« Are Reporter Advance Sheet Services Obsolete? (After a 34% Price Increase is Stanford Law Going to Cancel West's S. Ct. Advance Sheet Subscription?) | Main | Opening: Systems Librarian, University of the District of Columbia David A. Clarke School of Law »
August 4, 2010
Is Web Privacy Dead? Probably
Joe's graphic from yesterday on Internet privacy, or lack thereof, is a bit startling. I can agree with his sentiments that worrying about privacy is pointless, given the amount of personally identifiable information that exists about individuals in public and private databases. The graphic highlighted Google and Facebook. Cutting back on the "intrusions" from these companies wouldn't solve any problems.
There are three general ways in which third parties get information. People give it willingly. That's details provided to Facebook and shopping sites. People allow themselves to be tracked in return for services. Geo-location services on electronic devices provide a nice way to see where friends are. They also provide marketers, and maybe a few others, with a view to a person's habits. Then there is simply taking the information, via hacking. AT&T may not willingly provide personal information about who owns an iPad, but it didn't stop someone from exploiting a flaw in AT&T security to collect that information. There are other examples.
Computerworld's David A. Milman points out a few other circumstances where privacy is compromised. Here are a few from his article:
- A 23 year old hacker gains access to over 4 million users' private information on Pirate Bay.
- Mobile security firm Lookout releases the results for its App Genome Project, indicating that 47% of Android phone apps contain third party code and over 30% of iPhone apps access user location data.
- Ron Bowes of Skull Security collects profiles for over 100 million Facebook users and then posts them online for download. Gizmodo reports that a lengthy list of major corporations downloads the file.
How bad is it? The recent Black Hat security conference, dedicated to improving information security discovered that their supposedly secure video feed could be hacked and viewed for free.
He suggests that protecting online privacy is not a lost cause, and he suggests proactive steps that people can take. These include managing privacy settings on social sites; share less personal information; use dedicated email accounts for public contact; manage tracking cookies and other browser settings; and learn more. All wonderful suggestions, though they require individuals to be proactive in managing their web presence. One commenter suggested that people not be lazy when it comes to web privacy, but that is the problem. The browser defaults, in most cases, expose information, not hide it.
Another story that broke yesterday in the Wall Street Journal had to do with the privacy settings in Internet Explorer 8. The development team wanted the InPrivate browser setting turned on by default. InPrivate essentially blocks tracking and erases evidence of browsing sessions. That would certainly defeat Google's ability to track users. Unfortunately, the corporate side of Microsoft also runs an ad network and the Bing search engine also has an interest in tuning its algorithms. Both features require that same tracking information. Not only was the privacy feature not enabled by default, it has to be invoked each time someone wants to browse privately.
For the record, other major browsers, Chrome, Firefox, (save Safari) and the like have their privacy features set the same way. The Journal story also points out that the top 50 web destinations placed 64 pieces of tracking technology on a test machine. It's no wonder that Apple, as an example, wants to strictly control the iPhone and iPad environment. At the very least it means third-party software can't interfere with the Apple's iAds tracking. A related Journal article worth viewing is On the Web's Cutting Edge, Anonymity in Name Only. It about web analytics company [x+1] that helps companies make decisions about individuals based on their web and other habits. Decisions, for example, as to whether the person in question should get certain types of credit. A quote from that article:
"We never don't know anything about someone," says John Nardone, [x+1]'s chief executive.
From the perspective of how insidious web tracking may be and given the effort it takes to defeat it, I agree with Joe, real web privacy is dead. Governments do not seem inclined to mandate otherwise. Time to get with the program.
While we're on the subject, remember those airport checkpoint scanners that created images that show personal details of anatomy to TSA agents? Remember how the TSA said these could never be stored or downloaded? Well, turns out that the machines can store about 40,000 images. Not only that, but the Federal Marshals Service acknowledged that "approximately 35,314 images...have been stored on the Brijot Gen2 machine" used in the Orlando, Fla. federal courthouse. Can't wait for those to pop up on the web, or for someone to find a way to link them to tracking profiles. CNET has that story. [MG]