Year: 2008

Privacy worry over location data – Solution is from Facebook?

/ Christopher Parsons

Yahoo! has recently released a new product called Fire Eagle. Fire Eagle is an application that developers can integrate into their software suites, enabling users to identify and broadcast their geospatial location to others on the application’s network. There are many very positive features of Fire Eagle (at least relative to other applications of this nature):

* It’s opt-in
* It allows for granular, application level, sharing of information
* It keeps limited historical data – it “keeps only the most recent piece of location information it has received for each of the major levels it understands: Exact Location, Neighborhood, City, State, Country etc. If a new piece of “Exact Location” information comes in, then we throw away the old one.” (Source)
* Yahoo!’s developers anonymize user data, and assert that they will exclusively use it for system statistics as it pertains to updates and improving service (no notes on how data is anonymized, however)
* The privacy statement makes note that users need to read the privacy agreements of the applications that utilize/integrate Fire Eagle
* Yahoo! notes that their partners must consent to terms and services, and a code of conduct, and Yahoo! provides a space for users to complain if they think that a Yahoo! partner is violating their agreements with Yahoo!.

But, but, what about those third parties!?!

A BBC article that talks about this new service (Privacy worry over location data) really identifies the core privacy concern that most advocates seem to have with this service:

The problem for privacy watchers is that privacy policies across the web are all very different and using a service through a third party could raise some real issues

This is a very, very real concern, but one that I think is misidentified by the popular media. While it’s true that people (such as myself) are concerned about the actual legibility of privacy policies (most are in complicated legalese, and as such effectively meaningless – someone can’t reasonably be expected to consent to a contract that they have no way of understanding), another (perhaps more significant issue) is that when most contracts state that they won’t share information with ‘third parties’ they really don’t clearly identify what a third party is.

Let me unpack that last bit, just a little. Let’s say that you enter into a contract/agree to an EULA with Company Alpha (Company A). Unbeknownst to you, Company A is a subsidiary of Company Big (Company B for short), who is a subsidiary of Core Company (Company C, for short). When you enter into an agreement with Company A, your information can often be passed around the rest of the corporate family without violating the contract that you consented to. Of course, the average consumer has no clue who is a member of a ‘corporate family’, and is still vulnerable to the commonplace divergent understandings of corporate privacy policies in the various subsidiary corporations. Most people are also unaware that this means that their granular data, which is on its own not terrible useful or informative about themselves as users, is drawn together to compose substantial data doubles, and that these doubles are (a) valuable; (b) used to discriminate against consumers without their being aware of the discrimination taking place.

Alleviating third-party worries

I hesitate to say that I necessarily LIKE this way of doing things, just because I’m hesitant about how facebook actually operates. That said, Facebook is releasing a new service (Facebook Connect) where the privacy settings that you establish in the Facebook environment will carry along with you to the other websites that you access. Of course, this means that Facebook will be gathering information on where you go, what you do, and so on. It also means that to enjoy a unified privacy policy that you’ll need to be a member of Facebook – you’ll need to be willing to give a corporation access to your personal data to enjoy something that you really should be able to expect a government to set up for you.

Nevertheless, Facebook’s Connect Platform may offer a way for Facebook users to enjoy a common attitude towards privacy. This is one of the solutions that Lessig notes in Code 2.0, but I remain concerned about the solution for the reasons that I addressed in my MA thesis. Namely:

  1. Without federal/state/provincial regulations, violations of a corporate policy lack a clear punitive strategy. Without a monetized penalty, corporations may be less willing to entirely abide by the codes of conduct.
  2. It makes it challenging to enjoy a granular privacy policy – I may not want to let Nike know much about me, whereas I’m comfortable telling the local government a great deal.
  3. What happens if a particular group chooses not to ‘buy-in’ to the Facebook program for their own, valid, reasonings? Are citizens to become citizen-consumers, where to enjoy their constitutional rights they are limited to the corporate brands that they see as ‘healthy’ to them?
  4. Why *shouldn’t* government be the body responsible for setting these kinds of rules and regulations, and developing the IT frameworks to allow all citizens to have consistent privacy frameworks across their browsing experience. I’m not suggesting that citizens would subsequently be required to use the government systems, or that there aren’t inherent challenges with any large body establishing a common privacy level that travels with me across the ‘net, but I’m far more comfortable with a democratically legitimated body doing this than a for-profit corporations who just wants to harvest my personal information.

Ultimately, however, I want to quickly return to Yahoo!’s own stance toward privacy and Fire Eagle. Yahoo! is being reasonably up-front, honest, and genuine with the consumer – they’re doing their job in providing the information that consumers really need to be aware of, in language that is easily accessible. Whether or not people read the privacy policy, the policy isn’t one that is so filled with legalese that it’s non-sensical to the average person. This, in and of itself, is a massive change in how the industry constructs their privacy notices, and is something that reflects well on their division of Yahoo! services.

Pro-privacy initiatives are getting out of hand – Or Are They?

