B12 Solipsism

Spreading confusion over the internet since 1994

Archive for the ‘privacy’ tag

Facebook conducting mass surveillance through its apps

without comments

Surveillance Society  Halsted and Division Edition
Surveillance Society – Halsted and Division Edition

The Guardian reports:

Facebook used its apps to gather information about users and their friends, including some who had not signed up to the social network, reading their text messages, tracking their locations and accessing photos on their phones, a court case in California alleges.

The claims of what would amount to mass surveillance are part of a lawsuit brought against the company by the former startup Six4Three, listed in legal documents filed at the superior court in San Mateo as part of a court case that has been ongoing for more than two years.

A Facebook spokesperson said that Six4Three’s “claims have no merit, and we will continue to defend ourselves vigorously”.

The allegations about surveillance appear in a January filing, the fifth amended complaint made by Six4Three. It alleges that Facebook used a range of methods, some adapted to the different phones that users carried, to collect information it could use for commercial purposes.

“Facebook continued to explore and implement ways to track users’ location, to track and read their texts, to access and record their microphones on their phones, to track and monitor their usage of competitive apps on their phones, and to track and monitor their calls,” one court document says.

(click here to continue reading Facebook accused of conducting mass surveillance through its apps | Technology | The Guardian.)

This is Facebook’s business model though, so what exactly are they going to argue? No, we don’t collect data on our users and then use this information to sell advertising to corporations? 

The one detail that is the most disturbing1 is that Facebook did this for people who weren’t Facebook users. How did these people consent? How do they request their data? How do they update their privacy settings?

Footnotes:
  1. and we’ve noted it previously []

Written by Seth Anderson

May 30th, 2018 at 9:06 am

Vermont passes first law to crack down on data brokers

without comments

Data Dump
Data Dump

TechCrunch reports:

While Facebook and Cambridge Analytica are hogging the spotlight, data brokers that collect your information from hundreds of sources and sell it wholesale are laughing all the way to the bank. But they’re not laughing in Vermont, where a first-of-its-kind law hems in these dangerous data mongers and gives the state’s citizens much-needed protections.

Data brokers in Vermont will now have to register as such with the state; they must take standard security measures and notify authorities of security breaches (no, they weren’t before); and using their data for criminal purposes like fraud is now its own actionable offense.

If you’re not familiar with data brokers, well, that’s the idea. These companies don’t really have a consumer-facing side, instead opting to collect information on people from as many sources as possible, buying and selling it amongst themselves like the commodity it has become.

This data exists in a regulatory near-vacuum. As long as they step carefully, data brokers can maintain what amounts to a shadow profile on consumers. I talked with director of the World Privacy Forum, Pam Dixon, about this practice.

“If you use an actual credit score, it’s regulated under the Fair Credit Reporting Act,” she told me. “But if you take a thousand points like shopping habits, zip code, housing status, you can create a new credit score; you can use that and it’s not discrimination.”

And while medical data like blood tests are protected from snooping, it’s not against the law for a company to make an educated guess your condition from the medicine you pay for at the local pharmacy. Now you’re on a secret list of “inferred” diabetics, and that data gets sold to, for example, Facebook, which combines it with its own metrics and allows advertisers to target it.

(click here to continue reading Vermont passes first law to crack down on data brokers | TechCrunch.)

Exactly why I wish the US would implement its own version of the GDPR that we’ve discussed. Corporations that mine our digital data, and sell it, and resell it, without oversight, or without giving “a taste” to the consumer are corporations that need to be regulated and watched by a consumer protection agency of some kind. Not every consumer is savvy enough to obfuscate their tracks, and honestly, even somewhat savvy consumers are no doubt caught up in these nameless corporations’ databases. Corporations like EquifaxQuotient and Catalina Marketing and a few thousand others don’t really need to use browser cookies anymore, they also use the unique ID of your devices, they track your IP numbers down to your block group, and can track you at home, at office, via phone, via credit card, via geolocation and via other means. I find it Orwellian and creepy.

My sincere wish is that Vermont continues on this path of regulation of the wild, wild web of data brokers, and that other states and the entire country follows suit.

Written by Seth Anderson

May 28th, 2018 at 3:49 pm

Posted in Advertising,Business,government

Tagged with , ,

U.S. Websites Go Dark in Europe as GDPR Data Rules Kick In

without comments

Keystone Chicago Tribune
Keystone – Chicago Tribune

Speaking of the GDPR, the WSJ reports:

Europe’s new privacy law took effect Friday, causing major U.S. news websites to suspend access across the region as data-protection regulators prepare to brandish their new enforcement powers.

Tronc Inc., publisher of the Los Angeles Times, New York Daily News and other U.S. newspapers [Chicago Tribune], was among those that blocked readers in the European Union from accessing sites, as they scrambled to comply with the sweeping regulation.

“We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market,” the company said in notices it displayed when users attempted to access its news sites from the EU on Friday morning.

Others U.S. regional newspapers owned by Lee Enterprises Inc., as well as bookmarking app Instapaper, owned by Pinterest. Inc., were also blocking access in the EU.

The EU’s General Data Protection Regulation foresees steep fines for companies that don’t comply with the new rules, aimed at giving Europe-based users more control over the data companies hold on them.

(click here to continue reading U.S. Websites Go Dark in Europe as GDPR Data Rules Kick In – WSJ.)

