Facebook Tracks Non-Users

Eyeing John Marshall Law School 

HuffPo reports disturbing news:

Concern about Facebook Inc’s respect for data privacy is widening to include the information it collects about non-users, after Chief Executive Mark Zuckerberg said the world’s largest social network tracks people whether they have accounts or not.

Privacy concerns have swamped Facebook since it acknowledged last month that information about millions of users wrongly ended up in the hands of political consultancy Cambridge Analytica, a firm that has counted U.S. President Donald Trump’s 2016 electoral campaign among its clients.

Zuckerberg said on Wednesday under questioning by U.S. Representative Ben Luján that, for security reasons, Facebook also collects “data of people who have not signed up for Facebook.”

(click here to continue reading Facebook’s Tracking Of Non-Users Sparks Broader Privacy Concerns | HuffPost.)

Wha? That seems problematic. How are these people consenting?

Of course, as this blog has discussed multiple times, there are hundreds or even thousands of digital advertising firms that track each and all of us, whether or not we’ve consented, or are even aware. Their model is to make money off of the data of others, and perhaps to share that data with NSA and other US intelligence agencies. Facebook is one of the higher profile firms, but they are not alone.

There is also the European Union’s new privacy law, the GDPR.1

Wiki:

GDPR extends the scope of EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover or €20 million, whichever is higher. The GDPR also brings a new set of “digital rights” for EU citizens in an age of an increase of the economic value of personal data in the digital economy.

 

(click here to continue reading General Data Protection Regulation – Wikipedia.)

Footnotes:
  1. General Data Protection Regulation []

Facebook hackers could have collected personal data of 2 billion users

No Need To Look The Other Way
No Need To Look The Other Way. 

From the Washington Post we learn that basically every piece of data Facebook collected about you has been shared with the digital marketing world, and the dark web whether you agreed to do that or not:

Facebook said Wednesday that “malicious actors” took advantage of search tools on its platform, making it possible for them to discover the identities and collect information on most of its 2 billion users worldwide.

…But the abuse of Facebook’s search tools — now disabled — happened far more broadly and over the course of several years, with few Facebook users likely escaping the scam, company officials acknowledged.

The scam started when hackers harvested email addresses and phone numbers on the “dark Web,” where criminals post information stolen in data breaches over the years. Then the hackers used automated computer programs to feed the numbers and addresses into Facebook’s “search” box, allowing them to discover the full names of people affiliated with the phone numbers or addresses, along with whatever Facebook profile information they chose to make public, often including their profile photos and hometowns.

Names, phone numbers, email addresses and other personal information amount to critical starter kits for identity theft and other malicious online activity, experts on Internet crime say. The Facebook hacks allowed bad actors to tie raw data to people’s real identities and build fuller profiles of them.

Developers who in the past could get access to people’s relationship status, calendar events, private Facebook posts and much more data will now be cut off from access or be required to endure a much stricter process for obtaining the information, Facebook said.

Until Wednesday, apps that let people input Facebook events into their calendars could also automatically import lists of all the people who attended the events, Facebook said. Administrators of private groups, some of which have tens of thousands of members, could also let apps scrape the Facebook posts and profiles of members of those groups. App developers who want this access will now have to prove that their activities benefit the group. Facebook will now need to approve tools that businesses use to operate Facebook pages. A business that uses an app to help it respond quickly to customer messages, for example, will not be able to do so automatically. Developers’ access to Instagram will also be severely restricted.

Facebook is banning apps from accessing users’ information about their religious or political views, relationship status, education, work history, fitness activity, book reading habits, music listening and news reading activity, video watching and games. Data brokers and businesses collect this type of information to build profiles of their customers’ tastes.

(click here to continue reading Facebook hackers could have collected personal data of 2 billion users .)

Heck of a network you’ve created, Zuckerberg. 

There is no way to put this information back into the bottle, the only thing left to do is protecting future information from being harvested, and perhaps punishing Facebook for its lackadaisical approach to protecting the world’s personal data. Shut them down!

Speaking for myself, I don’t feel too worried, I always was a bit leery with giving Facebook access to my actual information. They do have my birthday, and where I went to school, but nearly everything else I put in my profile was faux information, or things available elsewhere. For a long time, I’ve used the Facebook API and other tools1 to automatically post photos from Flickr, Instagram, blog entries, etc. But who knows, perhaps I wasn’t careful enough to always delete my Facebook cookies, and so they scraped more information about me than I know. I did use the Facebook app for a few months before deleting it off of my iOS devices, but all it takes is a moment of unguarded attention, and the freaks at Facebook will vacuum up everything not nailed down. So the dark web may know more about me than I know. 

In Your Bubble Where Nothing Goes Wrong
In Your Bubble Where Nothing Goes Wrong

Barbara Ortutay adds:

 

On Monday all Facebook users will receive a notice on their Facebook feeds with a link to see what apps they use and what information they have shared with those apps. They’ll have a chance to delete apps they no longer want. Users who might have had their data shared with Cambridge Analytica will be told of that. Facebook says most of the affected users are in the U.S.

As part of the steps it’s taking to address scrutiny about outsiders’ access to user data, Facebook outlined several changes to further tighten its policies. For one, it is restricting access that apps can have to data about users’ events, as well as information about groups such as member lists and content.

In addition, the company is also removing the option to search for users by entering a phone number or an email address. While this helped individuals find friends, Facebook says businesses that had phone or email information on customers were able to collect profile information this way. Facebook says it believes most of its 2.2 billion users had their public profile information scraped by businesses or various malicious actors through this technique at some point. Posts and other content set to be visible only to friends weren’t collected.

This comes on top of changes announced a few weeks ago. For example, Facebook has said it will remove developers’ access to people’s data if the person has not used the app in three months.

 

 

(click here to continue reading Facebook scandal affected more users than thought: up to 87M – Chicago Tribune.)

Sure, sure. I bet that will solve everything.

Footnotes:
  1. IFTTT, for instance []

Facebook Data Dump

Hell Facebook Ad
Hell – Facebook Ad.

