All Your Accounts Are Belong To Us

Would you give your account ID, password, account numbers, email address, home address, and all your other sensitive personal information to random strangers? No? Are you sure? Scripts embedded in a web page or app allow the script provider to record every keystroke and every mouse movement you make on the page.

So why are so many of the scripts on account management pages hosted by 3rd parties?

[Read more…]

Enable-Javascript.com

Today for the first time, a web site I visited directed me to http://www.enable-javascript.com/  The site is supposed to be a service for webmasters who need an easy and accurate way to tell site visitors how to enable Javascript in the browser.  Though at first glance that may seem like a great idea and a useful service, it is just the opposite.

This is bad on so many levels.

  • The site makes no mention of any of the many good reasons why you would want Javascript disabled.
  • It doesn’t ask the user to consider how or why Javascript  came to be disabled in their browser in the first place and the implications of reversing that action.
  • It fails to consider the possibility that Javascript is enabled but that it is being blocked by a plug-in or add-on, in which case the instructions will be useless.
  • It offers no information on any of the tools that allow you to enable Javascript on a site-by-site basis

The only function of the site is to tell visitors how to enable Javascript globally for a variety of browsers, as if that were universally a Good Thing.  There is no attempt whatsoever to explain the issues with sufficient depth to allow the visitor to make an informed decision about enabling Javascript.  Considering that Javascript generally has to be manually disabled, who is the target audience?  People who used to know why they wanted scripts disabled but have since forgotten?

And who are the target audience among webmasters?  If the site is usable without script, visitors have no reason to enable script, therefore no reason to visit http://www.enable-javascript.com/.  Presumably, this service is targeted to webmasters whose sites fail to provide content with script disabled.  The webmaster who links to this site is saying to their visitors “My content is so valuable that it is worth the risk to you of turning on Javascript for all sites on the Internet, including those that host active malware such as phishing sites and malvertising networks.”

Or, more likely, it is aimed at webmasters whose advertising fails to render with scripts disabled. In that case the webmaster who links to this site is saying to their visitors “My content is so valuable to me that it is worth imposing the risk to you of turning on Javascript for all sites on the Internet, including those that host active malware such as phishing sites and malvertising networks.”

Who is the more naive one in this exchange?  The visitor who follows the link and enables Javascript globally?  Or the webmaster who genuinely thinks this is a good idea and implements it?

I use some script on my web sites but my approach is to not collect personal data so there’s nothing for me to lose, and to not monetize traffic with dynamic ad networks known to carry malvertising.  I want people to feel comfortable white-listing my site if they want it to be responsive and mobile-friendly, to see the slider on the home page, or to use the social media functions.  I will happily point them to NoScript, Ghostery, Privacy Badger, and more.  But the content doesn’t rely on scripts.  (Possibly The Odd is Silent does since WordPress hosts it, but I try to minimize the impact, including paying them to remove their ads.)

I would never ask you to enable scripts globally to view my content.  And I can’t help but wonder about anyone who would.

Vendor entitlement run amok

My main issue with vendors turning us into instrumented data sources isn’t the data so much as the lack of consent. My Fitbit knows a lot about me but it’s an add-on that I self-selected and it provides value to me. The tracking in my browser is not something I can easily avoid since the browser is now an integral part of my life. Between those extremes there are lots of IoT devices that you can currently choose a private version but where that choice is rapidly disappearing. You can still buy a dumb light switch but not a dumb car, for example. Your shiny new GT phones home.

Among the vendors who seem to feel an entitlement to our data is Microsoft, whose Windows 10 is basically a box of spyware disguised as a user-productivity-gaming-and-cat-video-watching platform. I’ve already written about the issues there, how to mitigate them, and the disheartening number of those “features” that can’t be disabled. Yet as bad as all that is, this latest revelation still managed to surprise me across several metrics: the lack of consent, the extent of the invasion, the degree of exposure, the fact that it’s already been exploited to infect user devices, the fact that the entity who exploited it is a “legitimate” vendor, and the fact that said “legitimate” vendor egregiously exposed the exploit to the Internet. [Read more…]

Apple applies for patent to deliver ads based on credit status

In USPTO Application 20150199725, Apple describes a system for targeting advertisements “based on the amount of pre-paid credit available to each user.”  The application goes on to say that “An advantage of such targeted advertising is that only advertisements for goods and services which particular users can afford, are delivered to these users.”

