The Null Device

Posts matching tags 'privacy'

2016/6/10

Being a tenant in the free-market Anglosphere is likely to get a lot worse soon; a new British start-up has created a system offering landlords' continuous deep surveillance of their tenants' online lives to determine whether they are likely to be asset risks. The system, named Tenant Assured, involves requiring tenants, as a condition of tenancy, to link all their social media accounts to a system that data-mines their posts and messages, looking for keywords and metadata and feeding them into an algorithmic model for determining the tenant's personality type and the risk of them defaulting on rent or otherwise adversely affecting the landlord's assets. Tenant Assured appears to greedily harvest a lot of data for its model; when the landlord looks at the report on one of their tenants, status updates or messages mentioning loans, lack of money or phrases suggestive of penury like “staying in” show up under “financial stress”, and words like “prison”, “steal” or “justice” show up under “crime”, while histograms of the tenants' activity times on weekdays and weekends are shown (do they throw parties/lead a chaotic lifestyle, or are they responsible hard-working serfs who get up at six and are in bed by 11, and thus a good financial risk?)

Among the behaviors that count against your Tenant Assured “credit” percentage — i.e., how confident the company is that you’ll pay rent — are “online retail social logins and frequency of social logins used for leisure activities.” In other words, Tenant Assured draws conclusions about your credit-worthiness based on things such as whether you post about shopping or going out on the weekends.
Tenant Assured is in operation in the UK, and is being launched in the US soon; it is likely to be welcomed with equally open arms in free-market anglocapitalist strongholds like Australia, where tenants are not deemed to need any rights beyond those naturally trickling down from the invisible hand of the market. The system is said to be opt-in, which means that one always has the choice of telling the landlord who insists on using it where to stick it and find another one who does not insist on it (which may involve anything from paying a human-dignity premium to the Sartrean radical freedom of starving to death under a bridge, emaciated but unbowed).

Of course, there is a chance that such an intrusive system would be found to be in violation of human-rights laws (like the ones Britain's Tory government wants to pull Britain out of); if it isn't, the chances of parliament, which is dominated by buy-to-let landlords (who comprise 40% of MPs, compared to 4% of the general population) passing any laws to restrict it are vanishingly slim at best. After all, we're a free-market society, something something light-touch dynamic self-regulation something, and heavy-handed regulation would destroy the wealth that (mumble mumble) trickles down to the very tenants it's meant to protect; also, personal responsibility. In Australia, there is no bill of rights and nothing like the European Convention of Human Rights, so there'd be fewer impediments to such a system being imposed. In the United States, the Constitution would offer little protection, as it only restricts the government from oppressive measures, making room for a vibrant market in free-enterprise oppression.

The system currently requires tenants to provide access to their social media profiles (presumably the tenancy contract would be drafted as to make withholding accounts grounds for eviction and/or forfeiture of the deposit, if not further legal sanctions); what happens to the data is opaque and could be updated. If, for example, the operators train a neural network to determine probability of drug use from selfies, or emotional stress from changes in music consumption, such capabilities could be added later. But why stop there? It's almost certain that the tenant would own a smartphone, running either iOS or Android. And legally there is no reason why a rental contract could not require them to install and run an app on their phone which tracks their location, flagging up whether they're spending time in dive bars, visiting pawn shops or have started sleeping in until noon on weekdays rather than travelling to an office by 9:30am. (The app could be styled with a nice-looking interface allowing the tenant to contact the landlord and flag fixtures in need of repair; if it looks like it's meant to help the tenant, they may not recognise that it's there to control them.) And so, the relationship between landlord and tenant starts looking like the ancient feudal relationship between a lord and one of his peasants passed through Jeremy Bentham's panopticon; the subtext is: those who don't own property or significant wealth are, at best, on parole.

If this takes off, and becomes the norm for non-wealthy tenants, the social implications could be interesting. For one, it will make all the services, like Facebook, which it touches useless for casually socialising. (In a Free Market, where all tenants are competing against each other to get and keep desirable flats—or, indeed, to win desirable tenancies from the sucker who let their game slip and got logged showing poor impulse control one time too many—maintaining a profile optimised to avoid whatever the algorithm's looking for will become paramount, and there'll be no slack for posting anything off-message.) In such a system, posting to Facebook (or Instagram, or Twitter, or whatever) will be a bureaucratic chore, an act of reporting to one's unseen overseers framed as casually socialising with one's semi-fictitious clean-living friends. (Not posting anything may also get one flagged, so shrugging it off may work against one's interests.) Perhaps an underground industry of social profile doctors will show up; they'll keep up on the latest news and gossip about the surveillance capabilities and profiling algorithms, and for a monthly fee, will provide you with enough traffic to keep your tenant-credit score up. Meanwhile, actual socialising, hedonism, self-indulgence and discussion of worries will take place on encrypted channels and pseudonymous underground social networks, or other profiles, and people will start to carry two phones: the one the landlord knows about, and one which doesn't snitch. (At some point, a tenant will be evicted without deposit for failing to declare such an account or phone, as required in the tenancy contract; if they're lucky, it may form the basis of a court case.)

anglocapitalism big data housing privacy surveillance surveillance capitalism tenants' rights uk 0

2012/12/20

A minor blow has been struck against the Zuckerberg Doctrine, the principle that users of social websites must identify themselves by their legal “wallet names”, presenting one identity to everyone from employers to gaming buddies to credit-rating agencies and advertisers (especially those): Germany's Data Protection Commissioner has ruled that users have a right to use pseudonyms, and in prohibiting this in its terms of service, Facebook is in violation of Germany's strict privacy laws. Facebook, however, has asserted that this law is not valid, as its European operations are based in Ireland, which has a more libertarian legal regime.

eu europe facebook germany privacy 0

2012/10/28

Another consequence of the Zuckerberg Doctrine, the belief that every person has one and only one identity which they use for all online social interactions: doctors in Britain are reporting an increase in infatuated patients pursuing them romantically via Facebook:

Figures compiled by the Medical Defence Union (MDU) show that the number of cases of doctors seeking its help because they are being pursued by a lovestruck patient rose from 73 in 2002-06 to 100 in 2007-11. Patients are increasingly using social media rather than letters or flowers to make their feelings clear, such as following a doctor on Twitter, "poking" them on Facebook or flirting with them online.
A female GP was asked out for a drink by a male patient as she left her surgery. When she declined, he began to pester her via Facebook and sent her a bunch of lilies, which she had listed as her favourite flowers on her Facebook page. On MDU advice, she changed her security and privacy settings on the site so that only chosen friends could view her postings.
Of course, it is unreasonable to ask doctors (and, indeed, other public-facing professionals; teachers, police, social workers and legal aid workers come to mind) to delete their Facebook accounts and not use social software. For one, in this day and age, disconnecting from social software means virtual exile; Facebook refuseniks find themselves out of the loop, relying on the charity of friends with Facebook accounts and free time to keep them informed of everything from party invitations to when mutual friends friends had a baby, got divorced or moved abroad. And then there is the increasing public expectation that well-adjusted citizens have a Facebook profile, and one with normal activity patterns. Already there is talk about governments requiring citizens to log in with Facebook/Google identities to access services, so a normal Facebook record, with the requisite casual-though-not-debauched photos and history of social chatter is increasingly starting to look like a badge of good citizenship, well-adjustedness and general non-terroristicity. And having two accounts, one for your professional persona, and one for your personal life, is expressly verboten by orders of Mark Zuckerberg and Vic Gundotra, as mandated by the advertisers who demand accurate records of eyeballs sent their way and the shareholders who demand steady advertising revenue.

So now, by the immutable facts of neoliberal capitalism in the internet age, we have a world where people have only one face they present to the world, one with their wallet name, career record, list of friends and social activity attached. This face is visible to everyone from old friends to employers to any members of the public one has a professional duty of care to. Perhaps there's a Californian jeans-and-T-shirts casualness to forcibly unifying these facets; to not allowing a distinction between the uniform of professionalism one wears in one's career and the accoutrements of one's casual, personal life; to knowing that your doctor's favourite flower is the lily, your geography teacher was in a moderately well-known math-rock band, or the police officer you reported your lost phone to is an Arsenal fan and known to his mates as Beans; though the downside of the casualisation of professional life is the professionalisation of casual life, a sort of Bay Area take on superlegitimacy. And while in Britain today, that may take the form of doctors self-censoring to avoid the possibility of obsessive patients, in parts of the US, where employers can fire workers for their political or personal views, sexual orientation or even sporting loyalties, the stakes are higher.

Whether the Zuckerberg Doctrine is the inescapable future, in which everyone is coerced into an endless, joyless social game of simulating a model citizen as if under the watchful eyes of an outsourced Stasi, however, is another question. Facebook's unquestionable hegemony is starting to show its first cracks. For now, it remains the default grapevine, the standard channel of social chatter; however, its declining share price seems to be pushing Facebook to more agressively monetise the relationships of its nominally captive audience, pushing more ads and sponsored stories, asking users to pay for their messages to be seen by their friends (whose feeds can only contain so many updates, after all, and there are commercial sponsors to compete with), and, the implication goes, throttling back how much unsponsored chatter a user sees. As this ratchets up, eventually people will notice that their friends' announcements and photos aren't making it to them but instead the fact that their friend ostensibly likes Toyota or Red Bull is and start tuning out. Then Facebook will decline, as MySpace and Friendster did before it, and something else will take its place.

