I’m Being Followed: How Google—and 104 Other Companies—Are Tracking Me on the Web is a voyage into the invisible business that funds the web. Who are these companies and what do they want from me? Even if you’re generally familiar with the idea of data collection for targeted advertising, the number and variety of these data collectors will probably astonish you. Right now, a huge chunk of what you’ve ever looked at on the Internet is sitting in databases all across the world.
Many different companies want to know as much about me and what’s on my screen as they possibly can, although they have different reasons for their interest. To be clear, these companies gather data without attaching it to your name (most of the companies do not know names of the people they are following); they use that data to show you ads you’re statistically more likely to click. That’s the game, and there is substantial money in it. Some of the best minds of my generation are thinking about how to make people click ads (think for example how many highly talented people Google has). The online advertising industry argues that technology is changing so rapidly that regulation is not the answer to queasiness about all that data going off to who-knows-where.
The bad news is that people haven’t taken control of the data that’s being collected and traded about them. At the moment there is a fascinating scrum over what “Do Not Track” tools should do and what orders websites will have to respect from users. Do Not Track signals a user’s opt-out preference with an HTTP header. Several large third parties have already committed to honor Do Not Track, but many more have been recalcitrant.
It’s now time for us to watch the watchers. Track Who’s Tracking You With Mozilla Collusion. Collusion is a Firefox browser add-on that lets you track who’s tracking you across the web for behavioral targeting purposes. There is a demonstration put up at collusion.toolness.org, which takes you through five popular websites and visualizes the data collection companies that track you across them. From there, you can download the add-on if you want to see the tracking visualization of your own browsing behavior evolve in real-time.
Collusion looks to offer more transparency to users by creating a visualization of how your data is being spread to different companies as you navigate the web. Each time it detects data being sent to a behavioral tracker, it creates a red (advertisers), grey (websites) or blue dot on the visualization and shows the links between the sites you visit and the trackers they work with. Mozilla has created an online demo to show just how quickly your data ends up in the hands of dozens of different companies as you move on popular web popular sites.
If you need the source code, it’s all at github.com/toolness/collusion. For some more details take a look at Toolness Blog posting on Collusion. This is an interesting experiment to track on who is tracking you. Collusion is about alerting users to tracking that’s happening without their consent. Very interesting! The more access to metrics the better.
240 Comments
Tomi Engdahl says:
‘We don’t know if Google is operating outside EU law’
http://www.theregister.co.uk/2012/03/02/quotw_ending_march_2/
The CNIL and the EU data protection authorities are deeply concerned about the combination of personal data across services: they have strong doubts about the lawfulness and fairness of such processing, and about its compliance with the European Data Protection legislation.
We don’t know if Google is operating outside of EU law… I’m not going to say it isn’t lawful as it’s being investigated.
While Google continued to insist it wasn’t doing anything major at all, as director of privacy, product and engineering Alma Whitten said in a blog post:
The new policy doesn’t change any existing privacy settings or how any personal information is shared outside of Google. We aren’t collecting any new or additional information about users. We won’t be selling your personal data. And we will continue to employ industry-leading security to keep your information safe.
Tomi Engdahl says:
How Frictionless Sharing Could Undermine Your Legal Right to Privacy
http://www.theatlantic.com/technology/archive/2012/03/how-frictionless-sharing-could-undermine-your-legal-right-to-privacy/254277/
You are no doubt familiar, now, with Facebook’s concept of “frictionless sharing.” You enable a social reader like the one from the Washington Post and the next time you read an article on the site, news of that textual encounter is broadcast to your Facebook friends.
It is so easy. It seems so simple. But it could also create a fundamental shift in the way that judges view people’s expectations of privacy online.
In Fourth Amendment cases, the Supreme Court has to determine what “a reasonable expectation of privacy” actually is. If you do have that expectation of privacy, then the government needs a warrant to look into your communications.
“Justice Alito recently contemplated that we may be moving toward a world in which so many people share information with so many friends that social norms no longer indicate a reasonable expectation of privacy in that information,” Kaminski writes. “Without a reasonable expectation of privacy, there will be no warrant requirement for law enforcement to obtain that information. This analysis is troubling; sharing information with your friends should not mean that you expect it to be shared with law enforcement.”
Tomi Engdahl says:
90% of AU net users want ‘do not track’
http://www.theregister.co.uk/2012/03/14/punters_care_about_privacy/
Australian Internet users are turned off by overly-intrusive personal data collection, according to a study conducted by Queensland University, and we want more information about how information is collected and used.
The 1,100-sample survey into Australians’ attitudes to the collection and use of personal information also found that more than 90 percent of respondents support “do not track”-style regulations that would allow them to track how information about them is collected and used.
The study, which feeds into a growing unease about recent news such as Google’s revised privacy policy, also found that more than half of the people surveyed (56 percent) don’t want personally-targeted ads, and 64 percent don’t want personally-targeted news stories. This last result aligns with a Pew Internet & American Life study which found that 73 percent of Americans don’t like personalized search engine results.
dog says:
What’s up to every body, it抯 my first visit of this blog; this website includes remarkable and actually good data in favor of readers.
cats says:
Hi, just wanted to tell you, I loved this post. It was inspiring. Keep on posting!
Tomi Engdahl says:
Study shows how much information Facebook can mine just from relationship status changes
http://thenextweb.com/socialmedia/2012/03/22/study-shows-how-much-information-facebook-can-mine-just-from-relationship-status-changes/
The Right Time for Love: Tracking the Seasonality of Relationship Formation
https://www.facebook.com/notes/facebook-data-team/the-right-time-for-love-tracking-the-seasonality-of-relationship-formation/10150643989093859
Tomi Engdahl says:
Amid Privacy Concerns, Apple Has Started Rejecting Apps That Access UDIDs
http://techcrunch.com/2012/03/24/apple-udids/
Amid extra scrutiny from Congress around privacy issues, Apple this week has started rejecting apps that access UDIDs, or identification numbers that are unique to every iPhone and iPad.
Apple had already given developers a heads-up about the change more than six months ago when it said in some iOS documentation that it was going to deprecate UDIDs. But it looks like Apple is moving ahead of schedule with pressure from lawmakers and the media.
A few weeks ago, some of the bigger mobile-social developers told me that Apple had reached out and warned them to move away from UDIDs.
But this is the first time Apple has issued outright rejections for using UDIDs.
Playhaven, which helps developers monetize more than 1,200 games across iOS and Android, said several of its customers had been rejected in the last week. The company’s chief executive Andy Yang says that developers should try and stay as flexible as possible by supporting multiple ID systems until there’s a clear replacement.
“This is definitely happening,” Yang said. “In the next month or two, this is going to have an impact on all ad networks and apps using advertising. Everybody’s trying to make their own choices about what to use instead.”
This is a big deal because mobile ad networks use these ID numbers to make their advertising better targeted. Using UDIDs, mobile ad networks can track consumers from app to app to understand more about ads they respond to and apps they use most often.
“The UDID is essential for managing the conversion loop,”
“All the performance dollars that are spent on mobile are going to impacted by this not being there.”
At the same time, however, there are very real privacy risks tied to the widespread use of UDIDs. They’re more sensitive than cookies on the web because they can’t be cleared or deleted. And they’re tied to the most personal of devices — the phones we carry with us everywhere.
Tomi Engdahl says:
FTC Calls for “Privacy by Design”
http://allthingsd.com/20120326/ftc-calls-for-privacy-by-design/
The U.S. Federal Trade Commission today released a set of recommendations for businesses and Congress about the collection and use of consumers’ personal data.
This framework (PDF) has been in the works for years, and in the meantime there has been considerable progress on many of its final recommendations, both proactively by businesses themselves and through privacy investigations and settlements the FTC had with companies like Google and Facebook.
