Wednesday, September 23, 2020
Excuse Our Digital Dust
Tuesday, February 05, 2019
Et Tu, Facebook?
I bought my first
record in the summer of 1964. It was a Beach Boys single, "I Get
Around." It was not a stunning
example of sophisticated literary poetics:
I'm
gettin' bugged driving up and down the same old strip
I
gotta find a new place where the kids are hip
Yeah, well. It's not
Leonard Cohen, Kris Kristofferson, or Bob Dylan, but I loved it. I was crazy about the Beach Boys. I eventually
succumbed to Beatlemania, but for a few years I was a confirmed Beach Boys fanatic.
 |
A young girl with her hula hoop in 1958. The longest verified record for
continuous hula hoop spinning is held by Aaron Hibbs from Columbus,
Ohio; in 2009, he kept a hoop spinning for 74 hours and 54 minutes.
Why he did this, we're not sure. Photo placed in the public domain by
photographer George Garrigues.
|
We all were fanatics about one thing or another. And, somehow, we had money
to spend on the fads of the day: In the
50s it was Hula-Hoops; Davey Crockett-style coonskin
caps; Slinky; and of course, music by Elvis (never really "the king"
for me), The Big Bopper, and Fats Domino. In the 60s, we went for
bell-bottoms; Beatle boots; balsa-wood airplanes; lava lamps; banana seats on
bicycles; granny glasses, slot cars, and of course, music by Paul Anka (I feel really bad about that one), Frankie Avalon (OK, that one, too), the Beach Boys,
the Beatles, The Doors, The Jefferson Airplane, and dozens more. (There are
probably photos of me wearing bell-bottoms and granny glasses, but these photos
will never see the light of day. Why? Because I did all of my stupid sh*t before there was an Internet.)
Not only did we have
the money to purchase such items, but advertisers, beginning in the 1950s, knew we had money -- or, through our parents, access to money. Suddenly, teenagers were a
potential revenue stream, a big one. Not only that, they became, to a much
greater extent than in previous years, what the Saturday
Evening Post (yes, it still exists -- online, at any rate) calls the
"chief financial officers of family spending." They were -- and
remain -- what today we would call important influencers.
 |
| The Doors were without a doubt the coolest band I had seen perform live in my (very) young life. When I was in junior high school, they (along with several other bands, including the Jefferson Airplane and the Nitty Gritty Dirt Band) did a show on the football field of what would be my high school in a year or two. Photo in the public domain. |
The bottom line (so
to speak) is that teens are worth a lot of
money. And if you think that advertisers are going to ignore that influence,
well . . . ha, ha, ha, boy, are you dumb.
In the last edition
of The Geekly Weekly I took Google to task over its blatant attempt to bribe users by paying them to
enter personal info via its "Google Survey" app, but Facebook has
gone them one better: Zuckerberg and his associates have now released
"Facebook Research," an application that, upon installation, requests high
levels of access to users' devices, thus enabling The Zuck to collect vast
amounts of information about the user. Even the very young user. (The program is really just a rebranded version of an application called Onavo, created earlier by an Israeli company owned by -- you guessed it -- Facebook.) While the app
requires "parental consent" before use, really that's just a simple
tick-box that anyone -- including your 11-year-old -- could click. This
probably satisfies the COPPA
legal requirements, but let's face it: young users may not even understand what
it is that they're agreeing to.
 |
| Mark Zuckerberg in 2018. Photo by Anthony Quintano and used under the Creative Commons 2.0 license. |
And what they're
agreeing to is this: Facebook will pay you $20 per month if you let them
collect scads of info about you and your habits, including your phone and Web
use. That's what your privacy is worth. $20. (Apple has already jumped on this,
telling Facebook that it can no longer distribute the app. You never could
download it from Apple, but Facebook had been distributing the iPhone version of the app from its own site, a practice which Apple has now disallowed. So far, Google has not followed Apple's lead.)
