Slashdot Mirror
The Woman Who's Making Your Privacy Her Business
davecb writes "The woman who faced down Facebook and was dissed by Silicon Valley business boys as 'an old-fashioned scold' is really one of the early advocates for using the internet for access to information, and to open up government. The Globe and Mail has an interview with Jennifer Stoddart, the privacy commissioner of Canada, who went up against Facebook for all of us, and made them back down."
My mom?
All of us in Canada at least. She seems to take her mandate seriously.
By her own logic, governments should hoard information, at least in the traditional sense, to keep it hidden from other national governments. Unless you think every nation in the word should have the same information as every other, then you agree with the general concept here.
And how exactly are governments supposed to not hoard information, keeping it hidden from even their own citizens, if they expect to be able to keep it hidden from other governments as well? I don't see how it's possible. Either the government hoards information and by necessity keeps some hidden from its people, or the government is completely transparent and every country in the world knows everything.
She's advocating an idealist point of view, one that is not tenable, at least not in terms of national security.
I do not respond to cowards. Especially anonymous ones.
They start out looking good, until some entity comes along and starts wringing profit or control (one & the same?) out of a new 'utopian innovation'.
That is what happened for a long time with Windows where Microsoft essentially dictated a lot of what and how things were done in personal computing or how FAST they progressed.
Level playing fields are hard to maintain in anarchistic society. The same can be said for all powerful central government or dictators.
Competition on a 'level playing field' seems to be one of the best antidotes to monopolies. But is isn't easy to decide what is fair. Luckily we have some solid heads in government that realize they have the responsibility to do the right thing for the average citizen rather than the labor unions and powerful corp. lobbies.
I'm starting to hate the internet. More and more it seems like the internet is turning into one big bug in the ass. I have to specifically opt out of fucking invasive bullshit toolbars that I didn't ask for, had no interest in, and no desire to have corrupting my machine. I got an idea for all you assholes who think that is the way to make money....HOWS ABOUT YOU WORK ON PROJECTS THAT MAKE US FREER RATHER THAN FURTHER CONFINE OR TRACK US??? Is it really so much to ask to be able to scan, upload, download, chat, skype, mud, "be on the web" without fear of being constantly surveiled? I'm not a tree. My psychological profile, shopping habits, surfing habits, political interests, are not "fruit" to be picked and sold on the market, and as such ARE NONE OF YOUR FUCKING BUSINESS!!! If I want your shit, I will use the most powerful investigatory tool humankind has ever invented, find it myself, and possibly even buy it! If what you had to offer was worth having I might even buy it again. But, until that point, LEAVE ME THE FUCK ALONE!
-Oz
She's done more than just the Facebook thing. That's really just the most prominent example. And yes, for all of us. She's not concerned with just protecting a certain segment of the population, or even "just Canadians." If she sees an issue that she can try and do something about, she actually tries to do something, and that something is usually in the interests of "the little guy," rather than corporations.
Canada: The US's more awesome sibling.
I've always thought that our privacy commisioner's identity should be unknown. Maybe he/she could appear on TV in a hood, speaking through a voice scrambler.
Honestly? For a privacy commissioner she's done a hell of a job. Taking her mandate seriously? I'd say so. Conservative, Liberal, NDP, Green, Bloc, small business, big business, internet related. NGO's, and so on. If you break the privacy act, you'll have her breathing down your neck fast. She's about as non-partisan, and pro-privacy as you can get.
Om, nomnomnom...
rather than intimidation and manipulation.
But how do the big multinational arms conglomerates make money off co-operation? Where are the backscatter-xray machine sales in that?
