Advertise here with Carbon Ads

This site is made possible by member support. ❤️

Big thanks to Arcustech for hosting the site and offering amazing tech support.

When you buy through links on kottke.org, I may earn an affiliate commission. Thanks for supporting the site!

kottke.org. home of fine hypertext products since 1998.

🍔  💀  📸  😭  🕳️  🤠  🎬  🥔

kottke.org posts about privacy

We Know What You Did During Lockdown

After watching this short film on how much data private companies are able to gather about you (data that we willingly give them in some cases), you might be forgiven for thinking that, never mind some far flung future, we are living in a full-on dystopia right now. The set design, the acting, the positioning of the tables, the see-through table tops, the laptop vs. notebook…this was really well done. When the interrogator got up from his desk, I viscerally felt the invasion of privacy.


How Privacy-Friendly Contact Tracing Can Help Stop the Spread of Covid-19

Nicky Case, working with security & privacy researcher Carmela Troncoso and epidemiologist Marcel Salathé, came up with this fantastic explanation of how we can use apps to automatically do contact tracing for Covid-19 infections while protecting people’s privacy. The second panel succinctly explains why contact tracing (in conjunction with quick, ubiquitous testing) can have such a huge benefit in a case like this:

A problem with COVID-19: You’re contagious ~2 days before you know you’re infected. But it takes ~3 days to become contagious, so if we quarantine folks exposed to you the day you know you were infected… We stop the spread, by staying one step ahead!

Contact Tracing Comic

It’s based on a proposal called Decentralized Privacy-Preserving Proximity Tracing developed by Troncoso, Salathé, and a host of others. Thanks to Case for putting this comic in the public domain so that anyone can publish it.

Update: About two hours after posting this, Apple and Google announced they are jointly working on contact tracing technology that uses Bluetooth and makes “user privacy and security central to the design”.

A number of leading public health authorities, universities, and NGOs around the world have been doing important work to develop opt-in contact tracing technology. To further this cause, Apple and Google will be launching a comprehensive solution that includes application programming interfaces (APIs) and operating system-level technology to assist in enabling contact tracing. Given the urgent need, the plan is to implement this solution in two steps while maintaining strong protections around user privacy.

Update: Based on information published by Google and Apple on their contact tracing protocols, it appears as though their system works pretty much like the one outlined about in the comic and this proposal.

Also, here is an important reminder that the problem of what to do about Covid-19 is not primarily a technological one and that turning it into one is troublesome.

We think it is necessary and overdue to rethink the way technology gets designed and implemented, because contact tracing apps, if implemented, will be scripting the way we will live our lives and not just for a short period. They will be laying out normative conditions for reality, and will contribute to the decisions of who gets to have freedom of choice and freedom to decide … or not. Contact tracing apps will co-define who gets to live and have a life, and the possibilities for perceiving the world itself.

Update: Security expert Bruce Schneier has some brief thoughts on “anonymous” contact tracing as well as some links to other critiques, including Ross Anderson’s:

But contact tracing in the real world is not quite as many of the academic and industry proposals assume.

First, it isn’t anonymous. Covid-19 is a notifiable disease so a doctor who diagnoses you must inform the public health authorities, and if they have the bandwidth they call you and ask who you’ve been in contact with. They then call your contacts in turn. It’s not about consent or anonymity, so much as being persuasive and having a good bedside manner.

I’m relaxed about doing all this under emergency public-health powers, since this will make it harder for intrusive systems to persist after the pandemic than if they have some privacy theater that can be used to argue that the whizzy new medi-panopticon is legal enough to be kept running.

And I had thoughts similar to Anderson’s about the potential for abuse:

Fifth, although the cryptographers — and now Google and Apple — are discussing more anonymous variants of the Singapore app, that’s not the problem. Anyone who’s worked on abuse will instantly realise that a voluntary app operated by anonymous actors is wide open to trolling. The performance art people will tie a phone to a dog and let it run around the park; the Russians will use the app to run service-denial attacks and spread panic; and little Johnny will self-report symptoms to get the whole school sent home.

The tie-a-phone-to-a-dog thing reminds me a lot of the wagon full of smartphones creating traffic jams. (via @circa1977)


Privacy at the margins

privacy.jpg

Privacy and privilege go hand in hand. This collection of scholarly articles in The International Journal of Communication edited by Dr. Alice Marwick and danah boyd takes us to Appalachia, India, Azerbaijan, and among Aboriginal communities. The nine articles are a deep dive into surveillance, coercion, and consent among those typically marginalized.

For many people, privacy is not simply the ability to restrict access to information, but the ability to strategically control a social situation by influencing what information is available to others, how this information is interpreted, and how it will spread. Needless to say, networked technology complicates these dynamics, to the point where most people find themselves constantly negotiating between disclosure, concealment, and connection.

The stark reality is that achieving privacy is especially difficult for those who are marginalized in other areas of life. Parents argue that they have the right to surveil their children “for safety reasons.” Activists who challenge repressive regimes are regularly monitored by state actors. And poor people find themselves forced to provide information in return for basic services. Meanwhile, privacy is increasingly important as data-hungry algorithmic systems are introduced into every part of society, gobbling up data about people and their practices to feed decision-making systems in sectors as varied as criminal justice, advertising, transportation, and news delivery. The privilege to “opt out” of these data-oriented systems is increasingly unattainable.


Eye in the sky: a “pre-crime” surveillance system

A company called Persistent Surveillance Systems has built a “pre-crime” surveillance system. The idea is that you fly a cluster of video cameras over an area that can be the size of a small city — using an airplane or even a drone — and you transmit the day’s activities of the entire city to a computer on the ground. When a crime is committed, a system analyst can scrub the video forward and backward in time to find out where the perpetrator came from and where they go after. Ideally, this happens minutes after the crime is committed so the perps can be apprehended. Radiolab recently had a great piece on this technology and its privacy implications.

The system also has other uses — like tracking traffic patterns — but yaaawn. In one of the trials of the technology described in the show, the surveillance video of a hit on a police officer in Juarez, Mexico by members of a drug cartel showed them driving back to what turned out to be the cartel’s headquarters. Another trial, in Dayton, OH, resulted in the capture of a burglar only a few blocks from where the crime was committed. Radiolab called this technology a superpower, like Batman hacking into all of the world’s cellphones or Superman hovering above the Earth listening to everyone’s conversations. Less imaginary comparisons would be to London’s network of CCTV cameras or the NSA’s recording of a large amount of the world’s electronic communications. Fascinating and terrifying all at once.


My voice is my passport. Verify me.

Soon, new iPhone owners will be able to use a fingerprint to access a phone or buy something on iTunes. Apple’s introduction of this fingerprint technology adds a nice layer of security and a bit of convenience for those whose fingers are too tired to type in a four-digit password. But soon, we will be interacting with a lot more devices that have no screens, and biometrics will be the logical way to secure our data. Companies have already developed ways to identify you, from your fingerprints to your heartbeat. And while these methods certainly seem more effective than simple (and often easy-to-hack) passwords, it’s a little worrisome that we’ll essentially be sharing even more personal data, right down to our person. In order to give us the promise of more security, companies will want to know even more about us. It feels like we’ve passed a point of no return. So much about us is stored in the cloud (our finances, our communication, our social lives) that we can’t turn back. The only way to protect what you’ve shared so far is to share some more. Protect your data with a password. Protect the password with some secret, personal questions. Protect all of that with your fingerprint or your heartbeat. Before long, you’ll have to give a DNA swab to access a collection photos you took yourself. It’s a trend worth watching. The last decade was about sharing. The next decade will be about protecting.


You Commit Three Felonies a Day

In a book called Three Felonies A Day, Boston civil rights lawyer Harvey Silverglate says that everyone in the US commits felonies everyday and if the government takes a dislike to you for any reason, they’ll dig in and find a felony you’re guilty of.

The average professional in this country wakes up in the morning, goes to work, comes home, eats dinner, and then goes to sleep, unaware that he or she has likely committed several federal crimes that day. Why? The answer lies in the very nature of modern federal criminal laws, which have exploded in number but also become impossibly broad and vague. In Three Felonies a Day, Harvey A. Silverglate reveals how federal criminal laws have become dangerously disconnected from the English common law tradition and how prosecutors can pin arguable federal crimes on any one of us, for even the most seemingly innocuous behavior. The volume of federal crimes in recent decades has increased well beyond the statute books and into the morass of the Code of Federal Regulations, handing federal prosecutors an additional trove of vague and exceedingly complex and technical prohibitions to stick on their hapless targets. The dangers spelled out in Three Felonies a Day do not apply solely to “white collar criminals,” state and local politicians, and professionals. No social class or profession is safe from this troubling form of social control by the executive branch, and nothing less than the integrity of our constitutional democracy hangs in the balance.

In response to a question about what happens to big company CEOs who refuse to go along with government surveillance requests, John Gilmore offers a case study in what Silverglate is talking about.

We know what happened in the case of QWest before 9/11. They contacted the CEO/Chairman asking to wiretap all the customers. After he consulted with Legal, he refused. As a result, NSA canceled a bunch of unrelated billion dollar contracts that QWest was the top bidder for. And then the DoJ targeted him and prosecuted him and put him in prison for insider trading — on the theory that he knew of anticipated income from secret programs that QWest was planning for the government, while the public didn’t because it was classified and he couldn’t legally tell them, and then he bought or sold QWest stock knowing those things.

This CEO’s name is Joseph P. Nacchio and TODAY he’s still serving a trumped-up 6-year federal prison sentence today for quietly refusing an NSA demand to massively wiretap his customers.

You combine this with the uber-surveillance allegedly being undertaken by the NSA and other governmental agencies and you’ve got a system for more or less automatically accusing any US citizen of a felony. Free society, LOL ROFLcopter.

Update: For the past two years, the Wall Street Journal has been “examining the vastly expanding federal criminal law book and its consequences”. (thx, jesse)


How to blog anonymously

From former call girl blogger Belle de Jour, a guide on how to publish online and maintain your anonymity.

You will need an email address to do things like register for blog accounts, Facebook, Twitter, and more. This email will have to be something entirely separate from your “real” email addresses. There are a lot of free options out there, but be aware that sending an email from many of them also sends information in the headers that could help identify you.

When I started blogging, I set up an email address for the blog with Hotmail. Don’t do this. Someone quickly pointed out the headers revealed where I worked (a very large place with lots of people and even more computers, but still more information than I was comfortable with). They suggested I use Hushmail instead, which I still use. Hushmail has a free option (though the inbox allocation is modest), strips out headers, and worked for me.

(thx, fred)


Apple to fix iOS address book access

Apple is going to modify their iOS software to force apps to prompt for address book access. From John Paczkowski at AllThingsD:

“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines*,” Apple spokesman Tom Neumayr told AllThingsD. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”

This is good news.


iOS apps and your address book

Details are finally starting to trickle out about how various iOS apps use the address book data on your phone. The Verge and Venture Beat both have good article on the subject. What they’re finding is nowhere near the 13/15 ratio that Dustin Curtis reported last week but Curtis has also said:

Second, for obvious reasons, I promised the developers I reached out to that I would never reveal who they are. Many of them have, since last week, changed their practices.

What I like about The Verge and VB articles is that they both end with Apple’s role in all this. In a future release, Apple should make sure that rogue parties can’t do stuff like this. If you’re going to have a store where every app has to be approved for the good of the end users and the integrity of the system, this is *exactly* the type of thing they should be concerned with.

Update: Insider did some digging as well.


More on iPhone address book privacy

Yesterday, developer Arun Thampi noticed that the Path iPhone app uploads a user’s address book to their server without asking the user first. And by address book, I mean all the phone numbers and addresses and email addresses of everyone in your phone’s address book just gets sent off to Path. And not only that, Path stored that information on its server. To their credit, Path apologized and deleted the data from their server.

But this is a larger problem than just Path. In a post from earlier today, Dustin Curtis reveals the dirty little secret of iPhone developers everywhere.

It’s not really a secret, per se, but there’s a quiet understanding among many iOS app developers that it is acceptable to send a user’s entire address book, without their permission, to remote servers and then store it for future reference. It’s common practice, and many companies likely have your address book stored in their database. Obviously, there are lots of awesome things apps can do with this data to vastly improve user experience. But it is also a breach of trust and an invasion of privacy.

I did a quick survey of 15 developers of popular iOS apps, and 13 of them told me they have a contacts database with millons of records. One company’s database has Mark Zuckerberg’s cell phone number, Larry Ellison’s home phone number and Bill Gates’ cell phone number. This data is not meant to be public, and people have an expectation of privacy with respect to their contacts.

13 out of 15! Zuckerberg’s cell phone number! Maybe I’m being old-fashioned here, but this seems unequivocally wrong. Any app, from Angry Birds to Fart App 3000, can just grab the information in your address book without asking? Hell. No. And Curtis is right in calling Apple out about this…apps should not have access to address book information without explicitly asking. But now that the horse is out of the barn, this “quiet understanding” needs to be met with some noisy investigation. What happened to Path needs to happen to all the other apps that are storing our data. There’s an opportunity here for some enterprising data journalist to follow Thampi’s lead: investigate what other apps are grabbing address book data and then ask the responsible developers the same questions that were put to Path.

Update: I am aware of this very confusing display of data from the Wall Street Journal. It indicates that of the ~50 iPhone apps surveyed, only three (Angry Birds, Facebook, and TextPlus 4) transmit address book data to a server. That’s not exactly the widespread problem that Curtis describes (the data sets are likely different)…it would be nice to see the net cast a bit wider.

Update: Oh, and that WSJ survey is two years old. (thx, @marcprecipice)


Your not-so-secret iPhone address book

I take this to mean that any iPhone app can download your address book to their servers? What. The. Hell! Apple?

Upon inspecting closer, I noticed that my entire address book (including full names, emails and phone numbers) was being sent as a plist to Path. Now I don’t remember having given permission to Path to access my address book and send its contents to its servers, so I created a completely new “Path” and repeated the experiment and I got the same result - my address book was in Path’s hands.


A story from the near future

Paul Ford is writing on Ftrain.com again and it’s just super. Today’s post is a short story that extrapolates our present cultural preoccupation with lawsuits, privacy, and surveillance into a future where anyone can bring a lawsuit for copyright violations against a fetus.

We had gone to a baseball game at the beginning of the season. They had played a song on the public address system, and she sang along without permission. They used to factor that into ticket price — they still do if you pay extra or have a season pass — but now other companies handled the followup. And here was the video from that day, one of many tens of thousands simultaneously recorded from gun scanners on the stadium roof. In the video my daughter wore a cap and a blue T-shirt. I sat beside her, my arm over her shoulder, grinning. Her voice was clear and high; the ambient roar of the audience beyond us filtered down to static.


Protect your privacy from Google

After months and years of complaints, Google is now allowing users to opt-out of its service by moving them to a remote mountain village.


From Porch to Patio

From Porch to Patio, a 1975 piece by Richard Thomas, discusses the transition in American society from the semi-public gathering place in front of a house to the private space in the back.

When a family member was on the porch it was possible to invite the passerby to stop and come onto the porch for extended conversation. The person on the porch was very much in control of this interaction, as the porch was seen as an extension of the living quarters of the family. Often, a hedge or fence separated the porch from the street or board sidewalk, providing a physical barrier for privacy, yet low enough to permit conversation.

When people started moving out to new buildings in the suburbs, the patio emerged to provide the privacy for these urban refugees.

The patio was an extension of the house, but far less public than the porch. It was easy to greet a stranger from the porch but exceedingly difficult to do so from the backyard patio. While the porch was designed in an era of slow movement, the patio is part of a world which places a premium on speed and ease of access. The father of a nineteenth-century family might stop on the porch on his way into the house, but the suburban man wishes to enter the house as rapidly as possible to accept the shelter that the house provides from the mass of people he may deal with all day.

(via front porch republic)


In an anonymity experiment, Catherine Price attempts

In an anonymity experiment, Catherine Price attempts to recover some of her privacy by living off the information grid.

Pay for everything in cash. Don’t use my regular cellphone, landline or e-mail account. Use an anonymizing service to mask my Web surfing. Stay away from government buildings and airports (too many surveillance cameras), and wear a hat and sunglasses to foil cameras I can’t avoid. Don’t use automatic toll lanes.

For the bit about the cellphone, I’m surprised that she didn’t slip it into an antistatic or other foil-lined bag while it wasn’t in use.


Peeping on voyeurs in the park

In the 1970s, Japanese photograhper Kohei Yoshiyuki stumbled upon a couple in a park engaged in sexual activity in the darkness and, somewhat more curiously, two men creeping towards the couple, watching them. Over many months, he followed these voyeurs in the park, befriended them, and outfitted his camera with an infrared flash so as to blend into the crowded darkness. The result is a fantastic series of photos called The Park. As you can see in the photo below, Yoshiyuki even caught some of the peeping toms touching their “visual prey”.

Kohei Yoshiyuki

Yoshiyuki’s photographs explore the boundaries of privacy, an increasingly rare commodity. Ironically, we may reluctantly accommodate ourselves to being watched at the A.T.M., the airport, in stores, but our appetite for observing people in extremely personal circumstances doesn’t seem to wane.

The NY Times has an audio slideshow of some images from The Park, which is on display at the Yossi Milo gallery in NYC until October 20 (more photos). A book of Yoshiyuki’s photography is available at Amazon.

The Times article mentions several photographers whose work is similar to Yoshiyuki’s. Merry Alpern took photographs through a window of prostitutes plying their trade with Wall Street businessmen. Weegee used an infrared flash to capture kissing couples at the movie theater (although it seems that particular shot was staged) and on the beach at Coney Island (last photo here). Walker Evans photographed people on the subway without their knowledge.


The folks at Alibi Network have developed

The folks at Alibi Network have developed a consultancy framework that helps their clients with alibis and excused absences with privacy and discretion. “We invent, create and provide customized alibis and excuses for attached adults involved in discreet relationships.”


Keeping secrets

William Gibson speaking on secrecy:

It is becoming unprecedentedly difficult for anyone, anyone at all, to keep a secret. In the age of the leak and the blog, of evidence extraction and link discovery, truths will either out or be outed, later if not sooner. This is something I would bring to the attention of every diplomat, politician and corporate leader: the future, eventually, will find you out. The future, wielding unimaginable tools of transparency, will have its way with you. In the end, you will be seen to have done that which you did.

Taken from Alex Steffen’s talk at PopTech.


I was wondering much the same thing

I was wondering much the same thing as Michael re: iTunes phoning home with your listening history. Isn’t that what we want? Our software watching and making recommendations for us…isn’t that helpful? Providing better, more targetted advertising (if we have to have advertising, it should be useful)? There are privacy concerns and companies should be clearer about what’s going on, but I don’t mind if the software I use is a little smarter.


Stephanie Hendrick has tracked down the identity

Stephanie Hendrick has tracked down the identity of an anonymous blogger (she matched them to a non-anonymous blog) using linguistic identity markers. See also secret sites. (via j/t)


Friendster has a new feature…you can

Friendster has a new feature…you can tell who has looked at your profile (feature is on by default and you can turn it off…if you’re even aware of it in the first place). If I still used Friendster (not that I ever really did), I’m not sure how I would feel about this. On the one hand, you can tell if someone’s interested in you (that guy you just met at the bar found your page as soon as he got home), but on the other hand, you might not want the girl you have a crush on to know you’re obsessively reloading her page to check for updates. (Also, imagine if they added this to LiveJournal…)


A citizen’s guide to refusing NYC subway searches

A citizen’s guide to refusing NYC subway searches. “As innocent citizens become increasingly accustomed to being searched by the police, politicians and police agencies are empowered to further expand the number of places where all are considered guilty until proven innocent.”


Is searching bags in the NYC subway legal?

Is searching bags in the NYC subway legal?.


FAQ: How Real ID will affect you

FAQ: How Real ID will affect you. So nice that they snuck it in on a completely unrelated bill like that…I don’t remember that aspect of gov’t being explained in that Schoolhouse Rock song about the bill.


Bruce Schneier on how to mitigate identity theft

Bruce Schneier on how to mitigate identity theft. “If we’re ever going to manage the risks and effects of electronic impersonation, we must concentrate on preventing and detecting fraudulent transactions.”