Now, if you're
willing to give up your privacy for $20 a month, then I suppose that's your
business: you are, I assume, a functioning adult, able to make such decisions
on your own behalf. But what about your son or daughter? Or your niece or
nephew? Does your 14-year-old possess the intellectual wherewithal, the
demonstrated maturity required to make such a decision? As I think back to my
teenage years, I'm pretty sure that I was not equipped to make smart decisions
about such things. Or, come to think of it, about most things.
Monday, December 03, 2018
A Lack of (Contextual) Integrity
I must have
the people over at Google thoroughly confused. They now think that I am an
impoverished-but-wealthy black, gay, Jewish female who is into cooking and who
races Formula I cars in France on the weekends. I'll get to why they think this
in a moment. (This is assuming that there are
people at Google, and that these days it's not simply a pulsating, gelatinous
glob of algorithmically driven hive-mind protoplasm. Although that would be
very cool too, and would make an awesome B movie. It's too bad that Tab Hunter
is dead.)
You see, like
Facebook, Twitter, and the rest, Google has always been about collecting,
manipulating, and mining the data we happily supply it. The Goog then takes the
data and sells it to people who use it to sell stuff to us, sometimes further
manipulating and mining the data along the way. In this fashion, marketers can
build up surprisingly accurate—and often chillingly complete—dossiers on us.
These are used to present to us items for sale in which we may be interested.
(This is only a little unsettling, and could even be helpful.) Sometimes the
marketers use the information they've purchased from The Goog in order to sell
us things related to things they know we
like. For instance, if I've purchased vinyl records, it's probably a good guess
that A) I'm interested in turntables and B) I may have a man-bun. If I've
purchased (or even simply viewed) a
baseball glove from an online vendor, it’s a decent bet that I could be
interested in, say, sports memorabilia, season tickets to a sporting event, or
perhaps a particular brand of sportswear. (That's getting just a bit creepy.)
But what if I have not viewed or
commented on or reviewed an item, let's say a guitar, but I have friends who have done those things? For a
marketer or data salesperson, it's perfectly reasonable to assume that, since
people with like interests tend to hang out together, I may begin seeing
guitar-related ads on my various social media feeds or in sidebar ads on
websites that I happen to frequent, not because I've looked at such items
online, but because my friends have done
so. (Okay, now we're getting a seriously creepy.)
What we've
encountered here is what some social scientists have called
"dataveillance." We're being surveilled digitally, based on the data
trail we leave when we traverse the Web. Now, that's not always a terrible
thing: sometimes these ads are helpful, just as Facebook's "people you may
know" list is occasionally useful and surprisingly accurate.
But we have very
little control (read: almost no control)
over how that data is used. The real issue with dataveillance, as Cornell
University's Helen Nissenbaum has noted, is that it often constitutes a
violation of what she calls "contextual integrity." We give someone
certain information with a particular understanding of the context in which
that information is to be used. I don't mind giving my doctor very private
information about myself and my (growing number of) physical ailments. But I
would mind very much if she were to share that information with a drug rep or
insurance salesman. I explicitly give The Goog data about my travels on the
Web, but I did not (knowingly and
willingly) give The Goog permission to mine that data, manipulate it, compare
it to my friends' data, and then sell it to people who will further refine it
and who may then turn around and resell
it or combine it with other datasets, the existence of which I am unaware. (If
you're dying to read more about Dr. Nissenbaum's work, I interviewed her for my
book, which—not at all coincidentally—is available here.)
Of course, The Goog
pretends that this is all harmless and that its data collection is benign,
incidental, and in fact helpful.
Except that they're
not even pretending anymore. You may have encountered a Google program called
Google Opinion Rewards. If you sign up, The Goog will pay you to fill out "opinion surveys." For each brief
survey, Google will add from 10 to 30 cents or so to your Google Play account;
you can then turn around and use that money to buy books, music, apps, etc. on
the Google Play store.
But these surveys
rarely actually ask your opinion about
something. By and large, The Goog doesn't want to know what you think; it wants
to know what you are. How much money you
make. Whether you rent or own. What sort of car you drive, and if you're likely
to be in the market for a new one soon. Here are some sample survey questions:
- What is the likelihood that you will get a flu shot this year?
- Did anyone in your household get food stamps . . . In 2017?
- What is the combined income of all members of your family in 2017?
