Tracked everywhere? Yes. Tracked everywhere.
January 30, 2020 11:14 PM   Subscribe

It might be your doorbell (Ring Doorbell App Packed with Third-Party Trackers, EFF). It might be your grocery store rewards program (Customer Tracking at Ralphs Grocery Store, Schneier On Security). It might even be your computer anti-virus program (Leaked Documents Expose the Secretive Market for Your Web Browsing Data, Motherboard/Vice). 2020 is an electronic panopticon.
posted by hippybear (45 comments total) 28 users marked this as a favorite
 
i discovered the other day that due to my obsession with the witcher card game gwent, twitter is convinced that 01) i speak welsh and 02) i want to see ads and content targeted towards me in welsh, and i'm excited for that glorious bit of nonsense to somehow outweigh all the zettabytes of data showing how many times i've said "hannibal lecter was right to eat people," an interest which they stubbornly refuse to target.
posted by poffin boffin at 11:26 PM on January 30, 2020 [44 favorites]


I'm constantly amazed at how thoughtless folk are with all this useless networked\ioT - why I'd need a bluetooth keyless front door 'lock' accessed with a cell is beyond me - but they outnumber keyed locks now at the hardware store. I haven't tried but I bet they're even easier to get through than the 'high-security' keyed locks in some buildings I've worked in.

hah "I can understand why it raises eyebrows," he said. We may need to change the wording on the form." parsing that 'we must lie better' wow, a real Scott Morrison level of unrepentance.
posted by unearthed at 12:01 AM on January 31, 2020 [4 favorites]


Is the rewards card/supermarket membership card as a data harvesting thing really a surprise? I remember hearing about that back when jewel had their preferred card back in the 90s. At this point, I just assume anything that requests my name or email (or that I allow cookies) is going to sell that information as soon as they can.

I mean, I loathe it, but I haven’t been surprised by it for a long time.
posted by Ghidorah at 12:27 AM on January 31, 2020 [14 favorites]


So much has been written in the last year or so on the dystopia that is China’s emerging surveillance state. While here we are in the West and almost the identical thing is taking place, except that it’s mediated through private companies, it’s nominally ‘opt-in,’(except not really), and the government has to buy access to it just like any other private company.
posted by jackbrown at 1:02 AM on January 31, 2020 [16 favorites]


So much has been written in the last year or so on the dystopia that is China’s emerging surveillance state. While here we are in the West and almost the identical thing is taking place, except that it’s mediated through private companies, it’s nominally ‘opt-in,’(except not really), and the government has to buy access to it just like any other private company.

Yup -- it's like the talk about China's social credit system when the U.S. isn't too far off with it's once again commercially-mediated credit scores.
posted by Borborygmus at 1:32 AM on January 31, 2020 [2 favorites]


What are some things you can do to avoid all this? VPNs? I already don't use Alexa or "smart" stuff.
posted by Chaffinch at 3:17 AM on January 31, 2020


You just about can't totally avoid it. If you have a cell phone, your privacy is already massively compromised. VPN, uMatrix, Tor Browser, no Internet of Things devices -- stuff like that can minimize it, but we're all the product at this point.
posted by Kirth Gerson at 3:26 AM on January 31, 2020 [3 favorites]


Don't forget your credit card! MasterCard partners with Advertisers and sells shopper data/targeting segments, so you don't even need to be on the web.
posted by windbox at 4:51 AM on January 31, 2020 [2 favorites]


You just about can't totally avoid it. If you have a cell phone

Just? Take the extreme case, go live in a cabin in the woods, no cell, no credit card. Betcha get a comment on a few facebook pages "oh saw that guy that seems to walk in from old baldy mountain" "who's the hermit north of the river bend" "hey look I got a pic" ..... and the AI is off to the races correlating sightings with folks that have stopped reporting locations. So you're in a database that has your location withing a couple miles. Assimilate.
posted by sammyo at 5:52 AM on January 31, 2020 [4 favorites]


why I'd need a bluetooth keyless front door 'lock' accessed with a cell is beyond me

For many, it's because they've turned their home into a turnkey rental to make ends meet, and so such a lock makes sense for that use case.
posted by NoxAeternum at 6:22 AM on January 31, 2020 [8 favorites]


My consolation is that my personal data and habits are rather uninteresting, so anyone reading/hacking them would fall asleep from boredom.

I don't think that my obsessively replaying my old version of Civilization III on my computer can be monetized in any way by anybody.
posted by tallmiddleagedgeek at 6:33 AM on January 31, 2020 [1 favorite]


So how do we differentiate between paranoia and just the state of reality currently?
posted by Young Kullervo at 6:55 AM on January 31, 2020


And then there's stores tracking shoppers in other ways...