Perhaps the best thing to hope for is that whatever fills the niche occupied by Facebook will be not so much a service but a decentralised system of independent services, each free to set its own terms and policies. They could be based on a protocol such as Tent or Diaspora*, and, as the servers interact, allow for great diversity; some servers will be free to use but spam your eyeballs with ads until they bleed, others will charge, say, $25 a year and offer ad-free unlimited hosting; some will have Zuckerbergian wallet-name policies, others will allow users to choose the pseudonyms of their choice (as, say, LiveJournal did back in the day, and community-oriented web forums often do), with some uptight silos only federating with others with wallet-name policies, and being seen by those outside of those as terminally square. And, of course, unlike on Facebook, there will be nothing stopping someone from having multiple accounts. Of course, there will be nothing preventing people from running their own silos, though any system which depends on people doing this will become a ghetto of deep geeks with UNIX beards who enjoy setting up such systems, to the exclusion of everyone else.

culture facebook privacy social software society superlegitmacy unintended consequences 3

2012/10/1

An article in the Guardian presents a scenario on the privacy risks even the most careful social media output could pose when analysed with data-mining software descended from that currently in existence:

"Tina Porter, 26. She's what you need for the transpacific trade issues you just mentioned, Alan. Her dissertation speaks for itself, she even learned Korean..." He pauses.
"But?..." Asks the HR guy.
"She's afflicted with acute migraine. It occurs at least a couple of times a month. She's good at concealing it, but our data shows it could be a problem," Chen says.
"How the hell do you know that?"
"Well, she falls into this particular Health Cluster. In her Facebook babbling, she sometimes refers to a spike in her olfactory sensitivity – a known precursor to a migraine crisis. In addition, each time, for a period of several days, we see a slight drop in the number of words she uses in her posts, her vocabulary shrinks a bit, and her tweets, usually sharp, become less frequent and more nebulous. That's an obvious pattern for people suffering from serious migraine. In addition, the Zeo Sleeping Manager website and the stress management site HeartMath – both now connected with Facebook – suggest she suffers from insomnia. In other words, Alan, we think you can't take Ms Porter in the firm. Our Predictive Workforce Expenditure Model shows that she will cost you at least 15% more in lost productivity."
Of course, if employers (and health insurance companies and the police and organised criminals and advertising firms and psychotic stalkers) can data-mine a tendency to get migraines from the fluctuation of the vocabulary of one's posts, one might suggest that those with a healthy amount of paranoia should avoid social media altogether, beyond having a simple static page that gives away absolutely nothing. Except that not having an active social media profile is increasingly seen as suspicious in itself; if you're not tweeting your TV viewing or Instagramming your sandwiches and leaving a statistically normal trail of well-adjusted narcissistic exhibitionism, there's a nonzero probability that you might be the next Unabomber; and, in any case, the HR department who knocked Tina Porter back for her carefully concealed migraines would certainly not even look at the CV of the potential ticking timebomb whose online profile draws a blank.

So, if this sort of thing comes to pass (and whether that sort of data could be extracted from social data with few enough false positives to be useful is a big if), we may eventually see an age of radical transparency, where everyone knows who's likely to be marginally more or less productive, along with possible laws regulating when this may be taken into account. Either that or the evolution of Gattaca-style systems and techniques for chaffing one's social data trail and masking any deficiencies which it may betray, in an ever-escalating arms race with new analytical techniques designed to detect such gaming.

(via MeFi) data mining facebook privacy risks social software society 1

2012/8/28

The limits of the Zuckerberg Doctrine, which states that everyone is to have one identity, publicly linked to their legal “wallet name”, which they use for all interactions, have been tested with the curious case of an impeccably connected young man named “Spike Wells”, who, until recently, had a Facebook profile:

He has more than 400 friends, including some of Britain's richest young men and women, and appears to have an impressive appetite for partying both in Britain and abroad.
Yesterday, however, it was claimed that Wells is in fact a pseudonym used by Prince Harry, whose nickname is Spike - even his Scotland Yard minder is known to call him Spike - to keep in contact with his friends.
The “Spike Wells” profile disappeared after a recent tabloid incident involving Prince Harry, and was largely locked down beforehand, leaking only the information that, under the Zuckerberg Doctrine, is public, but even that was enough to give the game away: given sufficient eyes, pseudonymity is shallow.
While Mr Wells used high privacy settings, until last week a limited version of his page was available for all the world to see, with every update discussed and debated on the internet by fans of Prince Harry.
Mr Wells's profile says he is from Maun, Botswana, a town visited by the Prince and his former girlfriend Chelsy Davy in 2007. Like Prince Harry, he also lists his interests as "all sports".
In July, Prince Harry went to the Womad Festival in Malmesbury, Wiltshire, where he was pictured wearing a hat based on the popular mobile phone game Angry Birds. Mr Wells's Facebook profile featured five people wearing similar hats, although their faces could not be seen.
Which suggests that even if one takes care to lock down one's profile and refrain from posting anything publicly that reveals one's identity, the very act of making social sites useful will, over time, leak out enough information to give one away, given sufficient eyeballs. If you're a young, single prince in a celebrity-obsessed society, sufficient eyeballs can be taken for granted. If not, the lack of a hungry public can be made up for by the more targeted interest of a smaller number of parties; business rivals, extortionists, obsessive stalkers, vindictive ex-partners (business or romantic), and others all could be very interested in piecing together a party's identity from a succession of large numbers of fragmentary clues. Which is why Scotland Yard's Royal Protection Branch have warned those with a high profile to forswear social software altogether:
However, Dai Davies, a former head of royal protection for Scotland Yard, said that a Facebook page for a member of the Royal family would pose a security risk. "From a security point of view I would never recommend anyone high profile to have a Facebook account," he said.
Of course, telling the world's richest and most influential people that they should, due to their status, restrict themselves to 20th-century modes of social telecommunication is not without its problems. (Telling the children of such people that there's no Facebook, no Instagram, no Pinterest for them, ever, by virtue of who their parents are could be even more problematic.) Hiding in plain sight on Facebook, however, has its problems, with information leakage. (One could imagine, after a few royals protested, members of the Royal Family being issued pseudonymous accounts, whose public profiles and publicly visible activity are “chaff”, deliberate disinformation posted by handlers from a specially established department of the security services, and whose personal updates are visible to friends only, with the cover identities (the “legends”, in intelligence parlance) of the accounts being known only to a trusted few, so, for example, only a few dozen people from old money and a handful of Qatari princelings would know that, let's say say, “Melva Bellamy”, ostensibly a 43-year-old veterinary nurse in Sheldon, Iowa, is really Prince Charles. At least until someone talked to the tabloids or Mrs. Bellamy started haranguing people about architecture or homoeopathy or something. I suspect that the handlers in charge of keeping Prince Phillip's account—or, rather, accounts—under the radar wouldn't have an easy job of it.)

Of course, this is only as secure as the weakest link, and there are many ways the secret online identities of the super-famous could fall into the hands of a delighted tabloid press. If the Queen (in her guise as Bolivian scrap merchant “Levi Villalobos”, or something to that effect) posts a comment on a photo taken by property tycoon Lord Reynold Mooney-Bagges on one of his yachts in Barbados, mentioning a similar trip she took some years ago, or how the dogs in a photo look a bit like her Corgis, or any one of a number of bits of innocuous fluff, this will be visible to all of Lord Mooney-Bagges' friends. And even if the Queen's (sorry, Señor Villalobos') online contacts are vetted by MI5 prior to being approved, Lord Moneybags' friends aren't. And they include three emotionally unstable narcissists, one fabulist and compulsive liar and two senior executives at News International. Oops!

Another option would be for the Royal Family to have its own social network built, for them and the few they socially connect with. This site (undoubtedly built by a military contractor at huge expense) would be accessible by invitation only; the invited would be vetted by the security services and given key fobs, like more ornate versions of the ones used by online banking services, for logging in. The theory is that Prince Harry could then have anyone he wished to socialise with invited to the service, forming a virtual royal court in cyberspace. Meanwhile, similar sites may crop up outside of the court; private social networks founded by groups of the super-wealthy and organised along the lines of private clubs.

The problem with such forums, though, is that they would be siloes, separated from the rest of online activity. If you're the Royal Family, you may be able to get away with sticking to your own forum without it turning into a ghost town; this, however, might not scale well to those less famous or whose fame is not guaranteed by constitutional law. And such siloes, by definition, would separate what happens within them from what happens outside; within, there are different identities, a different social graph, and their own discourses, photographs, events and the like. Which may be suitable for a traditional royal court who can bestow the honour of attendance on those sufficiently well connected, but it does preclude one from interacting with the outside world other than by inviting selected members of it into one's sphere. Perhaps the online royal court would flourish, or perhaps it'd become an expensive white elephant, but I doubt it would remove all need for those in the gilded cage to venture outside of it.

