Schneier: The Internet Is a Surveillance State

An anonymous reader writes "Bruce Schneier has written a blunt article in CNN about the state of privacy on the internet. Quoting: 'The Internet is a surveillance state. Whether we admit it to ourselves or not, and whether we like it or not, we're being tracked all the time. Google tracks us, both on its pages and on other pages it has access to. Facebook does the same; it even tracks non-Facebook users. Apple tracks us on our iPhones and iPads. One reporter used a tool called Collusion to track who was tracking him; 105 companies tracked his Internet use during one 36-hour period. ... This is ubiquitous surveillance: All of us being watched, all the time, and that data being stored forever. This is what a surveillance state looks like, and it's efficient beyond the wildest dreams of George Orwell. Sure, we can take measures to prevent this. We can limit what we search on Google from our iPhones, and instead use computer web browsers that allow us to delete cookies. We can use an alias on Facebook. We can turn our cell phones off and spend cash. But increasingly, none of it matters. There are simply too many ways to be tracked."

tor

[scum-e-bag]

use tor
cbf'd posting as anon-coward as even slashdot isn't anonymous...

Re:tor

Easy fix: disable third party cookies.

Re:tor

[TWX]

Won't work so well. They're starting to write-in to the design of the website to need them in order to get the content.

Same with noscript functions. There are lots of sites that, in order to get content, one has to have otherwise-unrelated scripts functioning for the content to ultimately appear.

I just don't have the browser save anything anymore at close. No cache, no cookies, no login credentials, no history, nothing. I also blocked a whole bunch of crap through my router, and I further block things through the hosts file that *I* don't use but others using the router might want or need.


The solution that I recommend is living in the real world. Get a hobby that isn't principally on the computer. I chose things like auto restoration, model rocketry, and working with older machinery.

They only have power because you give them power. Take away their power by no longer playing the game.

Re:tor

[pepsikid]

Whenever I log onto Slashdot, my firewall immediately reports Slashdot servers sniffing a bunch of my ports. I use DD-WRT with logging enabled and WallWatcher to display events.

Re:tor

[maxwell+demon]

Take away their power by no longer playing the game.

There is only one possible way to stop playing.

That way would interest me. After all, even if you die, your death will be tracked. Actually it's one of the few things which have already traditionally be tracked and stored for extended times, on tombstones.

Re:tor

Years ago someone posted that this was slashdot checking to see if you've been at risk for infection by common malware and therefore flag your posts as likely spam. I don't know why people are modding you down.

Speaking of Google tracking

Slashdot now uses Google APIs.

Re:Speaking of Google tracking

Slashdot now uses Google APIs.

Slashdot has been a broken website for years now and constantly making things worse. It is very unwelcoming to new visitors and other AC. Especially those who run No-Script or block scripting altogether. That being a much safer way to visit websites. The so called "Classic Discussion System" is no longer available to anyone but logged in members with their preferences set for it. The option to use the "Classic Discussion System" for visitors/AC disappeared from the site quite some time ago unfortunately and since then the site is mostly unbrowsable, especially after a certain number of comments. I have little doubt that I am not the only AC here who could have had a low digit UID if they had actually cared to sign up for it. However I bet many of those no longer come to Slashdot because of how inhospitable it has become due to the abrasiveness of AJAX and javascript in general.

Sadly true

And sadly most of us contributed to this. Either actively by working on some piece of technology that is enabling this, or passively by sacrificing our privacy for our convenience.

How sad it is to realize that the technology that we so much love and spend our lives working on is helping the state and big corps to spy on us.

Re:Sadly true

[lennier]

While it may be irritating, as long as they don't feed data to governments, it's not really Orwellian.

And you know thatInternet companies which keep all their internal dealings secret for "commercial sensitivity" reasons are NOT feeding our data to a government which made it illegal for companies to report their national security letters.... how?

Same way as we know that meat companies aren't cutting their beefburgers with horsemeat, I guess.

Re:Sadly true

[maxwell+demon]

It's feeding the data to those who actually govern the world these days.

Re:Sadly true

[TarPitt]

Because private corporations by definition can't intimidate people by force, since only people intimidated, beaten up or killed by the evil government lose their freedom.

Being intimidated, beaten up or killed by private corporations doesn't restrict your freedom at all

ref:
Colorado Labor Wars
Iron and Coal Police, a privatized law enforcement entity
Henry Ford's Service Department - which didn't repari customers' cars but beat the crap out of union organizers

Remember, if your are beaten or shot at by a government employee, it is evil tyranny. If you are beaten or shot at by a private security force, you are feeling the pains of FREEDOM.

It is only bad if the government does it.

