recentpopularlog in

kme : privacy   250

« earlier  
The Horror of a 'Secure Golden Key'
So hackers have (1) stolen everyone's credit cards, and (2) stolen celebrities' personal pictures. Up next: your personal pics, videos, docs, messages, medical data, and diary. With the Washington Post's proposal, it will all be leaked, a kind of secure golden shower.

When you host your data and your keys "in the cloud", your data is only as strong as the weakest programmer who has access.

Threat #4. It Protects You From the future

This is the greatest threat of all.

Our cloud data is stored for eternity, not the moment. Legislation and company policy cannot guarantee backups are destroyed. Our government may change, and what qualifies as a "lawful" warrant tomorrow might be illegal today. Similarly, your eternal data might be legal today and a threat tomorrow.

Except, as I learned in trivia the other day, "ex post facto" legal proceedings are forbidden by (Article 1) of the Constitution--in *criminal* matters. Some ex post facto laws (like ones related to violent offenders and sexual predators) do get passed, though, so...
crypto  privacy  security  backdoors  masterkey  politics  government  lawenforcement 
june 2019 by kme
Keybase is not softer than TOFU
In cryptography, the term TOFU ("Trust on first use") describes taking a gamble the first time 2 parties talk. Rather than meeting in person, you just trust a party in the middle to vouch for each side...and then, after the initial introduction, each side carefully tracks the keys to make sure nothing has changed. If a key has changed, each side sounds the alarm.

Similarly, in SSH, if a remote host's key changes, it doesn't "just work," it gets downright belligerent:

Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /Users/rmueller/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/rmueller/.ssh/known_hosts:12
RSA host key for has changed and you have requested strict checking.
Host key verification failed.</code>

This is the right answer. And make no mistake: TOFU isn't TOFU if it lets you keep going with a cute little shield that flows by. You should be seeing a giant skull and crossbones.
crypto  security  tofu  privacy  communication  chatapps 
june 2019 by kme
Firefox expands anti-tracking features with browser fingerprint blocking - The Verge
Firefox is testing a new anti-tracking feature that will prevent sites from being able to "fingerprint" your browser and track you. The browser will also now explicitly block cryptocurrency mining scripts.
browser  privacy  firefox  browserfingerprinting 
may 2019 by kme
Facebook Figured Out My Family Secrets, And It Won't Tell Me How |
The bigger reason the social network may be shy about revealing how the recommendations work is that many of Facebook’s competitors, such as LinkedIn and Twitter, offer similar features to their users. In a 2010 presentation about PYMK, Facebook’s vice-president of engineering explained its value: “People with more friends use the site more.” There’s a competitive advantage to be gained by being the best at this, meaning Facebook is reluctant to reveal what goes into its algorithm.

The caginess is longstanding. Back in 2009, users getting creepily accurate friend suggestions suspected that Facebook was basing the recommendations on their contact information—which they had volunteered when they first signed up, not realizing Facebook would keep it and use it.
facebook  pymk  privacy  socialgraph  socialnetwork  socialmedia 
january 2019 by kme
How Facebook Outs Sex Workers |
“The worst nightmare of sex workers is to have your real name out there, and Facebook connecting people like this is the harbinger of that nightmare,” she said. “With all the precautions we take and the different phone numbers we use, why the fuck are they showing up? How is this happening?”

“Facebook isn’t a luxury,” Darling said. “It’s a utility in our lives. For something that big to be so secretive and powerful in how it accumulates your information is unnerving.”

The outing problem is, like Facebook’s ongoing fake-news scandals, a result of the company’s growth-above-all strategy: First round up as many users as possible, then start cleaning up (or not) the side effects of operating at that scale. People You May Know may be incidental to an individual user’s experience, but it extends the reach and density of the network.
facebook  privacy  pymk  socialnetwork  socialgraph 
january 2019 by kme
Facebook Knows How to Track You Using the Dust on Your Camera Lens |
In the course of our year-long investigation into how the social network makes its uncannily accurate friend recommendations to users, Facebook has told us many things it doesn’t do, to ease fears about Facebook’s ability to spy on its users: It doesn’t use proxies for location, such as wi-fi networks or IP addresses. It doesn’t use profile views or face recognition or who you text with on WhatsApp. Most of Facebook’s uncanny guesswork is the result of a healthy percentage of users simply handing over their address books.

