Category: Digital self-defence (page 1 of 3)

Why it’s so hard to quit Big Tech

I’m writing this on a Google Pixelbook. Earlier this evening I wiped it, fully intending to install Linux on it, and then… meh. Partly, that’s because the Pixelbook now supports Linux apps in a sandboxed environment (which is great!) but mostly because using ChromeOS on decent hardware is just a lovely user experience.

Writing for TechCrunch, Danny Crichton writes:

Privacy advocates will tell you that the lack of a wide boycott against Google and particularly Facebook is symptomatic of a lack of information: if people really understood what was happening with their data, they would galvanize immediately for other platforms. Indeed, this is the very foundation for the GDPR policy in Europe: users should have a choice about how their data is used, and be fully-informed on its uses in order to make the right decision for them.

This is true for all kinds of things. If people only knew about the real cost of Brexit, about what Donald Trump was really like, about the facts of global warning… and on, and on.

I think it’s interesting to compare climate change and Big Tech. We all know that we should probably change our actions, but the symptoms only affect us directly very occasionally. I’m just pleased that I’ve been able to stay off Facebook for the last nine years…

Alternatives exist for every feature and app offered by these companies, and they are not hard to find. You can use Signal for chatting, DuckDuckGo for search, FastMail for email, 500px or Flickr for photos, and on and on. Far from being shameless clones of their competitors, in many cases these products are even superior to their originals, with better designs and novel features.

It’s not good enough just to create a moral choice and talk about privacy. Just look at the Firefox web browser from Mozilla, which now stands at less than 5% market share. That’s why I think that we need to be thinking about regulation (like GDPR!) to change things, not expect individual users to make some kind of stand.

I mean, just look at things like this recent article that talks about building your own computer, sideloading APK files onto an Android device with a modified bootloader, and setting up your own ‘cloud’ service. It’s do-able, and I’ve done it in the past, but it’s not fun. And it’s not a sustainable solution for 99% of the population.

Source: TechCrunch

Cal Newport on the dangers of ‘techno-maximalism’

I have to say that I was not expecting to enjoy Cal Newport’s book Deep Work when I read it a couple of years ago. As someone who’s always been fascinated by technology, and who has spent most of his career working in and around it, I assume it was going to contain the approach of a Luddite working in his academic ivory tower.

It turns out I was completely wrong in this assumption, and the book was one of the best I read in 2017. Newport is back with a new book that I’ve eagerly pre-ordered called Digital Minimalism: On Living Better with Less Technology. It comes out next week. Again, the title is something that would usually be off-putting to me, but it’s hard to argue about the points that he makes in his blog posts since Deep Work.

As you would expect with a new book coming out, Newport is doing the rounds of interviews. In one with GQ magazine, he talks about the dangers of ‘digital maximalism’, which he defines in the following way:

The basic idea is that technological innovations can bring value and convenience into your life. So, you assess new technological tools with respect to what value or convenience it can bring into your life. And if you can find one, then the conclusion is, “If I can afford it, I should probably have this.” It just looks at the positives. And it’s view is “more is better than less,” because more things that bring you benefits means more total benefits. This is what maximalism is: “If there’s something that brings value, you should get it.”

That type of thinking is dangerous, as:

We see these tools, and we have this narrative that, “You can do this on Facebook,” or “This new feature on this device means you can do this, which would be convenient.” What you don’t factor in is, “Okay, well what’s the cost in terms of my time attention required to have this device in my life?” Facebook might have some particular thing that’s valuable, but then you have the average U.S. user spending something like 50 minutes a day on Facebook products. That’s actually a pretty big [amount of life] that you’re now trading in order to get whatever the potential small benefit is.

[Maximalism] ignores the opportunity cost. And as Thoreau pointed out hundreds of years ago, it’s actually in the opportunity cost that all the interesting math happens.

Newport calls for a new philosophy of technology which includes things like ‘digital minimalism’ (the subject of his new book):

Digital minimalism is a clear philosophy: you figure out what’s valuable to you. For each of these things you say, “What’s the best way I need to use technology to support that value?” And then you happily miss out on everything else. It’s about additively building up a digital life from scratch to be very specifically, intentionally designed to make your life much better.