Ways around some of it

Ghostery is a good start.

The need for FOSS intelligence tools for sensemaki

[Paul+Fernhout]

Something I wrote a couple years ago: http://pcast.ideascale.com/a/dtd/-The-need-for-FOSS-intelligence-tools-for-sensemaking-etc.-/76207-8319
"Now, there are many people out there (including computer scientists) who may raise legitimate concerns about privacy or other important issues in regards to any system that can support the intelligence community (as well as civilian needs). As I see it, there is a race going on. The race is between two trends. On the one hand, the internet can be used to profile and round up dissenters to the scarcity-based economic status quo (thus legitimate worries about privacy and something like TIA). On the other hand, the internet can be used to change the status quo in various ways (better designs, better science, stronger social networks advocating for some healthy mix of a basic income, a gift economy, democratic resource-based planning, improved local subsistence, etc., all supported by better structured arguments like with the Genoa II approach) to the point where there is abundance for all and rounding up dissenters to mainstream economics is a non-issue because material abundance is everywhere. So, as Bucky Fuller said, whether is will be Utopia or Oblivion will be a touch-and-go relay race to the very end. While I can't guarantee success at the second option of using the internet for abundance for all, I can guarantee that if we do nothing, the first option of using the internet to round up dissenters (or really, anybody who is different, like was done using IBM computers in WWII Germany) will probably prevail. So, I feel the global public really needs access to these sorts of sensemaking tools in an open source way, and the way to use them is not so much to "fight back" as to "transform and/or transcend the system". As Bucky Fuller said, you never change thing by fighting the old paradigm directly; you change things by inventing a new way that makes the old paradigm obsolete."

I blame the web

[Hentes]

While the W3C is always keen to push all kinds of new fancy unnecessary technology, they never cared much about security. Privacy and security should become an important part in web standard design.

Schneier: Not a big picture guy

[girlintraining]

There are simply too many ways to be tracked."

There always have been. We're social creatures. Try living in total isolation from society in, say, the 1800s. It was hard to completely disappear even then. Someone always knew your whereabouts even then. That's the reality of social existance. Schneier has long had a problem of being too conventional -- he sees what is, not what can be. The problem isn't that we can be tracked, the problem is who is doing the tracking, and the length of time that data is stored, and to what purpose it is put.

These are things that can be resolved through responsible legislation and public education. The fact that so far, it has been highly irresponsible legislation due in part to a total lack of education, and in part due to rampant greed, is a social problem.

The problem is social. The solution must be as well. Schneier is quite correct in his characterization of how things are now. He is not correct in concluding this is how it must remain.

Re:Schneier: Not a big picture guy

[ToadProphet]

There always have been. We're social creatures. Try living in total isolation from society in, say, the 1800s. It was hard to completely disappear even then

There's a considerable difference between being 'tracked' by individuals we are socially connected to and entities we aren't. The reclusive uncle who had some odd reading habits wasn't at risk of being rounded up in the way that he might be with the latter.

Re:Schneier: Not a big picture guy

[geekmux]

There are simply too many ways to be tracked."

There always have been. We're social creatures. Try living in total isolation from society in, say, the 1800s. It was hard to completely disappear even then. Someone always knew your whereabouts even then.

My "whereabouts" on December 25, 2017 do not concern me. Chances are on that day I'll be with family (sorry for the spoiler)

Someone being able to record and play back every damn thing I've ever done between now and then is the difference between today and the 1800s.

Don't want to be on the grid

[jonfr]

If you don't want to be on the grid.

1: Don't use the internet. Rather that be e-mail, web pages, internet bank.
2: Don't use mobile phone of any type. Dumb-phones can be tracked just as easy as smartphones.
3: Don't use credit or debit card of any type. Since most of us need bank account. Get one that is not connected to any debit or credit card. Pay cash only. But be advised that still leaves you up to tracking. Since all stores and banks have security cameras that can be used to track you if needed.
4: Don't buy electricity or anything off companies. This is hard to avoid.
5: Live remote and not connected to anything. Then you might avoid being on the grid 99,95% of the time. I do think it is close to impossible to fall 100% of the grid due to the nature of the modern world.

The other option is to mix in with the grid in such a way that you don't get detected. That however does not matter if the authorities are tracking you activity. Since one spot (or "unit" as they prefer to call it) can be tracked easy if needed. Be that over banks, phone or internet. They got the hardware for this ability about 13 years ago. It has only been growing since then.

Not AC, since it would not have mattered anyway.