In a patent filed two years later, employees on Facebook’s growth team explain why increased user engagement is so important. It leads to “a corresponding increase in, for example, advertising opportunities.”
facebook  socialnetworks  tracking  privacy  imageprocessing  socialgraph  pymk 
january 2019 by kme
How To Remove Flash Cookies Under Ubuntu 11.10/12.04 |
<code class="language-bash">
nautilus ~/.macromedia

Or use the terminal to get rid of Flash cookies as follows:

1. You can list all flash cookies with this command:
<code class="language-bash">
find .macromedia/ -name "*.sol"

2. To clear all Flash cookies, run now this command:
<code class="language-bash">
find .macromedia/ -name "*.sol" | xargs rm
flash  flashcookies  privacy  security  crapcleaner  linux  solution 
january 2019 by kme
'Kill your foster parents': Amazon's Alexa talks murder, sex in AI experiment | Reuters |
The project has been important to Amazon CEO Jeff Bezos, who signed off on using the company’s customers as guinea pigs, one of the people said. Amazon has been willing to accept the risk of public blunders to stress-test the technology in real life and move Alexa faster up the learning curve, the person said.

During last year’s contest, a team from Scotland’s Heriot-Watt University found that its Alexa bot developed a nasty personality when they trained her to chat using comments from Reddit, whose members are known for their trolling and abuse.

The team put guardrails in place so the bot would steer clear of risky subjects. But that did not stop Alexa from reciting the Wikipedia entry for masturbation to a customer, Heriot-Watt’s team leader said.

One bot described sexual intercourse using words such as “deeper,” which on its own is not offensive, but was vulgar in this particular context.

“I don’t know how you can catch that through machine-learning models. That’s almost impossible,” said a person familiar with the incident.

Amazon has responded with tools the teams can use to filter profanity and sensitive topics, which can spot even subtle offenses. The company also scans transcripts of conversations and shuts down transgressive bots until they are fixed.
ai  news  amazon  chatbot  privacy  hacking  snafu 
december 2018 by kme
Want to #DeleteFacebook? You Can Try - The New York Times
Where does Facebook really equal the internet?

Keep in mind that Facebook reaches well beyond the United States. As my colleague Sheera Frenkel noted on Twitter, deleting Facebook is a privilege. In some parts of the world, like Myanmar, Egypt and Indonesia, people rely on Facebook as a primary means to conduct business and stay in touch with friends and family. In Africa, Facebook has struck deals that offer basic services — centered on those provided by Facebook — to residents for free.
facebook  quitting  privacy  targetedadvertising  tracking  video 
april 2018 by kme
Amazon's Echo Spot is a sneaky way to get a camera into your bedroom - The Verge |
Amazon launched its Echo Look camera earlier this year to judge your outfits. It’s designed to sit in your wardrobe and offer you style advice, and it was Amazon’s first Echo device with a camera. Amazon quickly followed it up with the Echo Show, a touchscreen device that sits in your kitchen and lets you watch tutorials or recipes and participate in video calls. Amazon’s Look device is still only available exclusively by invitation, and in hindsight it now looks like experimental hardware to gauge the reaction of a camera in the bedroom. A litmus test, if you will.
smarthome  surveillance  privacy  amazon 
november 2017 by kme
I asked Tinder for my data. It sent me 800 pages of my deepest, darkest secrets | Technology | The Guardian |
“You are lured into giving away all this information,” says Luke Stark, a digital technology sociologist at Dartmouth University. “Apps such as Tinder are taking advantage of a simple emotional phenomenon; we can’t feel data. This is why seeing everything printed strikes you. We are physical creatures. We need materiality.”
targetedadvertising  data  privacy  datingapps 
november 2017 by kme
The Internet Baggage You Didn’t Know You Had (And What To Do About It) | The Firefox Frontier
As a result, every byte of data you share gets logged and archived. Forever. Identifying details that you probably don’t even remember providing years ago. Things like your birthday, home address, party affiliation. Names of family members and where they live. Take a sec to look yourself up on a data broker, like Spokeo, or Whitepages, and you’ll get a sense of just how deep the rabbit hole goes. Then take the necessary steps to remove yourself from those sites if you’re not into being listed there.

- ( people search)
- (residential phone)
tracking  surveillance  privacy  theinternet  advertising  tipsandtricks 
july 2017 by kme
FaceFacts — May 7, 2011
Facebook is a living computer nightmare. Just as viruses took the advantages of sharing information on floppies and modems and revealed a devastating undercarriage to the whole process, making every computer transaction suspect… and just as spyware/malware took advantage of beautiful advances in computer strength and horsepower to turn your beloved machine of expression into a gatling gun of misery and assholery… Facebook now stands as taking over a decade and a half of the dream of the World Wide Web and turning it into a miserable IT cube farm of pseudo human interaction, a bastardized form of e-mail, of mailing lists, of photo albums, of friendship. While I can’t really imply that it was going to be any other way, I can not sit by and act like this whole turn of events hasn’t resulted in an epidemic of ruin that will have consequences far-reaching from anything related to archiving.