Perhaps the solution is a sort of delegated, federated social software, where each realm has its own identity scheme and privacy rules, but protocols exist for federating between them. (After all, Facebook is no less a walled-garden silo than such a virtual court would be, merely one that's many orders of magnitude larger.) When the credentials from one realm could be used for interacting with other realms (and granting access to private content, though issues of trust would have to be worked out), we could go from a one-size-fits-all Zuckerbergian walled garden to a multitude of interacting social spaces—some jealously private, some as public as Twitter; some free and ad-supported, some paid for with premium services, some enforcing a Zuckerbergian wallet-name policy, some encouraging pseudonyms or handles—without users being restricted to interacting only with those in one's own space.

facebook privacy royal family social software uk 1

2012/5/6

In the UK, nightclub bouncers are requiring punters to show them their Facebook profiles on their phones as a condition of entry, ostensibly to weed out the underage. Civil liberties groups and a door staff training firm claim that this is illegal, while some bar owners and bouncers defend the practice, citing heavy fines levied in the event of staff accidentally letting in a minor with a fake ID.

facebook privacy society uk 0

2012/3/7

In the US, employers are paying increasingly close attention to candidates' Facebook accounts; demanding that they hand over their Facebook passwords, allowing them to investigate their profiles, their past activities and the company they keep to determine whether they are of sufficient moral fibre:

In Maryland, job seekers applying to the state's Department of Corrections have been asked during interviews to log into their accounts and let an interviewer watch while the potential employee clicks through wall posts, friends, photos and anything else that might be found behind the privacy wall. Previously, applicants were asked to surrender their user name and password, but a complaint from the ACLU stopped that practice last year. While submitting to a Facebook review is voluntary, virtually all applicants agree to it out of a desire to score well in the interview, according Maryland ACLU legislative director Melissa Coretz Goemann.
And some universities are requiring students to friend official accounts and monitoring their social network activity:
Student-athletes in colleges around the country also are finding out they can no longer maintain privacy in Facebook communications because schools are requiring them to "friend" a coach or compliance officer, giving that person access to their “friends-only” posts. Schools are also turning to social media monitoring companies with names like UDilligence and Varsity Monitor for software packages that automate the task. The programs offer a "reputation scoreboard" to coaches and send "threat level" warnings about individual athletes to compliance officers.
(I imagine that the assumption here is that those on athletic scholarships are not bright enough to set up friend lists and segregate their posts. After all, Facebook doesn't tell you whether you see all of a user's posts, a small portion, or in fact, whether they put you on their “Restricted” list (i.e., the “pretend-to-be-this-schmuck's-friend-but-don't-show-them-anything” list).

Demanding Facebook passwords is of dubious legality, however, if a court rules in favour of this practice, companies answerable to shareholders and concerned about legal liability may start adopting it as policy. One option is to not have a Facebook account, or deny having one; however, this could be a liability, marking one out as some kind of antisocial loner (studies have found that evidence of a social life can boost one's employability rankings, and if everyone's on Facebook, the one guy whose name draws a blank could look too much like potential spree-killer material to be worth the risk.)

If employer (or school, or governmental) Facebook surveillance becomes widespread I can see a new version of the clean-urine-for-drug-tests business model emerging, in the form of clean-but-plausibly-active-looking Facebook profiles for presentation to officials. Fill in a form giving details (what political/religious views it should espouse, where it should be between gregariously easy-going and Stepfordesquely clean (in most cases, inserting a few minor flaws for versimilitude is recommended, though the optimum degree of flaws will vary case by case; your case advisor can offer you guidance), what sorts of people, institutions and social situations your perfect doppelgänger should be seen to associate with, &c.), put in your credit card number and, presto, an army of third-world data-centre workers will assemble a profile you can show to any authority figure without fear. For a monthly fee, they'll even run your parallel life in the background for you, keeping the illusion up, posting anodyne comments about TV shows and sports matches, attending church mixers, liking big, uncontroversial brands and even giving you your desired level of a simulated social life with a network of convincing yet utterly unimpeachable sockpuppets.

authoritarianism paranoia privacy sadofuturism social software surveillance 9

2011/1/18

A US dating site has found a novel way of increasing its profile count: by automatically adding profiles for non-users from publicly available information. You know, just in case they might be open to romance, much in the way that other public-minded individuals send out emails to millions of people just in case some of them have erectile problems they're too embarrassed to seek out help for:

Jordan said the site would soon host some 340 million profiles after scraping information from social networking sites, e-mail registries, mailing lists, marketing surveys, government census records, real estate listings and business websites to create new dating profiles.

dating privacy scams spam 1

2010/11/25

In Germany, Google Street View has a posse, and they'll egg your house if you exercise your right to opt out of being visible on StreetView. The Streisand Effect is a bitch sometimes.

germany google privacy streisand effect 1

2010/7/17

Until now, Google and social software haven't been ideas that went together naturally. The famously engineering-focussed company had experimented with social, though mostly in engineers' 20% time, and with mixed results. Orkut became spectacularly successful in Brazil, but largely bobbed along in the wake of Friendster elsewhere until the vastly technically inferior MySpace came along and seized the market, Google Friend Connect got its lunch eaten by Facebook Connect, and other forays into social made the mistake of being a bit too clever and automatically inferring the user's social graph from their online activity, crossing the line between nifty and disturbing.

Now, however, this is likely to change. There are rumours afoot that Google have made social software a strategic priority, establishing teams to work on the problem of social as part of their regular 80% job, and that a social platform, possibly named Google Me, is in the works. Of course, as far as social platforms go, Facebook have the area sewn up, with a pretty sophisticated API, leaving little space for newcomers (or even Google) to expand into, unless they find and solve problems in the way Facebook does it.

Which brings us to this slide presentation from Google user-experience researcher Paul Adams. The presentation rigorously examines the social uses of software, and the natures of social connections (Adams mentions strong ties and weak ties, and adds a third category, temporary ties, or pairs of people involved in once-off interactions; think someone you buy something from on eBay) and pinpoints possible shortcomings of simple models such as Facebook's (the fact that people have different social circles and needs to expose different facets of their identities to different circles, and that tools such as Facebook's privacy filters have a high overhead to use satisfactorily in this way), not to mention unresolved mismatches between the way human beings intuitively perceive social interaction working and the way it does in the age of social software (for example, we are not intuitively prepared for the idea of our conversations being recorded and made searchable). All in all, it looks like a pretty rigorous survey of social software, condensed down to 216 slides. (An expanded version may be the contents of a book, Social Circles, which comes out in August.)

If Google, who have not given much weight to social software in the past, are investing in this level of research into it, they may well have a Facebook-beating social platform in the works. Though (assuming that it exists, of course) only time will tell whether Google have finally grasped social enough to pull it off.

facebook google privacy psychology social networks social software 0

2010/6/11

Proof that there are second acts in North American lives (or at least in Québecois ones): Ghyslain Raza, last seen eight years ago swinging an imaginary lightsaber around in the notorious Star Wars Kid video, is now president of a nonprofit organisation dedicated to preserving the heritage of the Québecois town of Trois-Rivières.

Back in 2002, a teenage Raza recorded a video that would become one of the most popular viral hits of all time, and one of the first cautionary tales in the debate about privacy on the Internet. In it, he swung a golf ball retriever around as if it were Darth Maul’s double-bladed lightsaber in Star Wars Episode I: The Phantom Menace and accompanied his movements with muffled sound effects. Four classmates discovered the video and distributed it online. It spread rapidly via e-mail and Internet forums, reaching millions of viewers — a great feat in the pre-YouTube era.
News outlets reported that Raza was so ridiculed for his activities in the video that he slipped into depression and had to take time off from school to seek psychiatric care. His family sued the families of the classmates who leaked the video for $250,000, then settled out of court.
It's somewhat reassuring that he lived that down and got on with the rest of his life. I imagined one's options in such a case would have been to obliterate all traces of one's identity, move to somewhere that didn't have internet access in 2002 (outer Mongolia perhaps, or the depths of the Amazon jungle) or else become an embittered alcoholic.

ghyslain raza privacy star wars 0

2010/5/23

A few quick links to things recently seen:

design gin google music nifty pimms privacy psychology rainbow arabia street art sydney tech the pains of being pure at heart urban planning video 0

2010/3/5

The social network site Facebook is supported by advertising. Being a social network site, it has the advantage of being able to serve (anonymously) targeted ads to its users, who volunteer demographic information about themselves in using the site; advertisers can target ads to users whose profiles or recent activities match certain criteria. Unfortunately, when handled clumsily, the effect can be disconcerting or creepy:

