mfioretti: privacy* + surveillance*

Bookmarks on this page are managed by an admin user.

235 bookmark(s) - Sort by: Date ↓ / Title / Voting / - Bookmarks from other users for this tag

  1. The research was, as the study puts it, “premised on the notion that ad transparency undermines ad effectiveness when it exposes marketing practices that violate consumers’ beliefs about ‘information flows’ — how their information ought to move between parties.” So if a clothing store asks you for your email address so that it can send you promotional spam, you may not enjoy it, but you probably won’t consider it a breach of trust. But if that same store were, say, covertly following your movements between the aisles by tracking your cellphone, that would be unnerving, to say the least. Given that Facebook operates its advertising operation largely on the basis of data harvesting that’s conducted invisibly or behind the veil of trade secrecy, it has more in common with our creepy hypothetical retailer.

    as John explained via email, “If I have to see ads, then yeah, I’d generally prefer ones that are relevant than not relevant but I’d add the qualifier: as long as I get the sense that you are treating my personal information properly. As soon as people feel that you are violating their privacy, they can become uneasy and understandably, distrustful of you.” Zuckerberg’s claim that you prefer to have your most personal information and online behavior tracked and analyzed on an industrial scale probably only checks out if you’re unaware it’s happening.

    Assuming the validity of the research here, it’s no wonder Facebook doesn’t want to show its math: The ads that are its lifeblood will stop working as well. John agreed that “there’s a disincentive for firms to reveal unsavory information flows, so that could plausibly explain trying to hide it.” Facebook is, after all, one big, world-spanning, unsavory information flow.
    https://theintercept.com/2018/05/09/facebook-ads-tracking-algorithm
    Voting 0
  2. The answer is yes, at least in theory. New University of Washington research, to be presented in a paper Oct. 30 at the Association for Computing Machinery’s Workshop on Privacy in the Electronic Society, suggests that for roughly $1,000, someone with devious intent can purchase and target online advertising in ways that allow them to track the location of other individuals and learn what apps they are using.


    “Anyone from a foreign intelligence agent to a jealous spouse can pretty easily sign up with a large internet advertising company and on a fairly modest budget use these ecosystems to track another individual’s behavior,” said lead author Paul Vines, a recent doctoral graduate in the UW’s Paul G. Allen School of Computer Science & Engineering.

    The research team set out to test whether an adversary could exploit the existing online advertising infrastructure for personal surveillance and, if so, raise industry awareness about the threat.

    “Because it was so easy to do what we did, we believe this is an issue that the online advertising industry needs to be thinking about,” said co-author Franzi Roesner, co-director of the UW Security and Privacy Research Lab and an assistant professor in the Allen School. “We are sharing our discoveries so that advertising networks can try to detect and mitigate these types of attacks, and so that there can be a broad public discussion about how we as a society might try to prevent them.”
    graphic of commute where someone could be tracked via ads

    This map represents an individual’s morning commute. Red dots reflect the places where the UW computer security researchers were able to track that person’s movements by serving location-based ads: at home (real location not shown), a coffee shop, bus stop and office. The team found that a target needed to stay in one location for roughly four minutes before an ad was served, which is why no red dots appear along the individual’s bus commute (dashed line) or walking route (solid line.)University of Washington

    The researchers discovered that an individual ad purchaser can, under certain circumstances, see when a person visits a predetermined sensitive location — a suspected rendezvous spot for an affair, the office of a company that a venture capitalist might be interested in or a hospital where someone might be receiving treatment — within 10 minutes of that person’s arrival. They were also able to track a person’s movements across the city during a morning commute by serving location-based ads to the target’s phone.

    The team also discovered that individuals who purchase the ads could see what types of apps their target was using. That could potentially divulge information about the person’s interests, dating habits, religious affiliations, health conditions, political leanings and other potentially sensitive or private information.
    https://www.washington.edu/news/2017/...ds-to-track-your-location-and-app-use
    Voting 0
  3. In the case of Aadhaar, we have seen no adoption of traditional security measures well regarded in the industry to fix exploits, bugs or vulnerabilities.

    What we have seen is a lot of shooting the messenger and attractive marketing to hard sell the benefits of Aadhaar while underplaying privacy and security issues.
    Surveillance

    Misuse of the database for state surveillance and targeted coercion is also unpreventable.

