With all the recent ruckus over Google and Apple location tracking on their respective mobile OS's, I feel reluctantly compelled to add my two bits.
Wow.... Really?
It is hard to imagine that people are all up in arms about this. I honestly thought that nobody cared - and I think that maybe Google and Apple were caught off guard in this respect as well. With all the information sloughing off from the average web user, who would have thought that anybody cared about a little location logging?
I had no idea that the apathy was mostly ignorance or denial - it seems that people are concerned about privacy after all, but are totally ignorant about the real, omnipresent threats to their personal information online.
So, to enlighten those of you that are not counted among the Digirati.....
Did you know that when you visit most commercial websites, tracking cookies are installed on your computer that make it possible to monitor what pages you view, to send you targeted advertising based on your surfing habits?
Frequently this information is tied to a unique identifier that specifically identifies you, the real person, along with your approximate location, home address, neighborhood demographics, and property tax information.
This info, along with your IP address (and physical connection point to the internet) is all hoovered up and stored on servers all over the planet, sold around to various marketing companies, and has virtually no regulatory oversight.
Make no mistake, any time you are online, from laptop, cellphone, or your home / work machine, there are a handful of companies that know exactly where you are and what you are doing on the web, and this information they use and sell as they please.
Then there are social networking sites like Facebook, where not only your information is exploited but also the information about your relationships, friends and social networks too.
Let me show you scenario number one, a very simple and altogether too possible example of how this knowledge about your relationships can be exploited and sold:
When Brandy visits her favorite social networking (social spying) site, Spybook.com reads the tracking cookies that indicate that she also spends a lot of time chatting at hot singles.com. Spybook.com also knows that she is married to Tim.
(edit - see comments for more detail on technical aspects of this)
From this information, they send Brandy advertisements on how to meet hot single guys in her area, and where to buy stunning, discounted lingerie. Ok great....
But....they also send targeted advertising to Tim (also a happy spysite user) about how to know if his partner is cheating (is she suddenly buying a lot of new lingerie?), how to track a cheating partner with a button sized GPS tracking device, and an introduction their selection of local divorce lawyers.
It is worth noting that Spybook.com also knows that Brandy has surfed the web from a local super 8 hotel during lunchtime, while Tim was online at the office....but Spybook.com doesn't even know that they know this yet. Some other company will notice this five years from now when they buy the data from Spybook.com to look for things that they find to be of interest.
Really.
Just like that.
Then, when the Spybook.com tracks Tim visiting the divorce lawyers pages, they start with the "hot singles" in his area too, along with promoting infidelity paranoia among his male friends, who will be doubtlessly looking a bit more carefully at their own relationships....one can see where this starts to cross the line from opportunistic exploitation to vague social manipulation.
Before you write this off as paranoid (ok, it is a -little- paranoid) ... ever been to a website that had ads that were eerily appropriate, even if in a caricature of real life?
The Facebook 'like' button is another good example of this technology. Any time it exists on a webpage - any web page - it is sending back to the Facebook.com database that you, the registered Facebook user, are viewing that specific page, at that specific time from that specific machine, at that specific location.
And no, you don't have to click on anything for this to happen... but, if you do, well, what a goldmine!
If you click 'like' then the article or comment becomes part of your dossier, to mine for information that can be used to further understand your most basic motivators and marketing vectors.
Now imagine what can be done with this information, along with your geographical habits, spending history, and all those tagged photos of you....did you know that any of them taken from a cellphone may also have date, time, camera direction and GPS location imbedded in the meta-data?
Now, of course, all of this information is also available to government agencies, investigators, and anyone else with a budget or the ability to obtain the information, whether legitimately or not.
To make matters only slightly worse, if your computer or browser gets infiltrated by spyware then it can extract even more information.
In my experience as an IT professional, I can safely say that more than 75% of the computers that I encounter are carrying spyware of some kind, usually knowingly installed by the user .....browser toolbars, anyone?
Information usually collected by spyware, besides browsing history, includes your web searches (Google, Bing, and Yahoo already do this anyway, of course), and in the case of black-hat spyware, all your keystrokes and browsing history, credit card numbers used online, etc.