One campaign that flooded the site in recent weeks, before Facebook cracked down on it, tries to take advantage of consumer interest in Apple’s iPad. “Are you a fan of Eddie Izzard? We need 100 music and movie lovers to test and KEEP the new Apple iPad,” one version of the ad says. Louis Allred Jr., 29, a Facebook user in Los Angeles who saw the ad, said he figured it was shown to him because he or a friend had expressed enthusiasm for Mr. Izzard, a British comedian, on their profiles.
Off-key and/or sleazy ads on Facebook are nothing new, of course; ads juxtaposing pictures of hot chicks with unrelated, often dubious-looking, offers, for example, have been on the service for years, and presumably have snared a number of not particularly discerning individuals. But now Facebook are allowing advertisers to effectively write templates to be filled in with users' details ("SPECIAL OFFER FOR $gender AGED $(age-1)-$(age+1) WHO LIKE $interest"). Which sounds like a way to game unmerited trust out of punters, but, more often than not, falls into an uncanny valley, falling short of being convincing and coming off as unsettling, or worse:
Women who change their status to “engaged” on Facebook to share the news with their friends, for example, report seeing a flood of advertisements for services and products like wedding photographers, skin treatments and weight-loss regimens.
And the knowledge that ads are targeted by some data-mining algorithm can, in itself, add a dimension of unease to what might well be coincidences:
Jess Walker, 22, from central Florida, was recently presented an ad for Plan B, the morning-after pill. “What do I have on my Facebook page that would lead them to believe I would need that?” she asked, adding that she did not want her sexual behavior called into question.

advertising data mining facebook fail mori's uncanny valley privacy scams 2

2010/1/13

What purports to be an interview with an anonymous Facebook employee, shedding some light on the inner workings of Facebook, technical improvements, privacy, and the more unusual dealings with its millions of users:

How do you think we know who your best friends are? But that’s public knowledge; we’ve explicitly stated that we record that. If you look in your type-ahead search, and you press “A,” or just one letter, a list of your best friends shows up. It’s no longer organized alphabetically, but by the person you interact with most, your “best friends,” or at least those whom we have concluded you are best friends with.
I’m not sure when exactly it was deprecated, but we did have a master password at one point where you could type in any user’s user ID, and then the password. I’m not going to give you the exact password, but with upper and lower case, symbols, numbers, all of the above, it spelled out ‘Chuck Norris,’ more or less. It was pretty fantastic.
I found a fake account created from Berkeley that used the profile picture and information from the brother of one of my very good friends. We looked up the guy who created the original profile, and he had never ever heard of him, never ever met him, obviously had never seen him. But this guy had evidently added him as a friend, and sadly he accepted it, but literally stole all of this guy’s information, created a fake account, and was communicating with himself from the fake account. He was writing on his wall and posting back to the “other person’s” wall. We found out the guy actually had about fifteen fake accounts that he created, stealing other users’ pictures and information to create the accounts, and was actually communicating back and forth with himself. Just to try to make himself appear cool, I guess?
The unnamed Facebook employee also says that they're working on something named Hyper-PHP, which will compile PHP (which Facebook is written in) to machine code, which, they claim, will reduce CPU usage by 80%.

(via Lachlan) bizarre facebook php privacy tech web wtf 0

2009/9/29

The New Labour party, flailing desperately for a lifeline as its fortunes collapse further with each day, is starting to concede on some unpopular issues: first, they promised a pretend version of scrapping the Trident nuclear weapons system, by reducing it from four submarines to three, and now Gordon Brown is saying that ID cards won't be compulsory for Britons who don't wish to travel abroad or drive.

As critics pointed out at the time, the automatic inclusion on the national identity register of the details of anybody who renewed their passport – or, for that matter, their driving licence – amounted to introducing a compulsory identity card scheme by the back door.
There is no need for a new bill in parliament after the next election to allow MPs to vote on whether the scheme should become compulsory because the Home Office already plans to use obscure secondary legislation to introduce what they call a "designation order".
And here is some additional reportage from the New Labour conference:
Pop singer Bono said to camera: "Gordon Brown is what makes Britain great." The man's an idiot!

bono new labour politics privacy uk 1

2009/6/26

One of the major problems with Facebook, in the past, has been its one-size-fits-all privacy settings. You could decide, once and for all, who sees your status updates, but could not do so on a post-by-post basis. Which is fine and dandy when all your friends there know you in the same context, but becomes a problem once you have people from different spheres. You might not want to bore your generalist friends with detailed discussion of your more specialised interests, or share your personal life with your coworkers, so the only option is to self-censor down to the lowest common denominator, and hope that those who want more can be bothered with LiveJournal.

Not for much longer, though, because Facebook are soon rolling out post-by-post privacy options, which will let you decide, with each status update who sees it.

The options will include "everyone" (i.e., anyone who goes to your public Facebook page), friends, friends and friends thereof, or, most usefully, custom groups of friends. The devil is, of course, in the details, but it looks like it will make Facebook a lot more useful as a fine-grained social communications tool.

facebook privacy social software 1

2009/6/13

Found in Bruce Schneier's account of a workshop on security and human behaviour, this gem:

Great phrase: the "laundry belt" -- close enough for students to go home on weekends with their laundry, but far enough away so they don't feel as if their parents are looking over their shoulder -- typically two hours by public transportation (in the UK).

privacy society words 0

2009/5/24

Further corroboration of the claim that last.fm handed over user data to the RIAA's enforcement arm, or rather that their parent company requested the data "for internal use only" and then handed it over. Of course, the good folks at last.fm had nothing to say in it, and their denials were sincere, but that doesn't diminish the fact that, if the allegations are true, last.fm (owned by Big Copyright corporation CBS) is now effectively part of the RIAA's intelligence-gathering apparatus:

We provided the data to the RIAA yesterday because we know from experience that they can negatively impact our streaming rates with publishers. Based on the urgency of the request they probably just wanted to learn more about the leak but who knows. Seriously, can you blame them? [______] Our ops team provided the usual reports along with additional log data including user IP addresses. The GM who told them to do it said the data was for internal use only. Well, that was the big mistake. The team in the UK became irate because they had to do it a second time since we were told some of the data was corrupted. This time they transferred the data directly to them and in doing so they discovered who really made the request.
Meanwhile, in this thread, several last.fm staff members swear up and down that this didn't happen, and would not have happened, as it would have been against EU data-protection laws and triggered too many red flags. Which could be true, or it could be a plausible cover story. (The RIAA and their goons aren't above bending the law, after all.)

If you don't like lawsuit-happy copyright extortionists keeping a beady eye on your listening habits, you may want to refrain from sending information to last.fm. Fortunately, someone is coming up with an open-source AudioScrobbler-compatible site named libre.fm, which may well end up taking the place of last.fm.

(via /.) copyfight evil last.fm mafiaa privacy riaa treachery 0

2009/5/2

Today, we increasingly live in a world of software-mediated social interaction, and at this moment, Facebook is one of the largest such systems. As more people join Facebook, and it becomes an increasingly indispensible utility for connecting people, and the range of people one is connected to becomes much broader. Whereas once one's Facebook friends tended to be college buddies and close friends, they now include coworkers, family members, old schoolmates, neighbours and others.

Facebook's privacy options, however, haven't kept up with this change. When you post to your Facebook profile, there is no way to make posts visible by only a subset of your Facebook friends. So you're faced with the choice of self-censoring your posts to a level suitable for all users. You might not want your parents or employers to see photos of you partying, or might not want to bore your non-technical friends with talk about specialised subjects a subset of your friends would be interested in. So the end result is that Facebook is reduced to the lowest common denominator of subjects suitable for all audiences; things that won't shock or bore anyone. This leaves no suitable space for a large set of discussions: in-jokes between closely-knit groups of friends; specialist banter about C++ or football or archaeology; or even personal discussions you wouldn't necessarily want to share with your coworkers or casual acquaintances.

There are better ways to do this. The photo sharing site Flickr allows users to tag certain friends as "Family" or "Friends", and make some photos only visible to those groups. The LiveJournal system goes further, allowing users to define arbitrary numbers of friend groups and control who can see each post individually.

Facebook needs something like this if it's going to scale. It need not be an intrusive feature; a checkbox to the right of the "What's on your mind?" box, opening a "Show this post to: Everyone / All my friends / (groups)" drop-down, would suffice quite elegantly. (Something similar, of course, should be added for photos, notes and such, and made available to application developers.) This would make Facebook much more broadly useful as a tool for connecting people across the wide spectrum of social relationships they have in their lives.

Anyway, to wit, I have done the obvious thing about this deficiency and created a Facebook group about it. Perhaps if enough people join, the Facebook developers will listen.

facebook flickr livejournal privacy social software 0

2009/2/21

Rumours are abounding that last.fm, a music-based social networking website which voluntarily collects music-listening data from users, has been voluntarily handing data concerning unreleased albums to the RIAA, allowing their search-and-seizure SWAT teams to track down the criminals listening to unreleased U2 albums. Well, some anonymous tipster says that some guy who works for CBS (the Big Copyright corporation which owns last.fm) told them that this is the case, whereas last.fm and various last.fm people (including co-founder and executive Richard Jones) have emphatically denied this. (Which, of course, they could be expected to, as if this turned out to be true, the bad PR would effectively kill last.fm as it currently is (as a social networking site for those passionate about music).)