Tronc and many other digital news organizations are among the worst offenders of collecting information on consumers. Using this article at the WSJ as an example, Ghostery reports 24 different cookies/trackers being served to a reader, from Facebook, Google, DoubleClick, and so on. I’m a subscriber, and WSJ still allows companies like Bombora to shovel my information into their corporate maws.

Going to a random Chicago Tribune article, say for instance “Let’s hear it for Memorial Day weekend at the beach. Oh, but the litter …”, and Tronc is serving me, a subscriber, 18 cookies/trackers from various entities, like Amazon, Google, and a plethora I’ve never heard of. My print newspaper doesn’t track me like this.

So, I’m not surprised that many news organizations are not in compliance with the new GDPR regulations, I’m only saddened that the US doesn’t have a similar protection for consumers. Savvier consumers can install anti-tracking services, like Ghostery, but what about everyone else?

Written by Seth Anderson

May 25th, 2018 at 9:16 am

Posted in Advertising,Business

Tagged with ,

EU Privacy Law Enters Into Force

without comments

Faux Vintage photo of a real vintage digital camera
Faux Vintage photo of a real vintage digital camera

The NYT/Reuters reports about the GDPR:

New European privacy regulations went into effect on Friday that will force companies to be more attentive to how they handle customer data.

The ramifications were visible from day one, with major U.S.-media outlets including the LA Times and Chicago Tribune were forced to shutter their websites in parts of Europe.

People in the bloc have been bombarded with dozens of emails asking for their consent to keep processing their data, and a privacy activist wasted no time in taking action against U.S. tech giants for allegedly acting illegally by forcing users to accept intrusive terms of service or lose access.

“You have to have a ‘yes or no’ option,” Austrian Max Schrems said before filing complaints in European jurisdictions. “A lot of these companies now force you to consent to the new privacy policy, which is totally against the law.”

(click here to continue reading EU Privacy Law Enters Into Force, Activist Takes Aim – The New York Times.)

Amazing really the number of these emails I’ve received. Several are worded in such a way that I did not accept their terms, and assume my account will become dormant. If it was a company I cared to still do business with, I might look a little deeper, but mostly I just shrug and delete.

We first heard about GDPR late last year and only wish the US took consumer privacy as seriously as the EU.

Dreaming Has A Low
Dreaming Has A Low

From December, 2017:

 

Almost a fifth of companies in the marketing and advertising sector would go out of business if they were to be hit by a fine for non-compliance of the new GDPR legislation.

 

The General Data Protection Regulation (GDPR) comes into force in less than one year and covers everything from a consumer’s ‘right to be forgotten’ to data breach notification and accountability. At the heart of the reform in how companies must handle customer data is a fine, standing at €20m or 4% of an company’s global revenue, if they are found to be falling foul.

 

But, in a survey of 187 marketing and advertising companies conducted by YouGov on behalf of law firm Irwin Mitchel, 70% said they wouldn’t be certain of their ability to detect a data breach. Meanwhile, just 37% said they would be equipped to deal with it in the required timescale of three days.

 

 

(click here to continue reading 17% of marketing and advertising agencies would go under if hit with a GDPR fine | The Drum.)

Extraordinary Measures
Extraordinary Measures

A privacy regulation with teeth:

 

With 200-plus pages of regulation set to come into force in May 2018, it formalizes concepts like the “right to be forgotten,” data breach accountability, data portability and more — and is arguably the biggest disruption in the digital space in recent years.

 

Potential fines

 

Simply put, the regulations are being put into place to give individual more rights to their data, but brands and marketers need to get on board beforehand in order to avoid hefty potential fines – up to $24m, or 4% of annual turnover (whichever is the greater sum). Some of the requirements include:

 

  • Requiring consent for data processing
  • Anonymizing collected data to protect privacy
  • Providing data breach notifications
  • Safely handling the transfer of data across borders
  • Requiring certain companies to have a data protection officer to oversee GDPR compliance

 

 

(click here to continue reading What does the EU’s privacy reform mean for US marketers? And what should you do now? | The Drum.)

Written by Seth Anderson

May 25th, 2018 at 8:17 am

Posted in Business

Tagged with ,

Service Meant to Monitor Inmates’ Calls Could Track You, Too, and Probably Does

without comments

Cell Phone Evolution
Cell Phone Evolution

Cell phones are useful for a lot of things, but owning one does have consequences, like the ability for 3rd party organizations or government entities to track your location down to 25-50 feet at any time your phone is connected to a cell tower.

The NYT reports:

Senator Ron Wyden, Democrat of Oregon, wrote in a letter this week to the Federal Communications Commission that Securus confirmed that it did not “conduct any review of surveillance requests.” The senator said relying on customers to provide documentation was inadequate. “Wireless carriers have an obligation to take affirmative steps to verify law enforcement requests,” he wrote, adding that Securus did not follow those procedures.

The service provided by Securus reveals a potential weakness in a system that is supposed to protect the private information of millions of cellphone users. With customers’ consent, carriers sell the ability to acquire location data for marketing purposes like providing coupons when someone is near a business, or services like roadside assistance or bank fraud protection. Companies that use the data generally sign contracts pledging to get people’s approval — through a response to a text message, for example, or the push of a button on a menu — or to otherwise use the data legally.

But the contracts between the companies, including Securus, are “the legal equivalent of a pinky promise,” Mr. Wyden wrote. The F.C.C. said it was reviewing the letter.

