Slashdot Mirror
Berkeley Law Releases Its First Web Privacy Census
New submitter DeeEff writes "The first report in the University of California, Berkeley Law School's quarterly Web Privacy Census was released on Tuesday, and it shows that popular Web sites are far more aggressive in their consumer tracking practices than most people suspect, and that consumers are trapped in an escalating privacy crisis with limited control over their personal information. Most interestingly noted in the article is that twice the amount of sites are using HTML5 storage as opposed to last year, while Flash Cookies are dying down, as we should expect. It also appears that third-party tracking seems to dominate most sites, such as from Google, Facebook, and other large players."
-- Bill Hicks
Yes, I know, someone is going to say, "Use Tor!" -- and I would have said the same thing not so long ago. Yet this is more complicated than just deploying privacy enhancing technologies.
We are talking about companies that have teams of hackers and computer scientists who are paid to find ways to break technical measures of protecting privacy. Substantial effort is needed to fight back, and most people are not willing to do the sorts of things that would be needed to protect their privacy. Disabling Flash, Silverlight, Java, and Javascript? Disabling cookies? These things make using the web very difficult these days, and as if that were not enough, there are malicious Tor exits that look for passwords and credit card data -- leaving users dependent on the very websites that are violating their privacy to protect it (by enabling TLS).
So unless someone has figured out a way to compel everyone to stop installing every trendy plugin, to give up on trendy Javascript-heavy websites, and to demand TLS from every website they connect to, we need to put some legal restrictions on data collection in places. Yes, I know, the big bad government interfering with business, but let's put it this way: do you want the big bad government to have access to vast logs of user activity (which is the next step after the corporations collect it -- the government either asks politely, demands it, or covertly acquires it)?
Which leaves us at the heart of the problem: the only organization in our society with the power needed to stop this has an interest in promoting it.
Palm trees and 8
Installing ghostery is the first thing I do now when I install a browser. You'll find that you can't interact with a lot of sites, or write comments on them if their tracking software is off, which gives you a good list of sites to stay away from.
Please do not read this sig. Thank you.
Remember the good old days when we complained about those nasty banner ads that would compile lists of what sites in their network you'd visit? When privacy meant not using your real name online? Such simple and naive times...
You do not have a moral or legal right to do absolutely anything you want.
The worst offenders are the ones that drive me to noscript and adblock plus. The more these fruitcakes at sites like Gawker Media^1 insist on throwing more crud at me, the more I will further fortify my position and flush all ads and tracking.
And now, if the world was ending, and the only way to save myself was to get a lottery ticket from Gawker Media for the next space ship leaving Earth, I wouldn't, on principle.
--
BMO
1. Gawker Media is: gawker gizmodo kotaku jezebe deadspin lifehacker jalopnik io9
This is exactly why I use noscript. I persistently block googleadservices.com, doubleclick.net, etc, but I like that Noscripts protects me from the 3rd party listeners by default but in a granular way.
Kinda like going outside unarmed will get you robbed and killed, unless we make that illegal and enforce the law -- which doesn't completely stop it, but kinda helps. But let's drop that rape culture "blaming the victim" shit, yeah?
Also, there's no way to not "leak", say, your IP address. So much for "you don't HAVE to accept those cookies, run those scripts, leak your user-agent, or anything else." That's bullshit even for geeks, doubly so for non-geeks.
To whom? To the site you connect to via proxy? The proxy? To your ISP?
Since packets have to reach you, *someone* has your IP address. If you run your own proxy, guess what, you're either fucked or scum that uses the computers of others without consent. If you use someone else's proxy, guess what, you're either very lucky or also fucked, because you think you have privacy but actually don't.
See how that works? When you control it, you're doing it. That proxy you control is you. If you don't control it, well... just how lucky do you feel, exactly?
Then enlighten me. You failed hard so far, and pouted orders don't impress me much either.
Your comment kinda stops *just* before you could actually have made a point. Maybe try again? Give examples, that sort of thing. It's hard to tell if you're just naive or bluffing with what little you have given so far.
Good point about chaining, but still... that's like asking me wether I'd rather like hepatitis or AIDS!
Of course I would prefer hepatitis, but ideally, I would prefer icecream to both. And by that I mean legislation that a.) actually addresses the issue and b.) actually gets enforced. I know that's asking a lot, it's utterly naive seeing how everybody is in bed with everybody; but the thing is, as long as a good chunk of the people who are are technically literate think it doesn't affect them, because they have ways around it, those voices are lacking, which makes the whole thing even less likely to happen. It's a web meme thing that annoys me since the days of gnutella... "they can't catch me" "they can't catch us all", "hax0rs will always find a way" etc.... it strikes me selfish at best, and cowardly at worst.