Of course, even if this isn't true, it could happen; it could be one directive from head office or bad "war on piracy" law away. As such, if you're listening to anything you could be prosecuted for the possession of, turn off your last.fm scrobbler. Or set it to a different account with the identity of the CEO of the RIAA or something. (Hypothetically speaking, of course; The Null Device does not condone identity theft, or, for that matter, listening to U2.)

I wonder how long until some hacktivist writes a bot that is fed with the track listings of unreleased recordings and, when run by a user, automatically reports to last.fm that the tracks had been listened to as an act of anonymous protest. After all, they can't raid everyone, can they; and the existence of such a bot would make the "evidence" useless for prosecution or search warrants.

(via Lachlan) copyfight crime hacktivism last.fm privacy riaa spin 1

2008/12/12

A representative of Britain's Police Cental E-crime Unit has complained about how difficult their job is, and outlined what would really help: a nifty black box, as easy to use as a breathalyser, which can identify illegal activity on PCs:

McMurdie said such a tool could run on suspects' machines, identify illegal activity - such as credit card fraud or selling stolen goods online - and retrieve relevant evidence.
"For example, look at breathalysers - I am not a scientist, I could not do a chemical test on somebody when they are arrested for drink driving but I have a tool that tells me when to bring somebody in."
Of course, knowing New Labour, this will probably result in legislation mandating police-accessible data-logging devices in all PCs. And the legislation will make these devices not only accessible to the police, but also to the Inland Revenue, TV Licensing, the British Phonographic Industry and local council officials. And, knowing that laws (specifically British laws dealing with privacy and data security) are drafted in a parallel universe in which security is perfect, there will be no possibility whatsoever of these devices either being defeated by the potential paedoterrorists they are meant to monitor or else hijacked by other criminals and used to massively victimise the innocent.

(via /.) crime new labour paedoterrorists ponies privacy stupidity surveillance totalitarianism uk 0

2008/9/29

The Open Rights Group has put out a call for photographs illustrating Britain's emerging surveillance society, to be submitted before the 11th of October:

Here’s how you can help:
1. Spot something that embodies the UK’s wholesale transformation into the surveillance society/database state. Subjects might include your local CCTV camera(s), or fingerprinting equipment in your child’s school library
2. Snap it
3. Upload it to Flickr and tag it “FNFBigPicture” - please use an Attribution Creative Commons license*
4. That’s it!
The use of Flickr as the means of coordination looks like a classic example of the thesis of Clay Shirky's Here Comes Everybody: there's no need for anyone at the ORG to fish submissions out of a mailbox or otherwise coordinate them. And furthermore, anyone can keep an eye on the project just by looking at the Flickr tag search page.

Though I do get the feeling that there will be a lot of photos of generic-looking CCTV cameras there.

(via Boing Boing) crowdsourcing privacy sousveillance surveillance uk 0

2008/7/30

Researchers at Columbia University have developed a new system for protecting the privacy of people who appear in photographs. Rather than blurring or erasing faces, the new software replaces facial features with others from a library:

The software randomly selects 33,000 photos of faces from picture-sharing sites like Flickr.com, then picks the most suitable faces for each person in shot. Only the eyes, nose and mouth are used, resulting in a composite image of the two people. "It matches subject pose, lighting conditions and image resolution," says Kumar. "The selected faces are aligned to common 3D coordinates, corrected for colour and lighting, and blended into the target image."
Aside from Street View, the system could be used to obscure the faces of military personnel or eyewitnesses to crime. It could also allow amateur photographers to improve group shots, by replacing frowning faces with better photos of the same people.

(via Boing Boing) anonymity cs photography privacy research tech 0

2008/4/26

Could this be the worst security hole ever? The Oklahoma Department of Corrections' sex offender database site allowed users to issue arbitrary SQL queries on their database (which contained the complete details of anyone who has ever been on the wrong side of the law). The "print friendly link" took, as its argument, a SQL query, which it would then execute. Which, of course, means that not only could someone get enough details about anyone in the database to steal their identity, but could quite possibly insert arbitrary data into the government's official sex offender database. You can probably imagine the kinds of fun that someone could have with that.

(via Schneier) privacy security sql stupidity tech 0

2008/3/27

An investigation into German discount supermarket chain Lidl has revealed an extensive campaign of surveillance of employees, which has been compared to the Stasi's monitoring of East Germany's population (though perhaps Walt Disney's surveillance of animators and Henry Ford's sociological department are also good comparisons):

The detectives' records include details of precisely where employees had tattoos as well as information about their friends. "Her circle of friends consists mainly of drug addicts," reads one record. The detectives also had the task of identifying which employees appeared to be "incapable" or "introverted and naive".
While most incidents seem to have occurred in Germany, the most shocking one allegedly occurred at a Lidl store in the Czech Republic, where a female worker was forbidden to go to the toilet during working hours. An internal memorandum, which is now the centre of a court case in the republic, allegedly advised staff that "female workers who have their periods may go to the toilet now and again, but to enjoy this privilege they should wear a visible headband".
Recording how a German employee identified as Frau M spent her break, one report read: "Frau M wanted to make a call with her mobile phone at 14.05 ... She received the recorded message that she only had 85 cents left on her prepaid mobile. She managed to reach a friend with whom she would like to cook this evening, but on condition that her wage had been paid into her bank, because she would otherwise not have enough money to go shopping."
A spokesperson for Lidl has said that the surveillance was intended "not to monitor staff, but to establish possible abnormal behaviour".

czech republic germany lidl privacy stasi surveillance 0

2008/3/24

Scientists at NEC have developed a CCTV camera which can identify people's ages and genders, by comparing them against samples in a database, and are working on making it capable of determining their socioeconomic status depending on their clothing. The NEC FieldAnalyst technology is not intended for security purposes but for those of marketing, and is currently only avalable in Japan:

the data is intended to help mall owners better understand their visitors. How come no one is going to a certain store? What time of day do most of the 40- to 50-year-old women visit the place? Did the recent promotion reach the desired demographic?
It works better with Japanese people as the vast majority of the samples in the database are Japanese. It also hones down your age only to within 10 years. However, NEC wants to narrow the range, possibly even getting to the point where it can determine age within a year or two.

(via MeFi) demographics japan marketing nec privacy surveillance tech 0

2008/3/7

The Irish Independent has a piece on how social networking websites are changing relationships, and in particular, how they end and what happens afterward:

I started getting clues that I might be about to become a free man when my girlfriend's friends posted messages to her that read: "Good luck with tonight -- it's for the best."
First came the announcement online of my new 'Single' status. Deftly inserted into Facebook's running newsfeed, it informed everyone that both she and I knew that I had been dumped, in much the same way that Reuters proclaims the engagement of a minor member of the British royal family. There was no way of deleting it, so it sat there haunting me.
But then her status updates started to tell a story. Just three days after we broke up, she changed hers to: "2008, new job (check), new flat (check), new man (working on it)."
Your ex's blog may only be read by five and half people, but you still don't really want them telling complete strangers how you were unable to put the loo seat down and never really gave the choosing of shelves the attention it deserved, and how these things were symptomatic of your lack of commitment to the relationship.
It makes me think that our grandparents had an easier time. If one of their relationships went bad they could always go to sea -- or at least the next village -- and never see the other person again.
The whole issue of relationship breakups in the age of the internet recently hit the spotlight spectacularly with Wikipedia founder Jimmy Wales' breakup with his girlfriend, FoxNews journalist Rachel Marsden. Wales apparently dumped her on Wikipedia, and she retaliated by releasing transcripts of their online chats, the major upshot of which was a revelation that these lofty public figures were, scandalously, quite into having sex with each other while they were going out.

It'll be interesting to see how the standards of socially acceptable conduct evolve once it is literally impossible to dissociate oneself from an ex without becoming a hermit. Will slagging off one's exes and their failings in public blogs become taboo, or restricted to some acceptable bounds of fair play? Or will people get used to the fact that anyone in the dating marketplace probably has several scathingly negative references from their various exes? (Perhaps there is a niche for a site which aggregates exes' references, along with reputation scores for the referers?) Will things like Rachel Marsden's release of the chat transcripts become unacceptable, the social equivalent of a nuclear first strike?