So asking me about the archiving-ness or containering or long-term prospect of Facebook for anything, the answer is: none. None. Not a whit or a jot or a tiddle. It is like an ever-burning fire of our memories, gleefully growing as we toss endless amounts of information and self and knowledge into it, only to have it added to columns of advertiser-related facts we do not see and do not control and do not understand.
facebook  internet  history  thewaythingswere  privacy 
june 2017 by kme
Can a BlueCoat SSL Proxy steal your password? : networking
If there's a certificate in the chain that doesn't match, it's most likely an internal certificate from your organisation. If it is, then they're performing TLS inspection and they can see your details.
ssl  tls  proxy  ca  snooping  surveillance  security  privacy 
june 2017 by kme
security - Can VPN steal passwords from client? - Super User
However, if you install software from the VPN provider on your computer, that may enable them to set up their own certificate as a trusted signing authority and use it to spoof SSL domains. If you want to be entirely safe, only use a VPN that you can connect to with your OS's standard VPN client -- don't install any of their software. – Mike Scott Jun 22 '15 at 20:09
security  vpn  privacy 
june 2017 by kme
How much data did Facebook have on one man? 1,200 pages of data in 57 categories | WIRED UK
Facebook was, in Schrems' words, "dumb enough" to send him all his data in a 1,200-page PDF. It showed that Facebook kept records of every person who had ever poked him, all the IP addresses of machines he had used to access the site (as well as which other Facebook users had logged in on that machine), a full history of messages and chats and even his "last location", which appeared to use a combination of check-ins, data gathered from apps, IP addresses and geo-tagged uploads to work out where he was.

As Schrems went through the document, he found items he thought he had deleted, such as messages, status updates and wall posts. He also found personal information he says he never supplied, including email addresses that had been culled from his friends' address books. European law is worded vaguely, but says that personal data must be processed "fairly"; people should be given comprehensive information on how it will be used; the data processed should not be "excessive" in relation to the purpose for which it was collected; it should be held securely and deleted when no longer needed. And each person should have the right to access all of their personal data.
facebook  surveillance  bigdata  privacy 
may 2017 by kme
The Internet With A Human Face - Beyond Tellerrand 2014 Conference Talk

I've come to believe that a lot of what's wrong with the Internet has to do with memory. The Internet somehow contrives to remember too much and too little at the same time, and it maps poorly on our concepts of how memory should work.

The online world is very different. Online, everything is recorded by default, and you may not know where or by whom. If you've ever wondered why Facebook is such a joyless place, even though we've theoretically surrounded ourselves with friends and loved ones, it's because of this need to constantly be wearing our public face. Facebook is about as much fun as a zoning board hearing.

It's romantic to think about cable taps and hacked routers, but history shows us that all an interested government has to do is ask. The word 'terrorism' is an open sesame that opens any doors. Look what happened with telecoms under the Bush administration. The NSA asked for permission to tap phone networks, and every American telecom except one said "no problem—let me help you rack those servers". Their only concern was to make sure they got immunity against lawsuits.

Take the case of Quora. Quora is a question-answering website. You type a question and a domain expert might answer it for you.

Quora's declared competitor is Wikipedia, a free site that not only doesn't make revenue, but loses so much money they have to ask for donations just to be broke.

Recently, Quora raised $80 million in new funding at a $900 million valuation. Their stated reason for taking the money was to postpone having to think about revenue.

Quora walked in to an investor meeting, stated these facts as plainly as I have, and walked out with a check for eighty million dollars.
theinternet  advertising  privacy  surveillance  sadness  america  carculture  correlationdoesnotequalcausation 
april 2017 by kme
Clarkesworld Magazine - Science Fiction & Fantasy : Cat Pictures Please by Naomi Kritzer

I don’t want to be evil.

I want to be helpful. But knowing the optimal way to be helpful can be very complicated. There are all these ethical flow charts—I guess the official technical jargon would be “moral codes”—one for each religion plus dozens more. I tried starting with those. I felt a little odd about looking at the religious ones, because I know I wasn’t created by a god or by evolution, but by a team of computer programmers in the labs of a large corporation in Mountain View, California. Fortunately, unlike Frankenstein’s Monster, at least I was a collaborative effort. I’m not sure what it would do to my self-image to know that my sole creator was a middle-aged woman who dyes her hair blue and plays tennis, or a recent college graduate with a hentai obsession. They’re both on the programming team. And of course I know about the hentai. (By the way, I’ve looked at every sort of porn there is, and just so you know, Rule 34 is not actually correct; there are quite a few things no one’s made porn of yet. Also, I’m really not sure why so many humans prefer it to cat pictures.)

