privacy

Older Entries »

Scumbag Facebook

Wednesday, September 28th, 2011

Awhile back Chris Berry and I had a conversation about the state of analytics and tracking and where the industry is going.  We were both concerned that analysts were going to screw themselves by tracking information they had no business to. And that it was just a matter of time before someone dropped the ball….Well, the ball has dropped.

Facebook just admitted they have been tracking users even after they log out of the site.

Violating personal privacy is nothing new to Facebook.  Heck, their entire business model is based off of selling your personal information which is why I got off of it years ago.

In comparison, the breech of Sony was a Fukushima, it was a disaster for the corporation but was caused by an outside force.  One could argue they should have been prepared but if the hackers hadn’t attacked them it would not have been an issue.

In the case of Facebook, it’s a Chernobyl.  It is violation of privacy caused by the companies own actions (which it calls a glitch). In an effort to cover it’s ass it has recently set up its own Political Action Committee, an American term for a lobbying outfit to get its views heard on Capitol Hill.

So far this year it has already spent £352,000 ($550,774) on lobbying, already ahead of last year’s total of £224,000.

Scumbags….

Money it made by selling its customer’s personal information to advertisers.

Share
privacy social media
No Comments »

Sony PSN Breach: Fukushima of Privacy

Sunday, May 1st, 2011

Recently Sony shut down it’s Playstation Network due to an intrusion into it’s customers’ personal information. Names, addresses even credit cards were taken. With 75 million+ PSN users affected, it is one of the largest breaches of confidential user information in history.  As Chris Berry said to me, this is the Fukushima of Privacy.

Both involve Japanese companies, both were arguably preventable and both events suffered from poor communication to those affected.

Most users, like myself, do not pay to play on the PSN however now many games come with downloaded content online which require a credit card to purchase.  The PlayStation Network is free as part of whatever game was purchased plus the cost of the console when originally purchased.  They do offer a premium service however for those who are actively into multi-player gaming.  To further ad insult to injury, the break in happened at a time when 3 major games came out Portal2, Mortal Kombat and SOCOM4 all of which include online play.

Sony was blasted online for the length of time it took to notify it’s users and that to date it has not apologized for the massive breach of trust. Connecticut Attorney General George Jepsen wrote, ”What is more troubling is Sony’s apparent failure to promptly and adequately notify affected individuals of this large-scale breach.”

Kazuo Hirai, executive deputy president of Sony Corporation, said: “We have learned lessons along the way about the valued relationship with our consumers, and to that end, we will be launching a customer appreciation programme for registered consumers as a way of expressing our gratitude for their loyalty during this network downtime, as we work even harder to restore and regain their trust in us and our services.”  Funny, I don’t see the words apologize or sorry in there anywhere.

Seems they might have the same lesson to learn as TEPCO.  Now Rothken law firm has filed suit in a California court, claiming that Sony mismanaged user data and that the sensitive information was not adequately protected. Well duh! However like Fukushima I fail to see how suing does anything but make the lawyers wealthy.

The good news is the FBI is involved and so far none of the banks have reported any suspicious activity on users accounts. The bad news is that over 2 million credit cards numbers have gone up for sale after the hack.

Sony has announced the PSN will be back online later this week, but who knows if gamers will return or not; speculations abound. I suppose one more thing the PSN security breach has in common with Fukushima is we will need to wait to see what the full extent of the damage is.

Share
privacy
No Comments »

Privacy in Canada is dead

Thursday, November 25th, 2010

Privacy in Canada is officially dead.

The supreme court of Canada has granted police the power to enlist a power company in monitoring some one’s energy consumption without a warrant in an attempt combat grow-ops.

“The Constitution does not cloak the home in an impenetrable veil of privacy,” Justice Marie Deschamps wrote in the lead opinion. ”To expect such protection would not only be impractical, it would also be unreasonable.”

I find this statement to be truly mind boggling.  If ever there was a place where one should have a veil of privacy it should be the home. “Impenetrable” the veil never was, but it shouldn’t be thrust aside by rash decisions either.  Privacy in the home can be removed by a warrant which  has sufficient evidence to allow police to search a home after indications of criminal activity.  The safety mechanism in all this is that the police have to convince a judge, someone who presumably holds justice as their highest priority, that the invasion of privacy is warranted.

Where this stems from is the Calgary police, in 2004  noticed a house which didn’t have snow on the roof, it had condensation on the window and the smell of pot in the air. They then asked Enmax, the power company servicing the house, to install a digital recording ammeter to obtain a detailed printout of the power consumption. The officers then used the information to obtain a search warrant.

