War on the Internet

Update: videos from this event are now available at: http://vimeo.com/efaoz

Update: Julian Assange is recording a video that wll be played at this event.  For anyone unable to attend, we'll be streaming the whole event here: http://www.livestream.com/efa_oz

Electronic Frontiers Australia, in partnership with the Australian Greens, is proud to present:
War on the Internet, an event featuring:

• Jacob Applebaum - leading computer security researcher and hacker
• Bernard Keane - 'Crikey' journalist and author
• Scott Ludlam - Senator for Western Australia and Greens spokesperson for Broadband, Communications and Digital Economy
• Suelette Dreyfus - author and researcher on whistleblowing

When: Saturday 21st January 2012, 3.00 - 5.00pm

Where: Trades Hall, Corner Lygon & Victoria Streets, Carlton, Melbourne 3053

(more...)

In the last year, the idea of a "do not track" mechanism for web surfers has gained currency. The name invokes the idea of the do-not-call list for telemarketers, which those of us who prefer eating dinner undisturbed will be well familiar. With Google this week endorsing the concept via its Chrome web browser, will the idea catch on - and how can it protect your privacy?

Despite similar names, the privacy risks differ markedly between annoying telemarketers and online ad networks. In a process known as online behavioural advertising, these ad networks use cookies - persistent data sent and received by your web browser - to build up a profile of you as you surf the web. Although the web sites you use probably aren't giving away your data, if several of them participate in the same ad network, that company will be able to ascertain that it was the same person, you, who visited them. They then use this information to piece together a profile about you and your interests. It happens constantly and is completely invisible to all but the most hyper-vigilant user.

They do this, of course, because this profile has monetary value. It allows networks to serve up more targeted ads, which have higher click-through rates and are thus more lucrative. So the scraping and collecting of your online tracking crumbs is not going to stop any time soon.

This practice raises significant privacy concerns. While many people are willing to share information about their likes and habits, few would be happy with it being surreptitiously gathered without their express consent. Over a period of time, these companies could build up a pretty complete picture of a person's web browsing habits, and may even be able to link it to a real-world identity, as they admit themselves.

This threat has long drawn the concerns of privacy activists, and even the US Congress has debated the idea of a do-not-track mechanism to stem the practice.  Legislation aside, several solutions are on offer to mitigate the risks.

The first involves using cookies themselves. An initiative called the Network Advertising Initiative, an attempt by industry to assuage concerns, allows users to set an "opt-out" cookie with each one of the dozens of participating advertising networks. These networks, in turn, look for the respective cookies and remove participating users from their behavioural ad programs.

This approach has a few major problems, the biggest of which is complexity. It relies on hundreds of cookies being set across the networks, cookies which can be deleted or forgotten, and must be re-set by a user. The scheme also requires the ad networks themselves to participate in good faith. It's not always clear just what each of the participating companies do when they see the opt-out cookie.

The good news for users is that participating in this scheme is getting easier. Firefox has a variety of plugins available to manage the opt-out process, including the Beef Taco extension. With Google's announcement this week, the Chrome browser now has good support for the NAI program. Using the "Keep My Opt Outs" extension, users are automatically opted out of all the NAI-participating networks, and don't have to remember settings or check back to see the cookies are still set.

Google deserve some kudos for this, simply because they are one of the networks being opted out of. (Google owns DoubleClick, one of the largest ad networks involved.) We're glad to see they are taking concrete steps when it comes to protecting privacy.

There's room to improve the do-not-track approach. Due to the fragility of a cookie-based solution, and the requirement that ad companies specifically sign up to programs like the NAI, a different solution (involving HTTP headers) is fighting for industry recognition. In this scheme, your web browser would inform every web site it visited that you wished to opt out of any tracking program, whether you had been there before or not. This seems like a welcome addition to the conventions that govern web usage.

Unfortunately, none of this means users are will be in the clear and free from privacy threats. Removing persistent tracking mechanisms is getting harder and harder, with many alternatives to cookies being exploited by advertisers. Less scrupulous advertisers, whether they claim to respect do-not-track or not, will still have many different ways of tracking you and exploiting that information. Perhaps privacy enhancing technologies will get an edge in the technological arms race for a time, but the battle over ad dollars is likely to be waged for the foreseeable future.

Update 19/1/11 10am: Looks like Facebook have suspended this scary new feature for now.

Facebook, by now almost synonymous with online privacy woes, has made another change to its platform that has privacy experts worried.

The latest move, reported in several outlets, expands the information available to Facebook application developers. Now, users can grant applications permission to read their mobile phone number and current address. While it doesn't appear to be retroactive, and users will have to explicitly grant access, this raises concerns because of the nature of the information itself.