Re:Don't want to be on the grid

[Kell+Bengal]

I think a big misconception here is that being totally 'off the grid' is somehow the logical goal. Leaving the grid will satisfy your need to not be tracked, certainly, but I think the pareto principle applies: you can do 20% of the effort to gain 80 percent of the benefit - no need to become a survivalist to avoid intrusive tracking. Turn off cookies, use public transport, leave the cellphone at work when you go home, pay in cash.

Yes, stores have CCTV cameras in them, but they rarely check them except in case of a crime being committed. Sure, they could use fancy face-tracking software cross-referenced with databases to find out who everyone who pays cash is, but really, they won't bother because the vast majority of people will pay with a loyalty card anyway, incentivised with frequent flyer miles or somesuch. Companies go for what's going to turn a profit - they don't do long-tail very well unless it costs them nothing.

You might say that being conspicuously absent from some modes (eg. trackable transactions) highlights you for scrutiny, but I would argue that that's a bit paranoid - companies won't double their tracking efforts to make 2% more from 'different valuers'. Governments might worry about the 2% of weirdos out there, but they already track the things that concern them - purchases of explosive materials, weapons, and phonecalls to known agitators. The best way to keep the government out of your life is to keep your nose clean, follow the law and don't publicise it if you belong to the scarlet letter club du jour (eg. communists, satanists, pedophiles, science fiction writers, etc).

Re:Can't believe people still complain about track

[MyFirstNameIsPaul]

I can't see Schneier as a Libertarian since he states in the article that "Fixing this requires strong government will...". No Libertarian would suggest such a fix, which I imply to mean that this issue goes beyond Libertarians.

The larger issue.

[geekmux]

"...We can turn our cell phones off and spend cash. But increasingly, none of it matters. There are simply too many ways to be tracked."

Actually, the larger issue is there are simply far too many people who don't give a shit about privacy anymore.

How do you think we got to this point.

Re:The larger issue.

[cheekyjohnson]

The simple fact is society as a whole has never worn a tinfoil hat like you do. This never changed.

You needn't wear a tinfoil hat in order to care about privacy; you only need to look at history and see countless examples of government abuses and realize that allowing the government to violate people's privacy would most likely lead to abuses of power.

You can make it expensive for them ...

[Alain+Williams]

In the UK you can demand that a company gives you all the data that it has on you, they must do so within 40 days. There is a statutory maximum charge of £10, it will probably cost them a lot more than that. The amount that they would have to supply would grow every year. It might be reasonable to ask once a year; this might encourage them to purge their data and only keep recent stuff ... but this would only have an effect if enough people did this.

There was an EU idea of the right to be forgotten, I don't know where that went.

Re:You can make it expensive for them ...

[maxwell+demon]

Maybe it exercised itself?

Good Story

[poena.dare]

I liked it so much I liked it. ...ooops...

Re:Good Story

[Sloppy]

They got you when you loaded the iframe, not when you clicked Like.

Spread it around

[AndyCanfield]

One technique is to spread it around. Use DuckDuckGo or Yandex for search. Use independent e-mail services. If you must do social networking, use low-volume third-layer sites. Remember that Google is now one database; your gmail and youtube use are correlated. Whenever possible use companies based outside the US. Google (USA) will tell the FBI; Yandex (Russia) will not. Sure, any fact about you is in some database. But don't let all those facts get into a single database.

Re:Can't believe people still complain about track

[aztracker1]

That was my thought as well.. sometimes it comes down to personal awareness of the tools you are using. If you only read books from the library... surprise, they can track your reading habits. Personally, my rule of thumb is don't do anything online you wouldn't want people to know about... Yes, I'm a geek, and I also like sex, and porn... If drugs were legal, I'd be inclined to partake on occasion. I do have a couple drinks about a dozen times a year.

I think what it comes down to is how private do you want to be.. there are ways to accomplish this. Most browsers allow for a "clean" or "incognito" session that doesn't carry forward cookies/data ... you can even set your browser to clear private data on close. Disable flash and silverlight, and you've closed the gap to outside storage/tracking. The problem is that cookies and JavaScript have good purposes, and a handful of organizations abuse them... That doesn't mean that they shouldn't be allowed.

We need counter intelligence tools

What about counter-intelligence tools? Actively distorting the surveillance data being gathered to render it unreliable.

For example: at present we delete cookies. What if we swapped them. Now a cookie doesn't have specific information about one person, it has a mishmash of unreliable data from a dozen.

Re:IndexedDB

[GWRedDragon]

I just don't have the browser save anything anymore at close. No cache, no cookies, no login credentials, no history, nothing.

Not even IndexedDB? If not, then how do you plan to use web applications' offline modes?

"Web application" with an "offline mode"?? People actually use those?!?!