I’m unhappy with this for a few reasons.  My first objection is that the human-readable description on the application is deceptive.  Your pre-paid balance is not an indicator of what you “can afford.” For example, if you deposit $X each week for your college kid’s expenses, that balance on the card doesn’t mean (s)he can “afford” luxury products costing $X or less. If you are me, it means they can afford ramen noodles, paper, pens and not much else.

People shouldn’t be bombarded with ads products costing $X or less just because that amount shows up in their debit card regularly. It would be a very effective technique to market items with a street price of $(1.25*X) discounted to $X to such people. That changes the equation from “can’t afford to buy it” to “can’t afford *not* to buy it, at these prices!”

Ads for things that cost more than you can spend are described in the application as being disappointing.  But I submit that a constant barrage of ads for things you know you can buy but should not is worse.  Having to say no to things you obviously cannot buy gives you practice saying no to things you should not buy.  You get used to a large portion of things in your ad stream being unavailable.  Exercising that “no muscle” helps at times of vigilance fatigue when you are sorely tempted to do something self-destructive, and who doesn’t have days like that?

On the other hand, a constant stream of things you want, have the cash to pay for, but really cannot afford would be depressing.  It leads toward the rationalization of “why shouldn’t I buy this? I can afford it.”  In a bit of psychological alchemy, it converts “can pay for” to “can afford” much as the patent application conflates the two and to the same ends.  I suspect there are people for whom this system will make shopping even more addictive than it already is and I doubt they can get a medical exemption from the advertiser.  At least not without agreeing to let the advertiser use their medically diagnosed addiction as a targeting criteria.

I can see it now.  Ads for “Shopaholics Pseudonymous – more effective than any 12-Step program and only $69.95/month!”

I also wonder about the subtle but significant disconnect between the example of “pre-paid credit” used in the human-readable introduction, versus the text of the patent claims which consistently use the words “credit status” as the decision criteria. Credit status is a lot broader term than pre-paid credit and could include FICO scores, payment history, income-to-debt ratio, etc. Future Terms Of Service documents supporting this technology could use a similar suggestive and ambiguous language construction to bootstrap unwitting permanent permission grants by consumers that allow advertisers to run full credit reports at will.

Various Federal and State laws restrict who is allowed to pull your credit report and for what reasons. The last project I worked on at Equifax was designed to get as far as possible around those laws in order to sell credit-qualified mailing lists without recording a credit report hit. Bypassing those legal restrictions is the holy grail of reporting agencies because it opens up their information database to lucrative new markets eager for that data. Of course, none of that matters once the consumer explicitly grants permission and a TOS worded to grant access to your “credit status” could do just that.

Of all the claims in the application, I especially like this one:

[0044] In one embodiment, the advertisement management system 14 is arranged to reserve a portion of the available credit (or actual credit) equal to the amount of an item in an advertisement being delivered to a user upon delivery of the advertisement. Thus, if the user wants to purchase the advertised item, they would definitely have available credit. However, the user would not be able to use this reserved credit, if needed, for other purchases.

Assuming widgets cost more than half your balance and you don’t like Apple’s widget on offer, you are prevented from buying Orange’s widget until the charge hold expires.

Incidentally, substitute “gun” for “widget” and Apple just implemented a mandatory cooling-off period for gun sales. Well, except for the one Apple wanted to sell you. You can have that one immediately.

IYou can't buy this am imagining the series of ads you get. Say you have $500 of credit available. The first few ads are for $100 items like expensive wine or flower delivery for your spouse. But now the credit is reserved and you have only $200 left to spend so the next ads are for a pair of mid-tier headphones and a new mobile handset costing $50 and 2-years of indentured servitude. But those ads reserved some of your balance too and now you have less than $100 available.

It continues on like this until the only ads you receive are for a soft drink in the vending machine and all you can afford there is the generic soda and not the Coke or Pepsi. At some point you are turned down at the grocery checkout trying to buy baby formula and diapers because Apple’s been pushing ads for iPads at you all day.

