e dot dot dot
a mostly about the Internet blog by

February 2020
Sun Mon Tue Wed Thu Fri Sat
           


As The World Frets Over Social Media Tracking For Advertising, Young People Are Turning Fooling Sites Into Sport

Furnished content.


As the techlash continues to rage against tech and social media companies, one of the more common criticisms has been how sites track users in order to feed them advertising. Now, I won't pretend to believe that these concerns are entirely unfounded. There is something creepy about all of this. That perception is also not helped by the opaque manner in which sites operate, nor the manner in which these sites often barely inform users of the tracking that is in place. Through it all, those that have the worst opinions of the internet and tech companies often couch their concerns in hand-wringing over how these sites handle younger users.Except that, as per usual, younger users are way ahead of the adults. Rather than waiting to rely on some half-brained "for the children!" legislation, at least some youth are instead making a sport out of beating social media sites at their own game. The CNET post focuses on one teenager, Samantha Mosley, and her use of Instagram.

But unlike many of Instagram's users, Mosley and her high school friends in Maryland had figured out a way to fool tracking by the Facebook-owned social network. On the first visit, her Explore tab showed images of Kobe Bryant. Then on a refresh, cooking guides, and after another refresh, animals.  Each time she refreshed the Explore tab, it was a completely different topic, none of which she was interested in. That's because Mosley wasn't the only person using this account -- it belonged to a group of her friends, at least five of whom could be on at any given time. Maybe they couldn't hide their data footprints, but they could at least leave hundreds behind to confuse trackers.These teenagers are relying on a sophisticated network of trusted Instagram users to post content from multiple different devices, from multiple different locations.
Here's how this works. One person creates an Instagram account, or maybe more than one. Then that person requests a password reset and sends that link to a trusted friend without closing their own session. Now that both people have active sessions, person two begins uploading photos, which triggers Instagram's tracking on this new device. Rinse and repeat and suddenly you've given Instagram, which assumes it is tracking one person, a ton of data from many people. The end result is the site has no real insight into the behavior of any one person. This can be further gamed by posting photos of people that are not those operating on the account. If these users are geographically disperse, that too adds confusing data for Instagram's tracking.
"They might be like, 'Hey, you posted from this hamburger place in Germany, maybe you like Germany, or hamburgers, or traveling, we'll just throw everything at you,'" Mosley said. "We fluctuate who's sending to what account. One week I might be sending to 17 accounts, and then the next week I only have four."Facebook said that this method was not against its policies, but didn't recommend it to people because of security concerns.
So, why are these young people doing this? Part of it is something of a sport. The other part is a desire by young people for privacy. Despite all the concerns of the older generations, young people are better than average when it comes to being aware of how tech companies and social media sites are using their data, tracking them for advertising purposes, and all the rest. I imagine that part of this is these young people thumbing their noses at these companies thinking they will blindly allow this intrusion on their desired privacy.Either way, even the adults who would instead like to go the regulation or legislative routes admit this is all fairly brilliant.
Teens shouldn't have to go to those lengths to socialize privately on Instagram, said Liz O'Sullivan, technology director at the Surveillance Technology Oversight Project. "I love that the younger generation is thinking along these lines, but it bothers me when we have to come up with these strategies to avoid being tracked," O'Sullivan said. "She shouldn't have to have these psyop [psychological operations] networks with multiple people working to hide her identity from Instagram. The platform should just have an account that works and lets people feel safe about being on social media."
All well and good, but you can wish for that in one hand and spit in the other, and see which one fills up faster. Meanwhile, the kids are handling this just fine.

Permalink | Comments | Email This Story


Read more here

posted at: 12:00am on 11-Feb-2020
path: /Policy | permalink | edit (requires password)

0 comments, click here to add the first



YouTube Takes Down Live Stream Over Copyright Claim...Before Stream Even Starts

Furnished content.


