First Mozilla detailed its “do not track” system for Firefox, and now Google has announced its own version for Chrome. Keep My Opt-Outs is a Chrome browser extension that takes advantage of ad industry regulations around personalized web adverts; basically, it lets surfers permanently opt out of ad tracking.
“Keep in mind that once you install the Keep My Opt-Outs extension, your experience of online ads may change: You may see the same ads repeatedly on particular websites, or see ads that are less relevant to you.” Google
Now, as with the Firefox system, this relies on the ads being served by one of the 50+ companies which support the opt-out program – there’s no way to blacklist other ad servers, for instance. Google plans to develop versions for other browsers, and the Keep My Opt-Outs code is open-source.
Mozilla’s Global Privacy and Public Policy Leader, Alex Fowler, has detailed the upcoming Do Not Track functionality headed to Firefox. As Mozilla envisages it, the system “allows users to set a browser preference that will broadcast their desire to opt-out of third party, advertising-based tracking by transmitting a Do Not Track HTTP header with every click or page view in Firefox.”
Mozilla believes this is a more inclusive and comprehensive route than maintaining blacklists or cookies, though it does recognize that it relies on sites to fall into line and respect the “Don Not Track” user preference. The approach differs from Microsoft’s strategy for IE9, which will rely on “anti-tracking lists” onto which users can put approved and unapproved sites.
Another Facebook change, another privacy uproar. Read the headlines and you might have thought the social network was planning to open the books on private cellphone numbers and home addresses to any advertiser willing to slip them some cash, rather than adding some more sharing options along with the usual granular control over who gets to see what of your digital details. Unsurprisingly Facebook froze its plans pending a reassessment of its privacy controls; unfortunately, nobody is taking Facebook users – and the online community in general – to task over taking some responsibility for what they share.
If you haven’t been following the story, here’s the situation in a nutshell. Facebook announced on Friday that it was planning to add address and mobile number to the personal information that could be shared with applications, websites and advertisers. As with other personal details, the degree to which that data was accessible would be managed under each user’s permissions settings: everything from a come-and-get-me open pipe to a complete block on anything being revealed. Facebook billed it as a way to “easily share your address and mobile phone with a shopping site to streamline the checkout process, or sign up for up-to-the-minute alerts on special deals directly to your mobile phone.”
Don’t get me wrong; I’m under no illusion that Facebook is doing this for altruistic reasons. Making online purchases quicker is undoubtedly handy to those who actually click through Facebook adverts, but for the social network itself it’s all about making money from its most valuable asset: its millions of registered users. Just like with a free newspaper, Facebook makes its money by showing you adverts, and it can use your personal information to tailor those ads more appropriately. Access to personal contact details, meanwhile, is even more valuable.
However, just because there’s profit to be made for Facebook, it doesn’t mean this is either bad for the user or a sign of Evil Big Business taking advantage of the general public. We manage the degrees to which we disclose personal information all the time, long before Facebook arrived and gave us a simple privacy settings page to work with. Every time you avoid giving your phone number to a door-to-door charity worker, tick the no-junk-mail box on a bank form or refuse to give your address to someone you just met at a bar, you’re exercising your own, personal privacy filter.
Perhaps I’m being unfair. After all, it only takes a quick glance at sites like Lamebook (often NSFW) to see that many Facebook users have problems with over-sharing, accidentally making public posts out of what were meant to be private messages, and generally forgetting who out of their friends and family can read what they’re saying. Maybe Facebook does have some intrinsic responsibility to shepherd its members through the difficult journey that is online life; perhaps the privacy pages really won’t be complete until there’s color coding, pop-up warnings and a virtual cash register showing just how much you’ve lined Mark Zuckerberg’s pocket.
This constant push-me-pull-me with Facebook does users no favours. Every time the privacy patrol scream, and Facebook backtracks, it reinforces the idea that the site itself is solely responsible – should be responsible – for making safe use of the information we share online. Don’t get me wrong, if Facebook was looking to sneak in a “we can sell your identify” clause into the T&Cs, that’s something worth shouting about. When, though, we muster the same amount of vitriol for sharing options that already have safeguards – safeguards that satisfactorily protect our email address and other details – it looks more like abdication of responsibility. We want to trust Facebook do “do the right thing” – based on our own interpretation of what “the right thing” is, exactly – so that we won’t have to. We can spend our time looking up old crushes, posting photos of ourselves looking fierce in clubs, and commenting on videos of cats.
