica

automatically created via Delicious and IFTTT

Written by eggplant

December 11th, 2013 at 1:35 pm

Experian Sold Consumer Data to ID Theft Service

without comments

We Finally Came To Realize

We Finally Came To Realize

A troubling tale via Krebs on Security

An identity theft service that sold Social Security and drivers license numbers — as well as bank account and credit card data on millions of Americans — purchased much of its data from Experian, one of the three major credit bureaus, according to a lengthy investigation by KrebsOnSecurity.

Contacted about the reader’s claim, U.S. Info Search CEO Marc Martin said the data sold by the ID theft service was not obtained directly through his company, but rather via Court Ventures, a third-party company with which US Info Search had previously struck an information sharing agreement. Martin said that several years ago US Info Search and CourtVentures each agreed to grant the other company complete access to its stores of information on US consumers.

Founded in 2001, Court Ventures described itself as a firm that “aggregates, repackages and distributes public record data, obtained from over 1,400 state and county sources.” Cached, historic copies of courtventures.com are available through archive.org.

THE ROLE OF EXPERIAN

In March 2012, Court Ventures was purchased by Costa Mesa, Calif.-based Experian, one of the three major consumer credit bureaus. According to Martin, the proprietors of Superget.info had gained access to Experian’s databases by posing as a U.S.-based private investigator. In reality, Martin said, the individuals apparently responsible for running Superget.info were based in Vietnam.

Martin said he first learned of the ID theft service after hearing from a U.S. Secret Service agent who called and said the law enforcement agency was investigating Experian and had obtained a grand jury subpoena against the company.

While the private investigator ruse may have gotten the fraudsters past Experian and/or CourtVentures’ screening process, according to Martin there were other signs that should have alerted Experian to potential fraud associated with the account. For example, Martin said the Secret Service told him that the alleged proprietor of Superget.info had paid Experian for his monthly data access charges using wire transfers sent from Singapore.

“The issue in my mind was the fact that this went on for almost a year after Experian did their due diligence and purchased” Court Ventures, Martin said. “Why didn’t they question cash wires coming in every month? Experian portrays themselves as the databreach experts, and they sell identity theft protection services. How this could go on without them detecting it I don’t know. Our agreement with them was that our information was to be used for fraud prevention and ID verification, and was only to be sold to licensed and credentialed U.S. businesses, not to someone overseas.”

Experian declined multiple requests for an interview.

(click here to continue reading Experian Sold Consumer Data to ID Theft Service — Krebs on Security.)

Or Pay The Price
Or Pay The Price

so if your account was one of the unlucky ones, what was stolen?

These services specialized in selling “fullz” or “fulls,” a slang term that cybercrooks use to describe a package of personally identifiable information that typically includes the following information: an individual’s name, address, Social Security number, date of birth, place of work, duration of work, state driver’s license number, mother’s maiden name, bank account number(s), bank routing number(s), email account(s) and other account passwords. Fulls are most commonly used to take over the identity of a person in order to engage in other fraud, such as taking out loans in the victim’s name or filing fraudulent tax refund requests with the IRS.

All told, findget.me and superget.info acquired or sold fullz information on more than a half million people, the government alleges.

Why exactly do we as a society allow Experian and similar organizations collect this data in the first place? They accumulate the data, and sell it to advertisers, or to scammers, and what benefit does it bestow on us? Other than headache and grief…

There was much gnashing of teeth when we discovered just how many hard disks the N.S.A. has filled with our personal data, why does Experian and other similar corporations get a pass from the public?

Revolution of The Innocent
Revolution of The Innocent

especially when Experian will skip away from this investigation with nothing more than a slap on the wrist with a wet noodle…

Meanwhile, it’s not clear what — if any — trouble Experian may face as a result of its involvement in the identity theft scheme. This incident bears some resemblance to a series of breaches at ChoicePoint, a data aggregator that acted as a private intelligence service to government and industry. Beginning in 2004, ChoicePoint suffered several breaches in which personal data on American citizens was accessed by crooks who’d used previously stolen identities to create apparently legitimate businesses seeking ChoicePoint accounts. ChoicePoint was later sued by the U.S. Federal Trade Commission, an action that produced a $10 million settlement — the largest in the agency’s history for a violation of federal privacy law.

Experian makes about $500,000,000 in profit a year, btw.

Written by Seth Anderson

October 27th, 2013 at 11:05 am

Posted in Business

Tagged with , , ,