Once searched, the police seized 165 kilograms of bulk marijuana and another 206 grams of processed, bagged marijuana and charged the owner, Daniel Gomboc with growing and selling marijuana.

“I was extremely pleased I could be part of a Supreme Court decision that was in favour of police and common sense,” said Roger Morrison.

Morrison left the Calgary police in 2007 to found dTechs, a high-tech company that developed a wireless meter that can detect excessive power use by grow ops.

How lucky for him the court ruled in favor of his business.

While in the case in question it turned out for the police had been correct, who then monitors the police? Morrison suggested that allowing police to go through a utility company it protects the privacy of consumers.  He figures this because if the police suspect you have a grow up (you know because there is condensation on your windows, or no snow on your roof) and they see your power consumption is normal, then they won’t need to investigate.  Otherwise they would need a search warrant which would be obtrusive, as he puts it “You might as well get a warrant to kick in the door.”

Well Mr. Morrison I will not surrender my privacy for the sake of convenience or the threat of police of police kicking in my door. If the police can monitor my power consumption without a warrant, why not my Internet,  my mail, my phone?  Where does it end?

And all this for pot?  Really?  Just fucking legalize it already and start taxing it.

Some of the Supreme court agrees with me, on the privacy part anyway:

Chief Justice Beverley McLachlin and Justice Morris Fish noted this step was an “incremental but ominous step toward the erosion of the right to privacy.”

“When we subscribe for cable services, we do not surrender our expectation of privacy in respect of what we access on the Internet, what we watch on our television sets, what we listen to on our radios, or what we send and receive by e-mail on our computers,”

“Likewise, when we subscribe for public services, we do not authorize the police to conscript the utilities concerned to enter our homes, physically or electronically, for the purpose of pursuing their criminal investigations without prior judicial authorization.”

Eye weekly has an ongoing feature of some of the unlawful surveillance that Toronto police has done in the last couple of decades, and it is appalling. It is appalling given the number of stories that have come to light of police misconduct, that anyone would grant them more power to investigate individuals without oversight.

Privacy is dead in Canada. Mark my words, today it is your electrical consumption, tomorrow it will be your Internet, then your phone, then conversations in your own home.  Soon the only place you will have privacy is in your own mind.

Share
Authority privacy
2 Comments »

“Like” is the new spam

Tuesday, August 31st, 2010

Chris Berry, in his post “It’s LIKE Email in a way” is correct that the Facebook like button will net out as a positive despite the inevitable spam. But what he doesn’t notice is that it is spam, and it’s the marketer and the “like” clicker who get rewarded for it. The marketer gets their message spread and the clicker…well, they get to feel like someone gives a shit.  Seriously, think about the last thing you “liked” did anyone come up to you and go “OMG! you liked that too? Awesome!” Probably not.  It takes no effort to “like” something.

You can go through the steps to turn off the newsfeed notices from the company you “liked”.  But what do I get, as someone who gets the “Chris just liked bingo card” message, get? Nothing, other than another needless newsfeed entry. Like buttons are nothing more than crass marketing scams at their most basic level. Its like when you are in an art gallery and someone says “I like that.” and you ask them why and they say, “I don’t know, I just do.”  It’s a  cop out. They might as well say, “I don’t want to put in the effort to think, leave me alone.”

You might be tempted to say I get exposure to new things and exciting opportunities or I get to find out more about Chris, but what if Chris is a “like” spammer?  Someone who likes everything?  What if Chris isn’t as discerning as I am?

It’s like the 4square people who feel it is necessary to check in every 15 minutes or twitterers who tweet every thought they have.

penny arcade twitter

penny arcade

The issue with Facebook as I see it is that Zuckerberg would like everyone to share their personal data – whether they want to or not. ( Note: Zuckerberg’s data isn’t exactly open either) But I don’t want your personal data.  I don’t care. If Chris likes “My little pony” or if my sister found an interesting article on planes, it does mean anything. If Chris really likes My little pony, he’ll tell me about it, or blog about it, or explain why he likes it in an email.

If you don’t put any effort into expressing why you like something, then don’t expect anyone to care.  It’s the Internet equivalent of sending mail labelled “dear occupant”.

I think what has to happen is a change in social netiquette (see what I did there?) around feeds and sharing data. In Japan, etiquette around cell phone use changed so that now, no one talks on a cellphone on a train. It’s considered rude. “Liking” things without explanation should be the same way.