There are many legitimate uses for this information. The delivery of goods, coordinating local social networks, or SMS notifications of important events of interest to the user. Allowing a user to share address and mobile phone information with a third party is not an inherently evil thing.

However, the illegitimate uses are out there as well. From Junk mail or spam SMS, to abuse by bill collectors, to exploitation by thieves and stalkers. When your other online activities can be linked to a physical address, risks arise, as we are likely to be in the habit of considering internet speech to be relatively anonymous.

What we will find is that the legitimate and illegitimate will both be present on Facebook, and it won't be easy for users to tell the difference. Facebook apps aren't vetted or reviewed to weed out the less reputable players, and we can be sure the dodgier operators will be working on ways to masquerade as legitimate and trick users into pressing the "allow" button. It's reasonable to suspect that many people will be in the habit of clicking "allow", especially if something is recommended by a friend. It's only a matter of time before we hear tales of some unfortunate outcomes.

For this reason, we would want to err on the side of caution, and keep address and phone information more private, at least as far as applications by developers without any track record of accountability are concerned.

Once again it's clear that commercial pressures drive a lot of Facebook's privacy decisions. There is commercial value in highly localised services, or access to the mobile phone number of potential consumers. That explains why this change has been made, but an explanation is no substitute for warning or discussion.

Speaking practically, we have to expect Facebook to continue moves like this. In some cases they will be well within their rights to make changes; other times, it will be less defensible. But opportunities to get any sort of redress will be few and far between.

We have to remain vigilant about our privacy online, difficult as this may be. One of the big challenges of safely using a service like Facebook is the shifting landscape it presents. No matter how carefully you checked your privacy settings or reviewed the possibilities for information leakage, an announcement like this could change your risk assessment instantly. The bar for leaving is likely to be higher than joining in the first place, which is something Facebook may be counting on.

A Senate enquiry into online privacy continued with hearings at Parliament House on Friday, and both Google and the Attorney General's Department found themselves on the defensive. The Senate Standing Committee on Environment, Communications and the Arts appear to be taking our privacy online seriously, and followed up on written submissions with some probing questions.

The heat was on Google who spoke to their own privacy credentials and issued another mea culpa over the Street View WiFi debacle. Explaining that Google aims for best practice but comply with local laws led to a bizarre exchange in which Labor Senator Cameron compared that to Nike's defence of sweat shop labour and Google Public Policy head Iarla Flynn explained that Google employees are treated very nicely, thank-you. Nevertheless, Greens senator Scott Ludlam opined that GMail's keyword scanning was creepy, a theme the hearings would return to later in the day.

The main spotlight, however, was on the Attorney General's push for a mandatory data retention scheme, which would force all Australian telcos and ISPs to keep logs of their customers' communications in case they were needed by law enforcement. It was described by critics as "mass surveillance", and the Privacy Commissioner sounded a skeptical note. (I testified on behalf of Electronic Frontiers Australia and also rang the alarm bells on this scheme.) When representatives of the AG and Federal Police appeared at the end of the day, they tried to defend it as merely the status quo. The committee were unimpressed, with Senator Ludlam taking them to task for planning the scheme in secret and failing to engage with civil society.

Senator Ludlam was obviously not convinced by the AG's explanations, tweeting after the session "I'm much, much more creeped out by #ozlog [the data retention scheme] than i was an hour ago." EFA shares this concern, in spades.

Finally, Senator Cameron, apparently still creeped out by GMail's advertising, asked the AGD to look into whether it might even be illegal. A lesson for the industry; people, including parliamentarians, take their privacy very seriously.

Read EFA's submission to the inquiry here. Others can be found at the inquiry's submission page.

Yesterday I spoke to the PM program on Radio National for a follow up on Google's WiFi privacy debacle, and have spoken to a few other media outlets as well. No doubt there's a lot of interest in the story because of Google's household name and seemingly unstoppable rise towards digital dominance. The "don't be evil" motto is nice and simple, but it also means a good story is in the offing every time Google does stray to the dark side. Has the company done some evil here?

The answer to this question is a little nuanced. On the one hand, I don't believe Google have deliberately done something sinister and the issue has been widely mischaracterised in the media. On the other hand, Google clearly screwed up and have to face the consequences, even the legal ones.

Google's Street View cars routinely collected information about wireless networks within range as they prowled the streets. This database of wireless networks provides an alternative to GPS for pinpointing the location of a user. Although it will gradually become obsolete as GPS chips become even more ubiquitous, there are still more Wi-Fi enabled devices than GPS-enabled ones. Tabulating the names and relative strengths of the networks in the area, perhaps combined with an IP address, is a pretty good way to figure out a person's location within a city. Although the compilation of such a database could be considered a little worrisome, one would expect that collecting this information about the names of the networks is just a list of information that is publicly broadcast by anybody that owns a wireless access point. (more...)