Please be patient as we look at ways to revamp this site. During this process you may encounter an occasional broken link, missing image, and other messy stuff. We're sorry. You were warned. Price of progress, and all.
Tuesday, February 05, 2019
I bought my first record in the summer of 1964. It was a Beach Boys single, "I Get Around." It was not a stunning example of sophisticated literary poetics:
I'm gettin' bugged driving up and down the same old strip
I gotta find a new place where the kids are hip
Yeah, well. It's not Leonard Cohen, Kris Kristofferson, or Bob Dylan, but I loved it. I was crazy about the Beach Boys. I eventually succumbed to Beatlemania, but for a few years I was a confirmed Beach Boys fanatic.
We all were fanatics about one thing or another. And, somehow, we had money to spend on the fads of the day: In the 50s it was Hula-Hoops; Davey Crockett-style coonskin caps; Slinky; and of course, music by Elvis (never really "the king" for me), The Big Bopper, and Fats Domino. In the 60s, we went for bell-bottoms; Beatle boots; balsa-wood airplanes; lava lamps; banana seats on bicycles; granny glasses, slot cars, and of course, music by Paul Anka (I feel really bad about that one), Frankie Avalon (OK, that one, too), the Beach Boys, the Beatles, The Doors, The Jefferson Airplane, and dozens more. (There are probably photos of me wearing bell-bottoms and granny glasses, but these photos will never see the light of day. Why? Because I did all of my stupid sh*t before there was an Internet.)
Not only did we have the money to purchase such items, but advertisers, beginning in the 1950s, knew we had money -- or, through our parents, access to money. Suddenly, teenagers were a potential revenue stream, a big one. Not only that, they became, to a much greater extent than in previous years, what the Saturday Evening Post (yes, it still exists -- online, at any rate) calls the "chief financial officers of family spending." They were -- and remain -- what today we would call important influencers.
The bottom line (so to speak) is that teens are worth a lot of money. And if you think that advertisers are going to ignore that influence, well . . . ha, ha, ha, boy, are you dumb.
In the last edition of The Geekly Weekly I took Google to task over its blatant attempt to bribe users by paying them to enter personal info via its "Google Survey" app, but Facebook has gone them one better: Zuckerberg and his associates have now released "Facebook Research," an application that, upon installation, requests high levels of access to users' devices, thus enabling The Zuck to collect vast amounts of information about the user. Even the very young user. (The program is really just a rebranded version of an application called Onavo, created earlier by an Israeli company owned by -- you guessed it -- Facebook.) While the app requires "parental consent" before use, really that's just a simple tick-box that anyone -- including your 11-year-old -- could click. This probably satisfies the COPPA legal requirements, but let's face it: young users may not even understand what it is that they're agreeing to.
And what they're agreeing to is this: Facebook will pay you $20 per month if you let them collect scads of info about you and your habits, including your phone and Web use. That's what your privacy is worth. $20. (Apple has already jumped on this, telling Facebook that it can no longer distribute the app. You never could download it from Apple, but Facebook had been distributing the iPhone version of the app from its own site, a practice which Apple has now disallowed. So far, Google has not followed Apple's lead.)
Now, if you're willing to give up your privacy for $20 a month, then I suppose that's your business: you are, I assume, a functioning adult, able to make such decisions on your own behalf. But what about your son or daughter? Or your niece or nephew? Does your 14-year-old possess the intellectual wherewithal, the demonstrated maturity required to make such a decision? As I think back to my teenage years, I'm pretty sure that I was not equipped to make smart decisions about such things. Or, come to think of it, about most things.
Monday, December 03, 2018
I must have the people over at Google thoroughly confused. They now think that I am an impoverished-but-wealthy black, gay, Jewish female who is into cooking and who races Formula I cars in France on the weekends. I'll get to why they think this in a moment. (This is assuming that there are people at Google, and that these days it's not simply a pulsating, gelatinous glob of algorithmically driven hive-mind protoplasm. Although that would be very cool too, and would make an awesome B movie. It's too bad that Tab Hunter is dead.)