(via Crikey) culture facebook privacy relationships sex social implications social software society wikipedia 3

2008/1/22

After the recent "privacy Chernobyls", in which the personal data of millions of Britons went missing, possibly ending up in the hands of criminals, Cory Doctorow argues that personal data should be regarded with the same caution as nuclear waste:

The metaphor is apt: the data collected by corporations and governmental agencies is positively radioactive in its tenacity and longevity. Nuclear accidents leave us wondering just how we're going to warn our descendants away from the resulting wasteland for the next 750,000 years while the radioisotopes decay away. Privacy meltdowns raise a similarly long-lived spectre: will the leaked HMRC data ever actually vanish?
The financial data in question came on two CDs. If you're into downloading movies, this is about the same size as the last couple of Bond movies. That's an incredibly small amount of data - my new phone holds 10 times as much. My camera (six months older than the phone) can only fit four copies of the nation's financial data.
Every gram - sorry, byte - of personal information these feckless data-packrats collect on us should be as carefully accounted for as our weapons-grade radioisotopes, because once the seals have cracked, there is no going back. Once the local sandwich shop's CCTV has been violated, once the HMRC has dumped another 25 million records, once London Underground has hiccoughup up a month's worth of travelcard data, there will be no containing it.

cory doctorow crime ideas privacy surveillance 0

2008/1/6

The issue of data portability, or who owns your personal information and friend lists online, has entered the news recently as Facebook deleted the account of blogger Robert Scoble for using a script to automatically fetch his contact list, in violation the site's terms of service (which prohibit scripts, as they can be used for spamming and such). Scoble's account has been reinstated, on the proviso that he doesn't do it again, but not before raising an outcry on his high-profile blog.

data portability facebook privacy rights robert scoble security 0

2007/11/22

One useful feature which Facebook, the social network site of the moment, lacks is the ability to compartmentalise information. Whereas on LiveJournal you can define filters and make posts visible to only some of them, on Facebook, every piece of information you published is visible to all your contacts. (Except for those who can only see a limited profile, who are forever stuck in a purgatory of sort-of being "friends" with you whilst being left out of all the fun.)

Being able to compartmentalise your information is useful; there are undoubtedly things you want to tell some of your friends whilst not letting the rest know, other things you're happy sharing with a different (though possibly overlapping) subset, and others you're happy letting anyone know. Think, for example, of talking about work without pissing off coworkers, or confiding about your lovelife, or discussing health issues without overwhelming others with "too much information". As social software becomes an integral part of the social support networks of today's compulsively multitasking, digitally connected population, such controls become more a necessity than a luxury.

Fortunately, Facebook's users have come up with a workaround: creatign members-only groups in lieu of privileged posts. So next time you see a group with an otherwise uncompelling name like "Emma has a new phone number", you'll know what's going on.

(via confused in calcutta) facebook gibson's law hacks privacy social software 0

2007/6/13

Cory Doctorow has an essay in Forbes, asserting that ubiquitous surveillance, of the sorts that has been made technologically feasible recently, not only doesn't make cities more secure but undermines the social contracts that make them work:

The key to living in a city and peacefully co-existing as a social animal in tight quarters is to set a delicate balance of seeing and not seeing. You take care not to step on the heels of the woman in front of you on the way out of the subway, and you might take passing note of her most excellent handbag. But you don't make eye contact and exchange a nod. Or even if you do, you make sure that it's as fleeting as it can be.
I once asked a Japanese friend to explain why so many people on the Tokyo subway wore surgical masks. Are they extreme germophobes? Conscientious folks getting over a cold? Oh, yes, he said, yes, of course, but that's only the rubric. The real reason to wear the mask is to spare others the discomfort of seeing your facial expression, to make your face into a disengaged, unreadable blank--to spare others the discomfort of firing up their mirror neurons in order to model your mood based on your outward expression. To make it possible to see without seeing.
Crazy, desperate, violent people don't make rational calculus in regards to their lives. Anyone who becomes a junkie, crack dealer, or cellphone-stealing stickup artist is obviously bad at making life decisions. They're not deterred by surveillance.

(via Boing Boing) authoritarianism control culture japan negative politeness panopticon privacy society surveillance 0

2006/5/17

Charlie Stross has written up a future history of the British national identity card system, circa 2016:

The National ID Register has been implemented, and (as No2ID are currently predicting) it was a train-wreck. Large scale civil disobedience (accelerating from mid-2006, with the introduction of compulsory interviews for passports, then from 2008 with the opening of the first ID card processing centres) prevented the ID card itself from being made compulsory. Bluntly, people who are agnostic on the idea of carrying an ID card when interviewed in 2005, suddenly turn out to be rather against it when they receive a letter ordering them to show up for processing (and to fork over somewhere between £50 and £150 for the privilege). Even disguising it as a driving license or passport or proof of age in the boozer doesn't make them happy, and the proportion of goats in the population is high enough that beating the problem over the head with a stick is going to cause a crisis rather than making resistance trickle away.
The first law of British government IT contracts is "lowball the first five years", because five years is the event horizon of elected political office -- anything that happens five years and a day from now is some other guy's problem. And the contractors milk this egregiously -- you can read about it every couple of weeks in Private Eye. Unfortunately, the software development life cycle in the IT business is such that costs are always front-loaded (development is expensive, maintenance/support is cheap), and development of a large system is therefore always cash-starved just when it most needs investment. It therefore should come as no surprise to learn that the national identity register was delivered massively over-budget, several years late, and insufficiently flexible to do the jobs it was thought to be needed for.
By way of illustrating how totally bone-headed this is, here's an example. If they don't have time to interview you, they can create an entry for you from existing public sources: your driving licence might be merged with that DNA sample the police took when they arrested you three years ago, along with the money launding disclosure for your mortgage application that proves you're not a front for the Medelin cartel. Except that you were never arrested three years ago -- someone else gave your name in the cop shop. And because they accepted a caution, and your spam filter ate the email from the police, you don't even know you've got a criminal record and a DNA sample on the database.
There are other, more subtle, problems with the national identity register. Biometric identifiers change over time. People lose fingers and eyes. A lot of protesters discovered that atropine eye drops cause their iris to dilate, to the point where it's impossible to digitize. Middle-aged Filipino women have fingerprints that just plain don't work with the recognition software -- there's insufficient variation to tell them apart. 15% of the population have eczema, half of those have it on their hands, and their fingerprints are (in many cases) differently fucked from week to week. Post-operative transsexuals who have received hormone treatments have facial bone structures that mess up attempts at face recognition. Only DNA fingerprinting works, and even that is fallible, with multiple false positives (e.g. identical twins, and even random folks with identical matching sequences).

charlie stross grim meathook future id card privacy 0

2006/1/16

Commuters in Stockholm will soon have access to library book dispensers on the city's subway:

The idea is that residents will be able to stick their library card into the 'bookomatic' and choose from up to 700 titles. It was inspired by a similar machine in Lidingö library, which, since its launch a year ago, has been happily loaning out around 500 books a month.
Sweden already has the ubiquitous free commuter papers, full of wire news stories and lifestyle articles listing the latest fashions/gadgets/DVDs/holiday destinations; the book idea sounds like a more Scandinavian socialist take on the concept, less concerned with keeping the reader running hard on the hedonic treadmill and more with an idea of civilised communal amenity and supporting public culture. (Of course, it could well be that the books are sponsored and carry ads and/or product placement.)

Meanwhile, The Times' Caitlin Moran deconstructs the very idea of commuter reading material and its true purpose, from a characteristically English point of view:

Library book dispensers on trains are nothing to do with books. Sweden isn't, as a result of all this, going to become more literate, and start quoting bits of The Brothers Karamazov during trade meetings at the UN. No one actually reads when they commute. "Reading" s all about avoiding eye-contact with anyone in your carriage. You are, after all, travelling at 80mph, in a sealed pod, with a great many people — any one of whom could try to talk to you about secret codes in the Bible, or George Galloway.
As anyone who uses the London Underground will confirm, the Evening Standard, circulation 350,000, isn't a newspaper at all. No one pays the slightest attention to the articles inside. It's merely a disposable, 40p screen that one erects for privacy between Goodge Street and Archway. But this screen is vital. Without it, the only option, on being approached by a nutter, is to pretend to have seen something fascinating out of the window — even though you are, at the time, in a 12-mile-long pitch-black tunnel under Camden Town. Halfway through such an exercise — maybe when staring intently at a brick all covered in black sticky fluff — one can start to wonder just who the nutter is here, after all.
Moran then goes on to suggest, in Swiftean fashion, that this mass social avoidance is a wasted opportunity to discover the resources offered by one's fellow commuters:
For instance, we'd all love to have a wide selection of friends, spanning all ages, cultures, professions and sexual persuasions. Well — here they all are! Pressing into your back! Within these airless walls is a human Google — practically everything you could ever need in one lifetime. The number of a good plumber. The address of the best mojitos in Barcelona. A phenomenal one-night stand. Someone who knows Julie Elliman, with whom you lost contact in 1990. A guy you can pretend is your friend for the next ten years, sporadically tapping up for free legal advice. Someone who knows how to falsify a breathalyser test. A nun. If only we could all get talking, commuting would be transformed from a semi- unendurable hell into the biggest, most egalitarian networking mechanism known to man.
Her modest proposal is to pump laughing gas into peak-hour Underground carriages, breaking down those awkward social barriers and getting everyone talking and having a great time. I'm not sure about laughing gas, though I imagine it may be an ideal test environment for aerosolised oxytocin.

better living through chemistry books culture privacy public transport sweden 0

2006/1/5

A hacker has demonstrated how easily publicly available data such as Amazon.com wishlists and web services can be used to locate Americans with potentially "subversive" beliefs or sympathies, thus demonstrating the potential threat to privacy and freedom of association of "anti-terrorist" data-mining/wiretapping proposals:

"In previous years, there were only about a thousand court-ordered wiretaps in the United States per year, at the federal, state, and local levels combined. It's hard to see how the government could even employ enough judges to sign enough wiretap orders to wiretap 1 percent of all our phone calls, much less hire enough federal agents to sit and listen to all that traffic in real time. The only plausible way of processing that amount of traffic is a massive Orwellian application of automated voice recognition technology to sift through it all, searching for interesting keywords or searching for a particular speaker's voice. If the government doesn't find the target in the first 1 percent sample, the wiretaps can be shifted over to a different 1 percent until the target is found, or until everyone's phone line has been checked for subversive traffic. The FBI said they need this capacity to plan for the future. This plan sparked such outrage that it was defeated in Congress. But the mere fact that the FBI even asked for these broad powers is revealing of their agenda."
Thanks to Google Maps (and many similar services) a street address is all we need to get a satellite image of a person's home. Tempted as I was to provide satellite images of the homes of the search subjects, it just seemed a bit extreme even for this article. Instead, I opted only to pinpoint the centers of the towns in which they live. So at least you'll know that there's somebody in your community reading Critical Thinking or some other dangerous text.
The article has embedded Google Maps with markers showing where those wishing for copies of George Orwell's 1984 and the Torah (btw, would this be an instance of Godwin's Law by insinuation?) live.