"I'm starting to hate the internet. More and more it seems like the internet is turning into one big bug in the ass. I have to specifically opt out of fucking invasive bullshit toolbars that I didn't ask for, had no interest in, and no desire to have corrupting my machine. I got an idea for all you assholes who think that is the way to make money....HOWS ABOUT YOU WORK ON PROJECTS THAT MAKE US FREER RATHER THAN FURTHER CONFINE OR TRACK US??? Is it really so much to ask to be able to scan, upload, download, chat, skype, mud, "be on the web" without fear of being constantly surveiled? I'm not a tree. My psychological profile, shopping habits, surfing habits, political interests, are not "fruit" to be picked and sold on the market, and as such ARE NONE OF YOUR FUCKING BUSINESS!!! If I want your shit, I will use the most powerful investigatory tool humankind has ever invented, find it myself, and possibly even buy it! If what you had to offer was worth having I might even buy it again. But, until that point, LEAVE ME THE FUCK ALONE!
-Oz" -
Ok, then YOU of all people, want to read this (not selling anything here, HOSTS files free & you already have one (you just have to fill your OS' copy of your HOSTS file w/ the right data to stop a lot of the problems you complain of online, & reputable + reliable sources for currently updated HOSTS files are below)):
16++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:
1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc.).
2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).
3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.
4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).
5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via PINGS &/or WHOIS though, regularly, so you have the correct IP & it's current)).
6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders
7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:
GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):
http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org/
http://blog.fireeye.com/
governments should hoard information, at least in the traditional sense, to keep it hidden from other national governments. Unless you think every nation in the word should have the same information as every other
Nah, Governments shouldn't hoard information at all.
They should only keep "vital" information under wraps for at most 2 years, then make it all public (not hording, hording = "never gonna give you up")
The only exception I can see is for long term military planning. Do we really need to use deceit in our diplomatic affairs? What's wrong with stating our goals and working to those ends? (It's not like we're really confounding our "enemies" by keeping diplomatic secrets).
Unfortunately, under such an "idealist" information policy, everything will just get categorized as "military planning."
You know... Just like nearly everything currently finds its way under the "national security" umbrella, even though most info is not. Hint: ACTA was held under the "national security" umbrella, now it's not; Guess it wasn't a matter of "national security" was it?
Corrupt governments will always hide under the "national security" blanket, even if you rename it to "military planning" or "diplomatic privacy".
Facebook knows nothing about me.
Are you that sure that nobody you know has given them your email address or in any other way shared information about you with them? Tagging photos of you seems to be the next most popular way to give them information about you but there may be more.
Never underestimate the dark side of the Source
Regardless of the coaching Zuck has received recently on how to act in an interview, based on his actions in public he is most definitely a "boy" even if his age is over 18.
They're in all the Java update wizards for one.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
What's with the poor reading comprehension?
Paragraph 9, words 20 through 23.
Do daemons dream of electric sleep()?
"biz boy" is an derogatory term for MBA students, who are roughly 50% female these days. I typo'd and wrote "business boy", and inadvertently insulted fellow members of my sex instead of the people I meant to insult (;-)) --dave
davecb@spamcop.net
Fair criticism, and it's unusual for the business section, which normally fawns over characters like Lord Black... --dave
davecb@spamcop.net
No, according to a eHow guide. They let you enter any text as your friend's name, and even ask you his/her email address: http://i.ehow.com/images/a05/l6/7p/add-tags-facebook-photos-1.5-800X800.jpg
Dilbert RSS feed
If you don't use Facebook, why do you need to block it's widgets? ::confused::
Visit the Arcade Restoration Workshop @ http://www.arcaderestoration.com
For the same reason you block Doubleclick and Google Analytics traffic, even though these sites don't (necessarily) know your real-world name either.
From Dictionary.com:
"hoard"
–verb (used without object)
3.
to accumulate money, food, or the like, in a hidden or carefully guarded place for preservation, future use, etc.
To hoard does not imply to never use.
And of course there are exceptions. This is the reason I called her an idealist in the first place. Idealists see no room for exceptions. They don't live in the real world where perfection is defined not as something with no flaws but as something with as few flaws as we can practicably achieve.
I do not respond to cowards. Especially anonymous ones.