    Anyone committing her data to such a system is betting for her lifetime that her government will never become totalitarian or even strongly anti-democratic, lest she be subjected to forms of oppression she cannot possibly evade.

    These are not merely theoretical concerns of Luddites or anti-innovation activists but already being perfected by countries like China.

    The Xinjiang region of China, which has long been subject to tight controls and surveillance has seen vast collection of DNA samples, fingerprints, iris scans and blood types of people aged 12 to 65. This information is then linked to residents' hukou, or household registration cards.

    This system limits people's access to educational institutions, medical and housing benefits. Combined with facial recognition software, CCTV cameras and a biometric database, the unprecedented level of control being attained is being presented as an example of the great technological strides the country is making.
    http://www.bbc.com/news/world-asia-india-43619944
    Voting 0
  4. Journalists have been asking me whether the revulsion against the abuse of Facebook data could be a turning point for the campaign to recover privacy. That could happen, if the public makes its campaign broader and deeper.

    Broader, meaning extending to all surveillance systems, not just Facebook. Deeper, meaning to advance from regulating the use of data to regulating the accumulation of data. Because surveillance is so pervasive, restoring privacy is necessarily a big change, and requires powerful measures.
    After the Facebook scandal it’s time to base the digital economy on public v private ownership of data
    Evgeny Morozov
    Read more

    The surveillance imposed on us today far exceeds that of the Soviet Union. For freedom and democracy’s sake, we need to eliminate most of it. There are so many ways to use data to hurt people that the only safe database is the one that was never collected. Thus, instead of the EU’s approach of mainly regulating how personal data may be used (in its General Data Protection Regulation or GDPR), I propose a law to stop systems from collecting personal data.

    The robust way to do that, the way that can’t be set aside at the whim of a government, is to require systems to be built so as not to collect data about a person. The basic principle is that a system must be designed not to collect certain data, if its basic function can be carried out without that data.

    Data about who travels where is particularly sensitive, because it is an ideal basis for repressing any chosen target. We can take the London trains and buses as a case for study.

    The Transport for London digital payment card system centrally records the trips any given Oyster or bank card has paid for. When a passenger feeds the card digitally, the system associates the card with the passenger’s identity. This adds up to complete surveillance.

    I expect the transport system can justify this practice under the GDPR’s rules. My proposal, by contrast, would require the system to stop tracking who goes where. The card’s basic function is to pay for transport. That can be done without centralising that data, so the transport system would have to stop doing so. When it accepts digital payments, it should do so through an anonymous payment system.
    Advertisement

    Frills on the system, such as the feature of letting a passenger review the list of past journeys, are not part of the basic function, so they can’t justify incorporating any additional surveillance.
    https://www.theguardian.com/commentis...ata-law-privacy-big-tech-surveillance
    Voting 0
  5. “I believe it’s important to tell people exactly how the information that they share on Facebook is going to be used.

    “That’s why, every single time you go to share something on Facebook, whether it’s a photo in Facebook, or a message, every single time, there’s a control right there about who you’re going to be sharing it with ... and you can change that and control that in line.