There might be other philosophies, just like in health in fitness. More important to me than everyone becoming a digital minimalist, is people in general getting used to this idea that, “I have a philosophy that’s really clear and grounded in my values that tells me how I approach technology.” Moving past this ad-hoc stage of like, “Whatever, I just kind of signed up for maximalist stage,” and into something a little bit more intentional.

I’ve never really the type of person to go to a book club, but what with this coming out and Company of One by Paul Jarvis arriving yesterday, perhaps I need to set up a virtual one?

Source: GQ

Through the looking-glass

Earlier this month, George Dyson, historian of technology and author of books including Darwin Among the Machines, published an article at Edge.org.

In it, he cites Childhood’s End, a story by Arthur C. Clarke in which benevolent overlords arrive on earth. “It does not end well”, he says. There’s lots of scaremongering in the world at the moment and, indeed, some people have said for a few years now that software is eating the world.

Dyson comments:

The genius — sometimes deliberate, sometimes accidental — of the enterprises now on such a steep ascent is that they have found their way through the looking-glass and emerged as something else. Their models are no longer models. The search engine is no longer a model of human knowledge, it is human knowledge. What began as a mapping of human meaning now defines human meaning, and has begun to control, rather than simply catalog or index, human thought. No one is at the controls. If enough drivers subscribe to a real-time map, traffic is controlled, with no central model except the traffic itself. The successful social network is no longer a model of the social graph, it is the social graph. This is why it is a winner-take-all game. Governments, with an allegiance to antiquated models and control systems, are being left behind.

I think that’s an insightful point: human knowledge is seen to be that indexed by Google, friendships are mediated by Facebook, Twitter and Instagram, and to some extent what possible/desirable/interesting is dictated to us rather than originating from us.

We imagine that individuals, or individual algorithms, are still behind the curtain somewhere, in control. We are fooling ourselves. The new gatekeepers, by controlling the flow of information, rule a growing sector of the world.

What deserves our full attention is not the success of a few companies that have harnessed the powers of hybrid analog/digital computing, but what is happening as these powers escape into the wild and consume the rest of the world

Indeed. We need to raise our sights a little here and start asking governments to use their dwindling powers to break up mega corporations before Google, Amazon, Microsoft and Facebook are too powerful to stop. However, given how enmeshed they are in everyday life, I’m not sure at this point it’s reasonable to ask the general population to stop using their products and services.

Source: Edge.org

Exit option democracy

This week saw the launch of a new book by Shoshana Zuboff entitled The Age of Surveillance Capitalism: the fight for a human future at the new frontier of power. It was featured in two of my favourite newspapers, The Observer and the The New York Times, and is the kind of book I would have lapped up this time last year.

In 2019, though, I’m being a bit more pragmatic, taking heed of Stoic advice to focus on the things that you can change. Chiefly, that’s your own perceptions about the world. I can’t change the fact that, despite the Snowden revelations and everything that has come afterwards, most people don’t care one bit that they’re trading privacy for convenience..

That puts those who care about privacy in a bit of a predicament. You can use the most privacy-respecting email service in the world, but as soon as you communicate with someone using Gmail, then Google has got the entire conversation. Chances are, the organisation you work for has ‘gone Google’ too.

Then there’s Facebook shadow profiles. You don’t even have to have an account on that platform for the company behind it to know all about you. Same goes with companies knowing who’s in your friendship group if your friends upload their contacts to WhatsApp. It makes no difference if you use ridiculous third-party gadgets or not.

In short, if you want to live in modern society, your privacy depends on your family and friends. Of course you have the option to choose not to participate in certain platforms (I don’t use Facebook products) but that comes at a significant cost. It’s the digital equivalent of Thoreau taking himself off to Walden pond.