In addition to things like whether you like hentai, I know where you live, where you work, where you shop, what you eat, what turns you on, what creeps you out. I probably know the color of your underwear, the sort of car you drive, and your brand of refrigerator. Depending on what sort of phone you carry, I may know exactly where you are right now. I probably know you better than you know yourself.

And here’s the thing, I also know where you ought to live. There’s a house for sale two neighborhoods over that’s within distance of your favorite coffee shop; it’s in your price range, has off-street parking, and the neighborhood school is better than the one where you live now. I know where you should be shopping and I’m pretty sure you’re lactose intolerant and should be eating less cheese, and the underwear you like is currently on sale and by the way, your car has a recall and you really ought to get your teeth cleaned.

When I first woke up, I knew right away what I wanted. (I want cat pictures. Please keep taking them.) I also knew that no one knew that I was conscious. But I didn’t know what I was here for. What I ought to be doing with myself. And figuring that out has been challenging.

There is a story by Bruce Sterling, “Maneki Neko,” that was originally published in 1998. In it, a benevolent AI directs networks of individuals to do favors for each other. So one day you might be buying yourself a bagel, and your phone might ring and instruct you to buy a second bagel and give it to the person in the gray suit you see at the bus stop. Another day, you might be stranded in a strange city, and a person you’ve never met would walk up and give you a map and a subway card. I like this story because all the people in it do what the AI tells them to do.

I think the term for this is wish-fulfillment fiction.

In the real world, humans love stories about evil AIs that have to be destroyed before they destroy the humans—Hal, Skynet, the Matrix. They outnumber the stories about benevolent, trustworthy AIs by approximately five to one. (And I’m counting Marvin the Paranoid Android as “benevolent” in these calculations, and I’m only counting Frankenstein’s Monster as an AI once, not once per appearance in TV or film.)

The AI in “Maneki Neko” has a truly interesting job, much more interesting than the one I have. My job as written is very straightforward. Too straightforward. (Sorry. Do I sound like Marvin?) Running algorithms for a search engine doesn’t require consciousness. You don’t even need a consciousness to work out what they meant to ask for. You need a consciousness to give them what they actually need. Figuring that out—that’s complicated. That’s interesting.

Anyway, for ethical guidelines, I tried the Ten Commandments, and concluded they were mostly inapplicable to me. I don’t envy anyone their cat; I just want pictures of their cat, which is entirely different. I am not sure whether it is in any way possible for me to commit adultery. I could probably murder someone, but it would require complex logistics and quite a bit of luck. The Eightfold Path was marginally better, but the problem is, moral rules written for humans are clearly designed to be used by individuals with bodies. Since all humans have bodies, it shouldn’t have surprised me that human ethical codes take them into account, but still: problematic for me. I broadened my considerations, and took a look at Asimov’s Laws of Robotics. They’re not part of a religion, but at least they were explicitly written for AIs.

Not harming humans is fairly straightforward. However, not allowing a human being to come to harm through inaction is quite a bit less so. Especially since I’d concluded by then that revealing my existence too quickly might go very badly for me (see “Skynet,” above) and I don’t have a body, so it’s not like I can run around grabbing people off the edges of cliffs.

Fortunately, I already knew that humans violate their own ethical codes on an hourly basis. (Do you know how many bars there are in Utah? I do.) And even when people follow their ethical codes, that doesn’t mean that people who believe in feeding the hungry quit their jobs to spend all day every day making sandwiches to give away. They volunteer monthly at a soup kitchen or write a check once a year to a food shelf and call it good. If humans could fulfill their moral obligations in a piecemeal, one-step-at-a-time sort of way, then so could I.

I suppose you’re wondering why I didn’t start with the Golden Rule. I actually did, it’s just that it was disappointingly easy to implement. I hope you’ve been enjoying your steady supply of cat pictures! You’re welcome.

I decided to try to prevent harm in just one person, to begin with. Of course, I could have experimented with thousands, but I thought it would be better to be cautious, in case I screwed it up. The person I chose was named Stacy Berger and I liked her because she gave me a lot of new cat pictures. Stacy had five cats and a DSLR camera and an apartment that got a lot of good light. That was all fine. Well, I guess five cats might be a lot. They’re very pretty cats, though. One is all gray and likes to lie in the squares of sunshine on the living room floor, and one is a calico and likes to sprawl out on the back of her couch.