Courts are split on whether investigators need a warrant based on probable cause to acquire location data. In some states, a warrant is required for any sort of cellphone tracking. In other states, it is needed only if an investigator wants the data in real time. And in others no warrant is needed at all.

Other experts said the law should apply for any communications on a network, not just phone calls. “If the phone companies are giving someone a direct portal into the real-time location data on all of their customers, they should be policing it,” said Laura Moy, the deputy director of the Georgetown Law Center on Privacy & Technology.

Mr. Wyden, in his letter to the F.C.C., also said that carriers had an obligation to verify whether law enforcement requests were legal. But Securus cuts the carriers out of the review process, because the carriers do not receive the legal documents.

The letter called for an F.C.C. investigation into Securus, as well as the phone companies and their protections of user data. Mr. Wyden also sent letters to the major carriers, seeking audits of their relationships with companies that buy consumer data. Representatives for AT&T, Sprint, T-Mobile and Verizon said the companies had received the letters and were investigating.

(click here to continue reading Service Meant to Monitor Inmates’ Calls Could Track You, Too – The New York Times.)

In this particular instance, the 3rd parties selling your location data is called 3Cinteractive and LocationSmart, but there are hundreds more such companies who have built their businesses on turning your location into sellable data, most of which are relatively obscure.

Securus received the data from a mobile marketing company called 3Cinteractive, according to 2013 documents from the Florida Department of Corrections. Securus said that for confidentiality reasons it could not confirm whether that deal was still in place, but a spokesman for Mr. Wyden said the company told the senator’s office it was. In turn, 3Cinteractive got its data from LocationSmart, a firm known as a location aggregator, according to documents from those companies. LocationSmart buys access to the data from all the major American carriers, it says.

How does it work?

CBS News:

 “Envision a cell site,” says Allen (a typical tower appears in the photo above). “They’re triangular, and each side has about 120 degrees of sweep.” Every time a signal is transmitted to a nearby phone, says Allen, there is a round-trip delay to the mobile device and back. By using all three sides of the triangle to “talk” to the mobile device, the tower can triangulate which edge of the base station is closest to the device. “Typically the accuracy return varies,” says Allen. “In urban settings, it can be accurate down to several blocks; in suburban settings, several hundred meters.”

“We can locate any subscriber,” says Allen, “and companies want all those subscribers to be addressable,” or discoverable. Normally, this requires passing through some privacy gateways, says Allen. “The end user must opt in through a Web portal or SMS, or an app like Foursquare,” he says, per “universal” CTIA and MMA guidelines, and carriers’ own privacy protocol.

But with enterprise services, there’s a catch. “In a workplace scenario, the corporate entity has the right to opt-in those devices,” says Allen. “The [employee] is typically notified, but the opt-in is up to the employer.”

In other words: if your employer owns your phone, tablet or 3G-enabled computer, they’re entitled to own your location, too.

(click here to continue reading iPhones as Homing Beacons: How AT&T and Verizon Help Companies Track Employees – CBS News.)

Apple Rising
Apple Rising

Even Apple, a corporation that prides itself on not selling users data as much as their competitors, has acknowledged that users data has sometimes been sold.

9To5 Mac reports:

Over the last few days, Apple has seemingly started cracking down on applications that share location data with third-parties. In such cases, Apple has been removing the application in question and informing developers that their app violates two parts of the App Store Review Guidelines…

Sylvania HomeKit Light Strip Thus far, we’ve seen several cases of Apple cracking down on these types of applications. The company informs developers via email that “upon re-evaluation,” their application is in violation of sections 5.1.1 and 5.1.2 of the App Store Review Guidelines, which pertain to transmitting user location data and user awareness of data collection.

Legal – 5.1.1 and Legal 5.1.2

The app transmits user location data to third parties without explicit consent from the user and for unapproved purposes.

Apple explains that developers must remove any code, frameworks, or SDKs that relate to the violation before their app can be resubmitted to the App Store

(click here to continue reading Apple cracking down on applications that send location data to third-parties | 9to5Mac.)

Written by Seth Anderson

May 11th, 2018 at 8:26 am

Facebook Doesn’t Pay You Because That’s Not Their Model

without comments

Fuck The Internet
Fuck The Internet

In the context of describing yet another social network aimed at Facebook, albeit one that allegedly will pay you for your content1 Wired reports:

DURING MARK ZUCKERBERG’S over 10 hours of Congressional testimony last week, lawmakers repeatedly asked how Facebook makes money. The simple answer, which Zuckerberg dodged, is the contributions and online activities of its over two billion users, which allow marketers to target ads with razor precision. In which case, asked representative Paul Tonko (D – New York), “why doesn’t Facebook pay its users for their incredibly valuable data?”

(click here to continue reading Minds Is the Anti-Facebook That Pays You For Your Time | WIRED.)

Yeah, Facebook doesn’t want to really discuss this key aspect of their business in public: all their wealth is based on the mining and reselling of their users data. It was never a hidden fact, it was always known to anyone who bothered to ask, but Facebook doesn’t really like to explain it so that the majority realize they are the product being sold.

So let’s be clear, Facebook, Snapchat, Instagram, and Twitter even2 only exist to collect data about their users, and use information gleaned from their users to sell to corporations, or governments, etc. That is the model. If everyone, including your grandmother, and my 14 year old nephew understands this basic fact, we’ll all benefit as a society.

