Tag: privacy

Nick Heer on web hosting and user data

These are all concerning avenues for users. Adding advertising tends to mean user privacy is compromised, as ads become increasingly targeted by the day; shutting a company down means all user data gets removed, and it’s up to each user to find a new product or service to fill the hole. Rinse and repeat.

Arguably worse is when the company and all attached user data is acquired. There’s very little control any user has over that decision: they may like the original product, but are uncomfortable with the new owner. These decisions are impossible to foresee: if you signed up for Flickr ten years ago, or Tumblr five years ago, would you be expecting your photos and blog posts to end up in the hands of Verizon today?

Source: Don’t Cry for Yahoo — Pixel Envy

We see the same thing in education. Hopefully, a vendor is successful and things go smoothly. But, corporate (or open source) failures, acquisitions, or changes of terms will all impact what happens to student data.

We need to make sure we own our data, or at the very least have workable backups and/or exports that can be quickly spun up if things go south.

Access to Information denied

I filed a request under the Access to Information Act, for “All Information Available” – mostly, I was curious to see if my fraternization with Open Content Hippies or Open Source Radicals had placed me on any lists. I’d followed a link on Facebook (which I can’t find now, yay for no searchability in FB-land) with the link to the Government of Canada web page with the request process and form, and a note suggesting that the form would be disappearing soon.

So, I filled in a web form, gave them my credit card info (to pay for the processing fee), and 6 weeks later I get a boilerplate non-response in my mailbox. It states that there is either nothing on file about me, or there might (or might not) be something on file, but declaration of that fact (or non fact) would possibly (or not) fall under a possible exclusion from the Act due to possible relation to efforts of Canada towards detecting, preventing or suppressing subversive or hostile activities. I would never want to thwart suppression of subversion1.

Here’s the response in full (with my address and file number redacted):

FOIP-web

So. Either they don’t have anything on me. Or I’m being monitored closely to prevent suppression of subversion. Or something in between. Which can neither be confirmed nor denied.

  1. I assume they aren’t just declaring a REALLY strong preference for source code version management systems… []

on ingress as gamifying network location reporting

Jason tuned me into Ingress at CNIE 2014. There’s a good overview of the game on Wired.

It’s one of those things that sound unbelievably geeky – it’s like geocaching (a geeky repurposing of multibillion dollar GPS satellites to play hide and seek) combined with capture the flag, combined with realtime strategy games, bundled up as a mobile game app (kind of geeky as well), with a backstory of a particle collider inadvertently leading to the discovery of a new form of matter and energy (particle physics? a little geeky). It’s the kind of thing where peoples’ faces glaze over on the first description of portals and XM points, and resonators and links and fields.

IngressIntelScreenshot

One thing that’s been stuck in the back of my head as I worked my way up to Level 5 Nerd of the Resistance in the game, is the lack of an apparent business model. It’s a global-scale game, with thousands? millions? of users checking in from all around the world. There don’t appear to be ads in the game – I’ve never seen any – and there appears to be an unwritten rule that portals should be publicly accessible. That unwritten rule largely negates a business model that would have businesses pay for placement in the game in order to draw customers into their stores etc…

Niantic started the game in 2013, and launched it under the “release it free so we build a user base, then sell the company” business plan. It worked, as Google bought the company and ramped the game up. It’s now available for both Android and iOS platforms, free of charge, with no advertising or premium subscriptions or in-game purchases.

So, what is Google getting out of it? I think their largest draw is likely in crowdsourced geolocation of networks. They have every Ingress user actively (collectively) wandering the globe, reporting every wireless SSID and cell tower they come across, along with GPS coordinates. The game gently pushes players to stay at the location of a portal, confirming the geolocation and refining precision over time. It’s kind of a genius plan – it is constantly updating Google’s network geolocation database, which can then be used to more accurately track and target all users of the internet for advertising etc…. They’ve turned a bunch of nerd’s nerds into a crowdsourced network geolocation reporting system. And, at Google’s scale, it costs them a pittance to have this system running.

paging the mothership

Ingress’ privacy policy link points to Google’s common privacy policy and TOS web page, which states:

We may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). Google may associate your device identifiers or phone number with your Google Account.

and

When you use a location-enabled Google service, we may collect and process information about your actual location, like GPS signals sent by a mobile device. We may also use various technologies to determine location, such as sensor data from your device that may, for example, provide information on nearby Wi-Fi access points and cell towers.

Common TOS for all Google services, but especially relevant in a geolocation-based game that is actively pushing users to wander their neighbourhoods to gather this data and send it back to Google.

If they’d released the app as a “report network locations to improve google’s ad targeting” tool, it would have gotten huge pushback, and not many people would have downloaded it. But, by hiding that function and wrapping an insanely addictive game over top of it, it’s gone viral.

brb. I need to go recharge the portal at the playground down the street…

PrivacyFix

I just tried out the new PrivacyFix extension, which checks your privacy settings and also estimates how much Facebook and Google make off me each year.