The FTC calls for “privacy by design,” simplified choices and greater transparency.
The report includes indications that the FTC is concerned about comprehensive tracking — the sort of stuff that companies like Google and Facebook are moving toward — though that’s one of the less-developed recommendations.
There are five main action items in the framework:
Do Not Track: This is probably the furthest along. Browser vendors are now offering do-not-track options for consumers to limit data collection, the Digital Advertising Alliance is committed to respecting them, and standards bodies are working to standardize.
Mobile: The FTC wants to make mobile privacy protections “short, effective and accessible to consumers on small screens.”
Data Brokers: This is a bigger one. The FTC wants a centralized Web site where data brokers identify themselves and disclose how they collect data. It also supports Congress’s efforts to give consumers access to data about them held by brokers.
Comprehensive Tracking: The FTC is concerned about ISPs, operating systems, browsers and social networks comprehensively tracking users’ online activities, but it won’t address this until a public workshop in the second half of this year.
Enforcing Self-Regulatory Codes: The FTC said it will help enforce industry-specific codes of conduct.
FTC REPORT:
Protecting Consumer Privacy in an Era of Rapid Change
http://www.ftc.gov/os/2012/03/120326privacyreport.pdf
In today’s world of smart phones, smart grids, and smart cars, companies are collecting, storing, and sharing more information about consumers than ever before. Although companies use this information to innovate and deliver better products and services to consumers, they should not do so at the expense of consumer privacy.
With this Report, the Commission calls on companies to act now to implement best practices to protect consumers’ private information. These best practices include making privacy the “default setting” for commercial data practices and giving consumers greater control over the collection and use of their personal data through simplified choices and increased transparency. Implementing these best practices will enhance trust and stimulate commerce.
FTC releases final privacy report, says ‘Do Not Track’ mechanism may be available by end of year
http://www.washingtonpost.com/business/technology/ftc-releases-final-privacy-report-says-do-not-track-mechanism-may-be-available-by-end-of-year/2012/03/26/gIQAzi23bS_story.html
The Federal Trade Commission on Monday outlined a framework for how companies should address consumer privacy, pledging that consumers will have “an easy to use and effective” “Do Not Track” option by the end of the year.
The FTC’s report comes a little over a month after the White House released a “privacy bill of rights” that called on companies to be more transparent about privacy and grant consumers greater access to their data but that stopped short of backing a do-not-track rule.
The FTC also said it plans to work with Web companies and advertisers to implement an industry-designed do-not-track technology so as to avoid a federal law that mandates it. The Digital Advertising Alliance, which represents 90 percent of all Web sites with advertising, is working with the Commerce Department and FTC to create an icon that would allow users an easy way to stop online tracking.
“Although some companies have excellent privacy and data securities practices, industry as a whole must do better,” the FTC said.
The 73-page report focuses heavily on mobile data, noting that the “rapid growth of the mobile marketplace” has made it necessary for companies to put limits on data collection, use and disposal. According to a recent report from Nielsen, 43 percent of all U.S. mobile phone subscribers own a smartphone.
“Unfairness is an elastic and elusive concept,” Rosch wrote, saying that it is difficult to determine how consumers feel about privacy.
Generation App: 62% of Mobile Users 25-34 own Smartphones
http://blog.nielsen.com/nielsenwire/online_mobile/generation-app-62-of-mobile-users-25-34-own-smartphones/
Tomi Engdahl says:
Feds issue final ‘Do Not Track’ privacy recommendations
http://www.theregister.co.uk/2012/03/26/ftc_online_privacy_report/
Welcome online protections or ‘Big Brother’ overreach?
The US Federal Trade Commission has issued its final report on the “best practices” companies should put in place regarding the collection of consumer information.
“If companies adopt our final recommendations for best practices – and many of them already have – they will be able to innovate and deliver creative new services that consumers can enjoy without sacrificing their privacy,” said FTC chairman Jon Leibowitz in a statement accompanying the release of the report, “Protecting Consumer Privacy in an Era of Rapid Change”.
“We are confident that consumers will have an easy to use and effective Do Not Track option by the end of the year,” Leibowitz added, “because companies are moving forward expeditiously to make it happen and because lawmakers will want to enact legislation if they don’t.”
The recommendations in Monday’s report focus on three core areas, which the FTC defines as Privacy by Design, Simplified Choice for Businesses and Consumers, and Greater Transparency.
companies should provide a Do Not Track option that is a “simple, easy way” for customers to control tracking and sharing of their online perigrinations.
The commission states that there has been ongoing voluntary progress in online privacy, and that companies have begun to compete with one another on the provision of privacy.
That said, the FTC argues that “self-regulation has not gone far enough,” and that “basic privacy concepts like transparency about the nature of companies’ data practices and meaningful consumer control are absent.”
Tomi Engdahl says:
This article ‘Supposedly’ was going to tell us ‘How Much Our Privacy/Data is Worth’. Just a bunch of hype that ended up not telling us anything at all of any consequence:
Just How Much Is Your Privacy Worth?
http://www.technologyreview.com/computing/39938/?p1=A5
A new study is one of the first to explore the monetary value of personal information shared online.
Most of us would shy away from making purchases in a foreign country if we didn’t know the exchange rate. Yet, if privacy is the true currency of the Internet, as many argue, millions of us are doing that very thing every day. Meanwhile, Internet giants amend their privacy policies in ways that allow them to harvest and sell even more of our personal data. While privacy campaigners protest, users generally vote with their clicks and carry on regardless.
“It turns out that when you are good on privacy you can charge more and make a greater profit,” says Sören Preibusch, of the University of Cambridge, one of the authors of the study, published by the European Network and Information Security Agency, an agency of the European Union.
“What people say in surveys is that they care about privacy, but what they actually do is spend their time constantly updating their status on Facebook,” says Alessandro Acquisti, codirector of the Center for Behavioral Decision Research at Carnegie Mellon University, who was not connected with the new research. “This has led some to conclude that people no longer care about privacy. This new data, along with similar work we have done in the U.S., shows this is not the case, and that the desire for privacy is not dead after all.”
–
It appears that when you are good on privacy and charge more, you lose market share, albeit your profit may be more. And, the majority of consumers do not care about privacy, if they can get even a small a discount instead.
Tomi Engdahl says:
Google’s New ‘Account Activity’ Is a Sham
When it comes to privacy, Google wants to be the good guy . Too bad that’s not enough.
http://www.technologyreview.com/blog/mimssbits/27681/
Google Account Activity is Google’s fairly transparent attempt to differentiate itself from Facebook by being open about what it knows about you. But in their attempt to not overwhelm you with the truly scary amount of data they have compiled about you, they boiled it all down into a super accessible milquetoast of a dashboard that tells you absolutely nothing.
On the one hand, I can understand why Google didn’t provide all this information in a single dashboard. If anyone were to log in to my account, it would be a one-stop shop for a level of privacy violation the world has never seen. But on the other hand, isn’t that precisely the point? This data exists. Google has it. I want to see it — and I want the option to delete it.
Tomi Engdahl says:
So What Exactly Can Location Aggregators Do With Our Foursquare Data?
http://allthingsd.com/20120403/so-what-exactly-can-location-aggregators-do-with-our-foursquare-data/
The widespread analysis of the matter was that Girls Around Me was creepy, but that people should realize that when they publish their locations online, bad things may happen. Technology writers, in our enthusiastically adopted roles as the white knights of online privacy, urged readers to lock down their Foursquare and Facebook profiles.
The situation made me curious about what, exactly, location aggregators are being allowed to do with our location data. It’s one thing to share where you are with your friends, or with what you think is a small audience of early adopters. But what’s more tricky — and can often feel icky — is when that information is exposed in a different context.