You see, like Facebook, Twitter, and the rest, Google has always been about collecting, manipulating, and mining the data we happily supply it. The Goog then takes the data and sells it to people who use it to sell stuff to us, sometimes further manipulating and mining the data along the way. In this fashion, marketers can build up surprisingly accurate—and often chillingly complete—dossiers on us. These are used to present to us items for sale in which we may be interested. (This is only a little unsettling, and could even be helpful.) Sometimes the marketers use the information they've purchased from The Goog in order to sell us things related to things they know we like. For instance, if I've purchased vinyl records, it's probably a good guess that A) I'm interested in turntables and B) I may have a man-bun. If I've purchased (or even simply viewed) a baseball glove from an online vendor, it’s a decent bet that I could be interested in, say, sports memorabilia, season tickets to a sporting event, or perhaps a particular brand of sportswear. (That's getting just a bit creepy.) But what if I have not viewed or commented on or reviewed an item, let's say a guitar, but I have friends who have done those things? For a marketer or data salesperson, it's perfectly reasonable to assume that, since people with like interests tend to hang out together, I may begin seeing guitar-related ads on my various social media feeds or in sidebar ads on websites that I happen to frequent, not because I've looked at such items online, but because my friends have done so. (Okay, now we're getting a seriously creepy.)
What we've encountered here is what some social scientists have called "dataveillance." We're being surveilled digitally, based on the data trail we leave when we traverse the Web. Now, that's not always a terrible thing: sometimes these ads are helpful, just as Facebook's "people you may know" list is occasionally useful and surprisingly accurate.
But we have very little control (read: almost no control) over how that data is used. The real issue with dataveillance, as Cornell University's Helen Nissenbaum has noted, is that it often constitutes a violation of what she calls "contextual integrity." We give someone certain information with a particular understanding of the context in which that information is to be used. I don't mind giving my doctor very private information about myself and my (growing number of) physical ailments. But I would mind very much if she were to share that information with a drug rep or insurance salesman. I explicitly give The Goog data about my travels on the Web, but I did not (knowingly and willingly) give The Goog permission to mine that data, manipulate it, compare it to my friends' data, and then sell it to people who will further refine it and who may then turn around and resell it or combine it with other datasets, the existence of which I am unaware. (If you're dying to read more about Dr. Nissenbaum's work, I interviewed her for my book, which—not at all coincidentally—is available here.)
Of course, The Goog pretends that this is all harmless and that its data collection is benign, incidental, and in fact helpful.
Except that they're not even pretending anymore. You may have encountered a Google program called Google Opinion Rewards. If you sign up, The Goog will pay you to fill out "opinion surveys." For each brief survey, Google will add from 10 to 30 cents or so to your Google Play account; you can then turn around and use that money to buy books, music, apps, etc. on the Google Play store.
But these surveys rarely actually ask your opinion about something. By and large, The Goog doesn't want to know what you think; it wants to know what you are. How much money you make. Whether you rent or own. What sort of car you drive, and if you're likely to be in the market for a new one soon. Here are some sample survey questions:
- What is the likelihood that you will get a flu shot this year?
- Did anyone in your household get food stamps . . . In 2017?
- What is the combined income of all members of your family in 2017?
- Are you covered by any kind of insurance or health plan . . . ?
- What medical condition or concern are you most embarrassed to ask your doctor about?
- Which [of the following categories] best describes your political views?
These are sent to you with the disclaimer that they will be used "to show you more relevant advertising" or to "improve Google products." (Which is more than a little ironic, given that, in the end, you are the product.)
But I've gamed the system: I simply give wildly inaccurate (and often contradictory) answers to the survey questions. Thus, The Goog is now completely confused about who I am, which is only fair, given that I am also confused about who I am. (I mean, in an existential sense, aren't we all confused about who we are, about our place in the world? My personal existential crisis begin in 1973 with an attempt to understand the lyrics to songs by the Steve Miller band.) I think it's only fair that Google's algorithms should be just as confused as the rest of us. Perhaps the algorithm in charge of all of Google's other data-mining algorithms has called an 8 a.m. meeting to discuss what went wrong and to argue about which of the junior algorithms was supposed to bring doughnuts to the meeting.