    “To your broader point about the privacy policy ... long privacy policies are very confusing. And if you make it long and spell out all the detail, then you’re probably going to reduce the per cent of people who read it and make it accessible to them.”
    https://www.theguardian.com/technolog...testimony-to-congress-the-key-moments
    Voting 0
  6. Should there be regulation?#
    Yes. On privacy disclosure, and prohibiting the most draconian uses of user data. It should not be possible for users to give those rights up in exchange for use of a social system like Facebook. The idea is similar to the law in California that says that most non-competes are not enforceable. The benefit you receive has to be somewhat equivalent to the data you give up. #
    What about Google, Apple, Amazon?#
    This is the really important stuff.#
    This affair should get users, government and the press to look at other tech companies who have business models based on getting users to disclose ever-more-intimate information. Here are some examples.#
    Google, through Android, knows every place you go. They use that data. Do they sell it? I don't know, but I'm pretty sure you can use it to target ads. Apple, through the iPhone also knows where you go.#
    Apps on Android or iPhones can be told where you go. Many of them are only useful if you let them have the info. Apps can also have all your pictures, contacts. Face recognition makes it possible to construct a social graph without any access to the Facebook API.#
    Google and Apple can listen to all your phone calls.#
    Google, through their Chrome browser, knows everywhere you go on the web, and everything you type into the browser. #
    Amazon Echo and Google Home are always listening. Imagine a leak based on conversations at home, phone calls, personal habits, arguments you have with your spouse, kids, any illegal activities that might be going on in your home. #
    If you have a Gmail account, Google reads your mail, and targets ads at you based on what you're writing about. They also read the email that people send to you, people who may not also be Gmail users. Some examples of how creepy this can be -- they seem to know what my investments are, btw -- I assume they figured this out through email. Recently they told me when a friend's flight to NYC was arriving. I don't know how they made this connection. I assume it was through email.#
    Amazon, of course, knows everything you buy through Amazon. #
    Google knows everything you search for. #
    And on and on. We've reconstructed our whole society around companies having all the data about us that they want. It's kind of funny that we're all freaking out about Cambridge Analytica and Facebook. The problem is so much bigger. #
    Summary#
    It seems like a non-event to me. The press knew all about the API going back to 2012. That they didn't foresee the problem then is a result of the press accepting the hype of big tech companies on their terms, and not trying to find out what the implications of technology are from non-partisan experts. This was a story that could have and should have been written in 2010, warning users of a hidden cost to Facebook.#
    Today's scandal, the equivalent of the one in 2010, is that Google is attempting to turn the web into a corporate platform. Once they control the web as Facebook controls the Social Graph, we'll have another impossibly huge problem to deal with. Better to head this one off with regulation, now, when it can do some good
    http://scripting.com/2018/04/11/140429.html
    Voting 0
  7. The Riksbank governor, Stefan Ingves, called for new legislation to secure public control over the payments system, arguing that being able to make and receive payments is a “collective good” like defence, the courts, or public statistics.
    Cashing out? Why notes and coins may become a thing of the past in Sweden
    Read more

    “Most citizens would feel uncomfortable to surrender these social functions to private companies,” he said.

    “It should be obvious that Sweden’s preparedness would be weakened if, in a serious crisis or war, we had not decided in advance how households and companies would pay for fuel, supplies and other necessities.”


    “When you have a fully digital system you have no weapon to defend yourself if someone turns it off,” he says.

    “If Putin invades Gotland Sweden’s largest island » it will be enough for him to turn off the payments system. No other country would even think about taking these sorts of risks, they would demand some sort of analogue system.”


    an opinion poll this month revealed unease among Swedes, with almost seven out of 10 saying they wanted to keep the option to use cash, while just 25% wanted a completely cashless society. MPs from left and right expressed concerns at a recent parliamentary hearing. Parliament is conducting a cross-party review of central bank legislation that will also investigate the issues surrounding cash.
    'I don't use contactless': the woman whose name is on British banknotes
    Read more

    The Pirate Party – which made its name in Sweden for its opposition to state and private sector surveillance – welcomes a higher political profile for these issues.
    Look at Ireland, Christian Engström says, where abortion is illegal. It is much easier for authorities to identify Irish women who have had an abortion if the state can track all digital financial transactions, he says. And while Sweden’s government might be relatively benign, a quick look at Europe suggests there is no guarantee how things might develop in the future.
    https://www.theguardian.com/world/201...tack-swedes-turn-against-cashlessness
    Voting 0
  8. Stratumseind in Eindhoven is one of the busiest nightlife streets in the Netherlands. On a Saturday night, bars are packed, music blares through the street, laughter and drunken shouting bounces off the walls. As the night progresses, the ground becomes littered with empty shot bottles, energy drink cans, cigarette butts and broken glass.

    It’s no surprise that the place is also known for its frequent fights. To change that image, Stratumseind has become one of the “smartest” streets in the Netherlands. Lamp-posts have been fitted with wifi-trackers, cameras and 64 microphones that can detect aggressive behaviour and alert police officers to altercations. There has been a failed experiment to change light intensity to alter the mood. The next plan, starting this spring, is to diffuse the smell of oranges to calm people down. The aim? To make Stratumseind a safer place.

    We get that comment a lot – ‘Big brother is watching you’. I prefer to say, ‘Big brother is helping you’
    Peter van de Crommert

    All the while, data is being collected and stored. “Visitors do not realise they are entering a living laboratory,” says Maša Galic, a researcher on privacy in the public space for the Tilburg Institute of Law, Technology and Society. Since the data on Stratumseind is used to profile, nudge or actively target people, this “smart city” experiment is subject to privacy law. According to the Dutch Personal Data Protection Act, people should be notified in advance of data collection and the purpose should be specified – but in Stratumseind, as in many other “smart cities”, this is not the case.