With so many of us intentionally or unintentionally giving away the most intimate of details to the highest bidder (and to that hacker guy in eastern Europe), I find it curious that the Android / Iphone tracking issue raised such an alarm....it really is the least of our worries.
That said, it would be a good thing, I think, to set standards for the collection and protection of personal information, and to require specific, plain language opt - ins for the use of such information. Plain language, instead of the legalese never-read "terms and conditions" that we are all so familiar with.
An opt-in that you had to approve, prior to any website collecting personally identifiable information, (especially to any 3rd party) would be a powerful tool for consumer protection. Perhaps an opt-in that popped up every 10 times it collected your information, which you could then make permanent for one year - or something like that.
Of course, you can just turn off cookies, but that will eliminate a great deal of the functionality that we have come to expect from the modern web.
Maybe these suggestions are foolish or poorly thought out....please feel free to post your suggestions.
The mostly coherent, sometimes surprisingly relevant commentary of an amateur human being.
Tuesday, May 24, 2011
Monday, May 23, 2011
Facebook responsible for judgement day failure?
Well, I'm back from my brief hiatus in the mountains of Brazil awaiting the rapture, and although deeply humiliated at not being among the chosen, I find that I am in good company.
As a matter of fact, it seems that almost no one has suddenly vanished, ascended, or otherwise risen to the holy of holies.... which leads me to question, was judgement day yet another failed experiment?
Enduringly, if not endearingly, intractable - humanity has a long and tumultuous history of disappointing our creator.
At first, we were dealt with pretty heavy handedly. Cast out of the garden, victimized in history's single most famous act of genocide, and wandering around in the desert for two generations should have taught us something, or at least one would think so..... but self preservation has proven to be an insufficient motivator, and it seems that pragmatism began to creep into the plan.
As part of the new deal (apparently arrived at after a significant period of anger management therapy and new age books) dramatic, if somewhat grisly, but still cryptically generous overtures were made, and slowly but surely some of us started paying attention.
For the next two millennia, one could get the sense that a certain entertainment value was lacking, or perhaps the embarrassment of failure kept us in the celestial closet, but for whatever reason interactions with the Creator have been pretty low key for a while.
Even though we haven't had any good laughs or even any good fights recently, we have always known that the clock was ticking, that the time to clean the fishbowl was coming. We have persistent reminders everywhere we turn that life is fragile, that one swipe of His mighty hand doth smite but good, whether it be earthquakes, tornadoes, or asteroids. So it is written. We will know the year and the season, but not the day .... until now.
Apparently due to a clerical error on His part, despite admonishments that we would not know precisely when the last act would open, one of us ever pesky humans figured it out, and not only the day, we got it down to the exact second. Apparently, 15 times 1000 plus 412 divided by Jesus works out to 6:00 PM EST, but to no avail.
It seems that no one was qualified. What does this mean? Has He lost interest? Car trouble? Has He become obsessed with Facebook, to the point that He no longer has time for other hobbies or real relationships? (you should see His Farmville Farm - HO-LY SHIITE!)
Could this somehow be related to Sony's PSN outage, and could Anonymous have had a hand in this (or at least some fringe members?) Why wasn't this in the Wikileaks release? Could this have been some kind of a government conspiracy to stop Judgement Day? The lack of any allegations of WTO involvement in the "mainstream media" is pretty damning, if you ask me.
The nagging spectre here that nobody seems to want to talk about is that maybe the numbers just weren't good enough. After all, what would His friends say? Ten? You got Ten? 4 Billion years, unlimited resources, and Ten? Here, let me try! He would never be invited to any of the good parties after that.
....better just to take a deep breath, reassess the options, and put it back in the closet. There has to be a way to make this work. Fun pets, pfft. In your own image - right! Sea monkeys were better than this.
Still, one is inclined to wonder, is this bad news or good news, and where do we go from here? Will we get another chance in 2012? So many questions, so few good answers.
As a matter of fact, it seems that almost no one has suddenly vanished, ascended, or otherwise risen to the holy of holies.... which leads me to question, was judgement day yet another failed experiment?
Enduringly, if not endearingly, intractable - humanity has a long and tumultuous history of disappointing our creator.