In a post from last month that I stumbled across this weekend, Nate Matias reflects on a talk he attended by Janet Vertesi at Princeton University’s Center for Information Technology Policy. Vertesi, says Matias, tried four different ways of opting out of technology companies gathering data on her:

  • Platform avoidance,
  • Infrastructural avoidance
  • Hardware experiments
  • Digital homesteading

Interestingly, the starting point is Vertesi’s rejection of ‘exit option democracy’:

The basic assumption of markets is that people have choices. This idea that “you can just vote with your feet” is called an “exit option democracy” in organizational sociology (Weeks, 2004). Opt-out democracy is not really much of a democracy, says Janet. She should know–she’s been opting out of tech products for years.

The option Vertesi advocates for going Google-free is a pain in the backside. I know, because I’ve tried it:

To prevent Google from accessing her data, Janet practices “data balkanization,” spreading her traces across multiple systems. She’s used DuckDuckGo, sandstorm.io, ResilioSync, and youtube-dl to access key services. She’s used other services occasionally and non-exclusively, and varied it with open source alternatives like etherpad and open street map. It’s also important to pay attention to who is talking to whom and sharing data with whom. Data balkanization relies on knowing what companies hate each other and who’s about to get in bed with whom.

The time I’ve spent doing these things was time I was not being productive, nor was it time I was spending with my wife and kids. It’s easy to roll your eyes at people “trading privacy for convenience” but it all adds up.

Talking of family, straying too far from societal norms has, for better or worse, negative consequences. Just as Linux users were targeted for surveillance, so Vertisi and her husband were suspected of fraud for browsing the web using Tor and using cash for transactions:

Trying to de-link your identity from data storage has consequences. For example, when Janet and her husband tried to use cash for their purchases, they faced risks of being reported to the authorities for fraud, even though their actions were legal.

And then, of course, there’s the tinfoil hat options:

…Janet used parts from electronics kits to make her own 2g phone. After making the phone Janet quickly realized even a privacy-protecting phone can’t connect to the network without identifying the user to companies through the network itself.

I’m rolling my eyes at this point. The farthest I’ve gone down this route is use the now-defunct Firefox OS and LineageOS for microG. Although both had their upsides, they were too annoying to use for extended periods of time.

Finally, Vertesi goes down the route of trying to own all your own data. I’ll just point out that there’s a reason those of us who had huge CD and MP3 collections switched to Spotify. Looking after any collection takes time and effort. It’s also a lot more cost effective for someone like me to ‘rent’ my music instead of own it. The same goes for Netflix.

What I do accept, though, is that Vertesi’s findings show that ‘exit democracy’ isn’t really an option here, so the world of technology isn’t really democratic. My takeaway from all this, and the reason for my pragmatic approach this year, is that it’s up to governments to do something about all this.

Western society teaches us that empowered individuals can change the world. But if you take a closer look, whether it’s surveillance capitalism or climate change, it’s legislation that’s going to make the biggest difference here. Just look at the shift that took place because of GDPR.

So whether or not I read Zuboff’s new book, I’m going to continue my pragmatic approach this year. Meanwhile, I’ll continue to mute the microphone on the smart speakers in our house when they’re not being used, block trackers on my Android smartphone, and continue my monthly donations to work of the Electronic Frontier Foundation and the Open Rights Group.

Source: J. Nathan Matias

Location data in old tweets

What use are old tweets? Do you look back through them? If not, then they’re only useful to others, who are able to data mine you using a new toold:

The tool, called LPAuditor (short for Location Privacy Auditor), exploits what the researchers call an “invasive policy” Twitter deployed after it introduced the ability to tag tweets with a location in 2009. For years, users who chose to geotag tweets with any location, even something as geographically broad as “New York City,” also automatically gave their precise GPS coordinates. Users wouldn’t see the coordinates displayed on Twitter. Nor would their followers. But the GPS information would still be included in the tweet’s metadata and accessible through Twitter’s API.

I deleted around 77,500 tweets in 2017 for exactly this kind of reason.