- Are you covered by any kind of insurance or health plan . . . ?
- What medical condition or concern are you most embarrassed to ask your doctor about?
- Which [of the following categories] best describes your political views?
These are sent to
you with the disclaimer that they will be used "to show you more relevant
advertising" or to "improve Google products." (Which is more
than a little ironic, given that, in the end, you
are the product.)
But I've gamed the
system: I simply give wildly inaccurate (and often contradictory) answers to
the survey questions. Thus, The Goog is now completely confused about who I am,
which is only fair, given that I am also confused
about who I am. (I mean, in an existential sense, aren't we all confused about who we are, about our place
in the world? My personal existential crisis begin in 1973 with an attempt to
understand the lyrics to songs by the Steve Miller band.) I think it's only
fair that Google's algorithms should be just as confused as the rest of us.
Perhaps the algorithm in charge of all of Google's other data-mining algorithms
has called an 8 a.m. meeting to discuss what went wrong and to argue about
which of the junior algorithms was supposed to bring doughnuts to the meeting.Wednesday, August 29, 2018
Facebook: Killing Us One Stone At A Time
They
killed Margaret Clitherow on the 25th of March, 1586. They did it very slowly,
by laying her own front door on top of her and then piling rocks on top of it until
she was crushed to death, a process called "pressing." It took about 15 painful minutes for her to die. (Which
is nothing compared to the ordeal of 81-year-old Giles Corey of Salem,
Massachusetts. Corey was pressed to death for refusing to plead after having
been accused of witchcraft. He was a stubborn old man. It took him 3 days to
die, and each time his torturers asked him if he was ready to plead, he is said
to have responded by crying, "More weight!") Margaret's crime was not
witchery, it was that she belonged to the wrong religion at the wrong time. She
was a Catholic (and was later sainted), which was not exactly a crime at the
time, though it was mightily frowned upon. What was a crime was
harboring Catholic priests and failing to attend the prescribed and approved
church. (Keep this in mind when you hear someone argue for the compulsory presence of
religion in schools, in politics, and in society in general. Be sure to ask
them which religion they're talking about. After all, you wouldn't want
to select the wrong one.) Margaret failed to attend church and
she harbored priests, and then—like Corey—refused to plead. (They refused to
plead because that way their families, including children, could not be called
to trial and tortured until they gave "evidence," which would then
give the authorities the right to repossess any land or other property
belonging to the family.) Corey and Clitherow suffered excruciating deaths largely
to spare their families; they were tougher than you and me.
 |
| The Black Swan Inn in York, where Margaret Clitherow is said to have housed priests hiding from the authorities. Image copyright Peter Church and licensed for reuse under the Creative Commons Attribution-ShareAlike 2.0 license. |
Facebook
collects information about us—about you and me. A lot of information.
Then they sell that information (supposedly anonymized and aggregated) to their
"partners," companies that wish to sell us goods.
How
much data, you ask? Well, you can find out for yourself fairly easily. Just go
to your Facebook settings; then select Settings and then click “Download a copy
of your Facebook data.” The company will send you a ZIP file containing about
25 folders, each of which contains several HTML documents full of data the
company has collected about you. (The complete process is nicely explained
here: https://tinyurl.com/ybpp7drb.)
I did that, and it was an enlightening process.
Here's just some of what
Facebook sent me:
A 'Stuff About Me' folder containing face
recognition data and address book info (friends, institutions, etc., going back
2 yrs)
An 'ADS' folder containing:
o Ad interests: 41
pgs of data, 1329 items, ranging from academy awards to action movies, from MacBooks
to Method acting, from Smartphones to Sonny Bono (?!), and from tattoos to time
travel.
o An ‘Advertisers Who
Uploaded a Contact List With Your Information’ document, whiuch was explained
thusly: "Advertisers who run ads using a contact list they uploaded that
includes contact info you shared with them or with one of their data
partners."