Wednesday, August 29, 2018
They killed Margaret Clitherow on the 25th of March, 1586. They did it very slowly, by laying her own front door on top of her and then piling rocks on top of it until she was crushed to death, a process called "pressing." It took about 15 painful minutes for her to die. (Which is nothing compared to the ordeal of 81-year-old Giles Corey of Salem, Massachusetts. Corey was pressed to death for refusing to plead after having been accused of witchcraft. He was a stubborn old man. It took him 3 days to die, and each time his torturers asked him if he was ready to plead, he is said to have responded by crying, "More weight!") Margaret's crime was not witchery, it was that she belonged to the wrong religion at the wrong time. She was a Catholic (and was later sainted), which was not exactly a crime at the time, though it was mightily frowned upon. What was a crime was harboring Catholic priests and failing to attend the prescribed and approved church. (Keep this in mind when you hear someone argue for the compulsory presence of religion in schools, in politics, and in society in general. Be sure to ask them which religion they're talking about. After all, you wouldn't want to select the wrong one.) Margaret failed to attend church and she harbored priests, and then—like Corey—refused to plead. (They refused to plead because that way their families, including children, could not be called to trial and tortured until they gave "evidence," which would then give the authorities the right to repossess any land or other property belonging to the family.) Corey and Clitherow suffered excruciating deaths largely to spare their families; they were tougher than you and me.
|The Black Swan Inn in York, where Margaret Clitherow is said to|
have housed priests hiding from the authorities. Image copyright
Peter Church and licensed for reuse under the Creative
Commons Attribution-ShareAlike 2.0 license.
Facebook collects information about us—about you and me. A lot of information. Then they sell that information (supposedly anonymized and aggregated) to their "partners," companies that wish to sell us goods.
How much data, you ask? Well, you can find out for yourself fairly easily. Just go to your Facebook settings; then select Settings and then click “Download a copy of your Facebook data.” The company will send you a ZIP file containing about 25 folders, each of which contains several HTML documents full of data the company has collected about you. (The complete process is nicely explained here: https://tinyurl.com/ybpp7drb.) I did that, and it was an enlightening process.
Here's just some of what Facebook sent me:
A 'Stuff About Me' folder containing face recognition data and address book info (friends, institutions, etc., going back 2 yrs)
An 'ADS' folder containing:
o Ad interests: 41 pgs of data, 1329 items, ranging from academy awards to action movies, from MacBooks to Method acting, from Smartphones to Sonny Bono (?!), and from tattoos to time travel.
o An ‘Advertisers Who Uploaded a Contact List With Your Information’ document, whiuch was explained thusly: "Advertisers who run ads using a contact list they uploaded that includes contact info you shared with them or with one of their data partners."
· This included a list of 211 advertisers, from AARP to Zappos
o Advertisers I've interacted with (which consisted of about 100 clicked ads)
An ‘Apps and Websites’ folder: Apps I've used Facebook to log into (stretching back to 2013)
A document containing every FB post on which I've commented—including the text of the comment—going back to 2013
o A list of every person I'm following and every person who's following me, every page I've ever Unfollowed, and every person I've "friended" and when (dating back to 2009)
A ‘Posts and Comments’ document that included every "like" (or any other reaction) I've posted on a post or comment
A ‘Location History’ folder. Mine is empty, since I've never "checked in" or otherwise informed FB of my location. (But you may have.)
A list of every FB message I've sent or received and from/to whom
A ‘Photos & Videos’ folder containing every… Well, you get the idea.
o Security & Log-In Info that included session cookies updated (148 MS Word pages, about 7,000 or so cookies), all devices authorized to log in (back to 2013) , and a list of where I've logged in from and when
A document listing my complete search history
And a handy Index.html doc that lets you get to all of this stuff a lot more easily than poking around in every damned folder, which is what I did. Unfortunately, I found this document last.
As you can see, that's a lot of information about me—and honestly, I'm a pretty boring person! Really. You can ask anyone.
|He doesn't look like an evil person, does he? At least, he didn't back|
in his Harvard days. Image licensed under the Creative Commons
Attribution 2.5 Generic license.
I don't like that.
Really, most of these bits of data are relatively insignificant. If any one or two or five of them got out in public or were sold to a marketer, it probably wouldn't matter much. But, like the stones that killed Giles Corey and Margaret Clitherow, eventually, the combined weight of the stones reaches a critical mass and that one last stone finishes you off. Facebook has collected a LOT of stones, enough to build a fairly accurate—and quite valuable—dossier on every one of its over 2 billion customers. Eventually, we might end up being crushed by those stones.