Privacy is important, but the responsibility begins at the individual level. Just as you don’t hand out your address to strangers in the street, maybe giving it to every website that asks isn’t all that sensible either. Relying on other people, or companies, to protect us universally is a naivety we abandon before adulthood in the real world, yet something many seem determined to cling to online. That’s before you get to the thorny issue of lost or stolen data. In the end, it’s your life, your number, your face: it’s up to you whether it’s an open book.
Facebook has backtracked on controversial plans to allow users to share their address and cellphone number with advertisers, after facing vocal criticism from privacy advocates. Announced on Friday, Facebook billed the option as a way to “easily share your address and mobile phone with a shopping site to streamline the checkout process, or sign up for up-to-the-minute alerts on special deals directly to your mobile phone”; however, while the standard privacy tools were offered, many believed the social networking site had a greater responsibility to notify users when they were giving out the data.
“Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data. We agree, and we are making changes to help ensure you only share this information when you intend to do so. We’ll be working to launch these updates as soon as possible, and will be temporarily disabling this feature until those changes are ready. We look forward to re-enabling this improved feature in the next few weeks” Facebook statement
As a result, Facebook has “temporarily” disabled the address and phone number sharing feature, though it will not be gone for good. Instead, the company will be working on new ways to indicate to users when their data is being made available, with a mind to reinstating the functionality “in the next few weeks.”
For the social networking site – which makes its money through advertising – anything that allows its sponsors better or easier access to users is a benefit, and it’s unsurprising that, despite the privacy set-back, it intends to push ahead with options to make personal data more available. Whether the responsibility for educating users about the potential harm in sharing that information is the site’s will remain a much-argued question.
Things weren’t looking good for BlackBerry in India, with threats of bans that were avoided at the last minute. We knew at the time that RIM had made “certain proposals” that would enable its messaging services to stay alive in India and now, about four months later, we’re learning what those proposals amount to. Basically, RIM has created a backdoor into the company’s messaging services, a “lawful access capability” that “meets the standard required by the government of India for all consumer messaging services offered in the Indian marketplace.” That’s a little disconcerting, but if you’re pinging your connects exclusively through BlackBerry Enterprise Server you can take it easy, as RIM is keeping that service locked up tight — or, at least, that’s what it wants you to believe.
RIM’s denial earlier this week that it had installed a messaging monitoring system at the behest of the Indian government has prompted more BlackBerry confusion, with the statement accused of conflicting with assurances made by RIM execs earlier in December 2010. According to information passed to The Economic Times, RIM’s VP of industry, government and university relations had told the Indian government that monitoring technology to “receive and process via the cloud computing-based system, lawfully intercepted BlackBerry messenger data” had indeed been installed.
“We are happy to confirm that as per the compliance schedule agreed by both Research in Motion and the Ministry Of Home Affairs, RIM infrastructure is ready to receive and process via the cloud computing-based system, lawfully intercepted BlackBerry messenger data from India service providers” Robert E Crow, vice-president of industry, government and university relations, RIM
The confusion appears to have arisen over the “lawfully intercepted” element of Crow’s statement, which would seem to tally with RIM’s assurances earlier this week that “there will be no change to the security model of BlackBerry Enterprise Service” and that information disclosure would only be made upon correctly-submitted legal requests. In contrast, Indian security forces have been asking for real-time monitoring abilities and less restricted access to BlackBerry messages. The Indian government has apparently ordered its telecoms division to test the cloud-computing monitoring system to validate RIM’s supposed claims.