I'm not saying you can't take steps to make it harder to track you, I'm saying your grandma can't. Neither can little kids. Neither can 99% of the adults. So y u no angry? Statistically insignificant outliers are just that, you know... and no tyranny had or has 100% coverage and total control, not even the worst you could mention, so IMHO that is never a reason to shrug something off. It could be worse, but it should be better.
Personally, I went real name a long time ago and haven't looked back since. Anyone who collects data on me simply burdens themselves with something they then have to hide from me. But I'm nuts, and most people aren't exhbitionists of hate like me. So their mileage varies, and that's why I care. Don't ask for whom the bell tolls, it tolls for thee, and all that...
I can't say for the commenting part though because practically no website allows anonymous comments any more
Nod nod nod. I think this was something lost when people moved off usenet and onto a million little fiefdoms. On usenet you could easily have one or multiple pseudonym identities, no one controlled the discussions, you didn't have to sign up for shit, and the reader software was much better than on any web forum I've EVER seen. I mean literally 100% of web forums I've seen in my entire life suck compared to the functionality of the better usenet clients.
I'm all for the forward march of technology, but not when it replaces good things with pure suck.
The problem is that all the advertising spam since those nutso lawyers spammed UseNet is why we have all the authenticated logins.
Half the denial of posting is to handle advertisers trying to push whatever crap they have in their bag.
The other half is wacko nutjobs yelling at people in uppercase.
-- Tigger warning: This post may contain tiggers! --
Actually, the net works very well for privacy. If you have secure websites with encyrption and specific usernames and logins and don't tell anyone about it, it works quite well.
The problem arises when they want to make THAT public.
It's my Internet. It wasn't made for you non-techies. You were an afterthought.
-- Tigger warning: This post may contain tiggers! --
This is because Google owns doubleclick, which happens to be one of the worst offenders, if you RTFA.
Though honestly, its not just them. They do happen to be one of the highest tracking companies, but that's not really news in itself. The interesting part of the article are the other players.
Invading privacy through third party scripts and services seems to be the norm, I'm afraid.
Last article I read on SD was about Microsoft enabling tracking protection by default. Most users here claimed MS pro-privacy measure violated the user's rights. But in this thread, the consensus is that tracking is problematic and we are recommended to block certain sites? Odd, Slashdot. Odd. So walk me through this.
.But I can't opt-out of these privacy breaches, except on the very rare occasion where an individual company's privacy policy allows it (or makes opt-in the default).
....
Anyways, carry on, ....
I'm convinced that tracking, data collection and data sharing, among various other obviously unethical privacy violations by hundreds or more large companies on the web is a major concern and in general an undesireable term of use for most users
And no, choosing not to use the web or some services on the web is not the same as opting out. Otherwise, MS default to enabled tracking protection wouldn't equate to opt-in tracking; if you wouldn't use it, you've already opted-in. So don't tell me, if I don't like the sites, don't use them.
So which is it, Slashdot ? Should I go with a tracking protection list or should I not even worry about it? Can we get some facts up in here?
As an aside, I enabled tracking protection with the default list in IE9, and I could not sign into Yahoo via its web interface. See, this is why Congress or some neutral private company needs to get involved
Do Not Install The Proprietary Ghostery FF Addon!
Ghostery's true background (Score:3, Interesting)
"Seems like a lot of people are praising Ghostery, which leads me to believe that you haven't heard the backstory.
Evidon, which makes Ghostery, is an advertising company. They were originally named Better Advertising, Inc., but changed their name for obvious PR reasons. Despite the name change, let's be clear on one thing: their goal still is building better advertising, not protecting consumer privacy. Evidon bought Ghostery, an independent privacy tool that had a good reputation. They took a tool that was originally for watching the trackers online, something people saw as a legitimate privacy tool, and users were understandably concerned. The company said they were just using Ghostery for research. Turns out they had relationships with a bunch of ad companies and were compiling data from which sites you visited when you were using Ghostery, what trackers were on those sites, what ads they were, etc., and building a database to monetize.
When confronted about it, they made their tracking opt-in and called it GhostRank, which is how it exists today. They took an open-source type tool, bought it, turned it from something thatâ(TM)s actually protecting people from the ad industry, to something where the users are actually providing data to the advertisers to make it easier to track them. This is a fundamental conflict of interest.