At first, we were dealt with pretty heavy handedly. Cast out of the garden, victimized in history's single most famous act of genocide, and wandering around in the desert for two generations should have taught us something, or at least one would think so..... but self preservation has proven to be an insufficient motivator, and it seems that pragmatism began to creep into the plan.
As part of the new deal (apparently arrived at after a significant period of anger management therapy and new age books) dramatic, if somewhat grisly, but still cryptically generous overtures were made, and slowly but surely some of us started paying attention.
For the next two millennia, one could get the sense that a certain entertainment value was lacking, or perhaps the embarrassment of failure kept us in the celestial closet, but for whatever reason interactions with the Creator have been pretty low key for a while.
Even though we haven't had any good laughs or even any good fights recently, we have always known that the clock was ticking, that the time to clean the fishbowl was coming. We have persistent reminders everywhere we turn that life is fragile, that one swipe of His mighty hand doth smite but good, whether it be earthquakes, tornadoes, or asteroids. So it is written. We will know the year and the season, but not the day .... until now.
Apparently due to a clerical error on His part, despite admonishments that we would not know precisely when the last act would open, one of us ever pesky humans figured it out, and not only the day, we got it down to the exact second. Apparently, 15 times 1000 plus 412 divided by Jesus works out to 6:00 PM EST, but to no avail.
It seems that no one was qualified. What does this mean? Has He lost interest? Car trouble? Has He become obsessed with Facebook, to the point that He no longer has time for other hobbies or real relationships? (you should see His Farmville Farm - HO-LY SHIITE!)
Could this somehow be related to Sony's PSN outage, and could Anonymous have had a hand in this (or at least some fringe members?) Why wasn't this in the Wikileaks release? Could this have been some kind of a government conspiracy to stop Judgement Day? The lack of any allegations of WTO involvement in the "mainstream media" is pretty damning, if you ask me.
The nagging spectre here that nobody seems to want to talk about is that maybe the numbers just weren't good enough. After all, what would His friends say? Ten? You got Ten? 4 Billion years, unlimited resources, and Ten? Here, let me try! He would never be invited to any of the good parties after that.
....better just to take a deep breath, reassess the options, and put it back in the closet. There has to be a way to make this work. Fun pets, pfft. In your own image - right! Sea monkeys were better than this.
Still, one is inclined to wonder, is this bad news or good news, and where do we go from here? Will we get another chance in 2012? So many questions, so few good answers.
Thursday, May 19, 2011
PROTECT IP Act : A win for lawyers, epic fail for I.P. holders
Sen. Patrick Leahy's PROTECT IP act is an excellent example of what happens when someone (or worse, a group of someones) tries to solve a problem that they do not understand.
The private litigation aspect will create a mountain of frivolous lawsuits, keeping the lawyers happy, while real Intellectual Property protection will suffer irreparable damage, and piracy will advance to a whole new level.
The problem is that this bill, and any like it, are based on the idea that the government controls the internet. Unfortunately, it would be more true to say that the government controls the government controlled internet.
Efforts to take down offending websites have already met with new, game changing tools that allows web surfers to browse "taken down" websites as if nothing happened.
This incremental loss of official control of the WWW namespace came as a direct result of ignorantly crafted policy, and it represents an unprecedented and irreversible loss of centralized control.
This is a critical trend that we are likely to see more of, and could ultimately result in a web space that is not controllable by any central authority, and is a much more secure and efficient tool for IP infringers, while dealing a critical blow to companies operating on the "official" WWW.
Regulators and litigators would be much better off not forcing their adversaries to go underground, because once down the rabbit hole, construction will begin in earnest on the darknet, and there will be no way to put that particular genie back in the bottle, short of shutting down the internet in its present form.
Websites promoting infringing content are just the beginning - there already exist anonymous payment systems, distributed, anonymous data stores, and more - they have just not grown much because the above ground versions worked for just about everything.
With increasing pressure to the namespace and supporting services, the corresponding underground alternatives can only grow in popularity, functionality, and efficiency, not only making cybercrime safer and less traceable, but also directly hurting legitimate services.
Unfortunately, many politicians are more interested in appeasing special interests than in learning about the subject matter that they are attempting to govern, so we will probably continue to see these counterproductive, lawyer friendly "solutions", instead of intelligent, insightful leadership and policymaking.
