Mozilla stops ad-network cookies

Mozilla, the developer of the Firefox web-browser, has decided that voluntary compliance by advertisers with its ‘Do Not Track’ settings is not working. Advertisers have basically been ignoring what is essentially a request by users, so instead of giving up, Mozilla has taken the right step and will simply not allow ad networks to install cookies on user’s computers or phones. This will of course cut ad revenue to some sites that rely on it, but it will also be a major step to slowing the proliferation of online tracking.

Of course, it can also be seen as a new negotiating position in a long conflict, as the Centre for Democracy and Technology points out, it could be a negotiating position that is all about trying to force companies to implement Do Not Track requests as a compromise from wholesale cookie-blocking. But I’m fully on board with Mozilla here either way. I very much doubt that Microsoft will take a similarly ethical stance on user control – because that’s what this is really about, not privacy as such but who has the right to control information about themselves.

The Unbearable Shallowness of Technology Articles… or, what Facebook Graph Search really means.

Wired has a feature article about Facebook’s new search tool. The big problem with it is that its vomit-inducing fawning over Facebook’s tech staff. In trying to make this some kind of human interest story – well, actually the piece starts off with Mark Zuckerberg’s dog, you see, he is human after all – of heroic tech folk battling with indomitable odds to create something amazing – what in science fiction criticism would be called an Edisonade – it almost completely muffles the impact of what a piece like this should be foregrounding, which is about what this system is, what is has been programmed to do and where it’s going.

And this is what Graph Search does, very simply: it is a search engine that will enable complex, natural language interrogation of data primarily but not limited to Facebook. So instead of trying to second-guess what Google might understand when you want to search for something, you would simply be able tell you what you ask. And because this is primarily ‘social’ – or about connection, and you should have already given up enough information to Facebook to enable it to ‘graph’ you so that it knows you, the results should supposedly be the kind if things you really wanted from your query. Supposedly. An FB developer in the article describes this as “a happiness-inducing experience” and further says, “We’re trying to facilitate good things.” However what this ‘happiness’ means, just like what ‘friendship’ means in the FB context, and what “good” means, just like the use of ‘evil’ in Google’s motto, is rather different than how we might understand such a term outside these contexts.

In the article, one example demonstrated by the developer is as follows:

[He] then tried a dating query — “single women who live near me.” A group of young women appeared onscreen, with snippets of personal information and a way to friend or message them. “You can then add whatever you want, let’s say those who like a certain type of music,” [he] said. The set of results were even age-appropriate for the person posing the query.

So when Mark Zuckerberg is quoted in the article saying that Graph Search is “taking Facebook back to its roots”, he seems to mean creeping on girls, as was, let us not forget, the main intention of the early Harvard version. Doesn’t this generate exactly the concern that the notorious ‘Girls Around Me’ app encountered? As the title of my favourite tumblr site has it, this isn’t happiness. Or it’s the happiness of the predator, the pervert and the psychopath.

But more fundamentally, this isn’t about privacy, or even online stalking. In fact, in many ways, both are side-issues here. This is about control and access: control over my information and how I access other information, not just on Facebook but in general. To me, the plans outlined for Graph Search look worrying, even outside of my idea of what would constitute happiness, because they have nothing to do with how I use Facebook or how I would want to use it. I don’t use Facebook as my gateway to the Web and I am never going to. As Eli Pariser pointed out in The Filter Bubble a couple of years back, that would both be limiting of my experience of the Web (and increasingly therefore of my communications more broadly) and give one organisation way too much power over both that experience and the future of the Web. But this does seem to be how Facebook wants it to be, and further, I suspect that, just like Bill Gates before him with his .NET initiative and other schemes, and just like the walled garden locked-in hardware that Apple produces, Zuckerberg is more interested in Facebook colonizing the entire online experience, or layering itself so entirely, tightly and intimately over the online world that the difference between that world and Facebook would seem all but invisible to the casual user.

These developments are dramatic enough in themselves. Never mind fluffy stories of heroic techies and their canine sidekicks.

Night of the Surveillance Dead

In one of those curious synchronicities that occasionally emerge out of the chaotic foam of the internet, I came across two stories (of an entirely different nature) featuring surveillance and ‘zombies’ this week.

The first is one that Ars Technica first publicized recently – the creation of new undeletable cookies. Cookies, for the still unaware, are little bits of code that sit on your computer and store information, usually relating to websites you have visited – so, passwords and the like. Originally they were simply a tool to make it easier to handle the proliferation of sites that needed login details from users. And in most cases, they used to be both moderately consensual (i.e. you would be, or could be, asked if you wanted to have you computer download one) and relatively easy to remove. However, in recent years, this has changed. For a start there are so many sites and applications using cookies that it has become inconvenient to ‘consent’ to them or to manage them in any unautomated way. The new development however is a system that uses the database capabilities in HTML5 rather than being a traditional cookie. The major problem with this, and you can read more about the technical details in the story, is that these cannot ever be deleted by the user, as when they are deleted, they respawn themselves, and recreate the data profile of the user by reaching into other areas of your computer (and even stuff you thought was also deleted). The company concerned, Ringleader Digital, which specializes in ‘targeted, trackable advertising’ for ‘real-time visibility’, says users can ‘opt-out’ by using a form on their website, but this so-called ‘opt-out’ is hedged about with terms and conditions.