· This included a list of 211 advertisers, from
AARP to Zappos
o Advertisers I've interacted
with (which consisted of about 100 clicked ads)
An ‘Apps and Websites’ folder: Apps I've used
Facebook to log into (stretching back to 2013)
A document containing every FB post on which I've
commented—including the text of the comment—going back to 2013
o A list of every
person I'm following and every person who's following me, every page I've ever
Unfollowed, and every person I've "friended" and when (dating back to
2009)
A ‘Posts and Comments’ document that included every
"like" (or any other reaction) I've posted on a post or comment
A ‘Location History’ folder. Mine is empty, since
I've never "checked in" or otherwise informed FB of my location. (But
you may have.)
A list of every FB message I've sent or received
and from/to whom
A ‘Photos & Videos’ folder containing every…
Well, you get the idea.
o Security &
Log-In Info that included session cookies updated (148 MS Word pages, about
7,000 or so cookies), all devices authorized to log in (back to 2013) , and a list of where I've logged in from and when
A document listing my complete search history
And a handy Index.html doc that lets you get to
all of this stuff a lot more easily than poking around in every damned folder,
which is what I did. Unfortunately, I found this document last.
As
you can see, that's a lot of information about me—and honestly, I'm a pretty
boring person! Really. You can ask anyone.
 |
| He doesn't look like an evil person, does he? At least, he didn't back in his Harvard days. Image licensed under the Creative Commons Attribution 2.5 Generic license. |
I
don't like that.
Really,
most of these bits of data are relatively insignificant. If any one or two or
five of them got out in public or were sold to a marketer, it probably wouldn't
matter much. But, like the stones that killed Giles Corey and Margaret
Clitherow, eventually, the combined weight of the stones reaches a critical
mass and that one last stone finishes you off. Facebook has collected a LOT of
stones, enough to build a fairly accurate—and quite valuable—dossier on every
one of its over 2 billion customers. Eventually, we might end up being
crushed by those stones.
Sunday, July 15, 2018
Printing Death in 3D
I generally don't write about politics here; after
all, this blog is supposed to be a discussion about technology and writing. But
sometimes technology and politics overlap, as in this case.
I don't really worry much about Wilson
himself. He's an intelligent and seemingly stable young man, just one with whom I disagree
politically. I'm not worried that he's about to snap and become a mass
murderer. But I wonder how many mass murderers he's about to enable. Even one
would be too many, I would think.
I'm fine with having to register my car and
license its driver. I'm also fine with having to register certain firearms and
with having to license their users. But this technology—and the DOJ's
capitulation to Wilson and the other plaintiffs—will make it very difficult to
police the proliferation of this weaponry. Even if the authorities were to
confiscate my weapon on some grounds (perhaps I'm a felon, perhaps I violated a
restraining order, perhaps I've shown myself to have anger issues and have
committed assaults), I could simply go home and (assuming I own the proper
equipment), press a button, and go have dinner. By the time I'm finished with
my after-dinner port (not that I would drink port—who the hell drinks port?!),
I'd have a nice shiny new .45 pistol or an AR-15 receiver sitting in my
printer.
In Ch. 8 of Leveling
the Playing Field (which I'm sure you've all read!), I talked about the
advent of 3D printing and how it has changed manufacturing, mostly for the
better. But not always for the better. One significant worry I had (and
have) about 3D printing is that it can enable the proliferation of homemade
weaponry, including very accurate reproductions of weapons such as the
venerable 1911 semiautomatic pistol and the AR-15-type rifles that have been
used in so many mass shootings over the past few years.
Now, I own weapons. I like to think of myself
as one of those "responsible gun owners" we hear about. I own guns
for sport, for protection, and for hunting. But I don’t believe that just
anyone should be able to own just any gun, nor do I think there is anything
wrong with having to pass background checks in order to purchase a weapon or
being required to register many types of firearms. I'm not anti-gun; I'm
anti-idiot.
 |
| Lesley is not a big gun person, but she has gone shooting with me a couple of times. Naturally, it turns out that she's an excellent shot. |
Of course, what I think doesn't matter much,
and just how little it matters was brought home to me a couple of weeks ago
when the Department of Justice surrendered to a "First Amendment"
argument that a 3D data file representing a weapon was in fact protected free
speech and could be hosted on (and downloaded from) a public-facing
website. (The suit was filed by Cody Wilson, the inventor of the Liberator 3D-printed
pistol about which I wrote in the book.) After a long, drawn-out court case, it
appears that the DOJ has quietly settled with Wilson, whose stated goal has
been to moot the gun control debate by showing that it can't be
controlled. In the words of a recent Wired Magazine article, the DOJ
promised to:
…change
the export control rules surrounding any firearm below .50 caliber—with a few
exceptions like fully automatic weapons and rare gun designs that use caseless
ammunition—and move their regulation to the Commerce Department, which won't
try to police technical data about the guns posted on the public internet.
