Slashdot Mirror
Berkeley Law Releases Its First Web Privacy Census
New submitter DeeEff writes "The first report in the University of California, Berkeley Law School's quarterly Web Privacy Census was released on Tuesday, and it shows that popular Web sites are far more aggressive in their consumer tracking practices than most people suspect, and that consumers are trapped in an escalating privacy crisis with limited control over their personal information. Most interestingly noted in the article is that twice the amount of sites are using HTML5 storage as opposed to last year, while Flash Cookies are dying down, as we should expect. It also appears that third-party tracking seems to dominate most sites, such as from Google, Facebook, and other large players."
-- Bill Hicks
Yes, I know, someone is going to say, "Use Tor!" -- and I would have said the same thing not so long ago. Yet this is more complicated than just deploying privacy enhancing technologies.
We are talking about companies that have teams of hackers and computer scientists who are paid to find ways to break technical measures of protecting privacy. Substantial effort is needed to fight back, and most people are not willing to do the sorts of things that would be needed to protect their privacy. Disabling Flash, Silverlight, Java, and Javascript? Disabling cookies? These things make using the web very difficult these days, and as if that were not enough, there are malicious Tor exits that look for passwords and credit card data -- leaving users dependent on the very websites that are violating their privacy to protect it (by enabling TLS).
So unless someone has figured out a way to compel everyone to stop installing every trendy plugin, to give up on trendy Javascript-heavy websites, and to demand TLS from every website they connect to, we need to put some legal restrictions on data collection in places. Yes, I know, the big bad government interfering with business, but let's put it this way: do you want the big bad government to have access to vast logs of user activity (which is the next step after the corporations collect it -- the government either asks politely, demands it, or covertly acquires it)?
Which leaves us at the heart of the problem: the only organization in our society with the power needed to stop this has an interest in promoting it.
Palm trees and 8
Installing ghostery is the first thing I do now when I install a browser. You'll find that you can't interact with a lot of sites, or write comments on them if their tracking software is off, which gives you a good list of sites to stay away from.
Please do not read this sig. Thank you.
Remember the good old days when we complained about those nasty banner ads that would compile lists of what sites in their network you'd visit? When privacy meant not using your real name online? Such simple and naive times...
You do not have a moral or legal right to do absolutely anything you want.
the first thing i do is install ad muncher.
been doing so for years.
The worst offenders are the ones that drive me to noscript and adblock plus. The more these fruitcakes at sites like Gawker Media^1 insist on throwing more crud at me, the more I will further fortify my position and flush all ads and tracking.
And now, if the world was ending, and the only way to save myself was to get a lottery ticket from Gawker Media for the next space ship leaving Earth, I wouldn't, on principle.
--
BMO
1. Gawker Media is: gawker gizmodo kotaku jezebe deadspin lifehacker jalopnik io9
People fall all over themselves to give away their personal information. You can't fight that.
If people stopped using sites like Facebook and Google that spread tracking shit all over the internet, those sites would die and that would be that. It's well known that these sites track every damn thing you do. It's been widely reported on in the popular media. But people keep using them no matter HOW bad they act, so they continue to act badly. I remember when tracking scripts first started appearing online. If nobody had run them, that shit would have died out in a few months.
I wish I could remember that quote about politics about a good government requiring eternal vigilance from the population. Well, it's the same online. When people don't give a fuck, then this is what you get. There's another good one from the political space: "you get the govt you deserve". Same here. We get the internet we deserve - or better, we all get the internet that the majority deserves. And given how little most people care, and how little effort they make to maintain their privacy, we deserve a fucked up privacy violating internet.
Companies do this shit because people keep on shoveling money at them for doing it.
third-party tracking
Thing is, third party tracking is optional. It's there be default, yes, but you don't HAVE to accept those cookies, run those scripts, leak your user-agent, or anything else.
The way to preserve your privacy is to not leak the data in the first place. If you do, and your privacy WILL be violated. If not in the USA then somewhere else, but it will be.
The real threat to privacy now is that anonymity starts to become more and more prevented on web forums, or if not outright prevented, at least punished, like on Slashdot where you post at 0 by default if you're anonymous, and few people will even see what you say.
This is exactly why I use noscript. I persistently block googleadservices.com, doubleclick.net, etc, but I like that Noscripts protects me from the 3rd party listeners by default but in a granular way.
it's really surprising to me that google doesn't appear in the tables...
According to http://knowledgerights.org/group/ownership/forum/topics/world-economic-forum-personal-data-as-an-asset-class, patterns of consumption is only one aspect of digital personae. The lawyers are unfortunately ahead of everyone. There was an article which interviewed a senior Facebook exec, where he reassured that the "users" owned the data and all Facebook wanted was a license to republish. The interviewer then asked the pointed question, that if users "owned" the data, then would they be free to give it to ... say Google? The interview took a sudden turn.
As others might point out, possession is 9/10ths of the law. At the moment, Little Brother is well and alive.
I can't say for the commenting part though because practically no website allows anonymous comments any more
Nod nod nod. I think this was something lost when people moved off usenet and onto a million little fiefdoms. On usenet you could easily have one or multiple pseudonym identities, no one controlled the discussions, you didn't have to sign up for shit, and the reader software was much better than on any web forum I've EVER seen. I mean literally 100% of web forums I've seen in my entire life suck compared to the functionality of the better usenet clients.
I'm all for the forward march of technology, but not when it replaces good things with pure suck.
The problem is that all the advertising spam since those nutso lawyers spammed UseNet is why we have all the authenticated logins.
Half the denial of posting is to handle advertisers trying to push whatever crap they have in their bag.
The other half is wacko nutjobs yelling at people in uppercase.
-- Tigger warning: This post may contain tiggers! --
Actually, the net works very well for privacy. If you have secure websites with encyrption and specific usernames and logins and don't tell anyone about it, it works quite well.
The problem arises when they want to make THAT public.
It's my Internet. It wasn't made for you non-techies. You were an afterthought.
-- Tigger warning: This post may contain tiggers! --
Last article I read on SD was about Microsoft enabling tracking protection by default. Most users here claimed MS pro-privacy measure violated the user's rights. But in this thread, the consensus is that tracking is problematic and we are recommended to block certain sites? Odd, Slashdot. Odd. So walk me through this.
.But I can't opt-out of these privacy breaches, except on the very rare occasion where an individual company's privacy policy allows it (or makes opt-in the default).
....
Anyways, carry on, ....
I'm convinced that tracking, data collection and data sharing, among various other obviously unethical privacy violations by hundreds or more large companies on the web is a major concern and in general an undesireable term of use for most users
And no, choosing not to use the web or some services on the web is not the same as opting out. Otherwise, MS default to enabled tracking protection wouldn't equate to opt-in tracking; if you wouldn't use it, you've already opted-in. So don't tell me, if I don't like the sites, don't use them.
So which is it, Slashdot ? Should I go with a tracking protection list or should I not even worry about it? Can we get some facts up in here?
As an aside, I enabled tracking protection with the default list in IE9, and I could not sign into Yahoo via its web interface. See, this is why Congress or some neutral private company needs to get involved
Do Not Install The Proprietary Ghostery FF Addon!
Ghostery's true background (Score:3, Interesting)
"Seems like a lot of people are praising Ghostery, which leads me to believe that you haven't heard the backstory.
Evidon, which makes Ghostery, is an advertising company. They were originally named Better Advertising, Inc., but changed their name for obvious PR reasons. Despite the name change, let's be clear on one thing: their goal still is building better advertising, not protecting consumer privacy. Evidon bought Ghostery, an independent privacy tool that had a good reputation. They took a tool that was originally for watching the trackers online, something people saw as a legitimate privacy tool, and users were understandably concerned. The company said they were just using Ghostery for research. Turns out they had relationships with a bunch of ad companies and were compiling data from which sites you visited when you were using Ghostery, what trackers were on those sites, what ads they were, etc., and building a database to monetize.
When confronted about it, they made their tracking opt-in and called it GhostRank, which is how it exists today. They took an open-source type tool, bought it, turned it from something thatâ(TM)s actually protecting people from the ad industry, to something where the users are actually providing data to the advertisers to make it easier to track them. This is a fundamental conflict of interest.
To sum up: Ghostery makes its money from selling supposedly de-indentified user data about sites visited and ads encountered to marketers and advertisers. You get less privacy, they get more money. That's an inverse relationship. Better Advertising/Evidon continually plays up the story that people should just download Ghostery to help them hide from advertisers. Their motivation to promote it, however, isn't for better privacy; it's because they hope that you'll opt in to GhostRank and send you a bunch of information. They named their company Better Advertising for a reason: their incentive is better advertising, not better privacy."
- http://yro.slashdot.org/comments.pl?sid=2931443&cid=40412193
To get the snark comment out of the way, it's no longer 99-0 against the Tin Foil Hats. They're starting to collect a few victories. So for the Obligatory Tin Foil Hat comment, "the powers that be have no reason to stop their delicious lunch on consumer data."
Okay, with that out of the way, my suggestion is that if you get a big enough pissed-off-big-pocket on our side, get personal data classified as Copyrighted Data. Then when these companies go to share it with their buddies, all those $375,000 copyright penalty fees kick in reverse, and lead to a disaster against these companies. Think of the sports industries. Those are real players, right? Real people doing real things. So why is it magically a copyright violation to broadcast the game for copyright reasons?
Even a patent would be funny, it would buy us some 20 years to punt the problem into the 2030's. "My information is an important part of what makes me, me."
Somehow we mostly got the correct handling on the medical side - you don't see (yet!?) companies offering to show everyone your medical history. Now if we can get that to apply to all personal data, it would be interesting.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Yeah, I'm starting to enter this group. I'm midline - I run a modified variant of Firefox with AdBlock, Ghostery, Do Not Track, the Collusion plugin, and Private Browsing Mode with history set to zero. And that's about all the energy I have for this stuff.
If all that is not enough, (and it's not), that's the point of the article.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Usenet is way better than the bad old days that followed the green card lawyers.
It has been mostly forgotten by their type, having moved on to crapping all over the web, and the single to noise ratio on usenet discussions has improved.
When information is power, privacy is freedom.
So there are more singles?
Cool.
Are they actual women or people like me who used to post as women for a joke?
-- Tigger warning: This post may contain tiggers! --
Isn't HTML5 storage that shit where they just dump data in a database on YOUR machine? Fuck figuring out who you are and matching shit up - just store it all on your own machine bit by bit and glurb it all in as needed. The problem is these fucking standards shitbags enabling all this. First it was cookies, now it's a full blown local database. Oh, and they can read enough info to identify the machine (recent Orbitz story?) because MSIE6 and other browsers couldn't implement the standards well enough and webdevs had to have more information about your setup just to make shit work.
Just to be clear, the web can work with zero client side storage just by giving a site visitor a GUID embedded in every link - yes this requires the server to then inject the GUID dynamically into every page served, but who gives a shit when half the pages are dynamically created anyway? It wasn't easy in 1993, but today it would be trivial. Can someone please build a framework that makes this simple so we can turn off cookies and still have a "session"?
and no, this is NOT a complete solution to privacy issues by any means - just a start - get peoples machines to stop betraying them.