The point of sharing our locations is to explore new places, meet new people, and brag about doing cool stuff. I doubt that the majority of the population will be volunteering where they are on Foursquare anytime soon. But those of us who want a little more serendipity in our lives now know a bit more about how our information will be used.
cell phone numbers go public says:
I have been surfing online more than 4 hours today, yet I never found any interesting
article like yours. It is pretty worth enough for me.
In my view, if all site owners and bloggers made good content as you did,
the web will be much more useful than ever before.
Tomi Engdahl says:
This Internet provider pledges to put your privacy first. Always.
http://news.cnet.com/8301-31921_3-57412225-281/this-internet-provider-pledges-to-put-your-privacy-first-always/
Step aside, AT&T and Verizon. A new privacy-protecting Internet service and telephone provider still in the planning stages could become the ACLU’s dream and the FBI’s worst nightmare.
Nicholas Merrill is planning to revolutionize online privacy with a concept as simple as it is ingenious: a telecommunications provider designed from its inception to shield its customers from surveillance.
The ISP would not merely employ every technological means at its disposal, including encryption and limited logging, to protect its customers. It would also — and in practice this is likely more important — challenge government surveillance demands of dubious legality or constitutionality.
A decade of revelations has underlined the intimate relationship between many telecommunications companies and Washington officialdom.
By contrast, Merrill says his ISP, to be run by a non-profit called the Calyx Institute with for-profit subsidiaries, will put customers first. “Calyx will use all legal and technical means available to protect the privacy and integrity of user data,” he says.
In February 2004, the FBI sent Merrill a secret “national security letter” (not an actual court order signed by a judge) asking for confidential information about his customers and forbidding him from disclosing the letter’s existence. He enlisted the ACLU to fight the gag order, and won. A federal judge barred the FBI from invoking that portion of the law, ruling it was “an “unconstitutional prior restraint of speech in violation of the First Amendment.”
The next step for Merrill is to raise about $2 million and then, if all goes well, launch the service later this year. Right now Calyx is largely self-funded.
“I am getting a lot of stuff for free since everyone I’ve talked to is crazy about the idea,” Merrill says. “I am getting all the back-end software written for free by Riseup using a grant they just got.”
Tomi Engdahl says:
Why Facebook Terrifies Google
http://www.readwriteweb.com/archives/why_facebook_terrifies_google.php
Google is still the biggest, baddest online advertising company on the planet. Its $2.9 billion profit last quarter, announced yesterday, was almost as much as Facebook’s revenue for all of 2011.
But Facebook has something important that Google doesn’t, and it scares Google’s pants off: Facebook knows who you are, to an incredible level of detail. Because you tell it.
And then you’ll get to the magic: Facebook’s targeting page. Here, you can narrow your ad’s target by an incredible basket of options. Location, age, gender, precise interests (as volunteered!), Facebook connections, sexual orientation, relationship status, languages, education and specific workplaces.
Google’s search advertising product, on the other hand, only offers a fraction of this targeting.
That’s why Facebook, even though its business is much smaller than Google’s today, represents such a threat to Google. It’s only a matter of time until Facebook expands its advertising scale by opening the equivalent of “AdSense” – self-service ads for any site, using Facebook’s superior targeting capabilities. That actually goes directly after Google’s core business; that could hurt.
And that’s why Google+ is such a crucial project for Google – to get people logged in, sharing their information and interests with Google
Tomi Engdahl says:
Tim Berners-Lee urges government to stop the snooping bill
Extension of surveillance powers ‘a destruction of human rights’
http://www.guardian.co.uk/technology/2012/apr/17/tim-berners-lee-monitoring-internet
The government’s controversial plans to allow intelligence agencies to monitor the internet use and digital communications of every person in the UK suffered a fresh blow on Tuesday when the inventor of the world wide web warned that the measures were dangerous and should be dropped.
The British computer engineer, who devised the system that allows the creation of websites and links, said that of all the recent developments on the internet, it was moves by governments to control or spy on the internet that “keep me up most at night”.
The government ran into a storm of criticism earlier this month when it emerged that it was planning to allow GCHQ to monitor all communication on social media, Skype calls and email communication as well as logging every site visited by internet users in Britain.
Berners-Lee said: “The idea that we should routinely record information about people is obviously very dangerous. It means that there will be information around which could be stolen, which can be acquired through corrupt officials or corrupt operators, and [could be] used, for example, to blackmail people in the government or people in the military. We open ourselves out, if we store this information, to it being abused.”
Acknowledging growing concerns about online privacy, he said computer users received significant benefits from the vast amount of data that big web companies accumulate about them, but that increasingly they would seek to apply limits to how the data could be used, as well as demanding access to the data themselves.
Although Google now allows users to obtain all the data it holds about them and Facebook provides a similar, slower service, individual users were not yet being allowed to exploit all the information relating to them to make their lives easier. Armed with the information that social networks and other web giants hold about us, he said, computers will be able to “help me run my life, to guess what I need next, to guess what I should read in the morning, because it will know not only what’s happening out there but also what I’ve read already, and also what my mood is, and who I’m meeting later on”.
Tomi Engdahl says:
Tim Berners-Lee: demand your data from Google and Facebook
http://www.guardian.co.uk/technology/2012/apr/18/tim-berners-lee-google-facebook
Exclusive: world wide web inventor says personal data held online could be used to usher in new era of personalised services
Tim Berners-Lee, the father of the world wide web, has urged internet users to demand their personal data from online giants such as Google and Facebook to usher in a new era of highly personalised computer services “with tremendous potential to help humanity”.
In an interview with the Guardian, Berners-Lee said: “My computer has a great understanding of my state of fitness, of the things I’m eating, of the places I’m at. My phone understands from being in my pocket how much exercise I’ve been getting and how many stairs I’ve been walking up and so on.”
Exploiting such data could provide hugely useful services to individuals, he said, but only if their computers had access to personal data held about them by web companies. “One of the issues of social networking silos is that they have the data and I don’t … There are no programmes that I can run on my computer which allow me to use all the data in each of the social networking systems that I use plus all the data in my calendar plus in my running map site, plus the data in my little fitness gadget and so on to really provide an excellent support to me.”
Berners-Lee has in the past warned that the rise of social-networking “silos” such as Facebook, and “closed world” apps such as those released by Apple, which cannot be indexed by web search engines, threaten the openness and universality that the architects of the internet saw as central to its design.
“It’s interesting that people throughout the existence of the web have been concerned about monopolies. They were concerned [about] Netscape having complete control over the browser market until suddenly they started worrying that Microsoft had complete control of the browser market. So I think one of the lessons is that things can change very rapidly.
Tomi Engdahl says:
Spy tech exports from Europe face tighter scrutiny
Strasbourg mulls new rules on surveillance software by 2013
http://www.theregister.co.uk/2012/04/18/eu_may_monitor_tech_exports/
The EU could soon introduce rules to monitor the deployment of internet censorship technology in autocratic regimes including China and Saudi Arabia.
The European Parliament is proposing a resolution to strengthen the accountability of countries that export gear used to block websites and eavesdrop on mobile communications.
“There is a race between those harnessing new media to the purpose of liberation and those who seek to use it for repression,” said Richard Howitt, a British Labour-party MEP and the investigator appointed to look into the issue.
The resolution, which is expected to be passed in Strasbourg on Thursday, will ask the European Commission to come up with rules for improving oversight of EU countries’ exports of tools that can be used for censorship by next year.
The use of surveillance, censoring and spy software came to light after nations bent on restricting access to information and communication channels turned to countries where freedom of speech and other human rights are supposed to be upheld.
However, he also said that “surveillance equipment, including telephone intercept equipment, covers a wide variety of equipment and software, and generally is not controlled because of its use for a wide variety of legitimate uses and its easy and widespread availability”.