It seems that the concern over how YouTube is handling its platform when it comes to enforcing copyright claims is reaching something of a fever pitch. Hell, in just the last couple of weeks we've seen a YouTuber have his videos demonitized over copyright claims to the numbers "36" and "50", rampant abuse of ContentID even as the EU edges closer to making that platform a requirement through Article 17, and wider concerns about YouTube's inability to enforce moderation at scale in a way that makes even a modicum of sense. The point is that it's becoming all the more clear that YouTube's efforts at content moderation and copyright enforcement on its site are becoming a nightmare.And perhaps there is no better version of that nightmare than when one YouTube streamer found his live stream taken down when Warner Bros. claimed copyright on it... before that live stream had even begun. Matt Binder hosts the political podcast "DOOMED with Matt Binder." He also livestreams the show on YouTube. The night of the last Democratic Presidential debate, he scheduled a livestream to discuss the debate with a guest.

Earlier in the evening, I'd scheduled a YouTube livestream, as I always do the night of a debate, in order to discuss the event with progressive activist Jordan Uhl after CNN's broadcast wrapped up. I'd even labeled it as a “post-Democratic debate” show featuring Uhl's name directly in the scheduled stream title. These post-debate shows consist entirely of webcam feeds of my guest and myself, split-screen style, breaking down the night's events. Shortly after setting up the stream, which wasn't scheduled to start for hours, I received an email from YouTube:“[Copyright takedown notice] Your video has been taken down from YouTube.”The notice informed me that I had received a copyright strike for my scheduled stream. That one copyright strike was enough to disable livestreaming on my channel for the strike's three-month duration. If I were to accumulate three strikes, YouTube would just shut down my channel completely, removing all of my content.
Reasonable people can disagree on just how much collateral damage is acceptable when enforcing copyright. What no reasonable person can agree with is the idea that a livestream ought to be taken down and a 3 month stream ban be put in place over copyright on content that hasn't even been created yet. In fact, were there a perfect antithesis to the entire point of copyright law, it certainly must be this: the prevention of valid content creation via copyright claim.So, what happened? Well, it appears based on the notice that Warner Bros., parent company for CNN, issued the copyright claim. CNN hosted the debate and Binder's reference in the title of his stream may have caused someone at WB to think that this was either the stream of the event, which would be copyright infringement, or a stream of CNN's post-debate commentary, which would also be copyright infringement. This was, after all, a manual block, not some automated system. But, mistake or not, this shows a glaring flaw in CNN's enforcement of copyright.
“Your case is the most extreme I’ve heard about. Congratulations,” Electronic Frontier Foundation Manager of Policy and Activism, Katharine Trendacosta, said to me in a phone conversation on the issue. “This is the first time I've heard about this happening to something that didn't contain anything. And I have heard a lot of really intense stories about what's happening on YouTube.”
If there were any question that there are serious problems in YouTube's enforcement mechanism, this situation answers those questions. YouTube ended up reversing the copyright strike, of course, but the damage in this case had already been done. Binder was unable to stream that night, all because YouTube is so bent towards claimers of copyright rather than its own content producers that its enforcement cannot possibly work without massive collateral damage, such as this.I suspect we're going to continue to see these situations arise, until YouTube takes a hard look at its policies.

Permalink | Comments | Email This Story


Read more here

posted at: 12:00am on 31-Jan-2020
path: /Policy | permalink | edit (requires password)

0 comments, click here to add the first



Cloudflare Removes Warrant Canary: Thoughtful Post Says It Can No Longer Say It Hasn't Removed A Site Due To Political Pressure

Furnished content.


Late last week, Cloudflare put up a fascinating and thoughtful blog post discussing (among other things) a change to its warrant canary list. As you hopefully know, a warrant canary is when a service provider makes a proactive statement about something it has supposedly never done. The idea is that if that statement disappears at a later date, one might reasonably infer that the company had been forced to do the thing it claimed it had not ever done -- and, additionally, that it had possibly been gagged from saying so. There are (somewhat reasonable) criticisms of warrant canaries, and to date, they're probably more well known for false alarms than any actual report of gagged pressured malfeasance.Still, Cloudflare's public (so, not gagged) decision to delete a line from its warrant canary is interesting and worth thinking about. The original warrant canary from Cloudflare stated that the company hadn't done any of the following:

  1. Cloudflare has never turned over our SSL keys or our customers SSL keys to anyone.
  2. Cloudflare has never installed any law enforcement software or equipment anywhere on our network.
  3. Cloudflare has never terminated a customer or taken down content due to political pressure.
  4. Cloudflare has never provided any law enforcement organization a feed of our customers' content transiting our network.
Recently it added a few more and slightly modified the old ones, so that Cloudflare at the beginning of 2019 insisted that it had never done any of the following.
  1. Turned over our encryption or authentication keys or our customers' encryption or authentication keys to anyone.
  2. Installed any law enforcement software or equipment anywhere on our network.
  3. Terminated a customer or taken down content due to political pressure*
  4. Provided any law enforcement organization a feed of our customers' content transiting our network.
  5. Modified customer content at the request of law enforcement or another third party.
  6. Modified the intended destination of DNS responses at the request of law enforcement or another third party.
  7. Weakened, compromised, or subverted any of its encryption at the request of law enforcement or another third party.
Now, you might notice that at the end of number three, there's an asterisk. That was done when Cloudflare kicked up quite a debate after it decided to remove Daily Stormer from its service. The asterisk was more or less a nod to the idea that things can be a bit more complicated than "political pressure." Cloudflare kicked off Daily Stormer because its CEO got sick of a bunch of neo-Nazis laughing and joking about Cloudflare for protecting them and keeping them online. Is that political pressure? Seems pretty subjective. Even Cloudflare's CEO, Matthew Prince, acknowledged this at the time, noting:
We're going to have a long debate internally about whether we need to remove the bullet about not terminating a customer due to political pressure. It's powerful to be able to say you've never done something. And, after today, make no mistake, it will be a little bit harder for us to argue against a government somewhere pressuring us into taking down a site they don't like.
The solution that Cloudflare came up with was to keep the line in there with the asterisk and an explanation. And now it's decided to remove the line entirely, as part of the decision earlier this year to remove 8chan from its service as well. However, it's still not an easy call, and the company wants you to understand the thought process it went through:
In August 2019, Cloudflare terminated service to 8chan based on their failure to moderate their hate-filled platform in a way that inspired murderous acts. Although we don't think removing cybersecurity services to force a site offline is the right public policy approach to the hate festering online, a site's failure to take responsibility to prevent or mitigate the harm caused by its platform leaves service providers like us with few choices. We've come to recognize that the prolonged and persistent lawlessness of others might require action by those further down the technical stack. Although we'd prefer that governments recognize that need, and build mechanisms for due process, if they fail to act, infrastructure companies may be required to take action to prevent harm.And that brings us back to our warrant canary. If we believe we might have an obligation to terminate customers, even in a limited number of cases, retaining a commitment that we will never terminate a customer due to political pressure is untenable. We could, in theory, argue that terminating a lawless customer like 8chan was not a termination due to political pressure. But that seems wrong. We shouldn't be parsing specific words of our commitments to explain to people why we don't believe we've violated the standard.We remain committed to the principle that providing cybersecurity services to everyone, regardless of content, makes the Internet a better place. Although we're removing the warrant canary from our website, we believe that to earn and maintain our users' trust, we must be transparent about the actions we take. We therefore commit to reporting on any action that we take to terminate a user that could be viewed as a termination due to political pressure.
I think this was probably the right call, but I'm just as on the fence about it as Cloudflare itself seems to be. There are strong arguments in either direction. The one thing I will say, though, is that I appreciate Cloudflare's willingness to be transparent in this way, and publicly discuss the tough calls its making on things like this. That's something few other companies (especially those as large as Cloudflare) would do. Instead, they'd either hide the removal, or try to PR the issue to death with some vague and noncommittal explanation. This, on the other hand, is direct and quite understandable, even if you disagree with various parts of it.

Permalink | Comments | Email This Story


Read more here

posted at: 12:00am on 28-Dec-2019
path: /Policy | permalink | edit (requires password)

0 comments, click here to add the first



Nearly 4,000 Ring Credentials Leaked, Including Users' Time Zones And Device Names

Furnished content.