Footnotes:
  1. in cryptocurrency []
  2. which I still use frequently, maybe even more than I should []

Written by Seth Anderson

April 19th, 2018 at 11:19 am

Posted in Advertising,Business

Tagged with , ,

Facebook Tracks Non-Users

without comments

Eyeing John Marshall Law School 

HuffPo reports disturbing news:

Concern about Facebook Inc’s respect for data privacy is widening to include the information it collects about non-users, after Chief Executive Mark Zuckerberg said the world’s largest social network tracks people whether they have accounts or not.

Privacy concerns have swamped Facebook since it acknowledged last month that information about millions of users wrongly ended up in the hands of political consultancy Cambridge Analytica, a firm that has counted U.S. President Donald Trump’s 2016 electoral campaign among its clients.

Zuckerberg said on Wednesday under questioning by U.S. Representative Ben Luján that, for security reasons, Facebook also collects “data of people who have not signed up for Facebook.”

(click here to continue reading Facebook’s Tracking Of Non-Users Sparks Broader Privacy Concerns | HuffPost.)

Wha? That seems problematic. How are these people consenting?

Of course, as this blog has discussed multiple times, there are hundreds or even thousands of digital advertising firms that track each and all of us, whether or not we’ve consented, or are even aware. Their model is to make money off of the data of others, and perhaps to share that data with NSA and other US intelligence agencies. Facebook is one of the higher profile firms, but they are not alone.

There is also the European Union’s new privacy law, the GDPR.1

Wiki:

GDPR extends the scope of EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover or €20 million, whichever is higher. The GDPR also brings a new set of “digital rights” for EU citizens in an age of an increase of the economic value of personal data in the digital economy.

 

(click here to continue reading General Data Protection Regulation – Wikipedia.)

Footnotes:
  1. General Data Protection Regulation []

Written by Seth Anderson

April 15th, 2018 at 11:18 am

Posted in Business

Tagged with ,

Facebook hackers could have collected personal data of 2 billion users

without comments

No Need To Look The Other Way
No Need To Look The Other Way. 

From the Washington Post we learn that basically every piece of data Facebook collected about you has been shared with the digital marketing world, and the dark web whether you agreed to do that or not:

Facebook said Wednesday that “malicious actors” took advantage of search tools on its platform, making it possible for them to discover the identities and collect information on most of its 2 billion users worldwide.

…But the abuse of Facebook’s search tools — now disabled — happened far more broadly and over the course of several years, with few Facebook users likely escaping the scam, company officials acknowledged.

The scam started when hackers harvested email addresses and phone numbers on the “dark Web,” where criminals post information stolen in data breaches over the years. Then the hackers used automated computer programs to feed the numbers and addresses into Facebook’s “search” box, allowing them to discover the full names of people affiliated with the phone numbers or addresses, along with whatever Facebook profile information they chose to make public, often including their profile photos and hometowns.

Names, phone numbers, email addresses and other personal information amount to critical starter kits for identity theft and other malicious online activity, experts on Internet crime say. The Facebook hacks allowed bad actors to tie raw data to people’s real identities and build fuller profiles of them.

Developers who in the past could get access to people’s relationship status, calendar events, private Facebook posts and much more data will now be cut off from access or be required to endure a much stricter process for obtaining the information, Facebook said.

Until Wednesday, apps that let people input Facebook events into their calendars could also automatically import lists of all the people who attended the events, Facebook said. Administrators of private groups, some of which have tens of thousands of members, could also let apps scrape the Facebook posts and profiles of members of those groups. App developers who want this access will now have to prove that their activities benefit the group. Facebook will now need to approve tools that businesses use to operate Facebook pages. A business that uses an app to help it respond quickly to customer messages, for example, will not be able to do so automatically. Developers’ access to Instagram will also be severely restricted.

Facebook is banning apps from accessing users’ information about their religious or political views, relationship status, education, work history, fitness activity, book reading habits, music listening and news reading activity, video watching and games. Data brokers and businesses collect this type of information to build profiles of their customers’ tastes.

(click here to continue reading Facebook hackers could have collected personal data of 2 billion users .)

Heck of a network you’ve created, Zuckerberg. 

There is no way to put this information back into the bottle, the only thing left to do is protecting future information from being harvested, and perhaps punishing Facebook for its lackadaisical approach to protecting the world’s personal data. Shut them down!

Speaking for myself, I don’t feel too worried, I always was a bit leery with giving Facebook access to my actual information. They do have my birthday, and where I went to school, but nearly everything else I put in my profile was faux information, or things available elsewhere. For a long time, I’ve used the Facebook API and other tools1 to automatically post photos from Flickr, Instagram, blog entries, etc. But who knows, perhaps I wasn’t careful enough to always delete my Facebook cookies, and so they scraped more information about me than I know. I did use the Facebook app for a few months before deleting it off of my iOS devices, but all it takes is a moment of unguarded attention, and the freaks at Facebook will vacuum up everything not nailed down. So the dark web may know more about me than I know. 

In Your Bubble Where Nothing Goes Wrong
In Your Bubble Where Nothing Goes Wrong

Barbara Ortutay adds:

 

On Monday all Facebook users will receive a notice on their Facebook feeds with a link to see what apps they use and what information they have shared with those apps. They’ll have a chance to delete apps they no longer want. Users who might have had their data shared with Cambridge Analytica will be told of that. Facebook says most of the affected users are in the U.S.