Re:Delete your cookies

[maxwell+demon]

It's my understanding that tracking is done by cookies. I delete all cookies 2-3 times a day, and always after logging out of Google (which I rarely log in to) and Facebook. The only downside is that I have to log in to again to certain sites but that is easy because of OS X's built-in password manager.

Cookies are just the simplest way to track you. Another common way is to use DSOs (Flash storage). And there are also several other possibilities to store identifying data.

And even if you manage to block everything, your browser still sends some identifying information by default. With JavaScript, even more partially identifying information can be collected, like screen resolution, your time zone or feature tests which might identify your browser even if you send a forged HTTP User Agent line (and the very fact that your browser line doesn't fit the JavaScript results might further help with identifying you).

Tell me why I should care

[drrilll]

I am probably the lone wolf (in particular on slashdot) when it comes to being apathetic towards this sort of thing, but I don't see the point in being alarmist without documenting something specific. Near as I can tell it is a sophisticated way to to online advertising, not profiling for the KGB. This whole "tracking is Orwellian" thing, well please, what specifically are they doing with this information that is Orwellian? If they are tracking me for advertising purposes (which they most certainly are) what could possibly be more pedestrian and less alarming than that?. All it means is that there are occasionally ads that I care about (though still remarkably few at that).

And yes, there is potential to do something evil, but potential is not the same as doing. If it was we would all be in jail.

Re:Tell me why I should care

[maxwell+demon]

Even if it is just personalized ads now it might not stay that way. Imagine your health insurance being more expensive because you're regularly buying alcoholics (of course they won't tell you that, they'll just tell you that you are in a higher risk group, if they even tell you as much). Or even worse, you have to pay more because you are living in a neighbourhood where people on average buy more alcoholics. Maybe you'll also get higher credit interest rates at your bank. Without explanation, of course.

The point is that you may not actually notice it. The bank will not tell you "oh, you live in an area with above-average alcohol consumption, so your interest rate is higher." It will rather tell you "we have analysed your situation and this is the interest rate we consider appropriate." Without indicating that "your situation" does not only include your financial situation and credit record, but also the your buying habits and that of of your neighbourhood.

Re:Tell me why I should care

[Opportunist]

The problem is that profiling can easily lead to wrong conclusions, and this in turn might easily turn into a problem. The main reason is incomplete information.

Let's try a witty example. Let's say you have a cute doggy and while you're out giving him a walk you meet a really cute girl and she really adores your cute doggy, you start talking and eventually she agrees to go out with you, and it seems she'll later even come over to spend the night with you. You just hope your pooch isn't getting jealous.

So you go into a store and buy doggy treats and condoms with your credit card...

I Only Do Symbolic Anonymity

[ios+and+web+coder]

I have already written off true anonymity (years ago).

When I am in public, at work, or with friends and family, I am constrained to behave myself. There may be different rules in different contexts, but there are always rules. Some written, some not.

The Internet gave an illusion of a "rule free" context, and look what happened.

That vacation is over. Time to behave like a grown-up.

Re:I Only Do Symbolic Anonymity

[maxwell+demon]

First, what you consider as misbehaving may not be the same as what the government considers as misbehaving. Think dissidents, who certainly are seen as misbehaving by their respective governments.

Second, even if you didn't explicitly say it, your comment shows that you are one of those who think "if you do nothing wrong, you have nothing to hide." Well, I'm not going to mention the obvious counterexample, as I don't want to Godwin this thread.

And no, privacy is not about a rule-free context. There are things you don't want others to know even if they are not illegal, nor immoral.

Also note that privacy and anonymity are not synonymous. For example, if a policeman for some reason would ask me to identify myself, it would certainly end my anonymity relative to him, but not necessarily my privacy. On the other hand, if the police would be listening to my phone calls, I certainly wouldn't have any privacy on my phone, and that would be true even if for some reason the police wouldn't know whose phone they are listening to (for example, someone mistyped the phone number when initiating the wiretapping).

Re:I Only Do Symbolic Anonymity

You know, I just love it when people tell others to behave like grown ups because it's usually the person doing the telling who acts like an infant.

The Internet, back in the "rule free" days, was also pretty harmless. It didn't conduct commerce. There weren't connections to real world control systems. Nobody used their real names anywhere. If there was tasteless and offensive stuff, and there was (and still is) you didn't have to look at it. Getting on the Internet required actual intention to do so and some amount of money.