Tomi Engdahl says:
Privacyscores for the other Web (Facebook)
http://blog.privacychoice.org/
Deeper and more meaningful coverage of the Facebook universe has been by far the top user request since we launched Privacyscore. Today, we’re delivering our own Facebook app, Privacyscore for Facebook, with scores for hundreds of top Facebook apps, and research into the privacy practices of top app publishers. We’re also starting to roll out in-context privacy alerts, which proactively show an app’s Privacyscore at the moment where the app asks for permission through Facebook.
“Hundreds of millions of people use Facebook apps every day, sharing personal profile information widely across thousands of app providers,” said Jim Brock, PrivacyChoice Founder and CEO. “Each app provider has its own privacy policies, which in many cases lack even minimal assurances. Our research also revealed that those apps bring in scores of third-party tracking companies, which in many cases also lack basic protections, choices and oversight.”
“Facebook doesn’t control or enforce app privacy practices, so it’s up to users to know the privacy risk of sharing personal data with apps. Now users can easily check the Privacyscore for an app before allowing access to their own personal data and their friends’ profiles.”
“Facebook users deserve better than a C-plus when it comes to their privacy,” said Brock.
Lakita Yerton says:
Good job with the article man, I appreciate a good read occasionally
Tomi Engdahl says:
The FBI Workaround For Private Companies To Share Information With Law Enforcement Without CISPA
http://www.forbes.com/sites/kashmirhill/2012/04/26/the-fbi-workaround-for-private-companies-to-share-information-with-law-enforcement-without-cispa/
A debate is currently raging in Washington, D.C. and various politically-engaged spots on the Internet over CISPA, a bill that promises to increase cybersecurity by giving private companies carte blanche to hand over information about cyberthreats they see on their networks.
That saves the government the trouble of getting pesky subpoenas and warrants as required by the Constitution and privacy laws.
Opponents worry about all kinds of sensitive information being served up to the government on a silver platter given the legal immunity granted to companies in the bill and the murky definitions of what constitutes a “cyber threat.”
In 1997, long-time FBI agent Dan Larkin helped set up a non-profit based in Pittsburgh that “functions as a conduit between private industry and law enforcement.” Its industry members, which include banks, ISPs, telcos, credit card companies, pharmaceutical companies, and others can hand over cyberthreat information to the non-profit, called the National Cyber Forensics and Training Alliance (NCFTA), which has a legal agreement with the government that allows it to then hand over info to the FBI. Conveniently, the FBI has a unit, the Cyber Initiative and Resource Fusion Unit, stationed in the NCFTA’s office. Companies can share information with the 501(c)6 non-profit that they would be wary of (or prohibited from) sharing directly with the FBI.
“We can bring the pieces of intelligence together so we can see what it really is,” says Larkin of the advantage of bringing security specialists from different sectors together.
Tomi Engdahl says:
Tim Berners-Lee warns about web firms and CISPA
http://www.theinquirer.net/inquirer/news/2168691/tim-berners-lee-warns-web-firms-cispa
WORLD WIDE WEB INVENTOR Sir Tim Berners-Lee is not very happy with the way his baby is turning out and has called on people and firms to stop using it in the ways they do.
In a wide ranging discussion Berners-Lee took on internet giants and smartphone makers that have application stores, suggesting that they make use of users’ data to their own advantage.
He said that if users have control over their own information and online personas then they can use them to their own benefit. He explained that while the information resides in data silos belonging to giant web firms, this will never happen.
“[CISPA] is threatening the rights of people in America, and effectively rights everywhere, because what happens in America tends to affect people all over the world,” he explained.
“Even though the SOPA and PIPA acts were stopped by huge public outcry, it’s staggering how quickly the US government has come back with a new, different, threat to the rights of its citizens.”
Tomi Engdahl says:
Hacked Skype IP Address Search Shows Who’s Speaking From Where
http://yro.slashdot.org/story/12/05/01/1636230/hacked-skype-ip-address-search-shows-whos-speaking-from-where
“An online search portal has been launched that reveals the IP addresses of any Skype user. The portal needs only a Skype username entered in a search bar for it to produce the IP address of a target user. It then uses IP addresses to geo-locate users on a map and reveal their ISP information.”
Hacked Skype IP address search launched
http://www.scmagazine.com.au/News/298956,hacked-skype-ip-address-search-launched.aspx
Tomi Engdahl says:
Interesting claims on this article:
Google knows and records the physical location – even on the wire-line
I came across recently a very interesting property of Google’s map service ( http://www.googlemaps.com ). Google can guess the surfers’ physical address unbelievably well.
This feature makes all the more surprising by the fact that I happened to sit down while trying out a job office in Espoo, and the network connection was attached to an Ethernet cable.
Obviously, Google has entered the wireless LAN base station location information will therefore be able to locate the user. Upon receipt of location request, the Chrome web browser apparently smells what the wireless LANs in the near terrain and communicates this to the server.
Both Internet Explorer, Google Chrome will ask the user for permission to locate. It is still a very wild idea, that the browser itself, if necessary information is the user’s physical location. Location of sensitive information, and this level of security should be the operating system level, not only in the browser.
Data protection authorities must be particularly careful with the physical location of data storage and processing. Google, or any other company does not allow routinely take advantage of this without users’ explicit permission.
European data protection authorities will not accept the automatic wireless network identifiers in the collection, the location of the database on the basis of the formation of these, and especially the opt-out-based procedure for such activities.
Source:
http://blogit.tietokone.fi/ossi/2012/04/google-tietaa-ja-tallentaa-fyysisen-sijaintisi/
Tomi Engdahl says:
FBI: We need wiretap-ready Web sites – now
http://news.cnet.com/8301-1009_3-57428067-83/fbi-we-need-wiretap-ready-web-sites-now/
CNET learns the FBI is quietly pushing its plan to force surveillance backdoors on social networks, VoIP, and Web e-mail providers, and that the bureau is asking Internet companies not to oppose a law making those backdoors mandatory.
The FBI is asking Internet companies not to oppose a controversial proposal that would require firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance.
“If you create a service, product, or app that allows a user to communicate, you get the privilege of adding that extra coding,” an industry representative who has reviewed the FBI’s draft legislation told CNET. The requirements apply only if a threshold of a certain number of users is exceeded, according to a second industry representative briefed on it.
The FBI’s proposal would amend a 1994 law, called the Communications Assistance for Law Enforcement Act, or CALEA, that currently applies only to telecommunications providers, not Web companies. The Federal Communications Commission extended CALEA in 2004 to apply to broadband networks.
A further expansion of CALEA is unlikely to be applauded by tech companies, their customers, or privacy groups. Apple (which distributes iChat and FaceTime) is currently lobbying on the topic, according to disclosure documents filed with Congress two weeks ago. Microsoft (which owns Skype and Hotmail) says its lobbyists are following the topic because it’s “an area of ongoing interest to us.” Google, Yahoo, and Facebook declined to comment.
From the FBI’s perspective, expanding CALEA to cover VoIP, Web e-mail, and social networks isn’t expanding wiretapping law: If a court order is required today, one will be required tomorrow as well. Rather, it’s making sure that a wiretap is guaranteed to produce results.
But that nuanced argument could prove radioactive among an Internet community already skeptical of government efforts in the wake of protests over the Stop Online Piracy Act, or SOPA, in January, and the CISPA data-sharing bill last month. And even if startups or hobbyist projects are exempted if they stay below the user threshold, it’s hardly clear how open-source or free software projects such as Linphone, KPhone, and Zfone — or Nicholas Merrill’s proposal for a privacy-protective Internet provider — will comply.
But industry groups aren’t necessarily going to roll over without a fight. TechAmerica, a trade association that includes representatives of HP, eBay, IBM, Qualcomm, and other tech companies on its board of directors, has been lobbying against a CALEA expansion. Such a law would “represent a sea change in government surveillance law, imposing significant compliance costs on both traditional (think local exchange carriers) and nontraditional (think social media) communications companies,” TechAmerica said in e-mail today.