As part of the steps it’s taking to address scrutiny about outsiders’ access to user data, Facebook outlined several changes to further tighten its policies. For one, it is restricting access that apps can have to data about users’ events, as well as information about groups such as member lists and content.

In addition, the company is also removing the option to search for users by entering a phone number or an email address. While this helped individuals find friends, Facebook says businesses that had phone or email information on customers were able to collect profile information this way. Facebook says it believes most of its 2.2 billion users had their public profile information scraped by businesses or various malicious actors through this technique at some point. Posts and other content set to be visible only to friends weren’t collected.

This comes on top of changes announced a few weeks ago. For example, Facebook has said it will remove developers’ access to people’s data if the person has not used the app in three months.

 

 

(click here to continue reading Facebook scandal affected more users than thought: up to 87M – Chicago Tribune.)

Sure, sure. I bet that will solve everything.

Footnotes:
  1. IFTTT, for instance []

Written by Seth Anderson

April 5th, 2018 at 11:24 am

Posted in Advertising,Business

Tagged with ,

Facebook Data Dump

without comments

Hell Facebook Ad
Hell – Facebook Ad.

So I took the time to download my entire Facebook data file, unzip the files and peruse it. If you want to do the same, go here https://www.facebook.com/settings

or for instance, read the instructions Abby Ohlheiser wrote in the WaPo:

In the Facebook settings for your account — right below the link to deactivate it — there’s an option to download a copy of all your Facebook data. The file can be a creepy wake-up call: All those years of  browsing the News Feed, and sharing selfies, engagements and birthday wishes on Facebook have taught the company quite a lot about you. You, the user, are part of the reason that Facebook has become so good at targeting ads. You’re giving them everything they need to do it.

Here’s a link that will take you right to the settings page, if you’re logged in to your account. One there, click on the link to download your archive, and follow the prompts

(click here to continue reading Here’s how to download all your data from Facebook. It might be a wake-up call. – The Washington Post.)

I was curious what exactly Facebook knows, especially since I’ve always been somewhat cautious about what I post there. At least I thought I was careful. Turns out Facebook has a huge list of people from my address book, most of which are not actual friends on Facebook1 or several deceased people. I guess one time Facebook copied my phonebook? A lot of the data is old, and not up to date, but there it is anyway.

Then there is the Facebook advertising selects (listed below because it is a big freaking list)

Read the rest of this entry »

Footnotes:
  1. a lawyer nemesis, for instance, or US Dept. of State – Passports, former dentists []

Written by Seth Anderson

March 28th, 2018 at 2:26 pm

Posted in Advertising

Tagged with ,

Facebook Delays Home-Speaker Unveil Amid Data Crisis

without comments

Listening To Ghosts Passing Through
Listening To Ghosts Passing Through

Ya think?:

Facebook Inc. has decided not to unveil new home products at its major developer conference in May, in part because the public is currently so outraged about the social network’s data-privacy practices, according to people familiar with the matter.

The company’s new hardware products, connected speakers with digital-assistant and video-chat capabilities, are undergoing a deeper review to ensure that they make the right trade-offs regarding user data, the people said. While the hardware wasn’t expected to be available until the fall, the company had hoped to preview the devices at the largest annual gathering of Facebook developers, said the people, who asked not to be named discussing internal plans.

The devices are part of Facebook’s plan to become more intimately involved with users’ everyday social lives, using artificial intelligence — following a path forged by Amazon.com Inc. and its Echo in-home smart speakers. As concerns escalate about Facebook’s collection and use of personal data, now may be the wrong time to ask consumers to trust it with even more information by placing a connected device in their homes. A Facebook spokeswoman declined to comment.

(click here to continue reading Facebook Delays Home-Speaker Unveil Amid Data Crisis – Bloomberg.)

Yes, what do consumers really want from Facebook right but a listening device right in their living rooms! No need to change your privacy settings now, Facebook won’t need to log your incoming/outgoing phone calls, they’ll just have the entire conversation instead! Whoo hoo!

Written by Seth Anderson

March 27th, 2018 at 10:20 pm

Posted in Business

Tagged with ,

Illinois Condo Law Update Might Be Un-Updated

without comments

Little Boxes
Little Boxes

Lawmakers who wrote this bill must all live in houses and townhomes: not in condo buildings. Every building has some percentage of malcontents, and who wants to be deluged with complaints from those who never offer solutions, only problems? Especially in condominiums where the Board is an unpaid, volunteer position.

It’s the part about “telephone numbers and email addresses” that is causing a ruckus, and the ruckus has taken lawmakers by surprise.

Gene Fisher is the executive director of the Diversey Harbor Lakeview Association, a coalition of elected leaders from north lakefront condominium associations. Board members are concerned that publication of their personal contact information will exacerbate harassment from dissatisfied owners, he said.

“As one of our members put it, ‘Every building has some hostile occupants. What board member wants to get repetitive crank calls from owners who do nothing but complain, or have their email filled with crank messages?’” he said.

Such egregious behaviors could discourage qualified and responsible owners from serving on their association boards, he added.

“Many owners are very protective of their personal information,” said Derek Wilkinson, vice president at Associa Chicagoland, a management company. “They do not want every person in their association to have easy access to their personal contact information. There is no ability to opt out of this information sharing, so many owners and board members are feeling powerless.”