Turns out, my privacy settings are pretty decent already. And, it looks like Google makes less than a dollar per year off me. Facebook makes nothing. The guy that wrote the article on Ars Technica clocks in at $700 per year going to Google, through advertising etc… Wow.

I’m running PrivacyFix, in addition to Ghostery and AdBlock, on all computers that I use.

google encroachment

First, they provided a search engine. Then they monitored every search query, to push ads. Then, they added additional services, including email and RSS, to track everything you read and everyone you know. Then, they added social layers, to track everything you do. Then, they added DNS services, to be able to track everything you read and do, even outside of Google’s suite of monitoring tools aka online services.

Now, they want to lay their own fiber-to-the-home internet service. They say it’s to ensure network neutrality, and to provide a stable alternative to the big telecom companies’ cable and DSL and fiber services. That sounds awesome. Everyone hates the big telecom companies, always screwing us over and gouging us and etc.. etc…

And, hey! Gigabit internet connection! In my home! Holy crap!

But, the voice in my head suggests they also want to be able to monitor everything that everyone reads, knows, does, on any service, anywhere. Because, do no evil. Or something.

This is some scary stuff. We need a separation of church and state. Monitoring/advertising companies should not be in the business of providing infrastructure. Of course, it hasn’t been officially announced. And nobody knows what the terms of the service are. But even just the idea of it kind of makes my skin crawl.

google glass(es)

The tech vision video for project glass was released today. The technology looks interesting, if a bit creepy.

But what hits me is that this isn’t about augmenting your reality. It’s about augmenting google’s documentation of everything you do, so they can mine it to sell to advertisers. The implications of a service actively monitoring and interacting and documenting and monetizing everything I do and say are just mind boggling.

And when did dorky glasses become cool again? I got teased relentlessly as a kid for wearing glasses, and now the hipsters want to swoop in and play their indie-music-ukuleles with their dorky vr goggles? I don’t think so.

Update: even better commentary via Joe Stracci, via daringfireball. Creepy stuff. But shiny, in an awkward impossible-to-implement-and-nobody-would-buy-it kind of way…

collusion – tracking and mapping links between websites

I’ve been pretty mindful about avoiding trackers on my site. I don’t use an external web analytics package (I do have the apache logs, crunched by AWStats, but nothing anywhere near the level of a Google Analytics or even WordPress Stats tracking). But, websites connect to other websites. That’s kind of their job. And other websites track stuff. So, even a website that doesn’t directly track people, by using YouTube videos and other hosted media, exposes people’s activity to those who track them.

I saw a post about Collusion – a Firefox add-on that maps links between websites, both the ones you go to directly, and the ones that send media and pull tracking info.

Here’s what about an hour’s worth of activity looks like, after letting Collusion monitor my browsing in Firefox:

The icons that are glowing are sites that I went to directly (all work-related, of course…), and the non-glowing icons are sites that either fed media to the sites I did visit, or who tracked my activity as a third party. Looking at my blog, with no third party tracking explicitly set up, there are still several sites indirectly monitoring activity of people.

That’s kind of creepy. The only way to completely avoid this is to host everything yourself, and never link to anything else. But that kind of goes against the whole purpose of this online-community-hootenanny thing…

Ghostery – protecting your privacy online

I’ve been using the Ghostery extension in both Chrome and Safari for awhile now. It sniffs the web pages and blocks requests for the douchey stuff that tries to track you online. It lets the good stuff through, but prevents all of the creepiness from executing. It also reports on how many tracking items are attempting to worm their way through it on each page you visit. Eye opening.

It’s free. Runs in Chrome, Safari, Firefox, and IE. There’s also a custom browser for use on iOS, but I haven’t tried it yet.

For instance, on my blog, it shows that the embedded twitter code I pasted on a previous post triggers some tracking funkiness. It blocks it automatically. And it also shows that there aren’t any analytics or other trackers running here.

It’s a small thing, but makes the web feel like more of an opt-in exercise, rather than an uncomfortable walk through a street lined with scammers etc…

gruber on control of software vs. privacy

John Gruber, commenting on Dave Winer’s post on why he uses Android rather than iOS:

Fear of Apple is about losing control over the software on our computers. Fear of Google is about losing control over our privacy.

That’s the best, clearest description of the difference I’ve seen. I don’t care what anyone else uses. But I value my privacy more than I value the ability to compile the kernel behind my operating system.

And, I’d also suggest that the control over the software in Android etc… is an illusion for most people. The vast majority of people will not be writing their own software, nor are they going to be compiling anything from source. They’re at the mercy of software developers and corporations just as much as those using non-Open software.

I believe that openness has more do with a person’s ability to do what they want to do, rather than with who gets to compile the software they use. Part of that ability-to-do-what-you-want involves not having to sell your digital soul as part of the process, which is what Google wants you to do.