Now, Ars Technica reports that an open-source developer, Samy Kamkar, has created ‘evercookie‘, a virtually indestructible cookie designed as an educational tool to make users aware of the presence of these new internet zombies that do their master’s bidding. It’s a neat idea but I wonder – and I hope you will excuse my taking the zombie metaphor just a little further here – whether in raising the dead to show that necromancy is bad, good wizards like Samy Kamkar might in the end just be contributing to the problem. It isn’t as if most ordinary users understand these strange powers. Perhaps the people who need to witness the power of these occult rites are the regulators. It’s not clear to me whether these kinds of programs would be considered in any way legal in most places with strong data-protection and privacy laws, like Canada and the EU – as the controversy over the similar British Telecom system, Phorm, showed. So I would be very interested in what the Canadian Privacy Commissioner has to say about it, for example. I will be asking them.

(The second zombie story I will add later…)

Surveillance, Coercion, Privacy and the Census

There’s been a huge furore here in Canada about the current government’s decision to abolish the long-form census. I’ve been following the debate more interested in what the proponents and opponents have been saying about privacy and surveillance rather than intervening. But it’s about time I got off the fence, so here’s my two cents’ worth. It may come out as an op-ed piece in one of the papers soon, I don’t know…

Sense about the Census:

Why the Long-form Census debate really matters.

The debate about the scrapping of the long-form census is in danger of being unhelpfully polarized. The result can only benefit the current government to the long-term detriment of the Canadian people. On the one hand, some of those campaigning for the reinstatement of the survey have dismissed issues of surveillance and privacy. On the other hand, supporters of its abolition have referred to ‘privacy’ and ‘coercion’ as if these words in themselves were reason enough to cut the survey. But the whole way in which privacy has been discussed is a red herring. We need to reaffirm a commitment to privacy alongside other collective social values not in opposition to them. We need privacy and we need the census.

First, coercion. The long-form census is undoubtedly a form of coercive state surveillance. One only has to glance at the recent history of state data collection and its role in discrimination and mass-murder to see that that one can be far too blasé about the possibility of states misusing statistics. Examples abound from the Holocaust to the genocide in Rwanda, and there is no reason to suppose that this could never happen again. In fact technology makes discrimination easier and more comprehensive: with sophisticated data-mining techniques, inferences can be made about individuals and groups from disparate and seemingly harmless personal data.

However, just because censuses have the potential for abuse, this does not make them wrong. Surveillance forms the basis of modern societies, good and bad, and coercion is all around us from the time we are children told by our parents not to play on the stairs. Coercion can be caring, protect us and improves our lives. The long-form census would have to be shown to be unfairly coercive, or not have enough beneficial policy outcomes to justify any coercion. This, the government has failed to do, whereas the campaign for the restoration of the survey has highlighted numerous examples of improvements in communities across Canada resulting from long-form census data.

Now to privacy. The campaign to restore the long-form census has seen frequent instances of the argument, ‘nothing to hide, nothing to fear’. This is one of the most glib arguments about privacy and surveillance, not only because of the potential abuse of state data collection but also because it assumes so much about what people should want to keep private. Another common argument is that privacy is irrelevant because ‘everyone gives away their personal information on Facebook anyway’. But the fact that some people chose to share parts of their lives with selected others does not imply that any infringement of privacy is acceptable. Privacy depends on context. Social networking or marketing trends do not mean that ‘anything goes’ with personal data.

In making these arguments, campaigners end up unwittingly bolstering a government strategy that relies not only on the evocation of ‘coercion’ but on pitting individual privacy against collective social goals. Yet, the government’s position is misleading. Privacy is not simply an individual right but also a collective social value. And further, just because the data is collected from individuals by the state, does not mean that the state infringes on privacy. It depends on whether the data is stored without consent in a way that identifies individuals or is used in a way negatively impacts upon them.

However, Statistics Canada have demonstrated a commitment to privacy within the census process. The long-form census data is not used to identify or target individuals. It is aggregated and used for wider community purposes. As Statistics Canada say quite on their website: “No data that could identify an individual, business or organization, are published without the knowledge or consent of the individual, business or organization.” The census returns are confidential and Statistics Canada employees are the only people who will ever have access to the raw returns, and they are bound by The Statistics Act. All this was confirmed by the Office of the Privacy Commissioner of Canada, who found the 2006 census fully compliant with privacy law.

So both privacy and coercion are red herrings. The conduct of the long-form census has demonstrated a commitment to privacy alongside other collective social values in support of individuals and the wider community. This moderate, sensible and profoundly Canadian position is now under threat. That is why this debate matters.

CIA buys into Web 2.0 monitoring firm

Wired online has a report that the US Central Intelligence Agency has bought a significant stake in a market research firm called Visible Technologies that specializes in monitoring new social media such as blogs, mirco-blogs, forums, customer feedback sites and social networking sites (although not closed sites like Facebook – or at least that’s what they claim).  This is interesting but it isn’t surprising – most of what intelligence agencies has always been sifting through the masses of openly available information out there – what is now called open-source intelligence – but the fact is that people are putting more of themselves out their than ever before, and material that you would never have expected to be of interest to either commercial or state organisations is now there to be mined for useful data.

(thanks, once again to Aaron Martin for this).