(via bOING bOING) amazon google maps privacy surveillance 0

2005/12/18

A New York artist has created a wearable anti-surveillance outfit with a provocatively Middle-Eastern appearance:

The design of the headdress borrows from Islamic and Hindu fashion to comment on the racial profiling of Arab and Arab-looking citizens that occurred post-9/11. The design of the headdress is thus a contradiction: while its goal is to hide the wearer, it makes the wearer a target of heightened surveillance.
The laser tikka (forehead ornament) is attached to a hooded vest and reflective shawl. The laser is activated by pressing a button on the left shoulder of the vest. When pointed directly into a camera lens, the laser creates a burst of light masking the wearers face. The wearer can also use the reflective cloth to cover the face and head. The aluminized material protects her/him by reflecting any infrared radiation and also disguises the wearer by visually reflecting the surroundings, rendering the wearers identity anonymous.
Of course, in jurisdictions where shoot-to-kill policies apply, one wears this at one's own risk.

I wonder how long until the CCTV camera-zapping technology is integrated into thug hoodies or Burberry-print baseball caps?

Speaking of hoodies, someone is now making them for iPods; perfect for your 50 Cent/Lady Sovereign MP3 collection.

(via Gizmodo) art dissent middle east privacy protest surveillance 0

2005/9/3

The Blu-Ray disc format, due to replace DVD, will take the War On Unauthorised Use to a draconian new level:

On top of that, consumers should expect punishment for tinkering with their Blu-ray players, as many have done with current DVD players, for instance to remove regional coding. The new, Internet-connected and secure players will report any "hack" and the device can be disabled remotely.

(via Make) architectures of control blu-ray copyfight privacy surveillance 0

2005/7/29

Arising from the question of "why doesn't the UK have an EFF?", there is now a proposal to create a British digital-rights campaign group. This has taken the form of a PledgeBank pledge for people to sign, pledging to set up a standing order for £5 a month to fund such a body. The target is to have 1,000 people sign the pledge; so far, 493 have signed it.

copyfight eff open rights group privacy rights uk 0

2005/3/14

Reasons to avoid using AOL Instant Messenger: according to their most recent terms of service, AOL have the right to do whatever they like with any text messages you send through their system, and you have no right to privacy and no say in things at all.

Although you or the owner of the Content retain ownership of all right, title and interest in Content that you post to any AIM Product, AOL owns all right, title and interest in any compilation, collective work or other derivative work created by AOL using or incorporating this Content. In addition, by posting Content on an AIM Product, you grant AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote this Content in any medium. You waive any right to privacy. You waive any right to inspect or approve uses of the Content or to be compensated for any such uses.

So if AOL decide that they can monetise that steamy chat you had with hot_bi_babe_18f, or the story/screenplay/song ideas you've been bouncing around with your collaborator on the other side of the world, you're SOL.

Oddly enough, AOL's other service, ICQ, doesn't seem to have anything similarly nasty in its terms of service. (via Alec Muffett)

aol privacy rights 0

2005/3/3

The latest in solutions to problems you may not have been aware of: Gravatar, a site that lets people have user icons globally visible on all blogs which support them. The problem is, the unique identifier used to select your icon is the user's email address, which presumes means that, to use this system, the user has to trust all blogs they use it on not to expose their email address to spammers.

Ten years ago, having a single, unique, permanent and publicly-available email address was seen as a good idea; it gave one an online identity, a convenient means of contactability. That was a more innocent time; a time when the internet had, until recently, been a quiet, friendly academic/research community network, home to nothing more hostile than Emacs-vs.-vi flamewars, and some people still chose not to put passwords on their accounts. Then came the carpetbaggers and chickenboners and script kiddies with their spam-sending scripts and email harvesters, and it all changed.

The reasoning behind Gravatar appears to be stuck in the pre-spam golden age of the internet, where an email address is something you publicise rather than hide, and the idea of letting untrusted strangers (or their web sites) have your email address doesn't set off alarm bells. Which is why it's probably doomed to failure.

privacy web 0

2003/10/15

Danny O'Brien on how the pervasiveness of the internet is bringing about the end of the private register, i.e., of the sphere between public and secret. He uses as his example a private get-together of Californian technotopian types. The details were published on a private web site, where master sleuth Andrew Orlowski (the guy who heroically exposed the sinister influence of blogs and "googlewashing") dug them up and used them to pilliory this veritable Bilderberg conference on Segways on its puffed-up self-congratulatoriness.

But, the problem here is that no-one was advertising themselves as visionaries and geniuses. There was no advertising at all. The Wiki Andrew found was private: it wasn't written as publicity for the camp. Sure, the invite talked about "changing the world" and "smart people" - but these words have different meanings when you are trying to flatter and cajole your friends to come to your house for free. And when people say to one another "oh, you're all so smart", it's not a festival of mutual self-congratulation. It's what you say to people you've met who seem quite smart. Well, you do if you're not sitting fifty yards from them, arching your eyebrow significantly.
Somehow, though, that only makes things worse. Oh sure, they weren't telling the world that they were geniuses, the critics roar. They were meeting, secretly, to say it to each other. Without telling anyone.

Danny goes on to point out that on the web, things intended for a small audience of friends have a way of being exposed to the harsh light of public scorn, in exactly the way that face-to-face conversations over a few pints don't. Which is why things like britneyblogs and web journals attract so much mockery -- because they're not meant for the general public.

(Which ties in to my reason for setting up a LiveJournal, and the emerging separation of powers between this blog and the LJ; with LiveJournals, you get the very important ability to make posts which are friends-only, and invisible to anyone save for those in your list of friends (or a subset thereof), which saves you from shooting your mouth off about your small life and exposing your weaknesses/what a boring person you are to potential lovers/employers and/or millions of bored teenagers looking for "losers" to ridicule (ask Ghyslain Raza about that). Granted, it involves your friends having LJ accounts, but that's probably easier to arrange than setting up a password system on your blog and persuading them to indulge your paranoia and log in. It's still in the secret register, as Danny would say, but the secrecy is transparent to anyone who already has a LJ membership. (Btw, if you personally know me and want a LJ creation code, email/IM me.))

culture internet online privacy the private register 2

2003/8/26

The street finds its own uses for draconian copyright laws, it seems. In the U.S. it recently became possible to turn an IP address and a timestamp into the complete details of the person using said address at that time, simply by filling out a 1-page form claiming that the user is violating your copyrights. Not surprisingly, these laws are being abused; recently a porn site has issued subpoenas to an ISP to discover the identities of subscribers. It is not clear what they want with the identities, but given how the porn industry attracts operators of above-average ethical flexibility (thank the Judaeo-Christian anti-sex ethic for that), all sorts of possibilities come to mind. And where pornographers go now, investigators, psycho ex-boy/girlfriends and generic marketing weasel types will go tomorrow.

copyright dmca privacy usa 2

2003/8/5

I'm Wayne Kerr, and if there's one thing I hate... it's Movable Type weblogs demanding that one enters an email address when posting a comment. This, I believe, is a useless requirement, and serves no purpose except to make posters jump through more hoops; it's the equivalent of useless bureaucracy.

Why is it useless? Well, if you submit your email address, it will either be displayed on the web or it won't. If it is, then, sooner or later, a spam spider will come along and harvest it and the address will be inundated with advertising for dodgy debt-elimination/penis-enlargement schemes until the end of time. If it isn't, then why bother collecting the email address? It's not actually used to send a password to the user or anything like that. It's like the "Anonymous login OK, send email address as password" thing FTP servers send, only even less sensical, as back when FTP came about, some human may have conceivably looked through the email addresses thus entered and gotten information out of them. (And that's not counting the sites which don't show addresses in their HTML but leak them in their RSS feeds, but I digress.)