To sum up: Ghostery makes its money from selling supposedly de-indentified user data about sites visited and ads encountered to marketers and advertisers. You get less privacy, they get more money. That's an inverse relationship. Better Advertising/Evidon continually plays up the story that people should just download Ghostery to help them hide from advertisers. Their motivation to promote it, however, isn't for better privacy; it's because they hope that you'll opt in to GhostRank and send you a bunch of information. They named their company Better Advertising for a reason: their incentive is better advertising, not better privacy."
- http://yro.slashdot.org/comments.pl?sid=2931443&cid=40412193
To get the snark comment out of the way, it's no longer 99-0 against the Tin Foil Hats. They're starting to collect a few victories. So for the Obligatory Tin Foil Hat comment, "the powers that be have no reason to stop their delicious lunch on consumer data."
Okay, with that out of the way, my suggestion is that if you get a big enough pissed-off-big-pocket on our side, get personal data classified as Copyrighted Data. Then when these companies go to share it with their buddies, all those $375,000 copyright penalty fees kick in reverse, and lead to a disaster against these companies. Think of the sports industries. Those are real players, right? Real people doing real things. So why is it magically a copyright violation to broadcast the game for copyright reasons?
Even a patent would be funny, it would buy us some 20 years to punt the problem into the 2030's. "My information is an important part of what makes me, me."
Somehow we mostly got the correct handling on the medical side - you don't see (yet!?) companies offering to show everyone your medical history. Now if we can get that to apply to all personal data, it would be interesting.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Yeah, I'm starting to enter this group. I'm midline - I run a modified variant of Firefox with AdBlock, Ghostery, Do Not Track, the Collusion plugin, and Private Browsing Mode with history set to zero. And that's about all the energy I have for this stuff.
If all that is not enough, (and it's not), that's the point of the article.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Usenet is way better than the bad old days that followed the green card lawyers.
It has been mostly forgotten by their type, having moved on to crapping all over the web, and the single to noise ratio on usenet discussions has improved.
When information is power, privacy is freedom.
So there are more singles?
Cool.
Are they actual women or people like me who used to post as women for a joke?
-- Tigger warning: This post may contain tiggers! --
Isn't HTML5 storage that shit where they just dump data in a database on YOUR machine? Fuck figuring out who you are and matching shit up - just store it all on your own machine bit by bit and glurb it all in as needed. The problem is these fucking standards shitbags enabling all this. First it was cookies, now it's a full blown local database. Oh, and they can read enough info to identify the machine (recent Orbitz story?) because MSIE6 and other browsers couldn't implement the standards well enough and webdevs had to have more information about your setup just to make shit work.
Just to be clear, the web can work with zero client side storage just by giving a site visitor a GUID embedded in every link - yes this requires the server to then inject the GUID dynamically into every page served, but who gives a shit when half the pages are dynamically created anyway? It wasn't easy in 1993, but today it would be trivial. Can someone please build a framework that makes this simple so we can turn off cookies and still have a "session"?
and no, this is NOT a complete solution to privacy issues by any means - just a start - get peoples machines to stop betraying them.
The actual problem being discusssed is people who use the web being tracked. Not people who browse through a gazillion proxies being able to evade that, provided the following is true:
Not that you have any way to check, do you. What does "no known history" mean? That if they sold data, it would have become known? That's silly.
Also, if 80% instead of, say 0.8% percent of all people would use proxies, and without any legislation that proclaims their right to do that sacrosanct, you'd see a huge ramp up in honey pots (not that you'd SEE it heh) and whatnot. In other words, you're not anonymous because nobody can get at you, but mostly because so many people aren't, nobody is even trying (hard) to get at you. It's just not worth the effort -- yet. Your data is worth as much as the data of others, it's much harder to get, so they pass, for now.
Since I love Nazi comparisons: go for the weak first, consolidate your power using them, then use that power to overcome the rest. It's Nazi/Business 101, really, and Godwin can shut the fuck up. First they came for grandma, but I was using proxies, so I didn't stand up. Then they came for noobs, but I was leet, so I didn't stand up. Then suddenly my PC broke, and the only new ones I could get only had a huge "soma" button in the middle of the screen... which is when it dawned on me that my sense of superiority and security was uncalled for and played right into the hands of those who planted it there, and that technical solutions can't solve human problems in the long run.
Wait, I know, I'll simply use your awesome logic: They have no known history of not doing that. If that kind of evidence is good enough for you, it's good enough for me :P