Many years ago, Eve took a bite out of the apple and Bad Things happened.  Hang onto your wallets folks because it looks like the Apple is finally getting around to biting back.

 

 

The nightmare of easy and simple

The instrumented waste bin I predicted at the San Francisco Personal Data meetup a couple years back is now a thing.  While researching GeniCan I naturally had to go read their privacy policy.  It was there that I stumbled onto a service that lets you generate a privacy policy from a workflow.  You fill in some data and select from several options, it generates a custom policy from an inventory of templates that it fills in and assembles.  It can make policies for your web site, Facebook app or mobile app. Easy. Simple. Free.

Sounds awesome, right?

You were waiting for the “but”?

[Read more…]

Forget back doors, the NSA wants to mandate a front door

In their never-ending quest to eavesdrop on you, the NSA now wants to mandate that all encrypted communications must allow them access.  As Joel Hruska explains in an article in Extreme Tech, there are many reasons why this will not work.  The two big ones are that it isn’t possible to guarantee only authorized government agents will use the access, and because we currently have no effective means of oversight and accountability.

Dean Landsman recently posed the question “how does one go about preventing/protecting or just enabling security against such intrusion?”  The only answer is to do so in the legislature and in the various international bodies.  If the NSA proposals and others of its ilk become law, products like Blackphone and Qredo will become illegal.  However, this will not stop criminals from using crypto that the government cannot break and which is readily available.  It is true in the most literal sense that when unbreakable crypto is outlawed, only outlaws will have unbreakable crypto.

Considering the triviality of obtaining unbreakable crypto, only law-abiding citizens will use the NSA-accessbile stuff.  Combine that with the power imbalance inherent in such a scheme and the inevitable conclusion is this:

Of all possible uses to which such a law can be put, the only ones we can predict with 100% confidence to be implemented are those that abuse the privacy of law-abiding citizens.

The corollary to this is that the higher value a criminal target, the more likely they are to use readily available unbreakable crypto.  That means the people the government most wants to catch are those least likely to be vulnerable to eavesdropping if the proposed legislation is enacted.  Such a law would be unfit for its stated purpose.  It would be broken at birth, defective by design.

There are a few possible technological controls that can be imposed.  For example, when using blinded tokens it is possible to design them in such a way that they can be un-blinded but doing so is detectable.  It is doubtful any government would agree to using that technology though, since their investigation would revealed immediately upon the unblinding of the token.

However, even if enforceable accountability were implemented as a compromise, the government’s strategy could be to simply unblind everything.  Sort of a mass Denial-of-Privacy attack.  Or perhaps a Denial-of-Privacy-Enhancement (DOPE) attack if you want the acronym to accurately describe the people who would do such a thing.

This also illustrates one of the primary weapons brought to bear against personal liberty around the world: fatigue.  All that is necessary to pass such laws is to keep submitting them to the legislature.  The people impacted will object the first time.  A few less of them the second time.  When it comes down to just the die-hard activists, the legislature can be confident they are one bill away from victory.

Thomas Jefferson once said “The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.”  That was before digital communications were invented.  Can we perhaps try to refresh the tree of liberty with a call or FAX to our representative before we go off and start killing people?

The Newtrain Manifesto

Next month Deborah Schultz will be presenting a keynote called Smart Data: The Struggle to Enhance Customer Experience in a Digital World at the Direct Marketing Association’s upcoming Marketing Analytics Conference.  In preparation she bounced the topic off of the VRM mailing list asking how the crowd there would challenge this audience.  Naturally, I had a few ideas.

[Read more…]

Listening wasn’t bad enough?

Owners of Samsung’s “smart” TVs are now reporting that streaming apps running on the TVs are inserting Pepsi ads into user-owned content stored locally on their PCs and NAS drives.  In nearly identical stories, GigaOm and Ars Technica report that this happens for Plex and Foxtel apps running on the TVs.

In addition to the obvious privacy implications, this renders visible a new category in the monetization field: legalized theft of intellectual property.

If you recall the arguments around web search, framing and deep linking, the damage claims arose from money made on the value of the content by people who did not own the content and without permission of the content owners.  It was, according to various legal arguments, theft of intellectual property rights, conversion, dilution of the market, etc.