So I took the time to download my entire Facebook data file, unzip the files and peruse it. If you want to do the same, go here https://www.facebook.com/settings

or for instance, read the instructions Abby Ohlheiser wrote in the WaPo:

In the Facebook settings for your account — right below the link to deactivate it — there’s an option to download a copy of all your Facebook data. The file can be a creepy wake-up call: All those years of  browsing the News Feed, and sharing selfies, engagements and birthday wishes on Facebook have taught the company quite a lot about you. You, the user, are part of the reason that Facebook has become so good at targeting ads. You’re giving them everything they need to do it.

Here’s a link that will take you right to the settings page, if you’re logged in to your account. One there, click on the link to download your archive, and follow the prompts

(click here to continue reading Here’s how to download all your data from Facebook. It might be a wake-up call. – The Washington Post.)

I was curious what exactly Facebook knows, especially since I’ve always been somewhat cautious about what I post there. At least I thought I was careful. Turns out Facebook has a huge list of people from my address book, most of which are not actual friends on Facebook1 or several deceased people. I guess one time Facebook copied my phonebook? A lot of the data is old, and not up to date, but there it is anyway.

Then there is the Facebook advertising selects (listed below because it is a big freaking list)

Continue reading “Facebook Data Dump”

Footnotes:
  1. a lawyer nemesis, for instance, or US Dept. of State – Passports, former dentists []

Facebook Delays Home-Speaker Unveil Amid Data Crisis

Listening To Ghosts Passing Through
Listening To Ghosts Passing Through

Ya think?:

Facebook Inc. has decided not to unveil new home products at its major developer conference in May, in part because the public is currently so outraged about the social network’s data-privacy practices, according to people familiar with the matter.

The company’s new hardware products, connected speakers with digital-assistant and video-chat capabilities, are undergoing a deeper review to ensure that they make the right trade-offs regarding user data, the people said. While the hardware wasn’t expected to be available until the fall, the company had hoped to preview the devices at the largest annual gathering of Facebook developers, said the people, who asked not to be named discussing internal plans.

The devices are part of Facebook’s plan to become more intimately involved with users’ everyday social lives, using artificial intelligence — following a path forged by Amazon.com Inc. and its Echo in-home smart speakers. As concerns escalate about Facebook’s collection and use of personal data, now may be the wrong time to ask consumers to trust it with even more information by placing a connected device in their homes. A Facebook spokeswoman declined to comment.

(click here to continue reading Facebook Delays Home-Speaker Unveil Amid Data Crisis – Bloomberg.)

Yes, what do consumers really want from Facebook right but a listening device right in their living rooms! No need to change your privacy settings now, Facebook won’t need to log your incoming/outgoing phone calls, they’ll just have the entire conversation instead! Whoo hoo!

Illinois Condo Law Update Might Be Un-Updated

Little Boxes
Little Boxes

Lawmakers who wrote this bill must all live in houses and townhomes: not in condo buildings. Every building has some percentage of malcontents, and who wants to be deluged with complaints from those who never offer solutions, only problems? Especially in condominiums where the Board is an unpaid, volunteer position.

It’s the part about “telephone numbers and email addresses” that is causing a ruckus, and the ruckus has taken lawmakers by surprise.

Gene Fisher is the executive director of the Diversey Harbor Lakeview Association, a coalition of elected leaders from north lakefront condominium associations. Board members are concerned that publication of their personal contact information will exacerbate harassment from dissatisfied owners, he said.

“As one of our members put it, ‘Every building has some hostile occupants. What board member wants to get repetitive crank calls from owners who do nothing but complain, or have their email filled with crank messages?’” he said.

Such egregious behaviors could discourage qualified and responsible owners from serving on their association boards, he added.

“Many owners are very protective of their personal information,” said Derek Wilkinson, vice president at Associa Chicagoland, a management company. “They do not want every person in their association to have easy access to their personal contact information. There is no ability to opt out of this information sharing, so many owners and board members are feeling powerless.”

Some owners have said they will delete their email accounts, said Timothy Patricio, property manager at Park Tower Condominium Association in Chicago.

(click here to continue reading Amendment to Illinois condo law sparks outcry, leaves owners and board members ‘feeling powerless’ – Chicago Tribune.)

In Chicago at least, there has been serious talk of an ordinance that will supersede this law. Alderman Brendan Reilly of the 42nd Ward1 and his colleague Brian Hopkins of the 2nd Ward introduced Amendment of Municipal Code Section 13-72-080 concerning requirements for examination of condominium association records by unit owners (PDF)

Can t Get Out of Here
Can’t Get Out of Here

Howard Dakoff recently wrote:

 

On Jan. 17, 2018, Hopkins and Reilly did introduce a Chicago ordinance that would prohibit Chicago unit owners (other than board members) from obtaining a list of unit owners’ email addresses and phone numbers among other personal information. The ordinance goes even further and allows a condominium association to opt out of other mandated Section 19 disclosure requirements with a two-thirds vote of the unit owners.

 

The ordinance is in direct contradiction to the provisions of Section 19, and while the aldermen believe the city of Chicago possesses the authority to do so under a legal doctrine called “home rule” (where a municipality has the authority to adopt its own legislation that might even be contrary to other applicable statutes), the proposed ordinance is quite aggressive in its breadth. There is disagreement among attorneys as to whether the ordinance can outright nullify mandated provisions of Section 19.

 

If the ordinance is adopted, it is likely there will be litigation to follow for a judicial determination regarding whether the ordinance can accomplish its objectives.

 

 

(click here to continue reading Aldermen introduce ordinance to strike down controversial part of Illinois condo law – Chicago Tribune.)

I guess if I had to provide email/phone, I could use a Google Voice account, and create a “burner” email, but the process seems ridiculous. I hope either the Chicago ordinance is passed soon, or the IL legislature revises the underlying law. Or both could happen: Chicago passes the Reilly/Hopkins ordinance, and then eventually the entire state follows suit at some later time.