Tomi Engdahl says:
Google may not be evil, but it’s also not trustworthy
http://www.latimes.com/business/la-fi-0513-hiltzik-20120513,0,4061872.column
Google still trades comfortably on its image as a benevolent, touchy-feely company, but it has become impossible to ignore its lengthening string of privacy and regulatory missteps.
You’ve heard all about how banks present a danger to the financial system once they become “too big to fail” (I’m looking at you, JPMorgan Chase). Here’s the equivalent question about a much different company: Has Google become too big to trust?
To ask the question is to answer it, but in case that’s not explicit enough, the answer plainly is yes.
It’s become impossible to ignore Google’s lengthening string of privacy and regulatory missteps. The company has been found by the Federal Communications Commission to have collected and kept emails and Web browsing histories, even passwords, of individuals whose Wi-Fi signals were intercepted by vehicles photographing street scenes for its Street View program. Google stands accused of lying about the practice and resisting a government investigation of the case.
None of this means that you shouldn’t do business with Google or utilize its programs. In many respects Google is an admirable company, and in some respects well ahead of its tech sector peers.
In defending its customers against government encroachment on user privacy, Google ranks tops among corporations tracked by the Electronic Freedom Foundation’s “Who Has Your Back?” campaign, by a safe margin. “They’ll stand up to the government when it comes looking for information,” EFF General Counsel Cindy Cohn explained.
Still, that doesn’t mean you should view Google as a public service institution.
The best that can be said about all this is that Google is undergoing evolution from a calling to a corporation. Former Google executive James Whittaker, explaining recently why he quit the company, wrote on a Microsoft blog that the Google he joined years ago was “a technology company that empowered its employees to innovate. The Google I left was an advertising company with a single corporate-mandated focus.”
There’s nothing evil about Google being such a company, but there’s nothing smart about trusting it blindly.
Tomi Engdahl says:
One in two punters don’t mind cookie-spewing stalking ads
Survey: Do not track, or do if you want
http://www.theregister.co.uk/2012/05/16/nearly_50_percent_of_surveryed_people_do_not_mind_behavioural_ads/
Nearly half of UK internet users are happy for advertisers to track their online activity in order to deliver more targeted ads, according to new survey figures.
As many as 45 per cent of 2,001 internet users aged 16 or over said they were happy for advertisers to track their online behaviour in order to deliver personalised ads, according to the survey results published by trade body the Internet Advertising Bureau UK (IAB) and ValueClick, the online advertising network.
The internet users also said they generally prefer to see fewer adverts that are relevant to them than a higher number of ads of lesser relevance, with 59% supportive of that view.
Only 10% of internet users would be happy to pay for internet content they currently can access for free if advertising on those sites was removed, whilst nearly a third said they had made a purchase on the strength of an internet-placed ad, according to the survey report.
Of those surveyed 89% said they want to control their online privacy, but 28% said they were happy for internet businesses to store and share their personal data if those firms are transparent about the activity. Only 19% of internet users do not “actively take steps” to protect their online privacy, according to the survey results.
The Internet Advertising Bureau (IAB) Europe has developed a voluntary code that requires businesses sign up to display an icon if they use adverts that track users’ behaviour. If users click on the icon they are taken to a website that will enable them to switch off behavioural adverts delivered by companies that use the icon.
Under the voluntary code, website operators must also give users access to any easy method for turning off cookie-tracking on their own site, and must make it known to users that they collect data on them for behavioural advertising.
However, despite praise for the framework from EU Commissioner Neelie Kroes and the UK’s Culture Minister Ed Vaizey, the IAB’s voluntary code has drawn criticism from an EU privacy watchdog.
Under the EU’s Privacy and Electronic Communications Directive storing and accessing information on users’ computers is only lawful “on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information … about the purposes of the processing”.
An exception exists where the cookie is “strictly necessary” for the provision of a service “explicitly requested” by the user – so cookies can take a user from a product page to a checkout without the need for consent, for example.
The Directive takes its definition of ‘consent’ from EU data protection laws, which state that consent must be “freely given, specific and informed”.
A lack of an adequate technical solution within browser settings to enable user consent to cookies to be expressed was attributed by the ICO as the reason for the year’s enforcement hiatus.
Subsequent developments have been made in the US towards the development of browser ‘opt out’ tools that would enable internet users to control what ads they receive.
The ICO has issued non-prescriptive guidance on how website operators can meet the new consent requirements whilst they await the developments in browser settings.
The ICO has left it up to individual operators to determine what methods to choose.
Last month the watchdog said that it is “highly unlikely” to take action against the users of data analytics cookies on websites if they fall foul of new EU rules on cookie consent under its imminent new enforcement regime. Most sites use cookies to measure the number of users of their site and how they use it. These are data analytics cookies.
Tomi Engdahl says:
What Britons need to know about U.K. ‘cookie law’
http://news.cnet.com/8301-1023_3-57442294-93/what-britons-need-to-know-about-u.k-cookie-law/
Let’s be honest, the U.K. has made a right hash-up of implementing the cookie law from start to finish. It came into force Saturday. Here’s everything you need to know.
If you’ve seen a “cookie settings” warning like this recently, you’re not the only one.
A few high-profile U.K. Web sites have in the past few days started to warn its visitors that it uses cookies on their sites.
You had until today to comply with the new European cookie law.
You won’t be the only one, though. It is thought the majority of U.K. Web sites are breaking the law that dictates how users’ are tracked and logged, despite having more than a year to prepare for the changes.
Here’s what you need to know.
What’s the lowdown: E.U. cookie law or U.K. cookie law?
The E.U.’s “e-Privacy” Directive, which first came into force in 2002, was amended in 2009. Each of the E.U.’s 27 member states were told to bring the directive into their own member state’s law by this time last year, including the United Kingdom.
The U.K.’s amended Privacy and Electronic Communication Regulations (PECR) Act 2011 was brought into force on May 26, 2011. The law stated, among other things, that companies operating in the E.U. and the U.K. must obtain the consent from its Web site users.
Some major Web sites, such as the BBC, have implemented new systems to inform users and allow them to opt-out.
The directive dictates that users should be aware of which kind of cookie is being set, varying from “essential” cookies, such as those used to remember which goods are in your e-shopping cart, to “non-essential” cookies that can be used to track user behavior.
But cookies are only a small part of online tracking, right?
Correct. The E.U. Directive contains only a portion relating to cookies, but also targets “non-essential tracking,” regardless of whether a cookie is involved or not.
As much as 40 percent of tracking activity is often not related to cookies, so a “cookie audit” should look outside other tracking technologies.
Define “consent,” exactly.
In the vast majority of cases, a pop-up or some kind of obvious box will appear on a Web site asking a user to tick a box and hit a button. This means a user will give explicit consent to the use of cookies and other tracking tools. Users will also be able to determine the level of cookie and tracking use on the site.
But there’s a problem. Only a few days before the May 26 deadline, the ICO updated its guidance to state that “implied consent” will suffice, seemingly going against the original European Directive. The ICO said that the continued use of a Web site or Web application would imply the user is consenting to the changes — shifting the responsibility of consent to the user rather than the Web site owner.
Unfortunately, because all Web sites and Web applications are set out differently and vary in size and structure, there is no one-size-fits-all solution to every site.
Some Web sites will offer “implied consent” that gives no option except the choice to leave the site, while others will simply allow users to check a box and allow all non-essential cookies in.
I’m a U.S.-based company with a U.K. and E.U. presence. Am I affected?
U.S.-based companies with a presence in the European Union, no matter how small, are still liable to E.U. laws, regardless of whether your Web site or Web application is hosted in the E.U. or elsewhere. Mobile application developers are also subject to the E.U. laws (see below).