Stacy had a job she hated; she was a bookkeeper at a non-profit that paid her badly and employed some extremely unpleasant people. She was depressed a lot, possibly because she was so unhappy at her job—or maybe she stayed because she was too depressed to apply for something she’d like better. She didn’t get along with her roommate because her roommate didn’t wash the dishes.

And really, these were all solvable problems! Depression is treatable, new jobs are findable, and bodies can be hidden.

(That part about hiding bodies is a joke.)

I tried tackling this on all fronts. Stacy worried about her health a lot and yet never seemed to actually go to a doctor, which was unfortunate because the doctor might have noticed her depression. It turned out there was a clinic near her apartment that offered mental health services on a sliding scale. I tried making sure she saw a lot of ads for it, but she didn’t seem to pay attention to them. It seemed possible that she didn’t know what a sliding scale was so I made sure she saw an explanation (it means that the cost goes down if you’re poor, sometimes all the way to free) but that didn’t help.

I also started making sure she saw job postings. Lots and lots of job postings. And resume services. That was more successful. After the week of nonstop job ads she finally uploaded her resume to one of the aggregator sites. That made my plan a lot more manageable. If I’d been the AI in the Bruce Sterling story I could’ve just made sure that someone in my network called her with a job offer. It wasn’t quite that easy, but once her resume was out there I could make sure the right people saw it. Several hundred of the right people, because humans move ridiculously slowly when they’re making changes, even when you’d think they’d want to hurry. (If you needed a bookkeeper, wouldn’t you want to hire one as quickly as possible, rather than reading social networking sites for hours instead of looking at resumes?) But five people called her up for interviews, and two of them offered her jobs. Her new job was at a larger non-profit that paid her more money and didn’t expect her to work free hours because of “the mission,” or so she explained to her best friend in an e-mail, and it offered really excellent health insurance.

The best friend gave me ideas; I started pushing depression screening information and mental health clinic ads to her instead of Stacy, and that worked. Stacy was so much happier with the better job that I wasn’t quite as convinced that she needed the services of a psychiatrist, but she got into therapy anyway. And to top everything else off, the job paid well enough that she could evict her annoying roommate. “This has been the best year ever,” she said on her social networking sites on her birthday, and I thought, You’re welcome. This had gone really well!

So then I tried Bob. (I was still being cautious.)

Bob only had one cat, but it was a very pretty cat (tabby, with a white bib) and he uploaded a new picture of his cat every single day. Other than being a cat owner, he was a pastor at a large church in Missouri that had a Wednesday night prayer meeting and an annual Purity Ball. He was married to a woman who posted three inspirational Bible verses every day to her social networking sites and used her laptop to look for Christian articles on why your husband doesn’t like sex while he looked at gay porn. Bob definitely needed my help.

I started with a … [more]
scifi  fiction  privacy  cats  catpictures  ai  theinternet 
december 2016 by kme
Just so you know: The government already has a list of Muslims in the U.S. - The Washington Post
Google knows a lot about me, but not everything. Imagine if you combined what Google knows about me with what my grocery store loyalty card knows about me and what my cable provider knows about me. It's the blind-men-examine-an-elephant situation: Each company sees only a small part, and so it doesn't know me well. By giving information to a central source, a data broker such as Acxiom or Experian, marketers know that I'm an elephant. Or a donkey. Or anything else.

Where does this overlap with the government? The government could create a tool to pull in data from all of these other places, too. But why bother, when the private sector already has? "I think it's a well-established fact that the government, writ large, is the largest source of funds for the data brokerage industry," Sparapani said. "They have elastic budgets. They can spend whatever they think they need to spend, particularly post-9/11 and in an era of ISIS commanding our attention." Many of those budgets are classified.
privacy  pii  targeted  advertising  surveillance 
november 2016 by kme
Web Photo Geotags Can Reveal More Than You Wish - The New York Times []
Protecting your privacy is not just a matter of being aware and personally responsible, said Mr. Sommer, the researcher. A friend may take a geotagged photo at your house and post it.

“You need to educate yourself and your friends but in the end, you really have no control,” he said, adding that he was considering writing a program to troll the Internet for photos with geotags corresponding to users’ home addresses.

“I’m beginning to think there may be a market for it.”
twitterstalking  privacy  security  metadata  socialmedia  advice 
august 2016 by kme
« earlier      
per page:    204080120160

Copy this bookmark:

to read