I guess it all boils down to the fundamental problem with confronting asymmetrical situations with a symmetrical mindset : Asymmetry.
I for one, for lack of a better idea, intend to sit back and smile while the idiocracy builds the high speed encrypted cyberpunk internet, using the talented, endless labor pool of rebellious youth and eastern European hackers.....
Lets look at something for a minute:
The War on drugs : An in demand physical substance that must be transported by actual people across actual borders, with guns and stuff. In the 40 years of the official WOD, the market has increased, drugs are stronger, cheaper, and more pure than 40 years ago, and adolescent drug use is exactly where it was in the 1970's.
In summary, in the WOD, we have spent roughly $2.5 Trillion dollars* training our adversaries and perfecting their systems, turning a persistent social problem into a persistent social problem promoted by a multi billion dollar criminal enterprise with its own armies. Yeah Team.
Now, How about a war on piracy**, or should I say a war on copies of music and movies: An in demand, costless product that can be moved invisibly , undetectably, and uninterceptably around the world in seconds, can be hidden with mathematical perfection in encrypted data streams and on free, hijacked repositories worldwide, and it moves on its own through existing transfer mechanisms, no guns required.
The only downside is that there is not very good security on the consumer side, and the distribution mechanisms are still a bit clunky - but not to worry, the US government is about to launch into a multi-billion dollar program to train the distributors, improve the quality of their software, and refine their systems.
Oh, good. Finally, my tax dollars advancing the plight of humanity - I haven't felt this good since we started hiring community college dropouts to grope 12 year olds in the airport - Bad Touch, TSA!
Did that seem cynical to you?
* (over $1T directly, not including jail time for personal possession or funds to other governments like Columbia and Mexico for their drug interdiction (distribution?) efforts)
** not a war on REAL piracy, because that wouldn't get campaign funding from special interest groups like the RIAA...
See these stories for recent tragedies in the real war on piracy:
http://www.msnbc.msn.com/id/41715530/ns/world_news-africa/t/four-american-hostages-killed-somali-pirates/
http://news.blogs.cnn.com/2011/03/01/pirates-hijack-danish-yacht-with-three-teens-aboard/
The private litigation aspect will create a mountain of frivolous lawsuits, keeping the lawyers happy, while real Intellectual Property protection will suffer irreparable damage, and piracy will advance to a whole new level.
The problem is that this bill, and any like it, are based on the idea that the government controls the internet. Unfortunately, it would be more true to say that the government controls the government controlled internet.
Efforts to take down offending websites have already met with new, game changing tools that allows web surfers to browse "taken down" websites as if nothing happened.
This incremental loss of official control of the WWW namespace came as a direct result of ignorantly crafted policy, and it represents an unprecedented and irreversible loss of centralized control.
This is a critical trend that we are likely to see more of, and could ultimately result in a web space that is not controllable by any central authority, and is a much more secure and efficient tool for IP infringers, while dealing a critical blow to companies operating on the "official" WWW.
Regulators and litigators would be much better off not forcing their adversaries to go underground, because once down the rabbit hole, construction will begin in earnest on the darknet, and there will be no way to put that particular genie back in the bottle, short of shutting down the internet in its present form.
Websites promoting infringing content are just the beginning - there already exist anonymous payment systems, distributed, anonymous data stores, and more - they have just not grown much because the above ground versions worked for just about everything.
With increasing pressure to the namespace and supporting services, the corresponding underground alternatives can only grow in popularity, functionality, and efficiency, not only making cybercrime safer and less traceable, but also directly hurting legitimate services.
Unfortunately, many politicians are more interested in appeasing special interests than in learning about the subject matter that they are attempting to govern, so we will probably continue to see these counterproductive, lawyer friendly "solutions", instead of intelligent, insightful leadership and policymaking.
I guess it all boils down to the fundamental problem with confronting asymmetrical situations with a symmetrical mindset : Asymmetry.
I for one, for lack of a better idea, intend to sit back and smile while the idiocracy builds the high speed encrypted cyberpunk internet, using the talented, endless labor pool of rebellious youth and eastern European hackers.....