Sunday, July 15, 2018
I generally don't write about politics here; after all, this blog is supposed to be a discussion about technology and writing. But sometimes technology and politics overlap, as in this case.
In Ch. 8 of Leveling the Playing Field (which I'm sure you've all read!), I talked about the advent of 3D printing and how it has changed manufacturing, mostly for the better. But not always for the better. One significant worry I had (and have) about 3D printing is that it can enable the proliferation of homemade weaponry, including very accurate reproductions of weapons such as the venerable 1911 semiautomatic pistol and the AR-15-type rifles that have been used in so many mass shootings over the past few years.
Now, I own weapons. I like to think of myself as one of those "responsible gun owners" we hear about. I own guns for sport, for protection, and for hunting. But I don’t believe that just anyone should be able to own just any gun, nor do I think there is anything wrong with having to pass background checks in order to purchase a weapon or being required to register many types of firearms. I'm not anti-gun; I'm anti-idiot.
|Lesley is not a big gun person, but she has gone shooting with|
me a couple of times. Naturally, it turns out that she's an
Of course, what I think doesn't matter much, and just how little it matters was brought home to me a couple of weeks ago when the Department of Justice surrendered to a "First Amendment" argument that a 3D data file representing a weapon was in fact protected free speech and could be hosted on (and downloaded from) a public-facing website. (The suit was filed by Cody Wilson, the inventor of the Liberator 3D-printed pistol about which I wrote in the book.) After a long, drawn-out court case, it appears that the DOJ has quietly settled with Wilson, whose stated goal has been to moot the gun control debate by showing that it can't be controlled. In the words of a recent Wired Magazine article, the DOJ promised to:
…change the export control rules surrounding any firearm below .50 caliber—with a few exceptions like fully automatic weapons and rare gun designs that use caseless ammunition—and move their regulation to the Commerce Department, which won't try to police technical data about the guns posted on the public internet.
Basically, this means that Wilson and his supporters have won the war. They've successfully blurred the line between the First and Second Amendments, guaranteeing that anyone can design and/or download-3D printer-compatible plans to just about any firearm. And, as any hacked corporation or repressive government can tell you, it's very, very difficult to police digital data. Even if you wanted to hide it (which Wilson and his allies do not), the data would get out; after all, it's just information. And these days, information (and misinformation) is pretty much everywhere.
I don't really worry much about Wilson himself. He's an intelligent and seemingly stable young man, just one with whom I disagree politically. I'm not worried that he's about to snap and become a mass murderer. But I wonder how many mass murderers he's about to enable. Even one would be too many, I would think.
Some have drawn an analogy to an automobile--another tool that kills many thousands every year, pointing out that it is possible to build a motorized vehicle. But there are differences. The purpose of an automobile is not to kill people, of course. Like a hammer or other tool, it can be used to hurt people, but that's a misapplication of the tool, not its purpose. And it's certainly true that I could collect or (even build) parts and create a car. (Well, in my case, I'd have to make a few phone calls to my friend George Kelley, if I wanted the car to actually run.) But look what happens when I'm finished building this car, this tool capable of killing thousands every year: I'd have to license and register it. And I would myself have to be tested and licensed if I wanted to use the car.
I'm fine with having to register my car and license its driver. I'm also fine with having to register certain firearms and with having to license their users. But this technology—and the DOJ's capitulation to Wilson and the other plaintiffs—will make it very difficult to police the proliferation of this weaponry. Even if the authorities were to confiscate my weapon on some grounds (perhaps I'm a felon, perhaps I violated a restraining order, perhaps I've shown myself to have anger issues and have committed assaults), I could simply go home and (assuming I own the proper equipment), press a button, and go have dinner. By the time I'm finished with my after-dinner port (not that I would drink port—who the hell drinks port?!), I'd have a nice shiny new .45 pistol or an AR-15 receiver sitting in my printer.
And if I could do that, what could an angry ex-husband or wife do? What could a gang or a cartel do?
Monday, June 04, 2018
Lesley and I have been crossing a lot of bridges lately. (I mean the literal kind, not the metaphorical ones.) First in our trailer and now in our motorhome, we've been doing a lot of driving throughout the Pacific Northwest and Northern California, and there's plenty of water here—entire oceans of it, in fact. And where there is water, there are—not surprisingly—bridges to enable us to cross that water.