In this scenario, while your U.S. Web site and all other non-E.U. Web sites are not liable to this law, your dedicated pages for the U.K., Italy, France, Germany, and so on, are all affected. It’s just the U.K. has taken a little longer to get the wheels in motion.
What are the penalties for failing to comply?
At the moment: there aren’t any.
I develop Android, iOS, Windows Mobile apps. Am I affected?
Indeed, you are. All downloadable apps from applications stores — such as Apple’s App Store, Google Play or the Windows Phone Marketplace — are subject to the new laws. The ICO said it would be examining the stores closely to ensure compliance.
This of course does not mean just cookies — it includes any in-built tracking code that would enable access to a user’s smartphone data.
“Apps are one of the items on our list,”
I heard the E.U. just ‘outlawed’ Web site analytics?
Not quite, and far from.
It’s true that if you use Google Analytics, or any other service that gives you basic numbers through to pretty graphs to show you how many people visit, when, and what they look at, you will be affected.
Web site tracking is extremely common and is all but impossible to outlaw. It’s therefore down to the Web site owner or Web application developer to inform its users that it wants to track you.
Two-thirds of cookies are for adverts, but ads keep the Web free?
This very site is free. This site doesn’t charge you to view its articles or leave feedback. But it does install a whole bunch of cookies on this very device that you’re reading this article on. It also installs a whole boatload from third-party advertisers.
But one of the major concerns is if users fail to accept the cookies, many sites will not see you as a statistic nor will the Web site be allowed to display ads, leading to the Web site owner losing money.
Tomi Engdahl says:
UK “No Tracking Law” Now In Effect
http://yro.slashdot.org/story/12/05/28/0327257/uk-no-tracking-law-now-in-effect
In what the media have dubbed the ‘Cookie Law’ all operators of websites in Britain must notify users of the tracking that the website does. This doesn’t only cover cookies, but all forms of tracking and analytics performed on visitors.
Tomi Engdahl says:
7 ways you didn’t realize the Internet was eating your privacy
http://digg.com/newsbar/topnews/7_ways_you_didn_t_realize_the_internet_was_eating_your_privacy
Tomi Engdahl says:
In Ad Network Nightmare, Microsoft Making ‘Do Not Track’ Default for IE 10
http://www.wired.com/threatlevel/2012/05/ie10-do-not-track/
Microsoft announced Thursday that the next version of its browser, IE 10, will ship with the controversial “Do Not Track” feature turned on by default, a first among major browsers, creating a potential threat to online advertising giants.
That includes one of Microsoft’s chief rivals — Google.
The change could also threaten the still-nascent privacy standard, and prompt an ad industry revolt against it.
Do Not Track doesn’t attempt to block cookies — instead it sends a message to every website you visit saying you prefer not to be tracked. That flag is currently optional for sites and web advertising firms to obey, but it’s gaining momentum with Twitter embracing it last week.
Tomi Engdahl says:
Worst Companies At Protecting User Privacy: Skype, Verizon, Yahoo
http://yro.slashdot.org/story/12/06/03/2155225/worst-companies-at-protecting-user-privacy-skype-verizon-yahoo
“Apple and Microsoft are one of the worst companies at protecting our privacy, according to EFF’s privacy report. Dropbox, Twitter and Sonic have some of the best scores.”
EFF Privacy Report
https://www.eff.org/pages/who-has-your-back
Tomi Engdahl says:
Advertisers slam Microsoft over ‘Do not track’ decision
Accuses Redmond of going rogue
http://www.theregister.co.uk/2012/06/01/advertisers_angry_do_not_track/
Microsoft’s decision to enable the “Do not track” feature by default in Internet Explorer 10 should please privacy advocates, but it has sparked condemnation from the online advertising industry
“Consumers should be empowered to make an informed choice and, for these reasons, we believe that for IE10 in Windows 8, a privacy-by-default state for online behavioral advertising is the right approach.”
But the Digital Advertising Alliance, the industry body representing almost all online advertisers, promptly called foul.
The DAA told the Wall Street Journal that the industry representatives and government had agreed that the advertising world would regulate itself and honor “Do not track”, so long as browser manufacturers didn’t make it a default setting.
Advertisers are no fools – they know that if “do not track” is the default setting then most users will leave things that way and their information flow will dry up, whereas only the privacy-conscious will turn on the feature manually if it is switched off. Microsoft’s move with IE10 has a lot of people in the online advertising industry nervous, but it is difficult to see how they could make the company change its mind.
Tomi Engdahl says:
IE 10′s ‘Do-Not-Track’ Default Dies Quick Death
http://www.wired.com/threatlevel/2012/06/default-do-not-track/
Well, that didn’t take long.
The latest proposed draft of the Do Not Track specification published Wednesday requires that users must choose to turn on the anti-behavioral tracking feature in their browsers and software.
That means that Microsoft IE 10, which the company announced last week will have Do Not Track turned on by default, won’t be compliant with the official spec. Which means that tech and ad companies who say they comply with Do Not Track could simply ignore the flag set by IE 10 and track those who use that browser. Which means Microsoft has no choice but to change the setting.
Tomi Engdahl says:
Stop the ‘Do Not Track’ Madness
http://www.wired.com/business/2012/02/opinion-weinstein-donottrack/
It’s human nature to want something for nothing. But when it comes to web services, this understandable tendency seems to often blossom into a veritable psychosis. The unending brouhaha over internet “Do Not Track” controversies is an obvious case in point.
In the brick and mortar world, personally identifiable information like credit card purchases, banking activities and even voting records have long been mashed into a commodity that is sliced, diced and sold. It is literally worth more than the sum of its parts to giant credit reporting firms who control the destiny of anyone who wants to rent an apartment, lease a car or engage in many other kinds of transactions.
The irony is that the impacts of this bread crumb trail are blithely ignored by most of us since they’re generally not obvious, not “in our faces” so to speak — until you are denied credit or perhaps even a job, that is.
So is the situation better or worse for us in the digital realm? From the hue and cry over “Do Not Track,” you might think the latter. You would be wrong.
Woe to the web services firm that uses anonymous tracking cookies to merely display advertising that they hope will be of more interest than random pitches. A personalized ad! Oh, the horror of it all! Gotta put a stop to that, no matter the cost!
Ridiculous. On the meter of truly important internet issues, personalized web advertising doesn’t even make the needle quiver. But it is ideal for political posturing by vocal “Do Not Track” proponents.
Part of the problem is that the entire concept of simplistic internet “Do Not Track” systems is based on a number of false premises. Maybe the biggest misleading assertion is that internet advertising is essentially equivalent to the invasive telephone solicitations the “Do Not Call” registry was created to quash.
Major web services have already been taking unilateral actions to provide users with controls over ad personalization.
Tomi Engdahl says:
Hello tourist – so you will be monitored
Bank of Estonia, Tartu University and the OU Positium LBS have followed the movement of tourists since 2008.
Monitoring is based on cell phones on their own. The creators of the system assure that records the individual numbers or personal information, but is intended to create and complete statistics on tourism.
Source:
http://www.taloussanomat.fi/tietoliikenne/2012/04/12/hei-turisti-nain-sinua-seurataan/201227195/12
Tomi Engdahl says:
W3C: ‘Do not track’ by default? A thousand times: NO!
Punters should have to switch it on, says standards body
http://www.theregister.co.uk/2012/06/13/do_not_track_not_the_default_w3c/
New technology that stops websites gathering information about users should not be switched on by default, but should require an explicit instruction to begin working, an internet standards body has said.
The World Wide Web Consortium (W3C), which is responsible for ensuring that web technology is based on an agreed set of technical standards, has been working on developing a new ‘do not track’ (DNT) control system for operation within web browser settings. It has said that the controls should not to be set by default. Instead, internet users would have to provide their “explicit consent” to activate them.