Basically, this means that Wilson and his
supporters have won the war. They've successfully blurred the line between the
First and Second Amendments, guaranteeing that anyone can design and/or
download-3D printer-compatible plans to just about any firearm. And, as any
hacked corporation or repressive government can tell you, it's very, very
difficult to police digital data. Even if you wanted to hide it (which
Wilson and his allies do not), the data would get out; after all, it's just
information. And these days, information (and misinformation) is pretty much
everywhere.
 |
| It doesn't look like much, but this is a mockup of The Liberator, possibly the first functional 3D printed handgun. Posting the data file for this gun online is what got Cody Wilson embroiled in a years-long lawsuit. The DOJ finally capitulated just weeks ago. Image used under the Creative Commons Attribution- Share Alike 3.0 Unported license. |
Some have drawn an analogy to an
automobile--another tool that kills many thousands every year, pointing out
that it is possible to build a motorized vehicle. But there are differences.
The purpose of an automobile is not to kill people, of course. Like a
hammer or other tool, it can be used to hurt people, but that's a
misapplication of the tool, not its purpose. And it's certainly true that I
could collect or (even build) parts and create a car. (Well, in my case,
I'd have to make a few phone calls to my friend George Kelley, if I wanted the
car to actually run.) But look what happens when I'm finished building this
car, this tool capable of killing thousands every year: I'd have to license and
register it. And I would myself have to be tested and licensed if I wanted to use
the car.
 |
| This is Jeff Sessions. As US Attorney General, he is the man in charge of the Department of Justice, the cabinet department that just settled a lawsuit with Cody Wilson that will result in the widespread proliferation of 3D-printed weaponry. Image in the public domain. |
And if I could do that, what could an angry ex-husband or wife do? What could a gang or
a cartel do?
Monday, June 04, 2018
Jesse Pinkman: "It's SCIENCE, B*tch!"
Lesley and I have been crossing a lot of
bridges lately. (I mean the literal kind, not the metaphorical ones.) First in our trailer and now in our
motorhome, we've been doing a lot of driving throughout the Pacific Northwest
and Northern California, and there's plenty of water here—entire oceans of
it, in fact. And where there is water, there are—not surprisingly—bridges to
enable us to cross that water.
Early
on, this was nerve-wracking. Towing a 19' trailer across a bridge with a fairly
small Chevy pickup truck, trying to stay in the middle of what seemed a
terrifyingly narrow lane was, at first, pretty scary—especially if the wind was
up. We eventually got used to the feeling of being suspended on this thin
concrete-and-steel lifeline hundreds of feet above the water, dragging all of
our worldly goods behind us. Eventually, we got to the point where we could
cross a bridge, even a narrow one, without giving it too much thought. Now we
do the same thing in a somewhat larger motorhome. And, as expected, it was
frightening at first, but eventually became second nature. Other than making
sure that it’s not too windy, we now cross bridges without giving the
crossing a second thought.
But
even at our most terrified, one thing we never worried much about was the
integrity of the bridge itself. We might veer off of the bridge, or be blown
off of it, or be pushed off by a trucker who'd lost his brakes or been
blown into another lane, but we never thought, "Oh, my God! What if the
bridge falls down?!" Circumstances might intervene to do us damage, but
the bridge itself would stand, we could be pretty sure.
 |
| Sometimes the "guarantee" is implied by a sign that you can see before you get on the bridge itself. (Image in the public domain.) |
Bridges
are usually massive and are guaranteed to carry a certain amount of traffic.