Footnotes:
  1. the best Ward!! []

ex-Facebook insider says covert data harvesting was routine

No Information Left Of Any Kind
No Information Left Of Any Kind

The Facebook exposé continues at The Guardian. Privacy enthusiasts have known or suspected this was Facebook’s business model all along, it is good to make Facebook’s practices more well known to the general public.

Hundreds of millions of Facebook users are likely to have had their private information harvested by companies that exploited the same terms as the firm that collected data and passed it on to Cambridge Analytica, according to a new whistleblower.

Sandy Parakilas, the platform operations manager at Facebook responsible for policing data breaches by third-party software developers between 2011 and 2012, told the Guardian he warned senior executives at the company that its lax approach to data protection risked a major breach.

 “My concerns were that all of the data that left Facebook servers to developers could not be monitored by Facebook, so we had no idea what developers were doing with the data,” he said.

Parakilas said Facebook had terms of service and settings that “people didn’t read or understand” and the company did not use its enforcement mechanisms, including audits of external developers, to ensure data was not being misused.

Asked what kind of control Facebook had over the data given to outside developers, he replied: “Zero. Absolutely none. Once the data left Facebook servers there was not any control, and there was no insight into what was going on.”

Parakilas said he “always assumed there was something of a black market” for Facebook data that had been passed to external developers. However, he said that when he told other executives the company should proactively “audit developers directly and see what’s going on with the data” he was discouraged from the approach.

He said one Facebook executive advised him against looking too deeply at how the data was being used, warning him: “Do you really want to see what you’ll find?” Parakilas said he interpreted the comment to mean that “Facebook was in a stronger legal position if it didn’t know about the abuse that was happening”.

He added: “They felt that it was better not to know. I found that utterly shocking and horrifying.”

(click here to continue reading ‘Utterly horrifying’: ex-Facebook insider says covert data harvesting was routine | News | The Guardian.)

As a side note, if you have a few dollars to throw at the feet of The Guardian, they’ve done heroic work on this story, and don’t have a paywall. Support heroic journalism!

How Trump Consultants Exploited the Facebook Data of Millions While Facebook Winked

Revolution of The Innocent
Revolution of The Innocent…

Cambridge Analytica, remember them?

All the more reason to cut back on the amount of time you spend at Facebook, and all the more reason to give Facebook and similar data-mining corporations fake information whenever possible:

As the upstart voter-profiling company Cambridge Analytica prepared to wade into the 2014 American midterm elections, it had a problem.

The firm had secured a $15 million investment from Robert Mercer, the wealthy Republican donor, and wooed his political adviser, Stephen K. Bannon, with the promise of tools that could identify the personalities of American voters and influence their behavior. But it did not have the data to make its new products work.

So the firm harvested private information from the Facebook profiles of more than 50 million users without their permission, according to former Cambridge employees, associates and documents, making it one of the largest data leaks in the social network’s history. The breach allowed the company to exploit the private social media activity of a huge swath of the American electorate, developing techniques that underpinned its work on President Trump’s campaign in 2016.

But the full scale of the data leak involving Americans has not been previously disclosed — and Facebook, until now, has not acknowledged it. Interviews with a half-dozen former employees and contractors, and a review of the firm’s emails and documents, have revealed that Cambridge not only relied on the private Facebook data but still possesses most or all of the trove.

Cambridge paid to acquire the personal information through an outside researcher who, Facebook says, claimed to be collecting it for academic purposes.

During a week of inquiries from The Times, Facebook downplayed the scope of the leak and questioned whether any of the data still remained out of its control. But on Friday, the company posted a statement expressing alarm and promising to take action.

“This was a scam — and a fraud,” Paul Grewal, a vice president and deputy general counsel at the social network, said in a statement to The Times earlier on Friday. He added that the company was suspending Cambridge Analytica, Mr. Wylie and the researcher, Aleksandr Kogan, a Russian-American academic, from Facebook. “We will take whatever steps are required to see that the data in question is deleted once and for all — and take action against all offending parties,” Mr. Grewal said.

(click here to continue reading How Trump Consultants Exploited the Facebook Data of Millions – The New York Times.)

Smile Through It All
Smile Through It All

Yeah, Facebook is going to “take action”. How? By admitting that they accumulate and sell way more personal information than their users know? By deleting this information? What exactly is the action that Facebook is going to do that will miraculously solve their bad PR?

The data analytics firm that worked with Donald Trump’s election team and the winning Brexit campaign harvested millions of Facebook profiles of US voters, in the tech giant’s biggest ever data breach, and used them to build a powerful software program to predict and influence choices at the ballot box.

A whistleblower has revealed to the Observer how Cambridge Analytica – a company owned by the hedge fund billionaire Robert Mercer, and headed at the time by Trump’s key adviser Steve Bannon – used personal information taken without authorisation in early 2014 to build a system that could profile individual US voters, in order to target them with personalised political advertisements.

Christopher Wylie, who worked with an academic at Cambridge University to obtain the data, told the Observer: “We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis that the entire company was built on.”

Documents seen by the Observer, and confirmed by a Facebook statement, show that by late 2015 the company had found out that information had been harvested on an unprecedented scale. However, at the time it failed to alert users and took only limited steps to to recover and secure the private information of more than 50 million individuals.

The New York Times is reporting that copies of the data harvested for Cambridge Analytica could still be found online; its reporting team had viewed some of the raw data.

(click here to continue reading Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach | News | The Guardian.)

Alarmist
Alarmist

From the Facebook statement:

In 2015, we learned that a psychology professor at the University of Cambridge named Dr. Aleksandr Kogan lied to us and violated our Platform Policies by passing data from an app that was using Facebook Login to SCL/Cambridge Analytica, a firm that does political, government and military work around the globe. He also passed that data to Christopher Wylie of Eunoia Technologies, Inc.