Enter the alleged "grown ups". The corporations. The business people. The ones who didn't actually invent the Internet and who have contributed little to it except strife. The ones who strolled in and started with insecure e-Commerce and e-everything and who, when they had their heads handed to them by people who actually knew what a house of cards most of their insecure crap was, ran to the government to get them to prosecute the "evil hackers" instead of actually fixing their crap. The ones who did nothing to learn about the environment they put themselves in and then complain the loudest when things don't go exactly their way. The ones who want to track everything everybody does, and who want to keep that secret and quiet because exposing it to the light of day also brings to light that most people don't really like it when they do that.

In other words, these "grown ups" are the ones who acted like 2 year olds, saw something shiny, and yelled "Mine! Mine!" and try to possess everything wtihout compensation or even permission.

True "grown ups" know about risks and rewards. They know when it's OK to let loose and when it's not OK. They find or provide safe outlets for things like that because true grown ups know that it is human nature to want to be uncontrolled some of the time. Having had such an outlet and then having it first invaded by clueless idiots and then by greedy profiteers, it is only logical that some people might take offense and take action.

The thing is, the Internet could not be invented today. It came into being precisely BECAUSE there was no commerce, no marketers, no corporate presence in any real sense. There is proof of this. The proof is that every corporate attempt to invent something like the Internet has failed, so they try to take over what they could not invent. Regarding the unfortunate number of people who believe that the Internet is Facebook, Twitter, and Google, they have had some success. Even those services, though, keep the tracking and the marketing and the spying as low key as they can because they know that even the dumbest of humans somehow finds it offensive to be recorded all the time.

So, now, go grow up please.

The Job Creators

[PopeRatzo]

105 companies tracked his Internet use during one 36-hour period. ... This is ubiquitous surveillance

We should have known the Internet was going to become a surveillance state the day we turned the whole thing over to corporate control.

I'm trying to think...was there a lot of tracking and surveillance back before the Internet became the world's shopping mall? I remember using the Internet back then, and I don't recall a lot of trackers.

Personally, I preferred the old non-commercial Internet. It was more fun. There was no Netflix or Amazon, but there was also nobody crawling up my ass. I would trade Facebook for Usenet in a hot second.

But I don't despair. I'm confident that people will innovate for privacy again.

Advertising built a panopticon.

[gallondr00nk]

It was inevitable I suppose. The fuck-knows-how-many dollars spent on advertising and marketing and consumer focus were going to be spent somewhere. As a result, the last few years people have been flocking to build sites whose entire business model was developed in order to provide data and information in exchange for it.

Inevitably, there is a push for more information. What your real name is. Your DOB. Where you work or live. What your favourite place to eat is. What you like. Even where you are at any moment.

(It follows that government either already is or will be a customer.)

I do wonder if there is a speculative bubble forming around the market for that particular business model. How much of what is gathered can actually be used? How much is it actually worth?

I suspect that is the escape. If the bubble bursts and the data isn't profitable enough then the intrusion should subside dramatically.

Re:Can't believe people still complain about track

[AK+Marc]

Some people think "free market capitalism" is a libertarian ideal. And a "free market" (as defined by economics, not the anti-government loons) requires significant government effort to maintain.

There's something worse than no data

[Opportunist]

It's poisoned data. Since it has become virtually impossible to leave no trace and not be tracked, make sure you poison their data pool enough to make the data useless. It's a bit like buying condoms and dog food and making the analyst at your local store freak out.

Also, you can use the data hunger of companies to your advantage. If you dig through the net by my real name, I seem to be rubbing shoulders with the greatest of the industry. Schneier is actually one of them. I have met him briefly, but we're nowhere near the seemingly constant exchange of ideas you'd think we have when you start data mining on me. When preparing for a job interview, rest assured people will start digging through facebook and google to find out what they can about you, and make sure that they find what they're supposed to find. Worked for me pretty well so far.

As for the rest, like I said, make sure the data that can be gathered about you makes no sense. Disinformation is the name of the game, once it becomes impossible to tell truth from lie, the whole data mining effort goes to waste.

Poison the databases

[amck]

Add false data to the databases.

Create false identities, not just anonymous ones. Don't allow facebook, etc. to interlink.
Script this, add plugins for browsers to do this.
In shops, use discount cards with cash, and swap the cards regularly with friends.

Poisoning the databases, especially for "non-legal" transactions (i.e. don't lie when buying on the internet, but give as little
away as possible, and don't use real identities where monetary transactions are not involved - don't commit fraud)
means the existing data collected elsewhere is not trustworthy. It devalues the whole point of data harvesting and data mining,
much better than hiding data alone.

It also still allows the "correct" (non-evil) functioning of the system. Looking up my real name give my real details, when it matters,
allowing the site to interact with me the way it was advertised to. Searching for all "X" in the data give 90% garbage, and so mining
becomes pointless. Deal with customers properly.