You need to block Facebook widgets because they track even without your being signed in (or even a member):
Facebook's 'Like This' button is tracking you (Whether you click it or not)
which is derived from this paper:
Facebook Tracks and Traces Everyone: Like This! (Social Science Research Network)
Assuming you are not a member of facebook and have no need of the "Share" and "Like" buttons, the hosts file is your friend. Just enter 127.0.0.1 for facebook.net, facebook.com, facebookcdn.com (there may be others but I can't be bothered to look for them right now)
If you put a lock on the basement door, she wouldn't be able to go through your things. That, or, y'know, get a place of your own.
Funny how our cultural blinders obscure facts from us. Such as, only in America is a woman considered such when she attains the age of 18. Hint: different countries have different standards. But go ahead and say that 18 is a "universal" standard, because God forbid anyone think differently from us, the good people.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
With companies maintaining and sharing huge databases they can build a profile of you quite easily.
Consider the following situation, which parallels in in a way.
A friend's girlfriend loved to hang out in an IRC channel. She thought she was "stranger proof" because she limited the amount of information she shared in any one conversation. Some of the items she revealed were public, while others were revealed in "private" conversations. She (erroneously) assumed that some of the private conversations were with individuals sharing no connection with each other.
After hanging out in the channel for a couple of weeks she got a phone call -- from Australia. One of the channel members created profiles of other users and data mined their conversations in order to identify them. Coupled with the ability to search the net for the consistent use of handles that many become attached to, he was able to track down people rather easily.
For him it was a game. For others it's business.
We don't always know who owns the services we use, and rarely have any idea of who the data is shared with. If company A owns sites B and C, they have the data on you that both sites generate.
While he was working with a small group of people who were likely to share information with people they interacted with regularly, having a huge dataset encompassing thousands of your interactions with other sites is just as useful to a company with the means to examine the data.
And privacy policies don't mean squat without someone keeping them honest. Imagine how many sites out there use them as honey traps.
You certainly have something to say... with all respect, why don't you login? I post AC sometimes when it's best for me but I find its best to attach an account to my statements. IMHO.
The term was used to refer to AMERICAN men. Drop the hyper-anti-US bullshit.
Please help metamoderate.
Sounds like someone who really knows her stuff. Can we get one of those here in the USA? That'll never happen. I'd move to Canada but I hate the cold.
"We are just a war away from Amerikastan. When god vs god the undoing of man." Dave Mustaine
You first have to pass some privacy laws with teeth before someone like Ms. Stoddart can do her job.
Atlas stands on the earth and carries the celestial sphere on his shoulders.
Yes, your mom. :)
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Looks like there's no problem if you don't allow cookies from them in the first place, as the tracking system is based on them.
I didn't even notice it until someone called attention to it. Even before reading your reply I just figured it for a little alliteration and not some sexist attack. Hell, there are plenty of other colloquialisms such as "boys' night out" or "boy toy" that aren't considered offensive for their use of the word boy. The second might offend a person, but not for the reason's SuperBanana pointed out.
There's malicious intent and there's loose English. Unless there's some reason to suspect that the wording is intentional, let's leave the political correctness in a box.
Too bad, I really love using analytics. It lets me know where people are going on my site and for how long so I know what they like and don't like. This method is more accurate and less time consuming than bothering people about what they want to see next... I don't see IP addresses inside analytics so there is absolutely no personal information relating to this data. Has she ever used this app before? My ToS discusses about usage of anonymous data with Google Analytics so if someone didn't like it, they could not use the service. Additionally, analytic information provides good scoops on how to advertise to your visitors and if you can't find out information about your visitors in some way, then the age of "free internet" will be gone. I wouldn't mind if websites captured data about my gender, age, and even my favorite food so long as I can keep browsing websites for free. *puts on tinfoil hat* These suggestions about blocking Doubleclick, Analytics and so forth sounds more like people are trying to build a tiered internet system. What a shame.
I think "the little guy" would benefit more with keeping the privacy level as it is, unless "the little guy" is willing to spend money each month on current "free to use" websites and services. Granted, I don't agree about spying on what people are talking about unless you could easily opt-in and opt-out but anonymous tracking shouldn't be against the law. There's no harm by it and people get rewarded at the same time by using a website for free like youtube or slashdot.
User:
Facebook knows nothing about me.
Advertising Algorythm:
"This user seems to love getting Poked and seems pretty ignorant, let's display advertisements about poking osama bin laden and how many triangle ads"
But how about a nice game of Chess?
soylentnews.org Go there to enjoy the people!
Darn right all of us!
An older example of transitive trust causing problems to innocent bystanders was a library system and a drugstore system running on the same time-shared mainframe.
The drugstore system had security up the wazoo, the library did not.
An evil operator did the equivalent of a join on names between the two systems, and selected female persons with prescriptions for birth control pills from one and for addresses from the other, then started stalking.
Neither system alone would have yielded the information, but the combination of the two did, and the results were as startling then as the first cross-site scripting attacks were more recently.
So she's looking out for all of us, even those that don't know the degree to which they're vulnerable.
--dave (I'm genuinely impressed by her) c-b
davecb@spamcop.net
Military information already has a very short lifespan. Famously, "Flash" messages are sent UNCLAS, because it's more important they arrive now than be kept from the enemy.
Field Marshal Example already makes his information known to the enemy the moment he acts on it. That's why it was such a terrible decision for Winston Churchill to (putatively) consider keeping secret the German plans to bomb Coventry.
Unit war diaries are released a few years after the war is over, and even the anal British unclassify the rest of the material after fifty years or so. I can now read all sorts of stuff about the "funnys", which were top secret before the invasion of Europe.
The political equivalent of a flash message may stay secret a bit longer, but they probably only need stay secret until the crisis of the day is over. So give them a week instead of an hour.
The longest one should keep any secret is until all the participants are dead, and can't get in trouble. Which is approximately what the Census does (or did, since my government is in the process of eliminating same)
--dave (from Canada, eh?) c-b
davecb@spamcop.net
Actually for anyone who's friends gave up personal data on facebook, and thereby exposed them to snooping. See "transitive trust" (;-))
--dave
davecb@spamcop.net
to work here in the US?
I here Vancouver is very nice.
"He is so stupid. And now back to the wall!" Moe Szyslak
Wow. Touchy touchy. I didn't put AC down, or insult AC; I just asked why not login? Easy question. A good answer would be "too lazy", and I would certainly think that was valid. Another great answer would be "I just like posting AC". Of course, frothing and ranting is always an excellent response that is readily accepted for entertainment value if nothing else.
Logging in doesn't prove anything. It's just a community thing and helps to put into context what you say by indexing other comments.
No need for home address, real name, financials etc unless you feel a desire to provide those details.
I wouldn't recommend it though.
Cheers, and have a better day tomorrow!
Sure, if you USE Facebook. If you never go there (i.e. you don't USE it), then there is nothing to block... No?
Visit the Arcade Restoration Workshop @ http://www.arcaderestoration.com
Nope, according to the paper, even if you don't USE Facebook, even if you have never visited Facebook, the like button appearing on other sites can gather data about your visit.
Really, even those of us who don't use Facebook and block its little widgets?
Good fucking luck. Even if you don't have a Facebook account, you'll find your friends uploading your photo to their accounts to cover every party or night out you all share and tagging your image in there. I've always avoided Facebook, only to find that friends have taken pity on me and created a profile for me so that I can log in and check out photos of who they're dating, etc. You can't even buy a modern smartphone without finding Facebook as an uninstallable app built into it (at least the HTC Desire which I bought SIM free, and all the WP7 phones I checked out seen to have it integrated in a non-removable way with access rights given to all your contacts, txts, etc. You'd think that MS at least would make a business-market targeted phone).
Staying off Facebook is a full time job.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
- for Jennifer Government. :)
I'm making sauerkraut and kidney beans for supper
She's trying to get you to gas yourself out of the basement and flee out under the daystar! It's a trap!
Pro-PERSONAL-privacy.
As someone that deals with this sort of stuff it can be confusing how much power the Freedom of Information Act has. Ya personal privacy is a given, but there are plenty of other things that are sensitive that are not only not protected, but are now being challenged. Which one way or another would be fine, I don't care, its the ambiguity that sucks. I got some requirements for a software system, and they had a line that basically said that the information would only be accessed by those that have been given permission, and would be kept confidential. However in practice any jerkwad with an FOI request it going to get at it anyway (unless it is personal), so what bother? In addition why pay for government licensed or copyrighted material, when you can just demand it VIA FOI. Why try and protect sensitive areas and locations of habitat when again, just demand to see it, and go hunt/kill/destroy it up.
Anyway I am not debating its usefulness, however it needs serious work in clarity, and so far it seems to be all ad hoc interpretation and individual decisions. Makes trying to get real work done... difficult.
A friend's girlfriend loved to hang out in an IRC channel. She thought she was "stranger proof" because she limited the amount of information she shared in any one conversation. Some of the items she revealed were public, while others were revealed in "private" conversations. She (erroneously) assumed that some of the private conversations were with individuals sharing no connection with each other. After hanging out in the channel for a couple of weeks she got a phone call -- from Australia. One of the channel members created profiles of other users and data mined their conversations in order to identify them. Coupled with the ability to search the net for the consistent use of handles that many become attached to, he was able to track down people rather easily.
For him it was a game. For others it's business.
I did exactly this a few years back just for fun. I used to host a server for an old client/server sharing network called Hotline. People would upload stuff to my server so they could download the rest of what was on there. There were a few regulars and there was a chat system included in the software. At one point this girl thought she was completely anonymous, I proved her wrong. Just with info on which state she was in and her nickname, I used google to find out her other nicknames, real name, email address, which school she went to, physical address, parents names and jobs and I even sent here a map directly to her house... She was a bit upset about this but it was all for fun. Nobody is really anonymous unless you go through hell using proxy's and stuff like Tor and being completely paranoid.
. Just like nearly everything currently finds its way under the "national security" umbrella
National security, in particular how it is viewed in the US (and similarly throughout the "Western" world), economic stability and prosperity plays a key role in the modern definition. That is because money, i.e. economic influence and power is the most global resource, that knows and respects basically no boundaries, whereas a foreign military occupation / control is less tolerated in many countries around the world.
Now if only we could get someone of her caliber to be our Public Service Integrity Commissioner!
Also, our Auditor General Sheila Fraser basically rocks. ...good government... not yet completely dismantled by the conservatives.
Don't forget our Elections folks, who are currently putting the screws to the Conservatives over bogus accounting during the election.
Nope, according to the paper, even if you don't USE Facebook, even if you have never visited Facebook, the like button appearing on other sites can gather data about your visit.
I'm probably getting the exact technical details wrong, but if Facebook can't find a match for you, it creates a "temporary account" for you and tracks you using that number. (So while it might not know your exact details, it can track which sites you've been to.) The punchline is that if you ever create a Facebook account, the system automatically merges your temporary account into your Facebook account (retroactively adding all your previously anonymous details).
It's a pretty interesting system, in a privacy-stomping sort of way.
For a little more background, the Globe is "Toronto's national newspaper", a business rag primarily aimed at our version of Wall Street, hence a specific connotation on Lunch here.
My read of it was that the lunch anecdote was meant to reinforce that she takes the rules seriously (even the minor, easily excusable ones). It's a desirable trait in someone who's job it is to enforce rules. (Contrast with a local story about cops being caught driving in their patrol cars, coffee cup in one hand and cell phone in the other.)
I was not trying to dispute your argument, but merely correct that one point. Nothing about the others jumped out at me as being incorrect.
Personally, I'd rather not interfere with the DNS lookups, even for ad hosters, and adblock works just fine for my browsing purposes, but for other people Host files may indeed be a better solution.
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524