Like all app developers, Kogan requested and gained access to information from people after they chose to download his app. His app, “thisisyourdigitallife,” offered a personality prediction, and billed itself on Facebook as “a research app used by psychologists.” Approximately 270,000 people downloaded the app. In so doing, they gave their consent for Kogan to access information such as the city they set on their profile, or content they had liked, as well as more limited information about friends who had their privacy settings set to allow it.

Although Kogan gained access to this information in a legitimate way and through the proper channels that governed all developers on Facebook at that time, he did not subsequently abide by our rules. By passing information on to a third party, including SCL/Cambridge Analytica and Christopher Wylie of Eunoia Technologies, he violated our platform policies. When we learned of this violation in 2015, we removed his app from Facebook and demanded certifications from Kogan and all parties he had given data to that the information had been destroyed. Cambridge Analytica, Kogan and Wylie all certified to us that they destroyed the data.

(click here to continue reading Suspending Cambridge Analytica and SCL Group from Facebook | Facebook Newsroom.)

Since 2015, Robert Mercer’s team of anti-liberal hordes have been siphoning personal information from Facebook, and Facebook only suspended them yesterday. Who else is doing similar things? I bet the list is long, longer than I can even imagine. But Facebook is content to take the cash…and get Trump elected.

Embarrass
Embarrass

Bloomberg reported a while ago

Facebook Inc.’s platform was a crucial messaging tool for President Donald Trump’s 2016 campaign, according to the campaign’s digital director — who told CBS’s “60 Minutes” that he hand-picked pro-Trump “embeds” from the company to help him use the platform in targeted ways.

“Twitter is how [Trump] talked to the people, Facebook was going to be how he won,” Brad Parscale told “60 Minutes,” according to an excerpt of an interview that the program intends to air Sunday. The social-media platform was particularly valuable because it allows for targeted messaging, Parscale said, according to the excerpt.

Facebook’s employees showed up for work at his office multiple days a week to provide guidance on how to best use the company’s services, Parscale said in the interview excerpt. “I wanted people who supported Donald Trump,” he said — and he questioned the workers about their political views.

(click here to continue reading Facebook ‘Embeds’ Helped Trump Win, Digital Director Says – Bloomberg.)

Google now data mining credit card data

Cougle Comission - Fulton Market
Cougle Comission – Fulton Market

Inevitable, and yet still creepy

Google has begun using billions of credit-card transaction records to prove that its online ads are prompting people to make purchases – even when they happen offline in brick-and-mortar stores, the company said Tuesday.

The advance allows Google to determine how many sales have been generated by digital ad campaigns, a goal that industry insiders have long described as “the holy grail” of online advertising. But the announcement also renewed long-standing privacy complaints about how the company uses personal information.

To power its multibillion-dollar advertising juggernaut, Google already analyzes users’ Web browsing, search history and geographic locations, using data from popular Google-owned apps like YouTube, Gmail, Google Maps and the Google Play store. All that information is tied to the real identities of users when they log into Google’s services.

The new credit-card data enables the tech giant to connect these digital trails to real-world purchase records in a far more extensive way than was possible before. But in doing so, Google is yet again treading in territory that consumers may consider too intimate and potentially sensitive. Privacy advocates said few people understand that their purchases are being analyzed in this way and could feel uneasy, despite assurances from Google that it has taken steps to protect the personal information of its users.

(click here to continue reading Google now knows when its users go to the store and buy stuff – The Washington Post.)

Of course it buys happiness
Of course it buys happiness

especially since all this data is vulnerable to hackers

Paul Stephens, of Privacy Rights Clearinghouse, a consumer advocacy group based in San Diego, said only a few pieces of data can allow a marketer to identify an individual, and he expressed skepticism that Google’s system for guarding the identities of users will stand up to the efforts of hackers, who in the past have successfully stripped away privacy protections created by other companies after data breaches.

“What we have learned is that it’s extremely difficult to anonymize data,” he said. “If you care about your privacy, you definitely need to be concerned.”

Such data providers have been the targets of cybercriminals in the past. In 2015, a hack of data broker Experian exposed the personal information of 15 million people.

Illinois Senate approves Right to Know online privacy bill

Eye see u Willis
Eye see u 

Hmm, good news, though I expect Governor Rauner to veto it, for reasons…

The state Senate on Thursday approved the groundbreaking Right to Know Act, a measure that would require online companies such as Google, Facebook and Amazon to disclose to consumers what data about them has been collected and shared with third parties.

The bill, sponsored by Sen. Michael Hastings, D-Tinley Park, now heads to the Illinois House after passing on a 31-21 vote.

“I think this is a step forward for Illinois in terms of data privacy,” Hastings said Friday. “It gives people the right to know what information (internet companies are) selling to a third party.”

Illinois is taking center stage in the national debate over internet privacy legislation, which is shifting from the federal to state level. Congress voted in March to undo the Federal Communications Commission’s broadband privacy rules, which were adopted last fall under the Obama administration and set to go into effect this year.

President Donald Trump on April 3 signed the measure that repealed the broadband privacy rules.

The FCC protections would have required internet service providers, such as Comcast, Verizon and AT&T, to disclose what personal information they collect and share and would have required consent from consumers before sharing more sensitive information.

Privacy advocates believe Illinois and other states must step up to fill the void left by the shift in federal policy.

The Right to Know Act would require the operator of a commercial website or online service to make available “certain specified information” that has been disclosed to a third party and to provide an email address or toll-free telephone number for customers to request that information.

Major internet companies have been pushing back against the Illinois initiative, ramping up lobbying efforts as the privacy legislation advanced through the Senate, Hastings said. Online trade associations, including CompTIA, the Internet Association and NetChoice, also met with Hastings to voice opposition to the measure.

The Senate bill will head to committee in the House before it can be brought to a vote. A House committee approved a similar measure last month.

(click here to continue reading Illinois Senate approves Right to Know online privacy bill – Chicago Tribune.)

No Repercussions For You Yet
No Repercussions For You Yet

Of course the technology companies who have been profiting handsomely by selling our information are opposed to this bill, but that doesn’t mean it isn’t a good idea for consumers. I want, at minimum, to be able to share in the profits, and even better, a way to opt out entirely. Ha. Just for grins, read the text of the IL Senate bill to see what kinds of information being sold.