Lets look at something for a minute:
The War on drugs : An in demand physical substance that must be transported by actual people across actual borders, with guns and stuff. In the 40 years of the official WOD, the market has increased, drugs are stronger, cheaper, and more pure than 40 years ago, and adolescent drug use is exactly where it was in the 1970's.
In summary, in the WOD, we have spent roughly $2.5 Trillion dollars* training our adversaries and perfecting their systems, turning a persistent social problem into a persistent social problem promoted by a multi billion dollar criminal enterprise with its own armies. Yeah Team.
Now, How about a war on piracy**, or should I say a war on copies of music and movies: An in demand, costless product that can be moved invisibly , undetectably, and uninterceptably around the world in seconds, can be hidden with mathematical perfection in encrypted data streams and on free, hijacked repositories worldwide, and it moves on its own through existing transfer mechanisms, no guns required.
The only downside is that there is not very good security on the consumer side, and the distribution mechanisms are still a bit clunky - but not to worry, the US government is about to launch into a multi-billion dollar program to train the distributors, improve the quality of their software, and refine their systems.
Oh, good. Finally, my tax dollars advancing the plight of humanity - I haven't felt this good since we started hiring community college dropouts to grope 12 year olds in the airport - Bad Touch, TSA!
Did that seem cynical to you?
* (over $1T directly, not including jail time for personal possession or funds to other governments like Columbia and Mexico for their drug interdiction (distribution?) efforts)
** not a war on REAL piracy, because that wouldn't get campaign funding from special interest groups like the RIAA...
See these stories for recent tragedies in the real war on piracy:
http://www.msnbc.msn.com/id/41715530/ns/world_news-africa/t/four-american-hostages-killed-somali-pirates/
http://news.blogs.cnn.com/2011/03/01/pirates-hijack-danish-yacht-with-three-teens-aboard/
Friday, May 06, 2011
Intellectual property rights holders do the wrong thing … Again.
The digirati among my readership might well read this as: Is the Mafiaa Fire browser plug-in a signpost on the road to croudsourced DNS decentralization?
While the RIAA should read : Bumbling idiots, lawmakers, and ICE fail to understand the basic nature of digital distribution, further erode control of intellectual property rights in the process.
There is a sea change underway, and it is not just starting.....time to read the writing on the wall.
Digital intellectual property rights management requires a new paradigm to understand. The old ideas about distribution will not work, traditional ideas of copyright are unenforceable, and attempts to maintain the status quo ultimately will prove to be economically nonviable.
Before I wax ad nauseum on this subject, let me first explain that I am fundamentally pro intellectual property rights, and fundamentally pro information freedom.
IP rights fuel innovation, make creativity profitable, and are a cornerstone of the technological age.
Without intellectual property rights as a valid paradigm, most of the really cool innovations since the 1950's would only exist in the smoke clouds of a hippie drum circles, “hey maaaan, wouldn't it be cool if.....”, because everyone knows that all of the really good ideas actually originate in hippie drum circles....
...And, well lets face it, without IP rights making profitable distribution possible, very few ears would have listened to Bob Marley, Cheech and Chong, the Grateful Dead, or any of the other great founts of hippie inspiration, which arguably lead directly to the invention of potato chips, cellphones, the Internet, military grade encryption, and stealth fighter aircraft.
The problem for the current IP rights paradigm is this:
1. Digital distribution makes creating infinite, exact copies costless, and distribution through croudsourced mechanisms is similarly economical.
2. Encryption is breakable, or irrelevant, when one has access to both the encoded and unencoded data streams, such as in the case with DVD's....they are encrypted, but to play them one must be able to decrypt them – so, in the end, the decryption becomes trivial, because the end user has access to both the encrypted and unencrypted stream. This makes copying a straightforward technical problem unhindered by the main benefit of encryption, namely the mathematical asymmetry of encrypting vs breaking encryption.
3. Encryption makes distribution of legitimate and illicit digital goods effectively invisible and untraceable. Strong encryption is as effective at securing communications as is gravity for keeping things from floating off into space. In either case, a herculean effort is required to defeat them in any meaningful way, and the cost of dropping an object or encrypting a data stream is nearly infinitely less then the cost of lifting the object or decrypting a stream without the key.