/ Christopher Parsons

Don Reisinger’s posting on Pro-privacy initiatives are getting out of hand is a good read, even if I don’t think that he ‘gets’ the reason why privacy advocates are (should be?) concerned about Google Streetview. If you’ve been under a rock, Google is in the process of sending out cars (like the one at the top of this post) to photograph neighborhoods and cities. The aim? To let people actually see where they are going – get directions, and you can see the streets and the buildings that you’ll be passing by. It also lets you evaluate how ‘safe’ a neighborhood is (ignoring the social biases that will be involved in any such estimation) and has been talked about as a privacy violation because some people have been caught on camera doing things that they didn’t want to be caught doing.

Don: Privacy Wimps Stand Up, Sit Down, and Shut Up

Don’s general position is this: American law doesn’t protect your privacy in such a way that no one can get one or take a photo of your property. What’s more, even if you were doing something that you didn’t want to be seen in you home, and if that action was captured by a Google car, don’t worry – no one really cares about you. In the new digital era, privacy by obscurity relies on poor search, poor image recognition, and even less interest in what you’re doing. Effectively, Streetview will be used to watching streets, and little else.

Continue reading

Public Databases and Massive Aggregation of Data

/ Christopher Parsons

This is just a really quick thought that I wanted to toss out.

I perceive a problem associated with the digitization of public records: such digitization allows business interests to gather aggregate data on large collections of people while retaining identifiable characteristics. This allows for a phenomenal sorting potential. At the same time, we might ask, “is there anything we can, or really want to, do about this?”

Paradigm Shift

I hear this a lot – ‘Chris, you have to understand that things are different now. The paradigm is shifting towards transparency, and there’s nothing wrong with that, and you’re being a pain in the ass suggesting that there is anything wrong with transparency. Do you have something to hide, or something like that?’ This particular line bothers the hell out of me, because I shouldn’t have to expose myself without giving my consent, especially when I previously enjoyed a greater degree of privacy as a consequence of obscurity and/or the costs involved with copying, sorting, and analyzing analogue records. I fail to see why I have to give up past nascent rights and expectations just because we can mine data more effectively (hell, that would have been a meaningless statement around the time that I was born…). Efficiency is not the same as superior, better, or (necessarily) wanted.

Continue reading

I See Your DPI and Raise You a SSL

/ Christopher Parsons

A little while ago I was talking about network neutrality and Deep Packet Inspection (DPI) technologies with a person interested in the issue (shocking, I know), and one of the comments that I made went something like this: given the inability of DPI technologies to effectively crack encrypted payloads, it’s only a matter of time until websites start to move towards secure transactions – in other words, it’s only a matter of time until accessing websites will involve sending encrypted data between client computers and servers.

The Pirate Bay and Beyond

Recently, Sweden passed a bill that allows for the wiretapping of electronic communications without a court order. This caused the Pirates Bay, a well-known BitTorrent index site, to announce that it was adding SSL encryption to their website as well as VPN solutions for native Swedes who wanted to avoid the possibility of having their network traffic surveyed. Recently, isohunt.com has done the same, and other major torrent sites are expected to follow the lead. The groups who are running these websites are technically savvy, allowing them to implement encrypted access rapidly and with little technical difficulty, but as more and more sites move to SSL there will be an increasing demand amongst tech-savvy users that their favorite sites similarly protect them from various corporate and government oversight methods.

Continue reading

Why Lessig is Right (At Least When it Comes to Autobots)

/ Christopher Parsons

is the founder of the Creative Commons, which effectively allows for a more nuanced (and reasonable) approach to copyright – it establishes particularized rights for different audiences to use your work in different ways. The aim is to allow people to license work so that citizens can use facets of their culture to create new parts of their culture – as an example they can modify images and songs to produce something new, without their modification being labeled a copyright infringement. You’ll note that this blog is under a CC license.

Music, Mashup, and Meaning

There have been a number of particularly stunning documentaries in the past few years that attempt to grapple with the notion of copyright. Of the ones that I’ve seen, Good Copy, Bad Copy(and it’s a free download!) is likely about the best – it examines the role of mashup in music and the role of copyright as it applies to film. Mashups tend to involve taking multiple tracks of music and overlaying them in new and interesting ways – this also tends to act as a method of ‘culture jamming’, insofar as messages are playfully appropriated and modulated in ways that diverge from the cultural direction of the original works of music. As an example, you might hear a song about war with deep and potent lyrics laid atop an electronic dance beat, transforming both of the works in important and substantial ways.

Continue reading

Resetting Windows Vista Media Center

/ Christopher Parsons / 1 Comment

I’ve begun shifting away from using my file server to store media/files to a drive enclosure holding 1TB of storage – I’ve moved over about 600GB of data, which will probably increase to at least 850-900GB by the time that I leave for Victoria. Then it’ll be time to get more file storage space, I guess grin. The shift to a drive enclosure has been brought on by the fact that I need to move my stuff halfway across the country, and don’t want to be bringing any more computers that we need to.

The Problem

In the process of trying to redirect my home theatre PC to the new networked drives in my drive enclosure, I ran into a problem: there is no way to delete all of the file location information in Windows Vista Home Premium’s Media Center (WVHPMC; isn’t that an ugly acronym!). This meant that, when I pointed the Media Center to the new location of all of my files, I was left with duplicate entries of my files, only half of which actually led anywhere (once the server was turned off).

Continue reading