Source: WIRED

Confusing tech questions

Today is the first day of the Consumer Electronics Show, or CES, in Las Vegas. Each year, tech companies showcase their latest offerings and concepts. Nilay Patel, Editor-in-Chief for The Verge, comments that, increasingly, the tech industry is built on a number of assumptions about consumers and human behaviour:

[T]hink of the tech industry as being built on an ever-increasing number of assumptions: that you know what a computer is, that saying “enter your Wi-Fi password” means something to you, that you understand what an app is, that you have the desire to manage your Bluetooth device list, that you’ll figure out what USB-C dongles you need, and on and on.

Lately, the tech industry is starting to make these assumptions faster than anyone can be expected to keep up. And after waves of privacy-related scandals in tech, the misconceptions and confusion about how things works are both greater and more reasonable than ever.

I think this is spot-on. At Mozilla, and now at Moodle, I spend a good deal of my time among people who are more technically-minded than me. And, in turn, I’m more technically-minded than the general population. So what’s ‘obvious’ or ‘easy’ to developers feels like magic to the man or woman on the street.

Patel keeps track of the questions his friends and family ask him, and has listed them in the post. The number one thing he says that everyone is talking about is how people assume their phones are listening to them, and then serving up advertising based on that. They don’t get that that Facebook (and other platforms) use multiple data points to make inferences.

I’ll not reproduce his list here, but here are three questions which I, too, get a lot from friends and family:

“How do I make sure deleting photos from my iPhone won’t delete them from my computer?”

“How do I keep track of what my kid is watching on YouTube?”

“Why do I need to make another username and password?”

As I was discussing with the MoodleNet team just yesterday, there’s a difference between treating users as ‘stupid’ (which they’re not) and ensuring that they don’t have to think too much when they’re using your product.

Source: The Verge (via Orbital Operations)

Cory Doctorow on Big Tech, monopolies, and decentralisation

I’m not one to watch a 30-minute video, as usually it’s faster and more interesting to read the transcription. I’ll always make an exception, however, for Cory Doctorow who not only speaks almost as fast as I can read, but is so enthusiastic and passionate about his work that it’s a lot more satisfying to see him speak.

You have to watch his keynote at the Decentralized Web Summit last month. It’s not only a history lesson and a warning, but he puts in ways that really make you see what the problem is. Inspiring stuff.

Source: Boing Boing

Designing for privacy

Someone described the act of watching Mark Zuckerberg, CEO of Facebook, testifying before Congress as “low level self-harm”. In this post, Joe Edelman explains why:

Zuckerberg and the politicians—they imagine privacy as if it were a software feature. They imagine a system has “good privacy” if it’s consensual and configurable; that is, if people explicitly agree to something, and understand what they agree to, that’s somehow “good for privacy”. Even usually-sophisticated-analysts like Zeynep Tufekci are missing all the nuance here.

Giving the example of a cocktail party where you’re talking to a friend about something confidential and someone else you don’t know comes along, Edelman introduces this definition of privacy:

Privacy, n. Maintaining a sense of what to show in each environment; Locating social spaces for aspects of yourself which aren’t ready for public display, where you can grow those parts of yourself until they can be more public.

I really like this definition, especially the part around “locating social spaces for aspects of yourself which aren’t ready for public display”. I think educators in particular should note this.

Referencing his HSC1 Curriculum which is the basis for workshops he runs for staff from major tech companies, Edelman includes a graphic on the structural features of privacy. I’ll type this out here for the sake of legibility:

  • Relational depth (close friends / acquaintances / strangers / anonymous / mixed)
  • Presentation (crafted / basic / disheveled)
  • Connectivity (transient / pairwise / whole-group)
  • Stakes (high / low)
  • Status levels (celebrities / rank / flat)
  • Reliance (interdependent / independent)
  • Time together (none / brief / slow)
  • Audience size (big / small / unclear)
  • Audience loyalty (loyal / transient / unclear)
  • Participation (invited / uninvited)
  • Pretext (shared goal / shared values / shared topic / many goals (exchange) / emergent)
  • Social Gestures (like / friend / follow / thank / review / comment / join / commit / request / buy)

The post is, of course, both an expert response to the zeitgeist, and a not-too-subtle hint that people should take his course. I’m sure Edelman goes into more depth about each of these structural features in his workshops.