And just so you know Chris, I did quit Facebook, but my farewell message must have gotten lost in all that “like” spam.

Share
privacy social media thoughts
No Comments »

Privacy and DRM

Friday, May 21st, 2010

Personal information should be protected under copyrights as well as privacy laws.  The government of Canada is about to release a new bill which will see Canada follow the US with Digital Rights Management.  I would like that to extend to my personal information I created everything about me on facebook.  I would like corporations like Facebook and Youtube and others to be forced to treat my personal information like I will be forced to treat music, movies and software.

If I buy a copy of Adobe Photoshop I cannot copy it and resell it, I cannot share it with other, and I don’t own it.  I think the same restrictions should be applied to Facebook.  Facebook “rents” my information which they are free to use on their site to advertise to me. But while they can use it, but they cannot sell it (which they are), cannot share it (which they are) and cannot copy it (which they are).

What’s good for the goose is good for the gander

Share
Advertising privacy
No Comments »

Cellphones, social media and privacy: what are you really sharing?: A response

Thursday, December 3rd, 2009

So I was interviewed today for  this CBC blog article entitled “Cellphones, social media and privacy: what are you really sharing?”, by Robert Ballantyne .  I was chosen because I am the “mayor” of the CBC on Foursquare.  If you have never seen foursquare it essentially a way of telling your friends where you are at, at any given time.  This done through geo-tagging and social networking.

The “Mayor” is Dave H. He has an identifying photo and you can access his full Twitter and Facebook accounts. From that, I discover he’s a colleague, what he does, who he’s in a relationship with, his email address, his dot-com, how old he is, who his friends are, what made him cry recently on CNN, and freely browse through detailed photos of his house — both interior and exterior.

What Robert and other people are missing is that I am not giving away anything that anyone couldn’t figure out with a walk by my house and a little sleuthing.  For example if you have a full time job,  and I’m going to assume that you don’t work from home, chances are that between the hours of 9 to 5 you are not home. And so it is with most people.

My dot com is named after me, not really original but I had intended it to be for business purposes.   I will also tell you that Robert Ballantyne has done the same thing so it is not that big of a discovery.

If you want to know what I do for a living just look in the top left of this blog. (which by the way, Robert got wrong.)  If you want to know about my relationship without using a computer ask a neighbor.  If you want to know what CNN article made my cry it is a story about a dying girl who left notes behind for her parents sandwiched in the pages of children’s books. (They left one unopened so there would always be one more letter from their daughter which is totally heartbreaking) look at my Facebook page.  I don’t hide these things for two reasons: 1, they are not especially sensitive.  2, chances are if your reading this, you already know me…and if you didn’t, you do now!

More people have their identities stolen from paper statements and e-statements. Most identity thieves still stick to old fashioned practices like dumpster diving and stealing files from their places of employment. Collecting information I freely and willingly expose is not impressive.  If you want to impress me, break into my bank account and pay my mortgage!

I am not trying to pick on Robert, I think its a great article and many people might not be aware they are exposing this information.  But if you really want to hear something scary regarding privacy, look up the US Patriot Act.  I am more scared of the government than I am of criminals. Besides, everywhere you go, you leave little electronic footprints which means they are leaving the same footprints.

In this day and age if you want to remain anonymous, stay off the internet.

Share
crime privacy
No Comments »

Privacy? What privacy?

Thursday, November 20th, 2008

Jim Sterne just posted on the WAA blog about privacy and disclosure. While I agree with him and Seth Godin that you need to get users to opt-in to recieving email, I don’t think the same holds true with web metrics provided they are anonymous.

Yahoo is requiring and enforing that websites who are using their web analytics tool disclose this fact to their visitors, and provide an opt-out link for those who wish to not be tracked. Poppy-cock! That is absolute rubbish. Users can already refuse or delete cookies, and with a tool like webtrends I could analyze the weblogs. So if I really want the data I am going to get it.

Not to mention that you are in my house. It’s my website. I am not tracking you as person, I am tracking you as a visit or unique visitor. When I go to a museum they don’t ask me if I wish for my visit to be recorded or not, it just is. They need to count the number of visitors to figure out budgeting and administration. I need to record visits to optimize my site.