The Yaquina Bay Bridge, which we cross almost every week, was built in 1936,
one of a series of bridges designed by Conde B. McCullough. It is over 3,000
feet in length, and it stands 133 feet above the water at its highest point. It
contains 30,000 cubic yards of concrete and over 3,000 tons of steel. As I
said, massive. (And this bridge is quite small compared to many other suspension
bridges around the world.) And because it's so substantial and so
well-designed, the bridge is guaranteed to be able to hold the weight of
the traffic crossing it.
 |
Sometimes the "guarantee" is fairly explicit, as in the
case of the Clark's Bridge, a covered bridge in New
Hampshire, which specifically states that it will carry
200 tons. (Image licensed under the Creative
Commons Attribution-Share Alike 3.0 Unported
license.)
|
When
I was heading up the software development team for a publishing company in
Texas, the powers-that-be (of which I was most assuredly not one) decided that
all of our programmers would be given a new title: henceforth, they would all
be known not as developers or programmers, but as "software
engineers." I really didn't care what they were called, so long as they
showed up at the office and did cool programmy things, preferably while wearing
shoes and long pants. And to tell the truth, the programmers didn't care,
either. You could call them whatever you wanted; as long as they got paid and
had snacks and got to do cool software things, they were happy. (And most of
them wore shoes and long pants most of the time.)
But
one of my developers emphatically did not want to be called a "software
engineer." This man—we'll just call him "John," because, well,
that was his name—felt that as programmers, they did not deserve to be
called engineers. The programming profession, he felt, was not precise enough,
nor its results predictable enough, to be called "engineering."
Engineering, he said, meant that the end result, the product, was designed in
such a way that the builders could guarantee the outcome of its use.
The
example he used was, in fact, a bridge. A bridge is designed and built and guaranteed
to carry a certain amount of weight. If built correctly, it will in fact carry
that weight, and it will do so for a specified period of time.
Software,
on the other hand, is never guaranteed. It's too complex and used in too many
different environments for the developer to absolutely guarantee that it will
function as designed. And sure enough, if you go looking for guarantees for
software you've purchased (or, more likely, licensed), you will find a lot of
vague legal-ese that basically boils down to "This really should work, but
if not, well, we're not responsible. Sorry." If you go looking for
remedies for failure, you'll find that those remedies are almost always limited
to replacement of the media on which the software was supplied. (Which is even
more meaningless these days, since most of your software was probably
downloaded or is provided as a cloud service.)
 |
Code is complicated. And the interaction
of thousands (sometimes millions) of lines of code with one another and with the software and hardware environments within which that code runs make it close to impossible to guarantee that a software product will behave as designed at all times. |
John
felt that, until programming had evolved to the point where designers
and programmers could guarantee their work, then it was not deserving of
the name engineering, and he would rather just have his title listed as
"Programmer" on his business card.
I
sympathized with John and told him that I would convey his feelings to the
aforementioned powers-that-be. I did so, and the PTB explained to me that they were
going to do exactly what they had intended to do all along, that John's title
was now "Software Engineer," and that I should now scuttle back to my
dark and forbidding lair and prepare for the next in a seemingly endless series
of product delivery deadlines.
I
returned to John, gave him the bad news, and sympathized heartily with him,
while patting him gently on the shoulder. Then I asked him to please put his
shoes back on.
He
was right, though.
Sunday, April 22, 2018
Data Mining for Fun and (Mostly for) Profit
A couple of months earlier, it was Cambridge
Analytica in the crosshairs of privacy supporters everywhere, after the data
mining firm collected similar data and used it to help Republican candidates in
their various bids for election. The catch there was that CA may have drifted
into the realm of illegality by assigning non-US citizens to work on the
campaigns. Technically, those non-citizens could in fact collect and analyze data,
but the company was advised that it must not
allow those non-citizens to "play strategic roles including the giving of
strategic advice to candidates, campaigns, political parties or independent
expenditure committees.” Which, of course, is exactly what they did. According
to former CA employee-turned-whistleblower, Chris Wylie, ". . . there was
no one American involved in [one campaign] . . . it was a de facto foreign
agent, working on an American election."
 |
| Alexander Nix, CEO of Cambridge Analytica at Web Summit 2017 in Lisbon. Image used under the Creative Common Attribution 2.0 Generic license. |
There's a big difference between these two scenarios.