So you decide to write 'none' or something. No dice; Movable Type has ways of making you submit something that looks like an email address (or, to be precise, that is within a Perl regexp's distance of one). Not that it does much to defend the MT email address collection system's integrity against spam-wary users; something like 'a@b.cd' fools it. In other words, the enforcement mechanism is strong enough to be annoying, but utterly useless against someone determined not to comply. It's not a huge effort to remember to type dont@spam.me or something in every time you post a comment to a blog, but that's not the point. The point is that there is no logical reason to enforce this requirement, and a very good reason for not entering one's real email address on any such form. It is also impossible to verify whether the address coerced out of the users is valid or just looks like it might be. As such, the decision to require email addresses in comment posting forms is bad design, and does nothing other than annoying users and filling databases with garbage.
</RANT>

annoyances movable type privacy wayne kerr 3

2003/6/26

William Gibson, writing in the NY Times, claims that it is becoming unprecedentedly difficult for anyone, anyone at all, to keep a secret:

In the age of the leak and the blog, of evidence extraction and link discovery, truths will either out or be outed, later if not sooner. This is something I would bring to the attention of every diplomat, politician and corporate leader: the future, eventually, will find you out. The future, wielding unimaginable tools of transparency, will have its way with you. In the end, you will be seen to have done that which you did.
I say "truths," however, and not "truth," as the other side of information's new ubiquity can look not so much transparent as outright crazy. Regardless of the number and power of the tools used to extract patterns from information, any sense of meaning depends on context, with interpretation coming along in support of one agenda or another. A world of informational transparency will necessarily be one of deliriously multiple viewpoints, shot through with misinformation, disinformation, conspiracy theories and a quotidian degree of madness. We may be able to see what's going on more quickly, but that doesn't mean we'll agree about it any more readily.

(via 1.0)

privacy secrets tech transparency 0

2003/5/20

Dating a blogger, reading about it, or the consequences of bloggers going on about their co-workers/boyfriends/buddies/&c:

Indeed, for many bloggers being noticed seems to be the point. John M. Grohol, a psychologist in the Boston area who has written about bloggers, said they often offered intimate details of their lives as a ploy to build readership.

Or perhaps it's pathological narcissism or exhibitionism? Or perhaps a symptom of the human need to communicate in a disconnected, depersonalised society?

That became an issue for a recent boyfriend of hers, a 34-year-old Manhattan hedge-fund manager who feared that having his name in the blog could compromise his business relationships. During his eight-month stint as a nameless regular on Ms. Clemente's site, he said, "it was an odd feeling that there was a camera on me." Friends and relatives who knew about the site followed his relationship online, he said. "On occasion my mother would send me an e-mail saying, `How was the play?' or, `Sounds like you had a nice weekend away,' " he said.

I wonder how long until we see personal ads reading "blogger seeks exhibitionist", promising Internet-wide fame to anyone wanting to go out with them. I suspect there'd be takers out there (though whether one would want to sleep with them is another matter).

When the relationship ended, she said, "I had totally random people e-mailing me saying they were sad we broke up." She described the experience as "totally weird," but added, "As a writer, having anyone read your stuff is a compliment."

The proliferation of personal bloggers has led to a new social anxiety: the fear of getting blogged, as friends of bloggers face the prospect of becoming characters in a public drama:

"It's personal etiquette meets journalistic rules," Mr. Denton, the blog publisher, said. "If you have a friend who's a blogger you have to say, `This is not for blogging.' It's the blogging equivalent of `This is off the record.' "

Then again, the question is, is that really blogging? Blogging was originally about linking to things on the web and/or commentary on various ideas/media; however, the word seems to have mutated to mean "any web page where new content is added at the top", with many in this category being online diaries/journals. Meanwhile, you're as likely to find old-sk00l link-based blogging in LiveJournal sites as elsewhere. (And whatever happened to E/N sites, the geek-macho cousins of blogs?)

IMHO, my philosophy of blogging is that it is not so much about one's everyday life as about one's intellectual interests. This includes links to interesting sites/articles, commentary about books/movies/music/ideas/current events, and so on. Sure it may not be as "personal" as giving the juicy goss about one's sex life or rabbiting on about the poor quality of coffee at work, but it's more interesting.

In my blog, I specifically avoid talking about friends, coworkers, places of employment and so on, for the usual reasons. And you probably won't find me talking about recent dating experiences/trips to the supermarket/taking my cats to the vet/whatever; there's enough of that sort of thing elsewhere on the web (and some do it more rivetingly than others). In short, this blog is not a journal, and not an intimate window into the author's private life. (The author's prejudices and fixations, maybe.) (That's also why the <TITLE> of this blog says "I am not your friend in the void"; if after reading a blog for a while you start to think of the author as a close friend, or someone you have a special relationship with, you probably need to get out a bit more.)
</RANT>

Anyway, that's just my view on the matter.

blogging dating media narcissism privacy 4

2003/1/30

Won't someone think of the children? Under new laws unveiled in Britain to protect children from the paedophile menace, having sex in one's private garden will be a crime, punishable by up to six months. Sex in one's home is still legal, however, even with the blinds open. If you're in Britain, now may be your last chance to legally have a bonk in your backyard (though wouldn't it be too cold for that sort of thing?)

law privacy sex uk 0

2003/1/16

Here's why you should destroy your old hard disks: two MIT graduate students, Simson Garfinkel (known for his work in computer security) and Abhi Shelat, did an experiment in data-mining old hard disks; they bought 158 second-hand hard disks; on 49 of those disks, they were able to recover "significant personal information", including medical correspondence, love letters, pornography and credit card numbers. And if students can find these sorts of things, it's sure that some businessman of above-average ethical flexibility will have thought of the same thing.

(It's funny that there are no pages on effective ways to physically destroy hard disks beyond recovery. There must be quicker, easier and more efficient means than smashing them with a sledgehammer or tossing them in an incinerator. Cory Doctorow recommended dropping platters in acid in one of his stories; though, obviously, exact instructions weren't given. You'd think that some paranoiac on the Internet would have done the research and posted it for the benefit of fellow victims of persecution.)

privacy security 3

2002/1/17

The Beast of Redmond: Microsoft buys SGI's graphics patents; penguinheads concerned they may be used to crush OpenGL, or cripple 3D graphics capabilities on non-Windows platforms. Meanwhile, if you use Windows Media Player to download content from sites, the sites can keep track of you, using a convenient global ID number. Apparently this is not a bug but a feature. (via Slashdot)

computer graphics microsoft opengl patents privacy sgi tech windows windows media 0

2001/10/7

A piece on the social impact of Britain's CCTV system,

''Imagine a situation where you've got an elderly relative who lives on the other side of the city,'' Marshall says. ''You ring her up, there's no answer on the telephone, you think she collapsed -- so you go to the Internet and you look at the camera in the lounge and you see that she's making a cup of tea and she's taken her hearing aid out or something.''
Norris also found that operators, in addition to focusing on attractive young women, tend to focus on young men, especially those with dark skin. And those young men know they are being watched: CCTV is far less popular among black men than among British men as a whole. In Hull and elsewhere, rather than eliminating prejudicial surveillance and racial profiling, CCTV surveillance has tended to amplify it.
The cameras are also a powerful inducement toward social conformity for citizens who can't be sure whether they are being watched. ''I am gay and I might want to kiss my boyfriend in Victoria Square at 2 in the morning,'' a supporter of the cameras in Hull told me. ''I would not kiss my boyfriend now. I am aware that it has altered the way I might behave. Something like that might be regarded as an offense against public decency. This isn't San Francisco.'' Nevertheless, the man insisted that the benefits of the cameras outweighed the costs, because ''thousands of people feel safer.''
In many ways, the closed-circuit television cameras have only exaggerated the qualities of the British national character that Orwell identified in his less famous book: the acceptance of social hierarchy combined with the gentleness that leads people to wait in orderly lines at taxi stands; a deference to authority combined with an appealing tolerance of hypocrisy. These English qualities have their charms, but they are not American qualities.

(via Slashdot)

cctv englishness privacy surveillance uk 0

2001/1/23

Anonymity is useless; your language patterns are as unique as your DNA, and words serve as a memetic sample that can be used to identify the author. Or so says Don Foster, the English Literature professor and investigator who identified the author of Clintonian roman à clef Primary Colors, helped track down the Unabomber from his writings and proved that a forgotten poem had been written by Shakespeare. Foster is the author of a new book titled Author Unknown, which (judging from the review) looks fascinating.

anonymity identity language privacy surveillance 0

2000/10/9

Surprise, surprise: If you use web-based email or ICQ from work, your employer can read your mail, regardless of what the banner ads say. (via Slashdot)

email im privacy surveillance 0

2000/5/28

Liquor bootlegger turned recording/film empire Seagram declares war on Internet anonymity: (press release, via Slashdot)

Let me now turn to my fifth point. We must restrict the anonymity behind which people hide to commit crimes. Anonymity must not be equated with privacy. As citizens, we have a right to privacy. We have no such right to anonymity.

anonymity copyfight edgar bronfman jr. privacy 0

This will be the comment popup.
Post a reply
Display name:

Your comment:


Please enter the text in the image above here: