Datafication & Technology

Datafication, Phantasmagoria of the 21st Century

Tag: Privacy (Page 2 of 2)

Identifiers. You Are Being Watched Online

26 February 2023 / / 0 Comments

When you browse the web, you probably focus on the content that you come across. However, built within the digital architectures of the web are invisible little scribes that record what you do, where you go, and how you behave as you browse. Those little digital scribes are called identifiers. What exactly can they know about you as you live your life online? And why is it important?

This website tells you what identifiers you leave behind when you browse. Click on the link below and it will show you a long list of all the identifiers that every website you visit can find out about you, your location, your device etc…

https://www.deviceinfo.me

Why should you care? Because all these different data points are then used to create a “fingerprint” of your web browser, allowing the rest of your web activity on that same browser/device to be trackable.

I checked and the results show that it is possible to know my device type or model, operating system, browser, IP address (and whether I am using a VPN), country, ISP and servers names, the connection type. I expected that. What I did not expect was the system to detect “fingerprinting resistance”, as well as details about my hardware (number of webcams, microphones. which graphic card, RAM, battery status, number of fonts) and my browser (extensions, content filtering, cookies enabled or not etc). It also checked for “live”, i.e., changing operations as I was using the computer: live device motion (checked at intervals of 500ms), rotation and acceleration including gravity, live page visibility changes and live screen orientation and resolution changes. It could see the live current scroll position, the keys pressed, the mouse position on the screen amongst others.

We can’t stop browsing. What to do? Short of not being online, it is not possible to completely avoid surveillance. Use a good VPN, which means a paid-for VPN (the free ones most probably sell your data) that is well regarded in privacy circles. I use ProtonVPN, from the same company as ProtonMail, one of the most privacy conscious email providers on the planet. Use browsers that are known for their security and privacy features such as Firefox (do NOT use Microsoft Bing or Google Chrome). Regularly clear your cache and cookies (I do it several times a day). Install browser extensions that give you some control over what happens when you browse, such as No Script, Privacy Badger, HTTPS everywhere, Canvas Blocker, uBlock Origin, Facebook. Container. Set your browser privacy (in settings) to strict.

And spend a bit of time learning about how to protect yourself online. There are now MANY good publications, and articles in tech-oriented magazines such as WIRED, MIT TechReview and others that describe how to set up some levels of protection online. I know one can easily feel disempowered today in the face of the incongruous levels of unrestricted digital surveillance, but do not give in to despair. Technology is invented everyday to help us, and it IS possible to avoid a reasonable number of surveillance features that are built into our digital architectures. If you are really into privacy and security, check Michael BAZZELL’s book “Extreme Privacy, What It Takes To Disappear”, 4th Ed. 2022. There is an updated eBook on mobile devices. Check his website to learn more (I do not get any commission, I am recommending him because his book is phenomenal, and he is very knowledgeable).

[HOW TO] Protect From Data Theft? (Privacy)

31 January 2023 / / 0 Comments

Many people ask me how to protect from data theft from Big Tech. This is a really important question, so I asked a digital security expert friend of mine. This is his (unedited) reply. Some of those are more directly actionable than others. I will regularly add to the list.

Use a *trustworthy* VPN for all devices like Mullvad or ProtonVPN (or tor/I2P for truly sensitive things) with reliable DNS protection (but also aware VPN has own risks, strictly only to mask your true IP + mask your web activity from your ISP + provide more secure internet when connected to public or unsafe networks).

Use Linux on desktop (or any open source privacy friendly version, just avoid MacOS, Windows and ChromeOS).

Use de-googled android (grapheneOS) on mobile. Neither Androids not iPhones are safe. A mobile phone is most invasive and privacy leaking device in our lives.

Delete all social media and big tech accounts.

Replace the services/apps one uses with open source/libre software alternatives. Email, contacts, calendar, cloud storage, apps on phone etc… Especially avoid any products or services by big tech (e.g. Google docs, Gmail, drive, youtube, search, Chrome, WhatsApp etc…).

Use privacy friendly web browser (recommend “brave” browser) with disabled telemetry and tracking blocking and fingerprinting resistance settings set to maximum.

Use privacy friendly search engine (duckduckgo is OK), do not use Google search, Microsoft Bing, etc.

Understand how internet and web infrastructure works (networking basics) as this is key to knowing how to manage own data trail and emissions. Key part is understanding that every single action taken in relation to internet or digital anything leaves a permanent record and digital trail of breadcrumbs. So to know how to get by using alias information when possible, and to be extremely judicious in providing any true personal data in any digital context. Doesn’t matter that one uses the most private and secure computer system if they just go and share their personal life story and details by posting such on the internet. Disclose as little as possible online, and if needed use false/alias data.

Use end to end encrypted and metadata minimising methods of online communication (e.g. Signal is not perfect but probably best balance between privacy/security and usability/widespread use).

Generally opt to use software and services that rely on well-implemented encryption technology and *end to end* and *zero knowledge* encryption wherever possible.

Do not use regular phone call or SMS (use secure WiFi call or message via secure apps instead).

WhatsApp Terms of Service & Privacy Policy as of March 2021

9 October 2021 / / 0 Comments

In the post “Why I Am Quitting WhatsApp – Part II” below I mention a link to the Terms of Services and the Privacy Policy. Since those terms change with time, I enclose an excerpt below of the terms as of 27 March 2021 in pdf format.

The clause “Information We Collect” is divided into three groups:

  1. Information you provide (hinting that the other two are information that you do NOT (and may not want to) provide),
  2. Automatically collected information,
  3. Third-party information.

Please see content below.

Information You Provide

• Your Account Information. You provide your mobile phone number to create a WhatsApp account. You provide us the phone numbers in your mobile address book on a regular basis, including those of both the users of our Services and your other contacts. You confirm you are authorized to provide us such numbers. You may also add other information to your account, such as a profile name, profile picture, and status message.

• Your Messages. We do not retain your messages in the ordinary course of providing our Services to you. Once your messages (including your chats, photos, videos, voice messages, files, and share location information) are delivered, they are deleted from our servers. Your messages are stored on your own device. If a message cannot be delivered immediately (for example, if you are offline), we may keep it on our servers for up to 30 days as we try to deliver it. If a message is still undelivered after 30 days, we delete it. To improve performance and deliver media messages more efficiently, such as when many people are sharing a popular photo or video, we may retain that content on our servers for a longer period of time. We also offer end-to-end encryption for our Services, which is on by default, when you and the people with whom you message use a version of our app released after April 2, 2016. End-to-end encryption means that your messages are encrypted to protect against us and third parties from reading them.

• Your Connections. To help you organize how you communicate with others, we may create a favorites list of your contacts for you, and you can create, join, or get added to groups and broadcast lists, and such groups and lists get associated with your account information.

• Customer Support. You may provide us with information related to your use of our Services, including copies of your messages, and how to contact you so we can provide you customer support. For example, you may send us an email with information relating to our app performance or other issues.

Automatically Collected Information

• Usage and Log Information. We collect service-related, diagnostic, and performance information. This includes information about your activity (such as how you use our Services, how you interact with others using our Services, and the like), log files, and diagnostic, crash, website, and performance logs and reports.

• Transactional Information. If you pay for our Services, we may receive information and confirmations, such as payment receipts, including from app stores or other third parties processing your payment.

• Device and Connection Information. We collect device-specific information when you install, access, or use our Services. This includes information such as hardware model, operating system information, browser information, IP address, mobile network information including phone number, and device identifiers. We collect device location information if you use our location features, such as when you choose to share your location with your contacts, view locations nearby or those others have shared with you, and the like, and for diagnostics and troubleshooting purposes such as if you are having trouble with our app’s location features.

• Cookies. We use cookies to operate and provide our Services, including to provide our Services that are web-based, improve your experiences, understand how our Services are being used, and customize our Services. For example, we use cookies to provide WhatsApp for web and desktop and other web-based services. We may also use cookies to understand which of our FAQs are most popular and to show you relevant content related to our Services. Additionally, we may use cookies to remember your choices, such as your language preferences, and otherwise to customize our Services for you. Learn more about how we use cookies to provide you our Services.

• Status Information. We collect information about your online and status message changes on our Services, such as whether you are online (your “online status”), when you last used our Services (your “last seen status”), and when you last updated your status message.

Third-Party Information

• Information Others Provide About You. We receive information other people provide us, which may include information about you. For example, when other users you know use our Services, they may provide your phone number from their mobile address book (just as you may provide theirs), or they may send you a message, send messages to groups to which you belong, or call you.

• Third-Party Providers. We work with third-party providers to help us operate, provide, improve, understand, customize, support, and market our Services. For example, we work with companies to distribute our apps, provide our infrastructure, delivery, and other systems, supply map and places information, process payments, help us understand how people use our Services, and market our Services. These providers may provide us information about you in certain circumstances; for example, app stores may provide us reports to help us diagnose and fix service issues.

• Third-Party Services. We allow you to use our Services in connection with third-party services. If you use our Services with such third-party services, we may receive information about you from them; for example, if you use the WhatsApp share button on a news service to share a news article with your WhatsApp contacts, groups, or broadcast lists on our Services, or if you choose to access our Services through a mobile carrier’s or device provider’s promotion of our Services. Please note that when you use third-party services, their own terms and privacy policies will govern your use of those services.

WhatsApp-Terms-of-Service-as-of-27-March-2021Download

Private Messaging Apps

8 August 2021 / / 0 Comments

A good friend sent this link to me today: https://nordvpn.com/blog/most-secure-messaging-app. It’s a good article, you should read it. This however, prompted the thoughts below.

Good Morning! Thank you for sharing this!

It’s true that signal is the most secure messaging app. I use both telegram and signal. They both have pros and cons like all apps.

Since WhatsApp change of T&C there have been many articles that speak about the privacy of messaging apps. And it’s great because the discussion brings awareness to this aspect of communication. However I think it’s also the wrong (first) question to ask because it is reductionist and puts the focus on the wrong thing. Let me explain!

The social web brought about shifts of a magnitude last seen with the invention of the printing press. The economy of the social web is supported by a model (targeted advertising) that is BY DESIGN hostile to our well being, social balance and democratic values. When I say by design it means that the model itself contains in its essence imperatives that are fundamentally hostile to the above. It distorts debates, polarises society, addicts individuals. It can’t work if it doesn’t do that. Those effects are intrinsic to the model.

So what we are witnessing at the moment is nothing less than an ecological crisis. We have a digital social economy based on a model which “side effects” are wrecking havoc in our lives and our societies (whether they are really “side” effects or just effects is another debate for another time).

In 1964 Rachel Carson write a seminal book called Silent Spring, a desperate call for the world to wake up to the large scale slaughtering of our natural environment. Today we are faced with a similar crisis, an ecological crisis of our inner environments.

So to go back to the question about the privacy of messaging apps. I said earlier it’s a good question of course but the wrong question to start with. Apps are not created equal. They are not stand-alone isolated entities. They exist in a larger system. Apps like Telegram and Signal (and a bunch of less popular messaging apps) are not owned by large monopolies which profits rest on targeted advertising. They may or may not be the most secure, but even if they are not, the systemic effect of using them will be very different than those of using an app like WhatsApp or FB messenger which belong to a monopolistic entity that has shown many times it was ready to lie and manipulate with total disregard for the effects of their services on the planet.

So the first question to ask is: by using this technology, whose interests am I serving? To go back to the parallel with environmental ecology, asking whether an app is private is the equivalent of asking whether a good is too expensive without looking at the ecosystem that produces it. Maybe a good is expensive but it is of quality and produced in an ecosystem that favours small producers and benefits the real economy.

To be honest most of us do NOT need messaging apps that absolutely protect our communications. None of what I have ever written to you or on our group chats for example warrants a level of secrecy required to keep state secrets, or to keep investigative journalists in authoritarian countries safe (or these type of things).

And then, what do we mean by “private”? We have been habituated to think about privacy as hiding the content we share from the snooping eyes of government or police etc. This is surely one important aspect of privacy but in the digital age by far not the only one.

To understand why, we need to understand a fundamental difference that the FB and Googles of the world are very careful not to emphasise. It’s the difference between content and meta content. Content (or data) is what we share, the messages, the photos, the emojis etc… meta content is meta data, which is the collateral information that accompanies communication. Targeted advertising companies are meta data hungry not content hungry (see the post below “Why I Am Quitting WhatsApp Part II“).

Meta data is really the gold of the social internet because when aggregated and analysed by the large systems of big data they reveal things about us that we would not dream to share as content. And by the way, those insights are much more valuable than raw data and can be shared with government, police etc.

This is why we need to become conscious digital consumers. Just as we try not to consume plastic straws or make efforts to buy sustainable coffee, we need to make efforts and care for what type of digital technology we consume. Remember that behind the app, there is a whole ecosystem.

I know people who decide to lead a sustainable lifestyle, only buy organic food and walk to their work but who consume technology with the gluttony of a pig and the lack of awareness of a 2 years old (no disrespect to pigs and 2 years old here, this is what they are supposed to do! 😉). This is just not coherent!

Newer posts »

© 2024 Datafication & Technology

Theme by Anders NorénUp ↑