To take the second case first, had CA simply collected and analyzed data and
then handed it over to a (in this case, Republican) campaign to use, no laws
would have been broken; the data itself is out there for anyone to collect,
aggregate, and use for any (legal) purpose. The company's mistake was in
assigning foreigners to strategic duties that could affect a US election
campaign. Some privacy supporters may have chafed at the use of PII (personally
identifiable information) for purposes counter to their beliefs (read: we
Democrats were not happy that the data was used to help Republican candidates)
and without their knowledge or consent, but the reality is that you put that
data out there. Why would various companies not collect and use it?
(And let's be honest: Would the hue and cry among us libs have been quite as
loud had the data been used to help Democratic candidates? I don't think so.)
Which brings me to the first case, one which
involves a far more common—and perfectly legal—activity. We worry a great deal
about privacy, but seemingly not enough to not place our entire lives out there
on the Internet for the world to see. It's been said many times, but apparently
it needs repeating: NOTHING YOU DO ON THE INTERNET IS PRIVATE. This is
especially true when you post information that can be used against you or can
be used to help people profile you and then use that profile to sell you
things, including political candidates.
Alternatively, but quite commonly, such
information is used by social engineers to scam you or talk you or one of your
contacts into giving up names, passwords, and other data that ought to be kept
confidential. Most so-called hacks actually start with a social engineering
exploit, and most of those are predicated on data the scammer found on
social media.
 |
| He looks so young and innocent, doesn't he? And he might have been, back then. This is Mark Zuckerberg in his Harvard dorm room back in 2005. Image used under the Creative Commons Attribution 2.5 Generic license. |
The thing is that a seemingly insignificant
and innocuous Facebook, Instagram, or Snapchat post can tell marketers and
thieves (one assumes that there is a difference) a great deal about you, your
habits, your location, your typical travel plans, etc. I can trawl (not troll;
well, I suppose I could do that, too) through Facebook and know who is on
vacation, where they went, and when they'll return. I know what you like to
eat. What you like to wear. I know your marital status—and if I dig a little, I
might even be able to figure out if that marriage is in trouble. Got a public
Amazon wish list? I know your hobbies, your future renovation plans, what
musical instruments you play, what pets you have, and what kind of books you
read. I also know if you're into essential oils and have an Apple Watch. (Why
else would you list an Apple Watch Stand and a wireless charger on your wish
list?) I know if you curl your hair, and whether you're a Mac person or a
Windows person. (All of this goes double if you click the little Facebook
"I just bought…" icon that pops up when you make an Amazon purchase.)
I have security tools that some may lack, but
I'm no security whiz. Nonetheless, if your phone has its geolocation turned on,
I can see many of the Facebook, Pinterest, Snapchat, and other posts you make,
and I can track them by name, by date, by keyword, and by the location from
which they were sent. To do this, I use a piece of software that's often used
by law enforcement officers, but the truth is that anyone can buy access to it.
But the reason the software can access the data to begin with is that we put
that information out there to be found.
If I were smart enough to write an algorithm
that could collect, aggregate, and collate all of this information, I could
know all about you. (No worries; I'm not smart enough. Then again, I know
people who are.) That's all that Localblox did: the company wrote software that
scraped information from social media sites, aggregated it, and created code
that pieced the information together and built individual portfolios. (And then
they stupidly left it out there unprotected for a security researcher to find.)
 |
| If you lived in New York in 1948 and were one of the few people who owned a television, this woman really wanted to sell you a faucet aerator. Image in the public domain. |
Facebook has over 2 billion users.
WhatsApp has 1.5 billion. Instagram has almost a billion. These are big
numbers. And big numbers translate to big dollars. Dollars they make by selling
information about us, because we were dumb enough to put that information out
there to be sold. As others have said, when it's being given to you for
"free" (and this includes network television), you're not really a
customer—you're the product.
Subscribe to:
Posts (Atom)