It’s hardly a fresh idea — researchers have claimed that GSM calls could be cracked and listened in on for years. But there’s a difference between being able to do something with a $50,000 machine and a warrant, and being able to do the same thing with a few $15 Motorola phones, a laptop, open source software and 180 seconds of spare time. Security Research Labs researcher Karsten Nohl and OsmocomBB project programmer Sylvain Munaut recently spoke about a new GSM hack at the Chaos Communication Conference in Berlin, and they were able to walk the audience through the eavesdropping process in a matter of minutes. According to them, it’s not terribly difficult to use a $15 handset to “sniff out” location data used to correctly route calls and texts, and once you’ve nailed that down, you could use modified firmware to feed raw data into a laptop for decryption. Using a 2TB table of precomputed encryption keys, a cracking program was able to break in within 20 seconds — after that, you’re just moments away from recording a live GSM call between two phones. Of course, speeches like these are made to encourage security officials to beef up the layers between you and ill-willed individuals, but it’s hard to say what (if anything) will change. For now, we’d recommend just flying to each and every person you’d like to speak with. Unless you live in the Greater New York area — you’re probably better off risking a hacked conversation than heading out to LGA / JFK / EWR.
UK government ambitions to make porn blocks mandatory and force individual users to actively request access to XXX content have been described as “technically not possible” by ISPs, with warnings that the end result of following such a path is “a walled garden of sites the government is happy for you to see” according to ISP Timico CTO Trefor Davies. The plans – which are intended to “protect children” according to UK Culture Minister Ed Vaizey – have also been criticized by digital liberties activists as an attempt to sneak in “generalised censorship through the back door.”
Jim Killock, chair of the Open Rights Group, suggests that “if the government controlled a web blacklist,” such as has been suggested for the ISP smut-block scheme, “you can bet that Wikileaks would be on it.” However, as far as ISPs are concerned, it’s unlikely the project would even get to that stage. “You end up with a system that’s either hugely expensive and a losing battle because there are millions of these sites or it’s just not effective,” Davies said, “the cost of putting these systems in place outweigh the benefits, to my mind.”
Davies too is concerned that the government may have other forms of content block in mind when it envisages the system, and UK regulators have come out in favor of parents being responsible for managing what their children access online. However, according to Vaizey the internet industry may have to act more decisively nonetheless; “I’m hoping they will get their acts together so we don’t have to legislate,” he said, “but we are keeping an eye on the situation and we will have a new communications bill in the next couple of years.”
The Wall Street Journal conducted an investigation recently were it took 101 apps on the iPhone and Android smartphones and looked at the information that the apps shared with third parties about the user. The WSJ found that 56 of the apps in the investigation sent the smartphones unique device ID to other companies without the user knowing or agreeing to the sharing. 47 of the apps sent the phones location to third parties, and five of the apps sent age, gender, and personal details to outsiders.
The data is mostly sent to ad companies so they can tailor ads to the user’s history for better results. The WSJ says that the app that shares the most personal info is an iPhone app called TextPlus 4. The app sent the unique ID of the device to eight ad companies and also sent the zip code, user’s age, and gender to two more firms.
The iPhone and Android diversion of Pandora was a big offender sending age, gender, location, and phone identifier to ad networks. The Android and iPhone game Paper Toss also sent the phone ID to five ad firms. The WSJ also claims that most of the developers of these apps have no user privacy policy in place.
The UK government is apparently considering plans that could see pornographic content blocked by default to home internet connections, with households required to opt-in to XXX-rated entertainment. According to The Sunday Times [subscription required], key UK ISPs will be meeting in January 2011 to discuss the proposals, which some government ministers are describing as tackling the “wild west” internet.
According to Conservative MP Claire Perry, the proposals “are not coming at this from an anti-porn perspective.” Instead, she and government peers “just want to make sure our children aren’t stumbling across things we don’t want them to see.”
UK ISPs are apparently already complaining that such blocking measures would be both technically tricky and expensive to implement. It’s worth noting that UK mobile data networks already have adult-content blocks in place, requiring validation – by credit card or other methods – that users are over 18 if they want to access websites carriers believe contain media unsuitable for minors.
First Mozilla detailed its “do not track” system for Firefox, and now Google has announced its own version for Chrome. Keep My Opt-Outs is a Chrome browser extension that takes advantage of ad industry regulations around personalized web adverts; basically, it lets surfers permanently opt out of ad tracking.
Facebook 