In this case, Samsung is monetizing content you stream locally without regard to who owns the content.  There is every reason to believe the content is yours since every smart phone made today takes movies.  It’s a point of pride for Samsung who tout their high quality cameras and sensors made to do exactly that.  Samsung unquestionably understands the concept of user-generated content and the high probability that the content into which they are inserting commercials is home movies of your cat(s), your kid(s), someone’s birthday party, or your vacation.  Maybe you are showing home movies of your recently departed loved one at the wake and suddenly Samsung inserts the Pepsi commercial.  (One only hopes it is at least the “Pepsi brings you back alive” campaign from years past.)

The point is, Samsung has no way of knowing anything about the content or the context, only that you find it interesting enough to watch therefore it is valuable enough to monetize, and Samsung believes they have the right to do so.

Because they manufactured the display.

I realize suggesting that Samsung believes they have a right to impose these ads on you may sound a bit hyperbolic, so let’s look at their Privacy Policy–AdHub Supplement:

When you use a Samsung service that includes ads provided by AdHub, AdHub receives certain information about your device. This information may include the device’s hardware model, IMEI number and other unique device identifiers, MAC address, IP address, operating system version, and settings.

In addition, the first time you visit a service that displays ads by AdHub, Ad Hub will assign your device a random ID number, which will be sent back to AdHub each time your device gets a new ad from AdHub.

When AdHub displays an ad to you, AdHub logs the fact that your device received that ad, as well as the webpage or other place where you viewed it.

This leaves no doubt that Samsung is assigning unique tracking IDs to each device capable of rendering content and ads.  In order to access the features of the phone, tablet, smart TV or whatever, you are required to have a Samsung account.  This attaches your personally identifiable data to each Samsung smart device and correlates those devices under a single umbrella account.  Everything that is trackable on the devices is personally identifiable back to the device owners.

Whether or not you trust Samsung as custodian of your private data, the real question is how much you trust the advertisers and publishers that Samsung invites into your device through their AdHub.  Though Samsung doesn’t share with them the information collected by Samsung, they do something even better.  Samsung gives these third parties direct access to your device, tells you up front that your data will be collected by these third parties, then disclaims any responsibility for what those third parties might do with that privileged access.  Samsung remains cozily wrapped within a cloak of anonymity and a blanket liability shield:

Third-party advertisers may use web beacons in their ads in order to collect information about users who view their ads, including through cookies, beacons and similar technologies. Samsung does not control the data collection and use practices of these companies.

Samsung next states their right – there’s that word again – to impose these terms on you.  The last part of the policy supplement states that “you can opt out of receiving targeted advertising from AdHub” but notes that that if you do “you will continue to see ads, but they may be less relevant to you because they will not be based on your interests.”  In other words, haven’t opted out of any of this data collection, only whether it is used to deliver targeted ads.  Everything upstream of that, including the personally identifiable data collection and all the various uses to which that may be put, both by Samsung and it’s army of anonymous advertisers, is protected under the contract.  Should you choose to operate the device without registering it to a Samsung account, the piece that makes your use of the device personally identifiable and provides the context of all your other devices, you don’t get to use the features for which you purchased the device.

Let’s be real clear about this.  You unquestionably own all rights to content that you create, including the right to monetize that content or to make the choice to not monetize it.  You are watching the content in the privacy of your own home.  It is running over cables, switches, routers and NAS devices that you personally own.  You are the one paying for the electricity and bandwidth.  But if the smart device on which you render the content bears a Samsung nameplate, they can force you to watch ads as a prerequisite to render that content, whether you like it or not.  Not only is Samsung monetizing your content, they are monetizing your viewing of your content.  

Whatever we may think of this, we need to be asking what’s next?  Will Motorola, Linksys and Netgear claim a right to insert ads into your privately owned, user-created, streamed content because they manufactured the cable modem, switch and router, respectively?  Will Western Digital, Buffalo, or Synology claim a right to insert their ads into your privately owned streamed content because they made the NAS drive?