For instance:

(a) real name, alias, nickname, and user name.

(b) Address information, including, but not limited to, postal or e-mail.

(c) Telephone number.

(d) Account name.

(e) Social security number or other government-issued identification number, including, but not limited to, social security number, driver’s license number, identification card number, and passport number.

(f) Birthdate or age.

(g) Physical characteristic information, including, but not limited to, height and weight.

(h) Sexual information, including, but not limited to, sexual orientation, sex, gender status, gender identity, and gender expression.

(i) Race or ethnicity.

(j) Religious affiliation or activity.

(k) Political affiliation or activity.

(l) Professional or employment-related information.

(m) Educational information.

(n) Medical information, including, but not limited to, medical conditions or drugs, therapies, mental health, or medical products or equipment used.

(o) Financial information, including, but not limited to, credit, debit, or account numbers, account balances, payment history, or information related to assets, liabilities, or general creditworthiness.

(p) Commercial information, including, but not limited to, records of property, products or services provided, obtained, or considered, or other purchasing or consumer histories or tendencies.

(q) Location information.

(r) Internet or mobile activity information, including, but not limited to, Internet protocol addresses or information concerning the access or use of any Internet or mobile-based site or service.

(s) Content, including text, photographs, audio or video recordings, or other material generated by or provided by the customer.

Are you ok with Acxiom, Experian and other similar corporations collecting, collating, selling and re-selling this information about you? I’m not.

Smart TVs Just as George Orwell Envisioned

You Are Being Film
You Are Being Film. 

As I mentioned recently, I’ve been immersed in dystopian novels. George Orwell would mutter I told you so about these latest Smart TV revelations if he was still around.

Careful what you say around your TV. It may be listening. And blabbing. A single sentence buried in a dense “privacy policy” for Samsung’s Internet-connected SmartTV advises users that its nifty voice command feature might capture more than just your request to play the latest episode of Downton Abbey. “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party,” the policy reads.

Samsung’s privacy policy notes that in addition to voice commands being transmitted, information about your device, “including device identifiers,” may also be beamed over the Internet to the third-party service, “or to the extent necessary to provide Voice Recognition features to you.”
McSherry called that bit of qualifying language “worrisome.”

“Samsung may just be giving itself some wiggle room as the service evolves, but that language could be interpreted pretty broadly,” she said.

(click here to continue reading Your Samsung SmartTV Is Spying on You, Basically – The Daily Beast.)

Samsung eventually admitted the 3rd party:

Samsung has confirmed that its “smart TV” sets are listening to customers’ every word, and the company is warning customers not to speak about personal information while near the TV sets.

The company revealed that the voice activation feature on its smart TVs will capture all nearby conversations. The TV sets can share the information, including sensitive data, with Samsung as well as third-party services.

Samsung has updated its policy and named the third party in question, Nuance Communications, Inc.

(click here to continue reading Samsung warns customers not to discuss personal information in front of smart TVs.)

Lonely Zenith
Lonely Zenith

Hmm, sounds familiar. Remember this from a few weeks ago:

Consumers have bought more than 11 million internet-connected Vizio televisions since 2010. But according to a complaint filed by the FTC and the New Jersey Attorney General, consumers didn’t know that while they were watching their TVs, Vizio was watching them. The lawsuit challenges the company’s tracking practices and offers insights into how established consumer protection principles apply to smart technology.

Starting in 2014, Vizio made TVs that automatically tracked what consumers were watching and transmitted that data back to its servers. Vizio even retrofitted older models by installing its tracking software remotely. All of this, the FTC and AG allege, was done without clearly telling consumers or getting their consent.

What did Vizio know about what was going on in the privacy of consumers’ homes? On a second-by-second basis, Vizio collected a selection of pixels on the screen that it matched to a database of TV, movie, and commercial content. What’s more, Vizio identified viewing data from cable or broadband service providers, set-top boxes, streaming devices, DVD players, and over-the-air broadcasts. Add it all up and Vizio captured as many as 100 billion data points each day from millions of TVs.

Vizio then turned that mountain of data into cash by selling consumers’ viewing histories to advertisers and others. And let’s be clear: We’re not talking about summary information about national viewing trends. According to the complaint, Vizio got personal. The company provided consumers’ IP addresses to data aggregators, who then matched the address with an individual consumer or household. Vizio’s contracts with third parties prohibited the re-identification of consumers and households by name, but allowed a host of other personal details – for example, sex, age, income, marital status, household size, education, and home ownership.  And Vizio permitted these companies to track and target its consumers across devices.

(click here to continue reading What Vizio was doing behind the TV screen | Federal Trade Commission.)

Continuous Video Recording in Progress
Continuous Video Recording in Progress

You didn’t realize that your habits were worth so much money to the corporate surveillance world did you? Too bad the data mining industry doesn’t share in any of the profits they’ve harvested from your habits and propensities.

Plus the whole listening to you every second might not always be in your own best interests:

Upon further investigation, however, police began suspecting foul play: Broken knobs and bottles, as well as blood spots around the tub, suggested there had been a struggle. A few days later, the Arkansas chief medical examiner ruled Collins’s death a homicide — and police obtained a search warrant for Bates’s home.

Inside, detectives discovered a bevy of “smart home” devices, including a Nest thermostat, a Honeywell alarm system, a wireless weather monitoring system and an Amazon Echo. Police seized the Echo and served a warrant to Amazon, noting in the affidavit there was “reason to believe that Amazon.com is in possession of records related to a homicide investigation being conducted by the Bentonville Police Department.”

That warrant threw a wrinkle into what might have been a traditional murder investigation, as first reported by the Information, a news site that covers the technology industry.

While police have long seized computers, cellphones and other electronics to investigate crimes, this case has raised fresh questions about privacy issues regarding devices like the Amazon Echo or the Google Home, voice-activated personal command centers that are constantly “listening.” Namely, is there a difference in the reasonable expectation of privacy one should have when dealing with a device that is “always on” in one’s own home?