Some owners have said they will delete their email accounts, said Timothy Patricio, property manager at Park Tower Condominium Association in Chicago.

(click here to continue reading Amendment to Illinois condo law sparks outcry, leaves owners and board members ‘feeling powerless’ – Chicago Tribune.)

In Chicago at least, there has been serious talk of an ordinance that will supersede this law. Alderman Brendan Reilly of the 42nd Ward1 and his colleague Brian Hopkins of the 2nd Ward introduced Amendment of Municipal Code Section 13-72-080 concerning requirements for examination of condominium association records by unit owners (PDF)

Can t Get Out of Here
Can’t Get Out of Here

Howard Dakoff recently wrote:

 

On Jan. 17, 2018, Hopkins and Reilly did introduce a Chicago ordinance that would prohibit Chicago unit owners (other than board members) from obtaining a list of unit owners’ email addresses and phone numbers among other personal information. The ordinance goes even further and allows a condominium association to opt out of other mandated Section 19 disclosure requirements with a two-thirds vote of the unit owners.

 

The ordinance is in direct contradiction to the provisions of Section 19, and while the aldermen believe the city of Chicago possesses the authority to do so under a legal doctrine called “home rule” (where a municipality has the authority to adopt its own legislation that might even be contrary to other applicable statutes), the proposed ordinance is quite aggressive in its breadth. There is disagreement among attorneys as to whether the ordinance can outright nullify mandated provisions of Section 19.

 

If the ordinance is adopted, it is likely there will be litigation to follow for a judicial determination regarding whether the ordinance can accomplish its objectives.

 

 

(click here to continue reading Aldermen introduce ordinance to strike down controversial part of Illinois condo law – Chicago Tribune.)

I guess if I had to provide email/phone, I could use a Google Voice account, and create a “burner” email, but the process seems ridiculous. I hope either the Chicago ordinance is passed soon, or the IL legislature revises the underlying law. Or both could happen: Chicago passes the Reilly/Hopkins ordinance, and then eventually the entire state follows suit at some later time.

Footnotes:
  1. the best Ward!! []

Written by Seth Anderson

March 23rd, 2018 at 9:48 am

ex-Facebook insider says covert data harvesting was routine

without comments

No Information Left Of Any Kind
No Information Left Of Any Kind

The Facebook exposé continues at The Guardian. Privacy enthusiasts have known or suspected this was Facebook’s business model all along, it is good to make Facebook’s practices more well known to the general public.

Hundreds of millions of Facebook users are likely to have had their private information harvested by companies that exploited the same terms as the firm that collected data and passed it on to Cambridge Analytica, according to a new whistleblower.

Sandy Parakilas, the platform operations manager at Facebook responsible for policing data breaches by third-party software developers between 2011 and 2012, told the Guardian he warned senior executives at the company that its lax approach to data protection risked a major breach.

 “My concerns were that all of the data that left Facebook servers to developers could not be monitored by Facebook, so we had no idea what developers were doing with the data,” he said.

Parakilas said Facebook had terms of service and settings that “people didn’t read or understand” and the company did not use its enforcement mechanisms, including audits of external developers, to ensure data was not being misused.

Asked what kind of control Facebook had over the data given to outside developers, he replied: “Zero. Absolutely none. Once the data left Facebook servers there was not any control, and there was no insight into what was going on.”

Parakilas said he “always assumed there was something of a black market” for Facebook data that had been passed to external developers. However, he said that when he told other executives the company should proactively “audit developers directly and see what’s going on with the data” he was discouraged from the approach.

He said one Facebook executive advised him against looking too deeply at how the data was being used, warning him: “Do you really want to see what you’ll find?” Parakilas said he interpreted the comment to mean that “Facebook was in a stronger legal position if it didn’t know about the abuse that was happening”.

He added: “They felt that it was better not to know. I found that utterly shocking and horrifying.”

(click here to continue reading ‘Utterly horrifying’: ex-Facebook insider says covert data harvesting was routine | News | The Guardian.)

As a side note, if you have a few dollars to throw at the feet of The Guardian, they’ve done heroic work on this story, and don’t have a paywall. Support heroic journalism!

Written by Seth Anderson

March 20th, 2018 at 8:24 am

Posted in Advertising,Business

Tagged with ,

How Trump Consultants Exploited the Facebook Data of Millions While Facebook Winked

without comments

Revolution of The Innocent
Revolution of The Innocent…

Cambridge Analytica, remember them?

All the more reason to cut back on the amount of time you spend at Facebook, and all the more reason to give Facebook and similar data-mining corporations fake information whenever possible:

As the upstart voter-profiling company Cambridge Analytica prepared to wade into the 2014 American midterm elections, it had a problem.

The firm had secured a $15 million investment from Robert Mercer, the wealthy Republican donor, and wooed his political adviser, Stephen K. Bannon, with the promise of tools that could identify the personalities of American voters and influence their behavior. But it did not have the data to make its new products work.

So the firm harvested private information from the Facebook profiles of more than 50 million users without their permission, according to former Cambridge employees, associates and documents, making it one of the largest data leaks in the social network’s history. The breach allowed the company to exploit the private social media activity of a huge swath of the American electorate, developing techniques that underpinned its work on President Trump’s campaign in 2016.

But the full scale of the data leak involving Americans has not been previously disclosed — and Facebook, until now, has not acknowledged it. Interviews with a half-dozen former employees and contractors, and a review of the firm’s emails and documents, have revealed that Cambridge not only relied on the private Facebook data but still possesses most or all of the trove.

