‘We’ve created a privacy industry’

‘We’ve created a privacy industry’ was a statement you could often hear when Europe introduced General Data Protection Regulations (GDPR) and the German implementation DatenSchutz GrundVerOrdnung (DSGVO). Already back in 2016 first predictions arrived, that GDPR will boost European software industry and give them a unique selling point. After the regulation became effective in Europe May 25th 2018(!), after a 2 years transition period, perceived only complaints happened. Affected data controllers and processors cited the difficulties implementing these regulations. A BitKom funded survey even indicates the regulation is hurting the European market.

'We've created a privacy industry'
Panel on Internet Security and Privacy

Now, around 1.5years later, the industry seems to have settled on the regulation and business continues as usual. Subjectively perceived, privacy is indeed still an obstacle to decision makers in the market. Even politicians keep on imploring data to be the new oil, demanding a data driven economy and to weakend the underlying ideas of european data protection acts. Meanwhile, the opportunity has moved along. Californian Start-Ups discovered this niche and turn privacy it into value:

Privacy-focused technology companies are offering a variety of services, from personal data scrubbing to business-focused software meant to help companies comply with the law.

Source: ‘We’ve created a privacy industry’: California law fuels wave of startups

Off Facebook Activity

Off Facebook Activity is a tool, that let’s Facebook users see which sites they used outside of Facebook. The tool is as creepy as you would think it would be. Facebook, through it’s like buttons and other embeds, has sheer unlimited insight into personal browsing behaviour.

Facebook Company Logo
Facebook Company Logo / Wordmark

In an attempt by the company to create more transparency, it discloses how much curiosity in a negative sense is driving the social network in trying to understand their audience. And actually sell this gained knowledge to their customers.

The release of Off Facebook Activity a reminder we are living in an increasingly connected world that is watching us. There is entirely no point for any company to collect this type of data outsire of making us a product.

The Washington Post writes about how creepy and scary this feature is, and even more important, how to work with privacy settings. While the article deals with Facebook internal settings alone, the amout of data transferred to Facebook won’t stop. At this point, you may want to consider personal privacy tools like uMatrix (for Firefox or Chrome). Or, to leverage protection for the entire network, e.g. for your family, Pi-Hole is worth taking a look, too.

via: Washington Post

Privacy in the Platform Economy

Privacy in the Platform Economy: In the tracking business, access to the customers desktop was in firm hands of Google and Facebook. Until recently!

SnakeOil promises people security to get them install software that’s capable of eavesdropping ssl and all other access to a computers interaction. Quite obvious to see this is a good source to profile a users behavior. A violation of users privacy for the sake of security. You sure all read the fineprint in the anti virus software, right?

Now apparently, somebody in the SnakeOil industry figured that out. A recent leak disclosed Avast Antivirus leverages their market access to almost hald a billion user profiles and devices to package up this insight. “every search” that promises ‘Every search. Every click. Every buy. On every site.’. Of course the target audience is the same as for marketing- and tracking clients.

Source: vice.

See also:

Automatisierte Gesichtserkennung: Warum die Technik gefährlich ist.

Automatisierte Gesichtserkennung: diese Woche is eine Recherche zu dem US Unternehmen Clearview durch die Medien gereicht worden. Die Artikel haben jeweils viel Aufmerksamkeit auf sich gezogen.

Claudia Orsini. cyber. - Automatisierte Gesichtserkennung.
Claudia Orsini. cyber. CC-BY-2.0, Flickr.

Gesichtserkennung ist das Feature, das man bereits von Fotoverarbeitungsprogrammen, Handys und sogar Sozialen Medien kennt. Für die meisten Nutzer dieser Programme oder Dienste ist das meist ein lustiges, manchmal sogar nützliches Feature. In einer großen Sammlung von Fotos schnell alle für die Geburtstagsfeier alle Freunde wiederzufinden, ist schon praktisch.