The Echo is equipped with seven microphones and responds to a “wake word,” most commonly “Alexa.” When it detects the wake word, it begins streaming audio to the cloud, including a fraction of a second of audio before the wake word, according to the Amazon website.

A recording and transcription of the audio is logged and stored in the Amazon Alexa app and must be manually deleted later. For instance, if you asked your Echo, “Alexa, what is the weather right now?” you could later go back to the app to find out exactly what time that question was asked.

(click here to continue reading Can Alexa help solve a murder? Police think so — but Amazon won’t give up her data. – The Washington Post.)

Luckily, my “dumb” tv still chugs along…

 

Update: the Samsung story is from 2015, the Amazon and the Vizio stories are more recent. Main point still stands however…

Checking In On Wired’s Ad-Blocking Experiment

Speaking of privacy and technology, Wired Magazine’s Mark McClusky boasted to Ad Age that everything is going great with their ad blocker gambit.

Ad Blockers - Wired
Ad Blockers – Wired

In early February, Condé Nast’s Wired took a stand against the rise of ad-blocking technology, which was being used on more than 20% of visits to the magazine’s website. It gave ad-blocking Wired readers two options: whitelist Wired.com, allowing ads to be served as intended, or pay $1 per week for an ad-free version of the site. “We know that you come to our site primarily to read our content,” Wired said in a note to readers at the time, “but it’s important to be clear that advertising is how we keep WIRED going: paying the writers, editors, designers, engineers, and all the other staff that works so hard to create the stories you read and watch here.”

Nearly three months in, Wired Head of Product and Business Development Mark McClusky pronounced himself pleased with the early returns.

“Overall, it’s going great,” he told Ad Age. “We’ve exceeded sort of our hopes and expectations in terms of the performance.” “The uptake in whitelisting has exceeded our expectation, the subscriptions have gone better than we projected, the abandon rate has been lower than we projected,” he said.

(click here to continue reading Checking In On Wired’s Ad-Blocking Experiment | Media – AdAge.)

Here’s the thing: in general, I support magazines and news organizations desire to stay solvent, in fact going as far as to give subscription dollars to several of them1 including even for a long time, to Wired Magazine. But the print edition of Wired was somewhere around $12 a year – by their new model, they want to charge me $52 a year to read their content. 

OVER THE PAST several years, there’s been a significant increase in the number of people using ad-blocking software in their web browser. We have certainly seen a growth in those numbers here at WIRED, where we do all we can to write vital stories for an audience that’s passionate about the ongoing adventure of our rapidly changing world.

On an average day, more than 20 percent of the traffic to WIRED.com comes from a reader who is blocking our ads. We know that you come to our site primarily to read our content, but it’s important to be clear that advertising is how we keep WIRED going: paying the writers, editors, designers, engineers, and all the other staff that works so hard to create the stories you read and watch here.

We know that there are many reasons for running an ad blocker, from simply wanting a faster, cleaner browsing experience to concerns about security and tracking software. We want to offer you a way to support us while also addressing those concerns.

Therefore, we have restricted access to articles on WIRED.com if you are using an ad blocker.

(click here to continue reading How WIRED Is Going to Handle Ad Blocking | WIRED.)

I happily use Ghostery, which is not strictly an ad blocker, but rather an enhanced cookie blocker. I just went to random Wired.com article, (http://www.wired.com/2016/05/adblock-plus-now-wants-pay-browse-internet/) and these are the trackers that Wired wants to serve me in lieu of my $52 payment:

  • Adobe Audience Manager
  • Adobe TagManager
  • Amazon Associates
  • ChartBeat
  • Disqus
  • Google Adsense
  • Google AdServices
  • Optimizely
  • Parse.ly
  • Pinterest
  • Polar Mobile
  • Rubicon
  • ScoreCard Research 
  • Yieldbot

plus one I keep turned on because I like fonts and appreciate web designers who use specific fonts: 

Typekit by Adobe

In other words, Wired wants me to agree to sell my data to these corporations in exchange for reading an article about Adblock Plus. I don’t know each of these entities, but I’m guessing most2 don’t only report to Wired – they sell the data they’ve accumulated to multiple parties. And they don’t give me any slice of the revenue.

Hmm, on balance, I’ll keep my $52, and I’ll stop clicking through to Wired articles. Sounds fair.

Footnotes:
  1. Tidbits.com, NYT, WSJ, Chicago Tribune, The Nation, Harpers, etc. etc. []
  2. or all []

Tech Tuesday – Part One – Selling Your Own Data

This sucky blog’s editor1 has assigned Tuesday’s topic as technology. Like all good topics, that’s a bit vague, there are lots of threads that can be collected here. 

Don't Worry - Keep Shopping
Don’t Worry – Keep Shopping…

We’ve discussed the weird state of consumer data many times, where companies such as Acxiom and thousands of others collect every scrap of information about us they possibly can, by whatever method, and then sell it to marketers. Our data, our habits, our propensities, but their profits. Seems like a bum deal, for consumers. 

So when I read the headline on this Fast Company article, I got interested. The headline and sub-head reads:

This Startup Lets Users “Sell” Their Own Shopping Data
InfoScout’s apps sell their users’ shopping data to marketers—and give those users a cut.

but that is not quite truthful. Or at least, InfoScout isn’t selling shopping data in a manner I was hoping. No, they mean that if you willingly give InfoScout information about your shopping trips by photographing/scanning your receipts, they’ll drop a few pennies in your cup now and again. If you are lucky.

San Francisco-based InfoScout offers a set of smartphone apps that lets users snap pictures of shopping receipts in exchange for incentives like credit card-style reward points and sweepstakes entries. The company digitizes the receipts with a mix of optical character recognition and crowdsourced help from services such as Amazon’s Mechanical Turk.

Then it bundles that purchase information into reports it offers to companies like Procter & Gamble and Unilever, letting them see how consumer preferences evolve over time and how discounts and promotions affect sales.