W3C had worked on a “compromise proposal” which would prohibit online publishers using cookies to track their users’ online activity once those users had enabled the DNT option. However, “affiliate information sharing” about users can continue even once DNT controls have been activated, Mayer said.
According to the W3C’s proposals “any commercial, nonprofit, or governmental organisation, a subsidiary or unit of such an organization, or a person” is considered an ‘affiliate’ if they are “related by both common majority ownership and common control” to other such groups or people.
Under W3C’s plans internet users would be able to prevent web companies tracking users in order to serve personalised content as well as targeted adverts using the DNT technology. However, individual website operators would be able to serve such content to users if those users grant them permission to do so. That permission can be obtained through the DNT system or “from ‘out-of-band’ consent attained through a different technology” under certain conditions, it said.
In November last year, W3C published plans on how publishers should comply with DNT. It said at the time that it hopes its DNT standards would be in operation by the middle of 2012 and added that it would provide an “exceedingly straightforward” way for internet users to control their privacy.
EU Commissioner Neelie Kroes, who is responsible for delivering the European Commission’s Digital Agenda, has urged internet companies to form a universal DNT standard and had placed a deadline on the development of that standard for this month.
Peter Hustinx, the European Data Protection Supervisor, said Kroes was giving out inconsistent advice to website owners on how they should obtain users’ consent to ‘cookies’. He said that the DNT system “although valuable” seemed to “fall short” of the requirements for obtaining lawful consent to serve cookies as set out in the EU’s Privacy and Electronic Communications (ePrivacy) Directive.
Tomi Engdahl says:
Browse Like Bond: Use Any Computer Without Leaving a Trace with Tails
http://lifehacker.com/5916551/browse-like-bond-use-any-computer-without-leaving-a-trace-with-tails
If James Bond logs on to a computer, he doesn’t want to leave a bunch of files, cookies, or his IP address out there for someone to find. It might seem extreme, but sometimes it’s a good idea to take the same precautions yourself.
In this post, we’ll walk through how to use a USB stick or DVD to anonymize, encrypt, and hide everything you do on a computer no matter where you are. When we say “browse without leaving a trace”, we truly mean it. Using the Linux-based, live-boot operating system Tails (The Amnesiac Incognito Live System), you can use any computer anywhere without anyone knowing you were ever on it. Tails is a portable operating system with all the security bells and whistles you’ll ever need already installed on it. You can install Tails on one of your many dust-gathering USB drives or a DVD.
The magic of Tails is that you don’t have to do a lick of work: once you create your boot disc you’ll have a completely anonymous, totally private operating system preloaded with all the software you (or James Bond) would need. What’s packed into it? Let’s take a look.
Tomi Engdahl says:
You for Sale: Mapping, and Sharing, the Consumer Genome
http://www.nytimes.com/2012/06/17/technology/acxiom-the-quiet-giant-of-consumer-database-marketing.html?_r=3&smid=tw-share
IT knows who you are. It knows where you live. It knows what you do.
It peers deeper into American life than the F.B.I. or the I.R.S., or those prying digital eyes at Facebook and Google. If you are an American adult, the odds are that it knows things like your age, race, sex, weight, height, marital status, education level, politics, buying habits, household health worries, vacation dreams — and on and on.
Right now in Conway, Ark., north of Little Rock, more than 23,000 computer servers are collecting, collating and analyzing consumer data for a company that, unlike Silicon Valley’s marquee names, rarely makes headlines. It’s called the Acxiom Corporation, and it’s the quiet giant of a multibillion-dollar industry known as database marketing.
Few consumers have ever heard of Acxiom. But analysts say it has amassed the world’s largest commercial database on consumers — and that it wants to know much, much more. Its servers process more than 50 trillion data “transactions” a year.
Federal authorities say current laws may not be equipped to handle the rapid expansion of an industry whose players often collect and sell sensitive financial and health information yet are nearly invisible to the public.
In essence, it’s as if the ore of our data-driven lives were being mined, refined and sold to the highest bidder, usually without our knowledge — by companies that most people rarely even know exist.
Julie Brill, a member of the Federal Trade Commission, says she would like data brokers in general to tell the public about the data they collect, how they collect it, whom they share it with and how it is used.
Yet cybersecurity experts who examined Acxiom’s Web site for The Times found basic security lapses on an online form for consumers seeking access to their own profiles. (Acxiom says it has fixed the broken link that caused the problem.)
“There’s a lot of players in the digital space trying the same thing,” says Mark Zgutowicz, a Piper Jaffray analyst. “But Acxiom’s advantage is they have a database of offline information that they have been collecting for 40 years and can leverage that expertise in the digital world.”
“It is Big Brother in Arkansas.”
Yet some prominent privacy advocates worry that such techniques could lead to a new era of consumer profiling.
Acxiom has its own classification system, PersonicX, which assigns consumers to one of 70 detailed socioeconomic clusters and markets to them accordingly.
But the multichannel system of Acxiom and its online partners is just revving up.
Today, Acxiom maintains its own database on about 190 million individuals and 126 million households in the United States. Separately, it manages customer databases for or works with 47 of the Fortune 100 companies. It also worked with the government after the September 2001 terrorist attacks, providing information about 11 of the 19 hijackers.
In interviews, Mr. Howe has laid out a vision of Acxiom as a new-millennium “data refinery” rather than a data miner.
ACXIOM’S Consumer Data Products Catalog offers hundreds of details — called “elements” — that corporate clients can buy about individuals or households, to augment their own marketing databases. Companies can buy data to pinpoint households that are concerned, say, about allergies, diabetes or “senior needs.” Also for sale is information on sizes of home loans and household incomes.
Clients generally buy this data because they want to hold on to their best customers or find new ones — or both.
“DO you really know your customers?” Acxiom asks in marketing materials for its shopper recognition system, a program that uses ZIP codes to help retailers confirm consumers’ identities — without asking their permission.
In its system, a store clerk need only “capture the shopper’s name from a check or third-party credit card at the point of sale and then ask for the shopper’s ZIP code or telephone number.” With that data Acxiom can identify shoppers within a 10 percent margin of error, it says, enabling stores to reward their best customers with special offers. Other companies offer similar services.
“This is a direct way of circumventing people’s concerns about privacy,”
Tomi Engdahl says:
Sonic.net’s CEO On Why ISPs Should Only Keep User Logs Two Weeks
http://yro.slashdot.org/story/12/06/25/0332249/sonicnets-ceo-on-why-isps-should-only-keep-user-logs-two-weeks
“Dane Jasper’s tiny Internet service provider Sonic.net briefly took the national spotlight last October, when it contested a Department of Justice order that it secretly hand over the data of privacy activist and WikiLeaks associate Jacob Appelbaum.”
“For the past eighteen months it’s only kept logs of user data for two weeks before deletion, compared with 18 to 36 months at Verizon, AT&T, Comcast, Time Warner and other ISPs. In a lengthy Q&A, he explains how he came to the decision to limit logging ”
CEO Of Internet Provider Sonic.net: We Delete User Logs After Two Weeks. Your Internet Provider Should, Too.
http://www.forbes.com/sites/andygreenberg/2012/06/22/ceo-of-internet-provider-sonic-net-we-delete-user-logs-after-two-weeks-your-internet-provider-should-too/2/
We were concerned about cases where there’s a kidnapping, a threat to the human life, and the FBI is trying to find the kidnapper who sent a demand email yesterday or a week ago. We felt like two weeks was a good window that would allow us to address some things–both our own needs in the long term and the law enforcement’s dire needs in the mid-term–while omitting any ability to assist in what we felt was like an extortion racket. And so that was another concrete step we took last year, to reduce our logging interval to two weeks.
