Thursday Threads: All about online privacy, or lack thereof

by  Peter E. Murray  ·   Posted on 
 ·  6 minutes reading time

Are you paranoid yet? Are you worried that the secret you shared anonymously might come right back to you? Or wondering why advertisements seem to follow you around from web page to web page? Or just creeped out by internet-enabled services tracking your every move? Or angry that mobile carriers made it very easy for anyone to track every page you visited from your smartphone? Or maybe you will simply give up any personal information for a delicious cookie? (Are you paranoid now?)

This week's DLTJ Thursday Threads highlights a selection of stories from the past couple months that show what's happening with information we might consider private and how companies are trying to monetize our every move and our every click. It would seem, at least from my tiny view of the internet, that concerns about online privacy are growing. For the librarians reading this post, you'll know that protecting patron privacy is core to our ethos. Yet sometimes our seemingly innocent actions -- adding a Facebook "Like" button or gathering usage reports via Google Analytics -- feed our patron's information right into the heart of corporate interests whose ideals may not align with our own. If you are a member of the Library Information Technology Association, I encourage you to look at the newly formed Patron Privacy Interest Group and -- if you will be at the ALA Midwinter meeting -- come to the interest group's first meeting on Saturday, January 31, 2015 from 8:30am to 9:30am.

Feel free to send this newsletter to others you think might be interested in the topics. If you are not already subscribed to DLTJ's Thursday Threads, visit the sign-up page. If you would like a more raw and immediate version of these types of stories, follow me on Mastodon where I post the bookmarks I save. Comments and tips, as always, are welcome.

Your Favorite Anonymous App Is Not Anonymous At All

Not all of the incidents with the major anonymous messaging apps in the past year have been identical. Some were straight up hacks. Some were exploits revealed. Some were just invasive data collection measures exposed. They all support the thesis that anonymous apps tend not to stay anonymous, however. And you shouldn't surrender a bunch of sensitive information through these apps, because you'll probably get screwed. Let's look at this issue app by app.

- Your Favorite Anonymous App Is Not Anonymous At All, by Adam Clark Estes, Gizmodo, 9-Dec-2014

When data gets creepy: the secrets we don’t realise we’re giving away

At the same time, something much more interesting has been happening. Information we have happily shared in public is increasingly being used in ways that make us queasy, because our intuitions about security and privacy have failed to keep up with technology. Nuggets of personal information that seem trivial, individually, can now be aggregated, indexed and processed. When this happens, simple pieces of computer code can produce insights and intrusions that creep us out, or even do us harm. But most of us haven’t noticed yet: for a lack of nerd skills, we are exposing ourselves.

- When data gets creepy: the secrets we don’t realise we’re giving away, by Ben Goldacre, The Guardian, 5-Dec-2014

We Can’t Trust Uber [or anyone else collecting our data]

Uber isn’t alone. Numerous companies, from social media sites like Facebook to dating sites like OKCupid, make it their business to track what we do, whom we know and what our typical behaviors and preferences are. OKCupid unashamedly announced that it experimented on its users, sometimes matching them with incompatible dates, just to see what happened.

The data collection gets more extensive at every turn. Facebook is updating its terms of service as of Jan. 1. They state in clearer terms that Facebook will be tracking your location (unless you disable it), vacuuming up data that other people provide about you and even contacts from your phone’s address book (if you sync it to your account) — important provisions many of Facebook’s 1.35 billion users may not even notice when they click “accept.”

We use these apps and websites because of their benefits. We discover new music, restaurants and movies; we meet new friends and reconnect with old ones; we trade goods and services. The paradox of this situation is that while we gain from digital connectivity, the accompanying invasion into our private lives makes our personal data ripe for abuse — revealing things we thought we had not even disclosed.

- We Can’t Trust Uber, op-ed by Zeynep Tufekci and Brayden King, New York Times, 7-Dec-2014

AT&T Stops Using Undeletable Phone Tracking IDs

AT&T says it has stopped its controversial practice of adding a hidden, undeletable tracking number to its mobile customers' Internet activity....

The move comes after AT&T and Verizon received a slew of critical news coverage for inserting tracking numbers into their subscribers' Internet activity, even after users opted out. Last month, ProPublica reported that Twitter's mobile advertising unit was enabling its clients to use the Verizon identifier. The tracking numbers can be used by sites to build a dossier about a person's behavior on mobile devices – including which apps they use, what sites they visit and for how long.

The controversial type of tracking is used to monitor users' behavior on their mobile devices where traditional tracking cookies are not as effective. The way it works is that a telecommunications carrier inserts a uniquely identifying number into all the Web traffic that transmits from a users' phone.

- AT&T Stops Using Undeletable Phone Tracking IDs, by Julia Angwin, ProPublica, 14-Nov-2014

In a highly unscientific but delicious experiment last weekend, 380 New Yorkers gave up sensitive personal information — from fingerprints to partial Social Security numbers — for a cookie. "It is crazy what people were willing to give me," said artist Risa Puno, who conducted the experiment, which she called "Please Enable Cookies," at a Brooklyn arts festival. ... To get a cookie, people had to turn over personal data that could include their address, driver's license number, phone number and mother's maiden name. More than half of the people allowed Puno to take their photographs. Just under half — or 162 people — gave what they said were the last four digits of their Social Security numbers. And about one-third — 117 people — allowed her to take their fingerprints. She examined people's driver's licenses to verify some of the information they provided.

- How Much of Your Data Would You Trade for a Free Cookie?, by Lois Beckett, ProPublica, 1-Oct-2014