Cambridge paid to acquire the personal information through an outside researcher who, Facebook says, claimed to be collecting it for academic purposes.

During a week of inquiries from The Times, Facebook downplayed the scope of the leak and questioned whether any of the data still remained out of its control. But on Friday, the company posted a statement expressing alarm and promising to take action.

“This was a scam — and a fraud,” Paul Grewal, a vice president and deputy general counsel at the social network, said in a statement to The Times earlier on Friday. He added that the company was suspending Cambridge Analytica, Mr. Wylie and the researcher, Aleksandr Kogan, a Russian-American academic, from Facebook. “We will take whatever steps are required to see that the data in question is deleted once and for all — and take action against all offending parties,” Mr. Grewal said.

(click here to continue reading How Trump Consultants Exploited the Facebook Data of Millions – The New York Times.)

Smile Through It All
Smile Through It All

Yeah, Facebook is going to “take action”. How? By admitting that they accumulate and sell way more personal information than their users know? By deleting this information? What exactly is the action that Facebook is going to do that will miraculously solve their bad PR?

The data analytics firm that worked with Donald Trump’s election team and the winning Brexit campaign harvested millions of Facebook profiles of US voters, in the tech giant’s biggest ever data breach, and used them to build a powerful software program to predict and influence choices at the ballot box.

A whistleblower has revealed to the Observer how Cambridge Analytica – a company owned by the hedge fund billionaire Robert Mercer, and headed at the time by Trump’s key adviser Steve Bannon – used personal information taken without authorisation in early 2014 to build a system that could profile individual US voters, in order to target them with personalised political advertisements.

Christopher Wylie, who worked with an academic at Cambridge University to obtain the data, told the Observer: “We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis that the entire company was built on.”

Documents seen by the Observer, and confirmed by a Facebook statement, show that by late 2015 the company had found out that information had been harvested on an unprecedented scale. However, at the time it failed to alert users and took only limited steps to to recover and secure the private information of more than 50 million individuals.

The New York Times is reporting that copies of the data harvested for Cambridge Analytica could still be found online; its reporting team had viewed some of the raw data.

(click here to continue reading Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach | News | The Guardian.)

Alarmist
Alarmist

From the Facebook statement:

In 2015, we learned that a psychology professor at the University of Cambridge named Dr. Aleksandr Kogan lied to us and violated our Platform Policies by passing data from an app that was using Facebook Login to SCL/Cambridge Analytica, a firm that does political, government and military work around the globe. He also passed that data to Christopher Wylie of Eunoia Technologies, Inc.

Like all app developers, Kogan requested and gained access to information from people after they chose to download his app. His app, “thisisyourdigitallife,” offered a personality prediction, and billed itself on Facebook as “a research app used by psychologists.” Approximately 270,000 people downloaded the app. In so doing, they gave their consent for Kogan to access information such as the city they set on their profile, or content they had liked, as well as more limited information about friends who had their privacy settings set to allow it.

Although Kogan gained access to this information in a legitimate way and through the proper channels that governed all developers on Facebook at that time, he did not subsequently abide by our rules. By passing information on to a third party, including SCL/Cambridge Analytica and Christopher Wylie of Eunoia Technologies, he violated our platform policies. When we learned of this violation in 2015, we removed his app from Facebook and demanded certifications from Kogan and all parties he had given data to that the information had been destroyed. Cambridge Analytica, Kogan and Wylie all certified to us that they destroyed the data.

(click here to continue reading Suspending Cambridge Analytica and SCL Group from Facebook | Facebook Newsroom.)

Since 2015, Robert Mercer’s team of anti-liberal hordes have been siphoning personal information from Facebook, and Facebook only suspended them yesterday. Who else is doing similar things? I bet the list is long, longer than I can even imagine. But Facebook is content to take the cash…and get Trump elected.

Embarrass
Embarrass

Bloomberg reported a while ago

Facebook Inc.’s platform was a crucial messaging tool for President Donald Trump’s 2016 campaign, according to the campaign’s digital director — who told CBS’s “60 Minutes” that he hand-picked pro-Trump “embeds” from the company to help him use the platform in targeted ways.

“Twitter is how [Trump] talked to the people, Facebook was going to be how he won,” Brad Parscale told “60 Minutes,” according to an excerpt of an interview that the program intends to air Sunday. The social-media platform was particularly valuable because it allows for targeted messaging, Parscale said, according to the excerpt.

Facebook’s employees showed up for work at his office multiple days a week to provide guidance on how to best use the company’s services, Parscale said in the interview excerpt. “I wanted people who supported Donald Trump,” he said — and he questioned the workers about their political views.

(click here to continue reading Facebook ‘Embeds’ Helped Trump Win, Digital Director Says – Bloomberg.)

Written by Seth Anderson

March 17th, 2018 at 9:31 am

Posted in Apple,Business

Tagged with , ,

Google now data mining credit card data

without comments

Cougle Comission - Fulton Market
Cougle Comission – Fulton Market

Inevitable, and yet still creepy

Google has begun using billions of credit-card transaction records to prove that its online ads are prompting people to make purchases – even when they happen offline in brick-and-mortar stores, the company said Tuesday.