Wenn diese Funktionalität die Grenzen der privaten Nutzung überschreitet beherbergt die Anwendung große Gefahren. Zum einen handelt es sich hier im eine private Firma. Weder weiss eine betroffene Person, ob Ihr Bild in der Datenbank geführt wird, noch ist eine Kundenliste der Firma bekannt. Das bedeutet, dass die Anwendung der Datenbank ebenso unklar ist, und damit auch Missbrauchspotential eröffnet. So gab es bereits Fälle, in denen Beamte Frauen nachstellten. Eine Fotodatenbank erleichtert solche Vorhaben. Genauso, wie Regierungen und offizielle Stellen beispielsweise Videoüberwachung öffentlicher Plätze leichter auswerten können. Damit wäre denkbar, Bewegungsprofile von beispielsweise Regierungskritischen Bürgern zu erstellen.

Die Technologie bringt durch Ihren Einsatz im öffentlichen Raum eine automatisierte Verletzung von Privatsphäre der Bürgerinnen und Bürger mit sich, wie auch Ulrich Kelber, Bundesdatenschutzbeauftragter, sich äussert.

In der Süddeutschen hat Simon Hurzt bereits am Dienstag eine handliche Übersicht über die Problematik mit der Technik veröffentlicht. In dem Artikel sind die wichtigsten Fragestellungen über automatisierte Gesichtserkennung antwortet.

Twelve Million Phones, One Dataset, Zero Privacy

Twelve Million Phones, One Dataset, Zero Privacy is part one of One nation, tracked, an New York Times investigation series.

Twelve Million Phones, One Dataset, Zero Privacy

is part one of One nation, tracked, an New York Times investigation series of smart phone information tracking and by Stuart A. Thompson and Charlie Warzel, within their privacy project. The research covers multiple topics, only starting out with an analysis of the potential contained in smartphone tracking information.

What we learned from the spy in your pocket.

Twelve Million Phones, One Dataset, Zero Privacy

The authors analyse a large dataset of location information from New York and Washington, DC, cell phone users. With the analysis, the article debunks myths about data privacy. The key takeaway of the analysis, to my interpretation are:

Twelve Million Phones - One Mobile Phone User in Munich
Mobile Phone User – Munich
  1. Data is not anonymous – the authors successfully identified a Senior Defense Department official and his wife. And this was possible during the Women’s March. According to authors, nearly half a million descended on the capital for this event. (Other sources only mention one hundred thousand attendants)
  2. Data is not safe – the authors point out complex relationships of companies in the tracking business. Complexity makes it impossible to ensure ownership. There is no foolproof way for anyone or anywhere in the chain to prevent data from falling into the hands of a foreign security service.
  3. Affected persons cannot consent – the authors criticism seems reasonable. Virtually all companies involved with tracking require user consent. And even cell phones make the geo-tracking feature visible to users. Only barely anyone in the business makes purpose transparent. In other words, no company prominently announce how they package and sell data or insight.

One Nation, Tracked

The article is a creepy read, but worth the time spending. The series One Nation, Tracked continues with 6 other parts:

  1. discussing how to Protect Yourself
  2. National Security, which is for the the US in the article.
  3. details on How it works
  4. individual spying in One Neighborhood
  5. Protests is about how this business betrays democracy
  6. And offers Solutions through privacy rights.

Source: Opinion | Twelve Million Phones, One Dataset, Zero Privacy – The New York Times

Hello twenties.

Hello twenties.

Self-Reflection

Social media is a mistake: Let me start the new decade in the Photo category with a video. In the past year I challenged myself and take a picture every day. The project was inspired by an old, fellow student. It sounded easy in first place, turned into a challenge soon and I use to self-reflect upon achievements and new experiences. Taking a photo of something new every day will make you start think about what you did. Sometimes, after a long day in office, it requires plenty of discipline to pay attention to your schedule and environment.