All of these “smart” components are in the path between where your content is stored and where it is displayed.  All are essential for the content streaming to work.  All have the processing capacity to insert ads into your content, and all come with Terms of Service and Privacy Policies that you agreed to sight unseen.  Samsung may render the content but there is no content to render without all of these other components.  Samsung was merely the first to stake their claim but every device in the chain has no better or worse standing to claim a right to insert ads into your streamed content than does Samsung.  Do you believe none of them will assert that right once Samsung establishes it?  What, exactly, do you believe will stop them?

Let’s do the chess thing and think ahead a move or two.  What happens if someone figures out how to disable the ads and distributes a root kit or firmware patch?  If that qualifies as anti-circumvention under the DMCA it would be a felony.  Will we not have the right to root our TV, just like we do/don’t have the right to root our phone?  What happens if a downstream device like the TV happens to interrupt the stream right in the middle of the ad being inserted by an upstream device like the switch or NAS drive?  Will Linksys start charging Samsung and Synology for access to your in-home network, the same way that ISPs want to charge Netflix, Amazon and Hulu for bandwidth that has already been paid for at both ends?  Because if you are not the ultimate arbiter of what happens on your private home network, then it is up to the courts and corporations to say what happens there.

Let’s think another chess move ahead.  US law sets a pretty high bar before law enforcement officers can invade the sanctity of your home.  True, these are greatly eroded lately, but your home is where you enjoy the most privacy protection against being recorded in video or audio, and physically searched.  But if your TV, phone, game console, robots, toys, appliances, baby monitors and security systems are all live-streaming to corporate entities, law enforcement no longer have to clear that high hurdle.  Most companies, especially small start-ups, won’t stand up to government information requests.  Do you worry that “this call may be recorded for quality assurance”?  Now everything you say in your living room, bedroom, bathroom, car, and your side of every phone call will be recorded for quality assurance and delivered to law enforcement during discovery, even if you aren’t the target of the investigation.  You will have more privacy in your front yard than in your own home.

None of these scenarios are all that farfetched in a world where manufacturing a device confers the right to mediate the content transmitted or rendered on that device in a private setting.  We consumers don’t read the contracts to which we are bound when we buy these devices and it doesn’t seem likely we’ll start any time soon.  We keep buying the devices despite frequent news stories detailing ever more invasive privacy invasions and it doesn’t seem likely we’ll stop buying them any time soon, either.  These practices generate net-new revenue for the device manufacturers so, short of them stepping on one another, there’s no chance they will stop voluntarily any time soon or, for that matter, ever.

When you can be forced to watch an ad before viewing content you personally created, there is no neutral, no middle ground, no shred of privacy left to give up that isn’t already being taken from you without your consent.  The only options left are to accept the commoditization of our intimate lives, or else to actively protest and demand regulatory protection of our privacy rights and strong enforcement.

If you believe that there is anything at all in the world to which you have a right of privacy, this moment in our time is the last chance you will ever have to demand it before the window of opportunity slams shut and you are rendered effectively naked in the panopticon of life.  Anything short of active opposition now is acquiescence.  We need to be angry and we need to hold our elected officials accountable to represent our interests for once.  Unfortunately, it doesn’t seem likely we’ll start doing that any time soon, either.

Open Letter to Chris Cox and Facebook

2015-02-14_13-58-05It was nice of Chris Cox to post an explanation of Facebook’s name policy and apologize to “the affected community of drag queens, drag kings, transgender, and extensive community of our friends, neighbors, and members of the LGBT community for the hardship that we’ve put you through in dealing with your Facebook accounts over the past few weeks.”

Except that the post doesn’t honestly explain Facebook’s name policy.  The real purpose of the policy is to force you to use a name on Facebook that can be matched to the name you use to make transactions – such as the one on your credit card – so they can correlate the ads you’ve been shown to purchases you make in the real world and charge the advertiser more money.  This is why in the old wording of the policy they asked for the same documents they match against – driver license, credit card, etc.

[Read more…]

Guest spot on The Allan Handelman Show

Yesterday I was a guest on The Allan Handelman Show for an hour, then stuck around a bit to talk with Steve Weisman of Scamicide.com.

Here are links from the show segments:

You can listen to my segments of the show on Soundcloud: