Category Archives: Privacy

Privacy Misbehavior

Posted on by
1

Andrea Peterson of The Washington Post has a warning.

Recall that ‘way last November, Verizon was exposed as using a supercookie that they’d developed for the purpose: it sits on your cell phone and tracks, ostensibly for their own use, your cell usage (supposedly limited to your use on the Internet). And you can’t delete it.

It turns out that Turn, an online advertising company that works with Google and Facebook,

uses [the Verizon supercookie] to collect data that makes it easier for advertisers to place targeted online ads, according to the researchers.

Verizon says they’re “looking into this,” but they don’t say they’re putting a stop to it.

We are evaluating how third parties are using the UIDH in this evolving ecosystem and considering any appropriate response[.]

Peterson suggests that

Turn’s use of the identifier highlights how data about someone’s online tracking practices can sometimes be deployed beyond its original intent—making it harder than ever for consumers to control who has knowledge about their online activities.

And

Turn’s General Counsel and Chief Privacy Officer, Max Ochoa, confirmed Mayer’s analysis of how its program worked in an interview with The Post.

Ochoa also thinks this is perfectly jake [emphasis his].

Clearing cookies is not a reliable way for a user to express their desire not to receive tailored advertising….

It is vital to note that clearing a cookie cache is not a widely recognized method of reliably expressing an opt-out preference.

Yeah—because the user didn’t use a bureaucrat’s special hoop. This, of course, is nonsense. The user didn’t clear the cookies because he didn’t have anything better to do with his time, so he just started putzing around with his cell phone. Leave it to an advertiser—and one that does his data collection for his clients in an entirely behind-the-scenes way—to pretend to this level of obtuseness.

Just as disappointingly, Verizon is pretending innocence in all of this.

“[I]t is unlikely that sites and ad entities will attempt to build customer profiles for online advertising” and noting that the identifier “changes frequently.”

Never mind that

While you have a Turn tracking cookie and are on the Verizon network, it kept track of the linkage between your Turn cookie and that Verizon Wireless tracking header,” he explained. “But if you get rid of the Turn cookie, the back end of that system would notice and reinstate that cookie based on the header.

It strains my credulity to think that the IT experts at Verizon wouldn’t understand this as they developed their supercookie and deployed it.

Hmm….

Trust

Posted on by
Reply

First we have the NSA collecting personal telephone call data. Now we find out about this shadowy program, which was uncovered only because DEA had to give up its existence pursuant to a criminal case involving a man accused of planning the export of technology to Iran:

The Drug Enforcement Administration has formally acknowledged that it maintained a sweeping database of phone calls made from the United States to multiple foreign countries.

And

…the program relied on administrative subpoenas to collect records of calls….

Not even a secret, but at least Article III, judge granting (or, rarely, refusing) warrants to search. Now we have, also, the same sort of warrant issued administratively (but just as sub rosa if not outright secretly).

What other secret databases is the Federal government keeping on its employers, us citizens?

These two programs, shrouded as they’ve been, are illustrations of why government cannot be trusted with such collections absent open, publicly sought and issued or refused 4th Amendment warrants. These two programs demonstrate instead that, without such public requests and issuances/denials, the Constitution will be ignored at convenience.

An aside: DoJ says this DEA collection program has been discontinued. There’s no evidence, though, that the database has been destroyed. DoJ is only willing to claim that the contents have been deleted. We know, of course, from IRS deletions that deleting doesn’t necessarily mean deletion.

Privacy and Government

Posted on by
Reply

…and government shoe-squeezing.

The No. 2 official at the Justice Department [Deputy Attorney General James Cole] delivered a blunt message last month to Apple Inc executives: new encryption technology that renders locked iPhones impervious to law enforcement would lead to tragedy. A child would die, he said, because police wouldn’t be able to scour a suspect’s phone, according to people who attended the meeting.

The naked panic-mongering is something we’d expect to get out of the press, but for a high-ranking government official to spout such nonsense is…unseemly. For Cole to masquerade his extreme outlier as the trend that must result, though, is dishonest. But it’s all good—DoJ must be able to snoop into Americans’ communications on DoJ’s own recognizance. Because, of course, no American administration would abuse its discretion.

This comes on the heels of another DoJ overwrought claim.

Last month, Federal Bureau of Investigation Director James Comey said new Apple and Google encryption schemes would “allow people to place themselves beyond the law.”

This is the risk a free people take; it’s a risk the free American people have said repeatedly we’re willing and anxious to take. Because such encryption schemes also would “allow people to place themselves beyond an overreaching government.” Which overreach the crocodile tears and manufactured crises of Cole and Comey demonstrate this government is committing.

Give up some freedom—some privacy from government snooping—in order to have security? Pssh. Without the freedom, without the privacy from government snooping, there can never be any security.

Another Assault on Privacy

Posted on by
Reply

This time by a major cellular telephone company: Verizon.

…it has emerged that Verizon Wireless has been silently tracking around 100 million mobile customers using a supercookie that can’t be opted out of.

This is an especially nefarious invasion: the “cookie” lets Verizon track your movements on the Web—every page. And they then peddle that information to any advertiser willing to pay up.

Indeed, “supercookie” is a bit of a misnomer. Cookies store stuff on your computer that Web sites that you visit use when you revisit them. Often, it’s useful and beneficial information: how you like that Web site presented, for instance, or login information (beneficial only if it’s a convenience to read an article, and not giving access to your financial or other personal information to that site), and so on.

This thing, instead, enters the stream of information being exchanged between your browser and the Web site and

injects a new HTTP header every time you visit a website. Not just Verizon websites—any web resource that is accessed via Verizon’s network (i.e. everything). This header, called X-UIDH, contains a unique identifier that’s tied to your Verizon account. Your web browser (or any other app on your phone that uses HTTP) always receives this header with your unique ID—there’s nothing you can do to stop it.

Three things make this even worse than it sounds.

  • they didn’t tell you about it
  • you can’t block it or even opt out
  • not only Verizon can use the resulting information—any third party can access it

Verizon says it’s only on their cellular network, only using your Web accesses via your cell phone. So far.

It’s unconscionable that a major company would pull such a stunt; although it’s sadly common. It’s unlikely that Verizon will stop this invasion. It’s necessary, then, to get onto your newly elected and minted Congressman and…encourage…him or her to look into this and to legislate to protect our privacy.