Instagram

To measure the result, when starting, I decided to go for Instagram. Get Likes has never been the goal. The level of interaction with the platform and exposure to the crowd I got there gave plenty of insight into how the crowd works. But the service never convinced for many reasons. As stated elsewhere, the experience just re-affirmed my feeling that social media is a mistake.

The medium is driven by vein and pride, just as Scott Galloway put it, the seven deadly sins. These are not good guidance in first place. And they are by no means compatible with the goals of the project, even though it generated plenty of attention and positive feedback.

Purpose

And finally, the company owning Instagram, Facebook, requires to accept a license through their Terms of Service to grant to them a non-exclusive, transferable, sub-licensable, worldwide license to host, use, distribute, modify, run, copy, publicly perform or display, translate, and create derivative works of your content (consistent with your privacy and application settings) for purposes of making the Instagram Service available. While comprehensible the service needs authority over content to offer the service, these purposes are too broad for what I want to achieve. Instagram is driven by users registered and wouldn’t allow the audience I have in mind to consume the photos without registering. Just try scrolling through the page, it will require registration quickly.

Resolution

You can end this license anytime by deleting your content or account. Following the Terms of Service, this is the only way to not grant these. And while Instagram offers means to download all content, this still ain’t too easy: all the content over there has meta information, like comments and or locations, that are not straight forward to transfer. Which brings me to one of next years resolutions: not only continue my own project here – to take a photo every day as an act of self-reflection. But also to migrate existing content from Instagram over here.

Hello twenties: Instagram Err(or?)
Instagram Error

And the same is true for other social media. For example, LinkedIn does also leverage such mechanisms. While the above is only an example, I try to put more attention to these models. And this page shall serve as a basis to replace others in the .

Social media is a mistake. Take back the web and decentralise the next decade.

Kampf gegen Facebook: Rückenwind für Schrems vor EuGH

Schon seit den Snowden Leaks setzt Max Schrems sich gegen Facebook und für Datenschutz in Europa ein. Noch am 19.12.2019 hat das EuGH in seinem Sinn entschieden, schreibt der Österreichische Rundfunk:

Am Donnerstag errang er [Max Schrems] einen Etappenerfolg: Der Generalanwalt des Europäischen Gerichtshofs (EuGH) empfahl dem Gericht, bei einigen Grundsatzfragen zum Datenaustausch zwischen den USA und EU in Schrems’ Sinne zu entscheiden.

news.orf.at

Source: Kampf gegen Facebook: Rückenwind für Schrems vor EuGH – news.ORF.at

Quitting Google

Nithin Coca of The Next Web went on a quest to quitting Google. In this article, he describes his experience and gives plenty of pointers on how to achieve the same. He start out making a point about individual privacy, and points out individual alternatives to popular Google services. Starting from using Firefox over Chrome to particular services for daily office use. At the end of the year, this little “Quitting Google” guide contains little news, but serves as a good starting point to maybe develop a new years resolution and be more sensitive about privacy in the upcoming year 2020.

Nithin Coca of The Next Web
Nithin Coca of The Next Web

Over the past six months, I have gone on a surprisingly tough, time-intensive, and enlightening quest — to quit using, entirely, the products of just one company — Google. What should be a simple task was, in reality, many hours of research and testing. But I did it. Today, I am Google-free, part of the […]

Source: How I fully quit Google (and you can, too)

Unbekannte dringen in Server von Conrad Electronic ein

Ist hier jemand Online-Kunde von Conrad-Elektronik?

Conrad Elektronik
Conrad Elektronik Markt

Durch eine Sicherheitslücke verschafften sich Unbekannte Zugriff auf Conrad-Server mit 14 Millionen Kundendatensätzen.

Source: Unbekannte dringen in Server von Conrad Electronic ein | heise online

Google chief: I’d disclose smart speakers

“Does the owner of a home need to disclose to a guest? I would and do when someone enters into my home, and it’s probably something that the products themselves should try to indicate.”

Well, d’uh. If Rick Osterloh, SVP of Devices and Services, says so. At least the BBC writes.