The eternal flame that is Ring's dumpster fire of an existence continues to burn. In the past few months, the market leader in home surveillance products has partnered with over 600 law enforcement agencies to:

The latest bad news for Ring -- via Caroline Haskins of BuzzFeed -- is another PR black eye inflicted on a company whose face that still hasn't healed from the last half-dozen black eyes.
The log-in credentials for 3,672 Ring camera owners were compromised this week, exposing log-in emails, passwords, time zones, and the names people give to specific Ring cameras, which are often the same as camera locations, such as “bedroom” or “front door.”
The compromised data plays right into the hands of the assholes who hang out in certain online forums solely for the purpose of hijacking people's Ring devices to hassle individuals who thought their homes would be more secure with the addition of an internet-connected camera.Ring says this leak of personal data isn't its fault. The company claims there's been no breach. Maybe so, but the information is out there and presumably being exploited.And it's kind of hard to take Ring's word for it. The company has been doing nothing but putting out PR fires ever since its law enforcement partnerships came to light earlier this year. And its explanation for where the sensitive data came from makes very little sense.
“Ring has not had a data breach. Our security team has investigated these incidents and we have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network,” the spokesperson said. “It is not uncommon for bad actors to harvest data from other company's data breaches and create lists like this so that other bad actors can attempt to gain access to other services.”
Ring's spokesperson did not specify which other "companies" it suspected of carelessly handling device names given to Ring devices by Ring users. The spokesperson also failed to explain why Ring took no interest in this sensitive Ring user info until after the security researcher who discovered the compromised credentials discussed his findings on Reddit. "Unable to assist" is not a proper response to notification of a possible breach, but that's exactly what Ring reps told the researcher when he first informed them of what he had found.Ring may have been quick to blame users for the commandeering of their cameras by a forum full of shitbirds, but the company does almost nothing to ensure users are protected from malicious activity. The only thing Ring does is recommend users utilize two-factor authentication and "strong passwords" (whatever that means). It does not alert users of attempted logins from unknown IP addresses or inform users how many users are logged in at any given time. Ring is doing less than the minimum to protect users but still seems to feel device hijackings are solely the fault of end users.This is a garbage company. There's no way around it. Ring has prioritized market growth and law enforcement partnerships over the millions of citizens/customers who own its products. Rather than provide a secure product that makes people safer, it's selling a domestic surveillance product that comes with law enforcement strings attached. It has shown it will bend over backwards for the government but is only willing to deliver the most hollow of "we care about our customers" statements in response to news cycle after news cycle showing it absolutely gives zero fucks about its end users.

Permalink | Comments | Email This Story


Read more here

posted at: 12:00am on 24-Dec-2019
path: /Policy | permalink | edit (requires password)

0 comments, click here to add the first



February 2020
Sun Mon Tue Wed Thu Fri Sat
           







RSS (site)  RSS (path)

ATOM (site)  ATOM (path)

Categories
 - blog home

 - Announcements  (2)
 - Annoyances  (0)
 - Career_Advice  (1)
 - Domains  (0)
 - Downloads  (4)
 - Ecommerce  (2368)
 - Fitness  (0)
 - Home_and_Garden  (0)
     - Cooking  (0)
     - Tools  (0)
 - Humor  (1)
 - Notices  (0)
 - Observations  (1)
 - Oddities  (2)
 - Online_Marketing  (146)
     - Affiliates  (1)
     - Merchants  (1)
 - Policy  (1722)
 - Programming  (0)
     - Browsers  (1)
     - DHTML  (0)
     - Javascript  (536)
     - PHP  (0)
     - PayPal  (1)
     - Perl  (37)
          - blosxom  (0)
     - Unidata_Universe  (22)
 - Random_Advice  (1)
 - Reading  (0)
     - Books  (0)
     - Ebooks  (1)
     - Magazines  (0)
     - Online_Articles  (4)
 - Resume_or_CV  (1)
 - Reviews  (1)
 - Rhode_Island_USA  (0)
     - Providence  (1)
 - Shop  (0)
 - Sports  (0)
     - Football  (1)
          - Cowboys  (0)
          - Patriots  (0)
     - Futbol  (1)
          - The_Rest  (0)
          - USA  (1)
 - Woodworking  (1)


Archives
 -2020  February  (1)
 -2020  January  (1)
 -2019  December  (4)
 -2019  November  (4)
 -2019  October  (3)
 -2019  August  (1)
 -2019  July  (2)
 -2019  June  (4)
 -2019  April  (2)
 -2019  March  (6)
 -2019  February  (2)
 -2019  January  (1)


My Sites

 - Millennium3Publishing.com

 - SponsorWorks.net

 - ListBug.com

 - TextEx.net

 - FindAdsHere.com

 - VisitLater.com