Early on, this was nerve-wracking. Towing a 19' trailer across a bridge with a fairly small Chevy pickup truck, trying to stay in the middle of what seemed a terrifyingly narrow lane was, at first, pretty scary—especially if the wind was up. We eventually got used to the feeling of being suspended on this thin concrete-and-steel lifeline hundreds of feet above the water, dragging all of our worldly goods behind us. Eventually, we got to the point where we could cross a bridge, even a narrow one, without giving it too much thought. Now we do the same thing in a somewhat larger motorhome. And, as expected, it was frightening at first, but eventually became second nature. Other than making sure that it’s not too windy, we now cross bridges without giving the crossing a second thought.
But even at our most terrified, one thing we never worried much about was the integrity of the bridge itself. We might veer off of the bridge, or be blown off of it, or be pushed off by a trucker who'd lost his brakes or been blown into another lane, but we never thought, "Oh, my God! What if the bridge falls down?!" Circumstances might intervene to do us damage, but the bridge itself would stand, we could be pretty sure.
|Sometimes the "guarantee" is implied by a sign that you can|
see before you get on the bridge itself. (Image in the public
Bridges are usually massive and are guaranteed to carry a certain amount of traffic. The Yaquina Bay Bridge, which we cross almost every week, was built in 1936, one of a series of bridges designed by Conde B. McCullough. It is over 3,000 feet in length, and it stands 133 feet above the water at its highest point. It contains 30,000 cubic yards of concrete and over 3,000 tons of steel. As I said, massive. (And this bridge is quite small compared to many other suspension bridges around the world.) And because it's so substantial and so well-designed, the bridge is guaranteed to be able to hold the weight of the traffic crossing it.
Which brings us to software.
When I was heading up the software development team for a publishing company in Texas, the powers-that-be (of which I was most assuredly not one) decided that all of our programmers would be given a new title: henceforth, they would all be known not as developers or programmers, but as "software engineers." I really didn't care what they were called, so long as they showed up at the office and did cool programmy things, preferably while wearing shoes and long pants. And to tell the truth, the programmers didn't care, either. You could call them whatever you wanted; as long as they got paid and had snacks and got to do cool software things, they were happy. (And most of them wore shoes and long pants most of the time.)
But one of my developers emphatically did not want to be called a "software engineer." This man—we'll just call him "John," because, well, that was his name—felt that as programmers, they did not deserve to be called engineers. The programming profession, he felt, was not precise enough, nor its results predictable enough, to be called "engineering." Engineering, he said, meant that the end result, the product, was designed in such a way that the builders could guarantee the outcome of its use.
The example he used was, in fact, a bridge. A bridge is designed and built and guaranteed to carry a certain amount of weight. If built correctly, it will in fact carry that weight, and it will do so for a specified period of time.
Software, on the other hand, is never guaranteed. It's too complex and used in too many different environments for the developer to absolutely guarantee that it will function as designed. And sure enough, if you go looking for guarantees for software you've purchased (or, more likely, licensed), you will find a lot of vague legal-ese that basically boils down to "This really should work, but if not, well, we're not responsible. Sorry." If you go looking for remedies for failure, you'll find that those remedies are almost always limited to replacement of the media on which the software was supplied. (Which is even more meaningless these days, since most of your software was probably downloaded or is provided as a cloud service.)
John felt that, until programming had evolved to the point where designers and programmers could guarantee their work, then it was not deserving of the name engineering, and he would rather just have his title listed as "Programmer" on his business card.
I sympathized with John and told him that I would convey his feelings to the aforementioned powers-that-be. I did so, and the PTB explained to me that they were going to do exactly what they had intended to do all along, that John's title was now "Software Engineer," and that I should now scuttle back to my dark and forbidding lair and prepare for the next in a seemingly endless series of product delivery deadlines.
I returned to John, gave him the bad news, and sympathized heartily with him, while patting him gently on the shoulder. Then I asked him to please put his shoes back on.
He was right, though.