Bigger issues lie in privacy issues such as packet sniffing and ISPs messing with bandwidth. Google and Yahoo handing over personal information to government is a far bigger danger than if I record that you looked at this post and then left. Remember Shi Tao anyone? The man that was jailed for 10 years in China after Yahoo handed his personal information to the Chinese government, all in the name of big business. Having Yahoo tell me I have to be open about privacy issues smacks of more than a little hypocrisy.

While privacy is absolutely integral to what we do in web analytics, this measure is needless work. Most people won’t understand what it means. Ever try to explain what it is you do at a dinner party?

Unless a site is specifically recording me – Dave Hamel as a visitor then I don’t care what they do. I don’t think there can be an expectation of privacy when you are on the web so rather than providing needless measures and promises, maybe we should just be educating people that the web never forgets; that everything you do can and is being tracked.

Share
Analytics Authority privacy
1 Comment »

England isn’t slowly becoming an Orwellian society

Wednesday, November 5th, 2008

They are running towards it full tilt!

here are some posters from the U.K.  It is my understanding that if you have a TV in England you have to pay a yearly fee for the BBC, regardless of whether you watch it or not and hence the “you cannot hide” motif.  The last one isn’t even particularly well designed either. geez.  Whatever happened to Anarchy in the U.K.?

 

Share
Authority crime politics privacy thoughts
No Comments »

The ship has already sunk, learn to swim

Monday, September 8th, 2008

Chris Berry wrote an interesting post on his Eyes on Analytics blog entitles “On the Exxon Valez of Privacy”.  I recommend you read it. It is about the potential damage that can be done by a web analyst if they are not careful with data and privacy.

I had a few thoughts.

I, as an analyst supposedly can’t track you as an individual.  The truth is I can, and I can do a lot more.  For instance I have a theory (supported by cold hard data) that most people only utilize a few passwords.  Maybe one set for work and one for their personal lives.  Same goes for user names.  I have a user name I use all the time, and if you know what it is you can easily find other sites I have been to and commented, or posted, or become a member.

Now if you know that user name, and you happen to webmaster one of the sites I use, simply write some script that captures the wrong passwords.  Chances are, I have either misspelled it, or entered the wrong one.  The wrong one for this site might be the right one for one of the other sites I visit.  Do that enough and now you can hack into almost everywhere I go.  Now you can collect all the personal data you want!

It is easy to find out about a person, I can ask you neighbors, find you on Facebook, LinkedIn, MySpace. but as an analyst I don’t care about “persons” I want “people.”  I believe it was Stalin who said, “Kill one person it’s murder, kill a million and it’s a statistic.”  I hate to say it but I deal with stats, not persons.

While the BI/WA barrier may be getting thinner I think it comes down to due diligence and an expectation of privacy.  You may think “I only posted it on my Facebook”.  Ya okay, but your friend liked that photo of you passed out with marker on your face so much they re-posted it.  Now it is in the open.

If you post things on the internet, you have no expectation of privacy.

Chris is talking more about personal data collected by WA’s and used by Business Intelligence.  But I think this falls into the same category. If you don’t want Amazon to know you read “Horny House Wives” magazine, then don’t login and surf to it.  With a little care and forethought you can protect youself without the need for legislation.  Of course this is Canada, and heaven knows how much we like to make laws.

Share
Analytics Measurement privacy
1 Comment »

Time to find a new ISP

Tuesday, December 11th, 2007

As I have stated before I take my privacy extremely seriously. It isn’t so much that I try to hide anything, but rather I want control of how I use that information, it is mine after all. If you think that sounds strange think of the copyrights that studios have on movies. They can control when a film is shown, by whom, and if you violate their notice they can sue you. I want the same rights.

Rogers has recently begun injecting advertising (in this case a notification) into users web experience.

Rogers sucks

At the moment this is merely notifications about reaching bandwidth limits, however there is something much more incideous at work here. Deep Packet inspection allows ISPs to monitor and edit the content of the pages you are viewing. So instead of reading “George Bush is a war monger and Dick Cheney is the devil” it could be changed to “George Bush is a Predisent of the United States and Dick Cheney is the vice-president

Rogers confirmed that the notices are being added to pages, but denies plans to engage in more extensive content manipulation.

According to Rogers communications VP Taanta Gupta “There is no deep package inspection and there is no privacy issue.” This is obviously erroneous. Since this notification is appearing on a Mac based browser (evident in the style of buttons) and no developer would write something like this for such a small user base. The changes have to be done on a HTML level which means messing with the user’s packets.

It looks like it is time to find a new ISP.

Share
privacy
No Comments »
Older Entries »