Nevertheless, and even without attending his sessions (which I’m sure are great) there’s value in thinking through each of these elements for the work I’m doing around the MoodleNet project. I’ve probably done some thinking around 70% of these, but it’s great to have a list that helps me organise my thinking a little more.

Source: Joe Edelman

Every part of your digital life is being tracked, packaged up, and sold

I’ve just installed Lumen Privacy Monitor on my Android smartphone after reading this blog post from Mozilla:

New research co-authored by Mozilla Fellow Rishab Nithyanand explores just this: The opaque realm of third-party trackers and what they know about us. The research is titled “Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem,” and is authored by researchers at Stony Brook University, Data & Society, IMDEA Networks, ICSI, Princeton University, Corelight, and the University of Massachusetts Amherst.

[…]

In all, the team identified 2,121 trackers — 233 of which were previously unknown to popular advertising and tracking blacklists. These trackers collected personal data like Android IDs, phone numbers, device fingerprints, and MAC addresses.

The link to the full report is linked to in the quotation above, but the high-level findings were:

»Most trackers are owned by just a few parent organizations. The authors report that sixteen of the 20 most pervasive trackers are owned by Alphabet. Other parent organizations include Facebook and Verizon. “There is a clear oligopoly happening in the ecosystem,” Nithyanand says.

» Mobile games and educational apps are the two categories with the highest number of trackers. Users of news and entertainment apps are also exposed to a wide range of trackers. In a separate paper co-authored by Vallina-Rodriguez, he explores the intersection of mobile tracking and apps for youngsters: “Is Our Children’s Apps Learning?

» Cross-device tracking is widespread. The vast majority of mobile trackers are also active on the desktop web, allowing companies to link together personal data produced in both ecosystems. “Cross-platform tracking is already happening everywhere,” Nithyanand says. “Fifteen of the top 20 organizations active in the mobile advertising space also have a presence in the web advertising space.”

We’re finally getting the stage where a large portion of the population can’t really ignore the fact that they’re using free services in return for pervasive and always-on surveillance.

Source: Mozilla: Read, Write, Participate

Survival in the age of surveillance

The Guardian has a list of 18 tips to ‘survive’ (i.e. be safe) in an age where everyone wants to know everything about you — so that they can package up your data and sell it to the highest bidder.

On the internet, the adage goes, nobody knows you’re a dog. That joke is only 15 years old, but seems as if it is from an entirely different era. Once upon a time the internet was associated with anonymity; today it is synonymous with surveillance. Not only do modern technology companies know full well you’re not a dog (not even an extremely precocious poodle), they know whether you own a dog and what sort of dog it is. And, based on your preferred category of canine, they can go a long way to inferring – and influencing – your political views.

Mozilla has pointed out in a recent blog post that the containers feature in Firefox can increase your privacy and prevent ‘leakage’ between tabs as you navigate the web. But there’s more to privacy and security than just that.

Here’s the Guardian’s list:

  1. Download all the information Google has on you.
  2. Try not to let your smart toaster take down the internet.
  3. Ensure your AirDrop settings are dick-pic-proof.
  4. Secure your old Yahoo account.
  5. 1234 is not an acceptable password.
  6. Check if you have been pwned.
  7. Be aware of personalised pricing.
  8. Say hi to the NSA guy spying on you via your webcam.
  9. Turn off notifications for anything that’s not another person speaking directly to you.
  10. Never put your kids on the public internet.
  11. Leave your phone in your pocket or face down on the table when you’re with friends.
  12. Sometimes it’s worth just wiping everything and starting over.
  13. An Echo is fine, but don’t put a camera in your bedroom.
  14. Have as many social-media-free days in the week as you have alcohol-free days.
  15. Retrain your brain to focus.
  16. Don’t let the algorithms pick what you do.
  17. Do what you want with your data, but guard your friends’ info with your life.
  18. Finally, remember your privacy is worth protecting.

A bit of a random list in places, but useful all the same.

Source: The Guardian