Sunday, April 22, 2018
A couple of months earlier, it was Cambridge Analytica in the crosshairs of privacy supporters everywhere, after the data mining firm collected similar data and used it to help Republican candidates in their various bids for election. The catch there was that CA may have drifted into the realm of illegality by assigning non-US citizens to work on the campaigns. Technically, those non-citizens could in fact collect and analyze data, but the company was advised that it must not allow those non-citizens to "play strategic roles including the giving of strategic advice to candidates, campaigns, political parties or independent expenditure committees.” Which, of course, is exactly what they did. According to former CA employee-turned-whistleblower, Chris Wylie, ". . . there was no one American involved in [one campaign] . . . it was a de facto foreign agent, working on an American election."
|Alexander Nix, CEO of Cambridge Analytica at Web Summit 2017|
in Lisbon. Image used under the Creative Common Attribution 2.0
There's a big difference between these two scenarios. To take the second case first, had CA simply collected and analyzed data and then handed it over to a (in this case, Republican) campaign to use, no laws would have been broken; the data itself is out there for anyone to collect, aggregate, and use for any (legal) purpose. The company's mistake was in assigning foreigners to strategic duties that could affect a US election campaign. Some privacy supporters may have chafed at the use of PII (personally identifiable information) for purposes counter to their beliefs (read: we Democrats were not happy that the data was used to help Republican candidates) and without their knowledge or consent, but the reality is that you put that data out there. Why would various companies not collect and use it? (And let's be honest: Would the hue and cry among us libs have been quite as loud had the data been used to help Democratic candidates? I don't think so.)
Which brings me to the first case, one which involves a far more common—and perfectly legal—activity. We worry a great deal about privacy, but seemingly not enough to not place our entire lives out there on the Internet for the world to see. It's been said many times, but apparently it needs repeating: NOTHING YOU DO ON THE INTERNET IS PRIVATE. This is especially true when you post information that can be used against you or can be used to help people profile you and then use that profile to sell you things, including political candidates.
Alternatively, but quite commonly, such information is used by social engineers to scam you or talk you or one of your contacts into giving up names, passwords, and other data that ought to be kept confidential. Most so-called hacks actually start with a social engineering exploit, and most of those are predicated on data the scammer found on social media.
|He looks so young and innocent, doesn't he? And he might|
have been, back then. This is Mark Zuckerberg in his
Harvard dorm room back in 2005. Image used under the
Creative Commons Attribution 2.5 Generic license.
The thing is that a seemingly insignificant and innocuous Facebook, Instagram, or Snapchat post can tell marketers and thieves (one assumes that there is a difference) a great deal about you, your habits, your location, your typical travel plans, etc. I can trawl (not troll; well, I suppose I could do that, too) through Facebook and know who is on vacation, where they went, and when they'll return. I know what you like to eat. What you like to wear. I know your marital status—and if I dig a little, I might even be able to figure out if that marriage is in trouble. Got a public Amazon wish list? I know your hobbies, your future renovation plans, what musical instruments you play, what pets you have, and what kind of books you read. I also know if you're into essential oils and have an Apple Watch. (Why else would you list an Apple Watch Stand and a wireless charger on your wish list?) I know if you curl your hair, and whether you're a Mac person or a Windows person. (All of this goes double if you click the little Facebook "I just bought…" icon that pops up when you make an Amazon purchase.)
I have security tools that some may lack, but I'm no security whiz. Nonetheless, if your phone has its geolocation turned on, I can see many of the Facebook, Pinterest, Snapchat, and other posts you make, and I can track them by name, by date, by keyword, and by the location from which they were sent. To do this, I use a piece of software that's often used by law enforcement officers, but the truth is that anyone can buy access to it. But the reason the software can access the data to begin with is that we put that information out there to be found.
If I were smart enough to write an algorithm that could collect, aggregate, and collate all of this information, I could know all about you. (No worries; I'm not smart enough. Then again, I know people who are.) That's all that Localblox did: the company wrote software that scraped information from social media sites, aggregated it, and created code that pieced the information together and built individual portfolios. (And then they stupidly left it out there unprotected for a security researcher to find.)
|If you lived in New York in 1948 and were one of the few people|
who owned a television, this woman really wanted to sell you a
faucet aerator. Image in the public domain.
Facebook has over 2 billion users. WhatsApp has 1.5 billion. Instagram has almost a billion. These are big numbers. And big numbers translate to big dollars. Dollars they make by selling information about us, because we were dumb enough to put that information out there to be sold. As others have said, when it's being given to you for "free" (and this includes network television), you're not really a customer—you're the product.