This stands in stark contrast to the old paradigm, in which:
1. Physical, analog distribution requires significant investments in infrastructure and transportation. Copies made from copies invariably suffer loss of quality.
2. Physically securing the product in such a way as to prevent its theft is trivial and well understood.
3. The transport of stolen, counterfeit, or unlicensed material is observable, traceable, and interceptable, and will lead to the likely apprehension and incarceration of those involved
It is easy to understand that failing to change ones basic ideas about distribution mechanisms, business models, and security measures would be disastrous in any industry facing this type of problem (opportunity) , but for some unknown reason, this extreme shortsightedness is exactly what we are seeing in Media Distribution.
These death thrashes of the Ould Guard would perhaps not be so bad, as so goes the evolution of creatures, both creatures of flesh and creatures of commerce, but the damage that is being done on the way down is what both concerns and delights me. (One small, dark corner of my heart leans to the anarchistic side)
The problem (opportunity) is this:
Industry organizations, such as the RIAA and their ilk are effective at causing policymakers, lawyers, and government agencies to do stupid things that in their net effect will be a clear detriment to their own best interests, and to the interests of all who would benefit from a functioning Intellectual Property system.
Thanks to the these shortsighted organizations, we have better mechanisms and an entire global subculture dedicated to the easy, efficient, untraceable distribution of unauthorized copies of digital goods.
It goes something like this:
In the beginning: BBS, Dump sites, FTP - Only the technically literate were involved, awkward and risky to use.
Industry response : Defend traditional distribution, shut them down!!!
Community response : P2P file sharing – Easy to use, low barrier to entry, more difficult to control.
Industry response : Defend traditional distribution, shut them down!!!
Community response : Bit-torrent – Easier to use, low barrier to entry, no centralized structure to control. Higher performance, more secure, made distribution nearly free.
Industry response : Defend traditional distribution, shut them down!!! Sue the file sharers! (except a few, like Netflix, who figured out that this would kill them if they did not find a way to compete with free distribution, which they have done quite effectively)
Community Response: Use peer blocking and encryption to make themselves difficult or impossible to track....Development of completely new anonymous networks such as Darknet, which exist one layer below the regular “interwebs” and could, if pressed to improve, become a complete alternative webshpere.....
Industry response : Defend traditional distribution, Shut down their (the file indexers and search engines) websites!!! Aha! Now we have DHS (ICE) on our side!!
Community response: Alternative, community based DNS, (Mafiaa Fire)..... effectively taking control of the webspace itself away from centralized authority.......This is the first step toward croudsourced namespace administration, without a traditional centralized authority, that can work alongside the existing infrastructure. This is a viral technology / ideology, make no mistake – If the “idiots that be” keep censoring domains, soon only people with these additional namespace protocols will be able to access the uncensored Internet, and any computer, browser, or software that does not support this will be seen as being cripple-ware.
Probable Industry Response: (insert shortsighted, ineffective measure here)
Inevitable Community Response : Decrease centralized network control, improve security and anonymity, improve distribution efficiency, etc.
The pattern here is this... Industry applies an ineffective measure, which is in turn answered by an improvement in the illicit distribution infrastructure, which as it offers more and more value and access, becomes more and more mainstream, further fueling innovation within the sector.
This is not a battle that can be won within the dominant paradigm. The fundamental mathematics underlying the problem are making the moves, and math is really difficult to argue with.
The current dangerous precedent of taking down (popular) domains via name service suspension will, if continued, result in a viable alternative namespace system which will be impossible to control. Similar attacks on this system in turn will be answered with increasingly sophisticated technical measures, which could ultimately result in an entire alternative webspace, possibly fully encrypted and inherently anonymous, which would then serve as a viable competitor to the primary webspace. This could be the death knell for even forward looking business models such as Netflix.
There will always be bright, unemployed programmers looking to make a name for themselves. This inexhaustible, free labor resource, with an extremely asymmetrical mathematical advantage on its side, will not likely be defeated by an entity without literally unlimited financial resources, except by complete network censorship and the end of the Internet as we know it....which would likely result in an entirely croudsourced physical layer......
Ideas are impossible to put back in the box. Adapt or perish.
Read more about Mafiaa Fire Here:
Subscribe to:
Posts (Atom)