Tomi Engdahl says:
Proxy Your Way to Online Anonymity
http://howto.wired.com/wiki/Proxy_Your_Way_to_Online_Anonymity
Whatever your reason for desiring anonymity, you’ll find it hard to make yourself truly traceless on the web. Even if you refrain from signing in to any services, your IP traffic is logged almost everywhere you go. Even if you’re not worried about Big Brother, this can be disconcerting.
Worry not, there’s still one thing you can do to get invisible — put all of your network activity behind a proxy. This masks your IP address using a virtual detour that makes it appear that your connection is originating from somewhere else in the world, like Brazil or China.
Here’s how to set yourself up for backdoor browsing:
With a simple search for “proxy list,” you should have no problem spotting exactly what you’re looking for
In Firefox, open your Preferences/Options menu and click the Advanced tab to the far right. In the Advanced settings, click Network and then the Connection button. In the Connection panel, you’ll be given the option to select a manual proxy configuration. Here, you can enter the proxy address you pulled from the list.
Ensure that you’ve clicked the option to use the proxy for all protocols, apply the changes, and enjoy your new position as the wizard behind the curtain.
Google Chrome pulls whatever proxy settings you have on your computer’s preferences and applies them to the browser, so if you want anonymous browsing in Chrome, you’ll have to go all or nothing.
In Internet Explorer, click through the Tools menu and select Internet Options. Navigate into Connections and select LAN settings. Check the box to use a proxy server for your LAN and enter the address you pulled from the proxy list
In Ubuntu, proxy settings can be set in the Network Proxy menu under the System tab.
Just because your traffic is tougher to track doesn’t mean you should exploit the darker side of the web, and you may find your homemade proxy setup to be as weak as cardboard to the FBI if they’re provoked.
Tomi Engdahl says:
Australian Telco Causes Minor Panic While Preparing Web Filter
http://yro.slashdot.org/story/12/06/27/0346201/australian-telco-causes-minor-panic-while-preparing-web-filter
“Australia’s largest telco, Telstra, has been frightening users of its mobile data services for the last week. Logging revealed that HTTP requests from a mobile device on Telstra’s network were duplicated with a request from another server, located in Chicago. Eyebrows were raised on the Whirlpool forums”
“Telstra revealed today that the reason for this behavior is that the company is preparing an opt-in web filter”
Tomi Engdahl says:
Berkeley Law’s first Web Privacy Census is out and it’s troubling
http://news.cnet.com/8301-1009_3-57461462-83/berkeley-laws-first-web-privacy-census-is-out-and-its-troubling/
That Web site you love? It’s tracking you. So is the other one. In fact, so are all of the top 100 sites, according to new research.
Popular Web sites are far more aggressive in their consumer-tracking practices than most people suspect, according to the first report of UC Berkeley Law School’s Web Privacy Census, and consumers are trapped in an escalating privacy crisis with limited control over their personal information.
The main goal of the census is to “define and quantify vectors for tracking consumers on the Internet,” in essence to create a critically needed evaluation component to measure the ever-changing and often-evasive methods companies use to track visitors.
Tomi Engdahl says:
Firefox ‘new tab’ feature exposes users’ secured info: Fix promised
http://www.theregister.co.uk/2012/06/22/firefox_new_tab_security_concerns/
Privacy-conscious users have sounded the alarm after it emerged the “New Tab” thumbnail feature in Firefox 13 is “taking snapshots of the user’s HTTPS session content”.
Reg reader Chris discovered the feature after opening a new tab only to be “greeted by my earlier online banking and webmail sessions complete with account numbers, balances, subject lines etc.
“This content is behind a secure login for a reason,” Chris added.
In response to queries on the matter prompted by Chris’s experience, Mozilla acknowledged that the behaviour was undesirable and promised a patch.
“We are aware of the concern and have a fix that will be released in a future version of Firefox.”
Tomi says:
The Internet Map: a visual representation of the relationship between 350,000 websites
http://www.theverge.com/2012/7/30/3198825/internet-map-website-relationship
Representing over 350,000 websites from 196 countries and all domain zones at the end of 2011, the map displays over 2 million site links based on topical similarities. Each site is represented by a circle, with size depending on the amount of traffic, and the space between each is determined by frequency, or strength, of the link created when user’s jump from one website to another.
The Internet Map
http://internet-map.net/
Tomi says:
The web giant Google has to pay 22.5 million fine in the United States. Central Chamber of Commerce Commission alleged Google has acted contrary to the provisions cookies to track Apple ‘s Safari browser users.
Safari prevents in defaults settings the tracking cookies. Google said it does not follow Safari users. The Commission alleged that the evidence shows that Google was in many cases, on the contrary, seeks to circumvent Safari’s cookie protection.
Source: http://www.tietoviikko.fi/kaikki_uutiset/googlelle+jattisakot+safarikayttajien+seuraamisesta/a827860?s=u&wtm=tivi-10082012
Tomi Engdahl says:
Google Analytics Could Be Banned In Norway [Updated]
http://techcrunch.com/2012/08/20/google-analytics-could-be-banned-in-norway/
The Norwegian Data Protection Bureau has declared that Google Analytics is not in accordance with the law. They justify themselves by referring to a 2008 European Directive that demonstrates once again the ignorance of Eurocrats — even though Norway is not a member state of the European Union.
According to the European Parliament, IP addresses are personal data.
The objective of the proposal was to limit the collection of IP addresses by search engines in order to reduce targeted advertising. As Google and others use an ad tracking cookie, it was both a useless and naive Directive.
From time to time, European governments cite that Directive against a particular service or hypocritically ignore it to implement anti-piracy laws such as the HADOPI law in France.
According to Aftenposten and Digi.no, Google Analytics does not comply with that Directive because it is collecting IP addresses and web surfing habits — and it could use that data for its ad business.
In other words, Google cannot provide an analytics service in Norway because it is not a pure analytics company. But why isn’t Yahoo Web Analytics targeted by the Norwegian government as well?
Tomi Engdahl says:
5 Design Tricks Facebook Uses To Affect Your Privacy Decisions
http://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
Do you know how many apps access your personal information on Facebook? Check your Facebook apps permissions and get ready for a surprise.
In fact, Facebook keeps “improving” their design so that more of us will add apps on Facebook without realizing we’re granting those apps (and their creators) access to our personal information. After all, this access to our information and identity is the currency Facebook is trading in and what is driving its stock up or down.
It should be no surprise that in the new App Center Facebook made another leap forward in their efforts to get you to expose your personal info without realizing you’re doing so.
Tomi says:
10 Incredibly Simple Things You Should Be Doing To Protect Your Privacy
http://www.forbes.com/sites/kashmirhill/2012/08/23/10-incredibly-simple-things-you-should-be-doing-to-protect-your-privacy/
So this post is for you, guy with no iPad password, and for you, girl who stays signed into Gmail on her boyfriend’s computer, and for you, person walking down the street having a loud conversation on your mobile phone about your recent doctor’s diagnosis of that rash thing you have. These are the really, really simple things you should be doing to keep casual intruders from invading your privacy.
Tomi Engdahl says:
Don’t Build a Database of Ruin
http://blogs.hbr.org/cs/2012/08/dont_build_a_database_of_ruin.html
Many businesses today find themselves locked in an arms race with competitors to see who can convert customer secrets into the most pennies. To try to win, they are building perfect digital dossiers, to use a phrase coined by Daniel Solove, massive data stores containing hundreds, if not thousands or tens of thousands, of facts about every member of our society. In my work, I’ve argued that these databases will grow to connect every individual to at least one closely guarded secret. This might be a secret about a medical condition, family history, or personal preference. It is a secret that, if revealed, would cause more than embarrassment or shame; it would lead to serious, concrete, devastating harm. And these companies are combining their data stores, which will give rise to a single, massive database. I call this the Database of Ruin. Once we have created this database, it is unlikely we will ever be able to tear it apart.