“Our ability to provide these insights back to the brands in near real time, literally within days, is something they’ve never had before,” claims CEO Jared Schrieber, who cofounded InfoScout in 2011.

Schrieber says that while brands can get some data from programs like supermarket reward card programs, those usually only track customer activity at one particular retail company.

“We’re not trying to change what people buy,” Schrieber says. “We’re just trying to observe it.”

The company says it has collected data on more than 100 million shopping trips and is processing about 300,000 receipts per day. Users can of course choose not to scan receipts that include purchases they find embarrassing, but Schrieber says many just upload every receipt, so the apps gather quite a bit of data about sensitive purchases, such as condoms and feminine hygiene products. Ultimately, what type of purchase information users feel is worth trading for a few cents or a sweepstakes entry is up to them.

Users can participate anonymously or receive additional rewards for linking the app to their Facebook profiles, answering demographic questions, or taking occasional surveys.

(click here to continue reading This Startup Lets Users “Sell” Their Own Shopping Data | Fast Company | Business + Innovation.)

We have no hours. We are always closed
We have no hours. We are always closed…

InfoScout is not even alone in using this model. I recently saw a presentation that included mention of Ibotta– a smartphone app where consumers photograph their receipt and theoretically get future coupons. Or rebates, whatever.

1. Download the App Download the Ibotta app, available on iOS and Android. The app is required to submit a receipt.

2. Unlock Rebates Before you go shopping, unlock cash rewards on great products by completing simple tasks.

3. Go Shopping Buy the products you’ve unlocked at any supported store.

4. Verify Your Purchases Scan your product barcodes, then submit a photo of your receipt.

(click here to continue reading How it Works – Ibotta.com.)

If you jump through the hoops in precisely the correct way, you may get a few pennies. According to some internet complainers, Ibotta mostly uses the small print to avoid paying out.

Complaints like:

I read about IBOTTA on Facebook and decided to try it out. Downloading the app was easy and the instructions were straight forward. Two days ago I wend grocery shopping and decided to use the app for rebates on bread, milk and eggs – all of which were on my shopping list and I was shopping at a listed store. When I returned home I scanned the items as requested by the app and took a picture of the receipt. All items were accepted. Today I received an email stating that my account had been deactivated because of fraud. From what I understand I am being deactivated for taking a picture of the same receipt. Well, duh..I bought the items at the same time, so they would be on the same receipt. No where in the instructions does it say that you have to have a separate receipt for each item purchased. Plus you are going to spend more time sorting out your groceries and paying for each item separately – not worth the money they say they will pay you.

(click here to continue reading Ibotta App Reviews – Legit or Scam?.)

or like:

I downloaded the app and it isn’t terribly hard to figure out. Verified the items and got the approval for receipt. All fine. Now when it comes to actually getting paid, all that happens is a notice on the site saying “working on the site”. Seems everything works that makes them money but nothing works where they pay money.

I am guessing they are out of cash and so just stick this sign up to avoid the real issue.

(click here to continue reading Ibotta App Reviews – Legit or Scam?.)

and many, many more. 

I suppose you’ll have to decide for yourself, is willingly giving corporations intimate shopping data about you and your family worth a few pennies? Your data is much more valuable to them – building smartphone apps and Point-of-Sale and coupon redemption infrastructure is not cheap. A corporation wouldn’t invest millions unless it was worth it to their bottom line.

Not This Store
Not This Store

I’m still waiting for one of the companies that Ghostery tracks to start offering me a real cut of the sale of my data, I’d whitelist their tracking cookie, and they would pay me a percentage every month. Ha! Zero is a percent…

Footnotes:
  1. me []

Publishers Weigh Ways to Fight Ad Blocking

ATM$ Inside
ATM$ Inside…

Adblocking software is a default installation for any browser on any computer I set up, usually using Ghostery. I am frequently amazed at the sheer amount of tracking code a typical publisher uses. Dozens and dozens of third party cookies, sometimes even more.

Browsing the web without ads is actually kind of nice. No popups stealing your screen. No autoplaying video ads making the page load as slowly as if it were being dialed up through America Online circa 1999. And millions of people seem to agree. They’ve installed extensions to their web browsers that delete the ads from most, if not all, of of the sites they visit. One popular ad blocker, AdBlock Plus, claims that it’s been installed on people’s browsers more than 400 million times and that it counts “close to 50 to 60 million active users,” said Ben Williams, communications and operations director at Eyeo, the company that makes AdBlock Plus.

Ad blocking isn’t a new issue. People have been installing these extensions for years. But those people were considered a fringe group. But that group is getting closer to the mainstream as kids who grew up browsing the web on their parents’ computers are getting their own laptops that they can customize all the way.

And advertisers’ target audience du jour — millennials — appear to be more likely to use ad blockers than any other age group. Of the survey respondents who were between the ages of 18 and 29 years old, 41% said they use ad blockers. As further evidence ad blocking isn’t abating, Mr. Williams said AdBlock Plus has averaged 2.3 million downloads a week since 2013.

(click here to continue reading Publishers Weigh Ways to Fight Ad Blocking | Media – Advertising Age.)

Nelson Muntz Furniture
Nelson Muntz Furniture

If the trend continues, the ad-supported model of web publishing will die soon. I’m not sure what will replace it – a subscription model I guess – but web publishers did themselves no favors by making ads increasingly more obnoxious. Autoplay videos are evil, and I cannot wait until Apple allows ad blocking software on iPhones and iPads.

Ad blocking extensions have been possible on Safari for Mac for a long time, but plugin architecture for Safari on iOS is much more limited. With iOS 9, Apple has added a special case of extension for ad blockers. Apps can now include ‘content blocker’ extensions that define resources (like images and scripts) for Safari to not load. For the first time, this architecture makes ad blockers a real possibility for iOS developers to make and iOS customers to install and use.

