Domain: 33bits.org
Stories and comments across the archive that link to 33bits.org.
Comments · 6
-
Re:"De-identifying" is WAY harder than it sounds
I concur. Our privacy relies on just 33 bits of entropy.
Gender and age are already several bits. These listing can be used to pinpoint the location of habitation, work and shopping. Give a few more bits like a regular place to spend week ends, a regular activity, or a specialized shop, the date of a big spending (house, car) and you are not anonymous anymore. -
Re:Use another service?
1- You have one hour, 2, a day. The time you were watching porn and didn't want to be tracked. Sigh... You clear your cache so you don't get tracked! What's your point, really?
Deleting the content *after* accessing the porn websites is useless: you're already logged by their servers! You need to delete anything that may identify you *before* you go to the porn website.
There are two kinds of tracking at play here. The one they associate with your account (what I meant when I said you shouldn't use their services) and the sudo-anonymous data that they collect when you enter a certain website. They don't know who you are, where you live and very easily you can hide from it, it's just anonymous statistics.
Wrong. Even if you're not logged in, they still build a profile on you - that's why they need Anonymous identifiers. And uniquely identifying someone is extraordinarily easy - you only need 33 bits of information.
But you can also opt out of it... if you see a page with google ads, don't go there if you don't want to be tracked by google...
Even if they don't have Google ads, they probably have Google Analytics, which is invisible to the common user.
And how do you know if the site has Google ads without visiting it and being tracked as a result?
But in todays internet, everyone tracks you and most are hundreds of times more creepy than google (at least with them you know exactly what your data is used for - they are quite upfront with it).
Well, I guess the guys who robs you $1000 is actually a nice guy, at least he didn't rob you $10000.
To sum up, don't like google, don't use websites where they're present. If you're really that bothered you can even send an e-mail to the webmaster saying why you're not on their site right now. It's your choice all the way.
As I said above, 1) there's no way of telling if they're "present" unless you're very knowledgeable and 2) to find out if the site has Google loggers, you have to be logged.
2- You mentioned IE. Google put a link to their privacy policy in the field that clearly stated what they did. IE didn't understand it but still thought it was a valid response. It's a bigger fail by MS than google.
If I find a bug in your websites bank and take money from your account, am I not a thief?
3- See the part where I mentioned incognito mode and clearing your cookies. You want to play dumb, be my guest, but it's extremely easy to avoid cookies.
YOU are playing dumb. You started this conversation saying "You only need to not use their services", now suddenly I have to know what a cookie is and how to disable them? Why?
4- The whole google complaining is an hypocrisy. They always were clear where they got their money
Being clear about where they got their money is not the problem, mr. strawman.
if it wasn't for google you'd still be paying to have e-mail with more than 100MB of space or using the calendar on the wall. You owe google a whole lot
Back the fuck off! Did I have a choice of whether I wanted to be helped? No? Then I don't owe them shit.
Secondly, I don't give a fuck over those "advantages". I have plenty of space on my HD for all the email I want to store (yes, I use a real email client which downloads the emails) and there are plenty of good calendaring applications available.
But the funny is that I actually like Google for many other reasons; I just don't like their tracking, which has the potential of being extremely dangerous and is unavoidable unless you know more about tech than 99,9% of the population, and I particularly don't like shills (unpaid, which is even more sad), regardless of whether they're defending Google, Facebook or MS.
-
Re:They won't get me
-
Re:Great idea but not likely to happen
Assuming you keep your plugins updated, you are already sending the X-Do-Not-Track header with all of your requests. Since NoScript 2.0.9.x, it can be configured with noscript.DoNotTrack.{enabled, exceptions, forced}, and the default is enabled.
The maintainer of NoScript says:
As stupid as it may sound (why parties who are interested in tracking you would comply?), a mean to clearly express your will of not being tracked is going to be useful, especially when backed by law or industry self-regulation, as explained here. Therefore it seems in the interest of NoScript users and privacy-concerned netizens in general to participate in this effort.
I'm not sure that I agree with the rationale (legislation about HTTP headers? No thank you!), but at least there is one. He also responded to the Firefox proposal.
-
Re:Great idea!Using short-term (biodegradable?) identifiers is an interesting idea, but I think it goes against two of the reasons companies collect data in the first place. The first is to confirm that you're a real, tangible human being, which means they want to connect your present data to the past. The second is to bombard you with marketing crap for the rest of your life, which means they want to connect your present data to the future. So using short-term identifiers is no better aligned with their interests than degrading data.
Random degradation sounds like an ad hoc solution to me anyway. Data privacy research has established a pretty firm theoretical foundation in the last few years, and ideas like "let's swap some stuff around until it's all random" are starting to sound as shonky as homebrew encryption algorithms.
-
Please read our FAQ
We have an FAQ about this paper. It answers many of the misconceptions expressed in the comments here. In particular, our algorithm applies to much more than public social networks like twitter and flickr. A variety of networks including the phone call network are being shared behind your back in anonymous form, and our de-anonymization techniques apply just as much. You'll probably agree that people expect more privacy there. See my blog for a variety of demonstrations and thought-experiments of de-anonymization.