The advance allows Google to determine how many sales have been generated by digital ad campaigns, a goal that industry insiders have long described as “the holy grail” of online advertising. But the announcement also renewed long-standing privacy complaints about how the company uses personal information.

To power its multibillion-dollar advertising juggernaut, Google already analyzes users’ Web browsing, search history and geographic locations, using data from popular Google-owned apps like YouTube, Gmail, Google Maps and the Google Play store. All that information is tied to the real identities of users when they log into Google’s services.

The new credit-card data enables the tech giant to connect these digital trails to real-world purchase records in a far more extensive way than was possible before. But in doing so, Google is yet again treading in territory that consumers may consider too intimate and potentially sensitive. Privacy advocates said few people understand that their purchases are being analyzed in this way and could feel uneasy, despite assurances from Google that it has taken steps to protect the personal information of its users.

(click here to continue reading Google now knows when its users go to the store and buy stuff – The Washington Post.)

Of course it buys happiness
Of course it buys happiness

especially since all this data is vulnerable to hackers

Paul Stephens, of Privacy Rights Clearinghouse, a consumer advocacy group based in San Diego, said only a few pieces of data can allow a marketer to identify an individual, and he expressed skepticism that Google’s system for guarding the identities of users will stand up to the efforts of hackers, who in the past have successfully stripped away privacy protections created by other companies after data breaches.

“What we have learned is that it’s extremely difficult to anonymize data,” he said. “If you care about your privacy, you definitely need to be concerned.”

Such data providers have been the targets of cybercriminals in the past. In 2015, a hack of data broker Experian exposed the personal information of 15 million people.

Written by Seth Anderson

May 24th, 2017 at 10:05 am

Posted in Advertising,Business

Tagged with ,

Illinois Senate approves Right to Know online privacy bill

without comments

Eye see u Willis
Eye see u 

Hmm, good news, though I expect Governor Rauner to veto it, for reasons…

The state Senate on Thursday approved the groundbreaking Right to Know Act, a measure that would require online companies such as Google, Facebook and Amazon to disclose to consumers what data about them has been collected and shared with third parties.

The bill, sponsored by Sen. Michael Hastings, D-Tinley Park, now heads to the Illinois House after passing on a 31-21 vote.

“I think this is a step forward for Illinois in terms of data privacy,” Hastings said Friday. “It gives people the right to know what information (internet companies are) selling to a third party.”

Illinois is taking center stage in the national debate over internet privacy legislation, which is shifting from the federal to state level. Congress voted in March to undo the Federal Communications Commission’s broadband privacy rules, which were adopted last fall under the Obama administration and set to go into effect this year.

President Donald Trump on April 3 signed the measure that repealed the broadband privacy rules.

The FCC protections would have required internet service providers, such as Comcast, Verizon and AT&T, to disclose what personal information they collect and share and would have required consent from consumers before sharing more sensitive information.

Privacy advocates believe Illinois and other states must step up to fill the void left by the shift in federal policy.

The Right to Know Act would require the operator of a commercial website or online service to make available “certain specified information” that has been disclosed to a third party and to provide an email address or toll-free telephone number for customers to request that information.

Major internet companies have been pushing back against the Illinois initiative, ramping up lobbying efforts as the privacy legislation advanced through the Senate, Hastings said. Online trade associations, including CompTIA, the Internet Association and NetChoice, also met with Hastings to voice opposition to the measure.

The Senate bill will head to committee in the House before it can be brought to a vote. A House committee approved a similar measure last month.

(click here to continue reading Illinois Senate approves Right to Know online privacy bill – Chicago Tribune.)

No Repercussions For You Yet
No Repercussions For You Yet

Of course the technology companies who have been profiting handsomely by selling our information are opposed to this bill, but that doesn’t mean it isn’t a good idea for consumers. I want, at minimum, to be able to share in the profits, and even better, a way to opt out entirely. Ha. Just for grins, read the text of the IL Senate bill to see what kinds of information being sold.

For instance:

(a) real name, alias, nickname, and user name.

(b) Address information, including, but not limited to, postal or e-mail.

(c) Telephone number.

(d) Account name.

(e) Social security number or other government-issued identification number, including, but not limited to, social security number, driver’s license number, identification card number, and passport number.

(f) Birthdate or age.

(g) Physical characteristic information, including, but not limited to, height and weight.

(h) Sexual information, including, but not limited to, sexual orientation, sex, gender status, gender identity, and gender expression.

(i) Race or ethnicity.

(j) Religious affiliation or activity.

(k) Political affiliation or activity.

(l) Professional or employment-related information.

(m) Educational information.

(n) Medical information, including, but not limited to, medical conditions or drugs, therapies, mental health, or medical products or equipment used.

(o) Financial information, including, but not limited to, credit, debit, or account numbers, account balances, payment history, or information related to assets, liabilities, or general creditworthiness.

(p) Commercial information, including, but not limited to, records of property, products or services provided, obtained, or considered, or other purchasing or consumer histories or tendencies.

(q) Location information.

(r) Internet or mobile activity information, including, but not limited to, Internet protocol addresses or information concerning the access or use of any Internet or mobile-based site or service.

(s) Content, including text, photographs, audio or video recordings, or other material generated by or provided by the customer.

Are you ok with Acxiom, Experian and other similar corporations collecting, collating, selling and re-selling this information about you? I’m not.

Written by Seth Anderson

May 6th, 2017 at 9:01 am

Posted in Business,government

Tagged with ,