The inclusion of such a feature at this time is interesting. Apple is also pushing its own news solution in iOS 9 with the News app, which will include ads but not be affected by the content blocking extensions as they only apply to Safari. There is also clearly the potential for Safari ad blockers to hurt Google, which seems to be a common trend with Apple’s announcements recently…

(click here to continue reading iOS 9 lets app developers make ad blockers for Safari | 9to5Mac.)

Blocking ad tracking is also parenthetically about user privacy, and Apple is more likely to increase capabilities for its customers to opt out of the massive marketing databases of contemporary corporations like Acxiom, with the exception of inclusion in Apple’s own massive database of course. Apple is not a benevolent grandmother, but at least they are being more open about their marketing and data collection practices than some of their technology company peers.

Apple’s senior vice president of software engineering, Craig Federighi, who was onstage to present new “proactive” artificial intelligence features of the next iPhone operating system, paused before one of the slides to make the company’s devotion to privacy clear.

Yes, he said, the new software will try to anticipate your information needs, based on things like your calendar and location — something that its rival, Google, already does. But, Federighi added, “we do it in a way that does not compromise your privacy. We don’t mine your email, your photos, or your contacts in the cloud to learn things about you. We honestly just don’t wanna know.”

He continued: “All of this is done on [the] device, and it stays on [the] device, under your control.” And Apple says that if it does have to perform a lookup [online] on your behalf, it’s anonymous, it’s not associated with your Apple ID, and it’s not shared with third parties.

In case you missed that point, Federighi immediately repeated: “You are in control.”

(click here to continue reading Walt Mossberg: Apple’s Latest Product Is Privacy | Re/code.)

Waste Your Time and Money
Waste Your Time and Money

We are talking significant revenue at stake already:

“Consumers want a faster web, significantly less tracking by unknown third parties and clean, well-lit media experiences. [Apple’s mobile ad-blocking plan] just accelerates it, and opens up a significant share of the marketplace,” said Jason Kint, CEO of online publisher trade group Digital Content Next. That significant share would significantly cut into publishers’ revenues. Take the biggest digital ad seller — Google — as a proxy. PageFair has estimated that Google, which made $59.1 billion from advertising in 2014, lost $6.6 billion that year because of ad blocking. As Vice’s chief digital officer Mike Germano said at an industry conference in New York earlier this month, “I love my audience, but fuck you, ad blockers — 20% of my revenue is gone.”

How to Get Your Business To Show Up On Google
How to Get Your Business To Show Up On Google

Dental receptionist allegedly at the center of a massive identity theft scam

Teeth
Teeth…

Speaking of health care practitioners who cannot manage to protect personal data, there is another reason to be skeptical when your dentist wants copies of your drivers license and so on…

The New York District Attorney’s Office says that a massive identity theft ring stems from a Manhattan dental receptionist who stole customers’ personal information.

Four people, including 27-year-old Annie Vuong, the alleged receptionist, now stand accused of 394 charges relating to theft of $700,000. All four say they’re not guilty.

The scheme centers around the fact that it’s actually quite easy, if you have enough of a person’s information, to create an Apple account, and with one of those, it only takes about 30 seconds to get approved for a program to buy an Apple-themed Barclays Visa card. With one of those, customers can instantly turn right back around and buy Apple gift cards, which can be redeemed in Apple’s physical stores.

(click here to continue reading Dental receptionist allegedly at the center of a massive identity theft scam.)

Your Data Is Not Safe at Anthem Nor At Other Healthcare Corporations

Classless Society

The next decade is going to be a continual escalation of these sorts of crimes. Many sectors of corporations have skimped on beefing up their security practices, making data theft easier for criminals to steal consumer data.

patient medical records typically include information not easily destroyed, including date of birth, Social Security numbers and even physical characteristics that make them more useful for things like identity theft, creation of visas or insurance fraud by falsely billing for expensive medical or dental procedures that were either never done or performed on someone else. Some criminals have also tried a form of so-called ransom ware in which they threaten to reveal medical information unless they are paid.

“The whole thing is evolving,” said Barbara Filkins, an analyst with the SANS Institute, which has studied the risk to the health care sector.

Hospital systems, for example, are increasingly asking for photo IDs and driver’s licenses in an effort to block patients who have stolen someone else’s medical identity, said John Barlament, a lawyer at Quarles & Brady in Milwaukee. The use of medical identity fraud is growing, he said. “It’s a one-way trend here,” he said.

(click here to continue reading Data Breach at Anthem May Lead to Others – NYTimes.com.)

Site of the Doctors' Commons
Site of the Doctors’ Commons

From my perspective, I hate when health care providers make copies of my drivers license and write down my social security number and so on. Why? Because I don’t trust that they will keep my data safe. Especially as there is a push to digitize health records, health practitioners need to have stronger data management and destruction policies. Should a dentist I visited once several years ago be able to keep all my information for ever? I guess I need to get a fake ID for these sorts of situations.

The push to digitize patient health records in hospitals and doctors’ offices has also made medical records increasingly vulnerable, according to security experts. Moving medical records from paper to electronic form allows both patients and providers better access, but it has also made patient records susceptible to breaches, whether unintentionally or through a criminal attack.

About 90 percent of health care organizations reported they have had at least one data breach over the last two years, according to a survey of health care providers published last year by the Ponemon Institute, a privacy and data protection research firm. The founder, Larry Ponemon, a security expert, says most were because of employee negligence or system flaws, but a growing number are malicious or criminal.

Last year, 18 health care providers reported data breaches because of some form of hacking. Information at Centura Health was compromised last year after a phishing scheme obtained access to employee email accounts. The data included, in some instances, Social Security numbers, Medicare beneficiary numbers and clinical information for 12,000 patients of the facility, based in Englewood, Colo. In another case, a keystroke logger virus that infected three computers for a few weeks early last year at the student health center at the University of California, Irvine, may have captured patient’s health and dental insurance numbers and diagnoses.

Health care providers have sharply increased their spending on data security in the last year, but they remain technologically far behind other industries, say experts.

(click here to continue reading Data Breach at Anthem May Lead to Others – NYTimes.com.)