    Peter van de Crommert is involved at Stratumseind as project manager with the Dutch Institute for Technology, Safety and Security. He says visitors do not have to worry about their privacy: the data is about crowds, not individuals. “We often get that comment – ‘Big brother is watching you’ – but I prefer to say, ‘Big brother is helping you’. We want safe nightlife, but not a soldier on every street corner.”
    Revellers in Eindhoven’s Stratumseind celebrate King’s Day.
    Facebook
    Twitter
    Pinterest
    Revellers in Eindhoven’s Stratumseind celebrate King’s Day. Photograph: Filippo Manaresi/Moment Editorial/Getty Images

    When we think of smart cities, we usually think of big projects: Songdo in South Korea, the IBM control centre in Rio de Janeiro or the hundreds of new smart cities in India. More recent developments include Toronto, where Google will build an entirely new smart neighbourhood, and Arizona, where Bill Gates plans to build his own smart city. But the reality of the smart city is that it has stretched into the everyday fabric of urban life – particularly so in the Netherlands.
    Advertisement

    In the eastern city of Enschede, city traffic sensors pick up your phone’s wifi signal even if you are not connected to the wifi network. The trackers register your MAC address, the unique network card number in a smartphone. The city council wants to know how often people visit Enschede, and what their routes and preferred spots are. Dave Borghuis, an Enschede resident, was not impressed and filed an official complaint. “I don’t think it’s okay for the municipality to track its citizens in this way,” he said. “If you walk around the city, you have to be able to imagine yourself unwatched.”

    Enschede is enthusiastic about the advantages of the smart city. The municipality says it is saving €36m in infrastructure investments by launching a smart traffic app that rewards people for good behaviour like cycling, walking and using public transport. (Ironically, one of the rewards is a free day of private parking.) Only those who mine the small print will discover that the app creates “personal mobility profiles”, and that the collected personal data belongs to the company Mobidot.
    https://www.theguardian.com/cities/20...-privacy-eindhoven-utrecht?CMP=twt_gu
    Voting 0
  9. IoT will be able to take stock of your choices, moods, preferences and tastes, the same way Google Search does. With enough spreadsheets, many practical questions are rendered trivial. How hard will it be for the IoT — maybe through Alexa, maybe through your phone — to statistically study why, where and when you raise your voice at your child? If you can correlate people’s habits and physical attributes, it will be toddler-easy to correlate mood to environment. The digitally connected devices of tomorrow would be poor consumer products if they did not learn you well. Being a good and faithful servant means monitoring the master closely, and that is what IoT devices will do. They will analyze your feedback and automate their responses — and predict your needs. In the IoT, Big Data is weaponized, and can peer deeper into the seeds your life than the government has ever dreamed.
    https://www.salon.com/2018/02/19/why-...signed-for-corporations-not-consumers
    Voting 0
  10. Mark Zuckerberg also launched Facebook with a disdain for intrusive advertising, but it wasn’t long before the social network giant became Google’s biggest competitor for ad dollars. After going public with 845 million users in 2012, Facebook became a multibillion-dollar company and Zuckerberg one of the richest men on Earth, but with only a promise that the company would figure out how to monetize its platform.

    Facebook ultimately sold companies on its platform by promising “brand awareness” and the best possible data on what consumers actually liked. Brands could start their own Facebook pages, which people would actually “like” and interact with. This provided unparalleled information about what company each individual person wanted to interact with the most. By engaging with companies on Facebook, people gave corporate marketing departments more information than they could have ever dreamed of buying, but here it was offered up free.

    This was the “grand bargain,” as Columbia University law professor Tim Wu called it in his book, The Attention Merchants, that users struck with corporations. Wu wrote that Facebook’s “billions of users worldwide were simply handing over a treasure trove of detailed demographic data and exposing themselves to highly targeted advertising in return for what, exactly?”

    In other words: We will give you every detail of our lives and you will get rich by selling that information to advertisers.

    European regulators are now saying that bargain was a bad deal. The big question that remains is whether their counterparts in the U.S. will follow their lead.
    https://www.huffingtonpost.com/entry/...antitrust_us_5a625023e4b0dc592a088f6c
    Voting 0

Top of the page

First / Previous / Next / Last / Page 1 of 24 Online Bookmarks of M. Fioretti: Tags: privacy + surveillance

About - Propulsed by SemanticScuttle