I keep saying, and no one seems to pay attention, buy a smartphone that you can root, then install apps like 3C Toolbox and XPrivacyLua and you will a. be amazed at how much tracking you can see built into apps , and b. be able to shut to down a good portion of it. (I know rooting can be a bit challenging but it's well worth it for privacy.)

Also want to add, at a minimum install privacy plugins like ghostery, etc. in your browsers.
posted by blue shadows at 6:57 AM on January 31, 2020 [3 favorites]


if you assume it's going to happen and you assume there's no avoiding it, can you do it yourself? or is there some cooperative model or data sharing that leads to a wikipedia style shared resource??

remember this guy owen mundy who made https://iknowwhereyourcatlives.com/ (about the very common location tags on photos) and then made
a (now defunct)site to get your data from facebook https://owenmundy.com/site/give-me-my-data
and sell it yourself https://owenmundy.com/site/commodify.
what if i voluntarily joined some non profit that maintained a public domain git style repository of all the member data? sousveillance is safer than the fake privacy we have today? and maybe looking at my own data brings some awareness to something or other?
posted by danjo at 6:57 AM on January 31, 2020 [2 favorites]


MasterCard partners with Advertisers

Specifically with THE advertiser, Google
posted by PMdixon at 7:05 AM on January 31, 2020


I always wonder what this information is actually worth in dollars. I find it hard to believe that there is any value in knowing whatever "they" know about me in particular but I assume that a few thousand of me is worth something, or a network of mees or something more complicated but by that point it begins to seem like hucksterism. I imagine that there is this fire hose of cash spewing off commerce in general and if you are a company or enterprise if you don't have sales you are dead so some big portion of that fire hose is going to be sprayed in the direction of any plausible advertising/marketing effort. I mean I assume MBA's are all over it with spreadsheets that absolutely prove the benefits but than I also assume that is 50% bullshit and a lot of the TOTAL INFORMATION CONTROL to FEED OUR AI WHICH WILL NUKE THE OTHER COUNTRY AND SAVE POOR AFRICANS is about the desperate flail to find SOMETHING that will make a billion dollars in two weeks like We Work because......
posted by Pembquist at 7:35 AM on January 31, 2020 [3 favorites]


And again, this all stems from a simple point - there's no liability for having this data, so there's no reason to not hoover it up, along side a mentality that it's better to gather everything than to figure out what you need beforehand (a mentality that has led to things like early model Teslas bricking themselves because they overload the SSD with logging in excess of what was designed for.) The core way that HIPAA works is that it makes data ultimately liability bait, so you don't want to have it if you don't have a good reason to do so - this is why in health care, we have things such as minimum necessary policies and planned scrapping of old data.

Also, I find the EFF trying to get ahead of this with their push on Ring to be laughable, given their history of not pushing on private data gathering (which is unsurprising, given that they receive significant amounts of funding from companies like Alphabet and Facebook.)
posted by NoxAeternum at 8:09 AM on January 31, 2020 [6 favorites]


I take satisfaction from the knowledge that after I'm dead, all of my personal data will be absolutely useless, and all of the effort and money spent collecting it will have been wasted.
posted by Faint of Butt at 8:27 AM on January 31, 2020 [2 favorites]


I do my best to limit the amount of data I leak, but I take some small amount of satisfaction from the knowledge that I never ever ever even see advertising, targeted or not; so all the scrambling to get my tracking data is completely useless from a commercial perspective. That satisfaction is limited, though, by the awareness that the same data could be used by other entities to actively harm me or impinge on my putative freedoms.
posted by Greg_Ace at 9:36 AM on January 31, 2020 [1 favorite]


Two more stories on privacy/tracking/advertising from this morning, about phone number porting and ad customization on TV. (Not available yet individually just the entire episode, but should be able to fast forward.)
posted by blue shadows at 9:45 AM on January 31, 2020


Also, I find the EFF trying to get ahead of this with their push on Ring to be laughable, given their history of not pushing on private data gathering (which is unsurprising, given that they receive significant amounts of funding from companies like Alphabet and Facebook.)

Never underestimate the price for which someone can be bought, but: "Facebook’s and Google’s 2018 contributions accounted for 3 percent of EFF’s corporate donations and .002 percent of its 2018 year-end revenue." Daniel R. Stoller, Bloomberg Law
posted by jedicus at 9:47 AM on January 31, 2020


I just do not get the Ring thing. I mean, okay, I guess I could see why someone would want a video doorbell, but apparently people are installing internet-accessible cameras in their *children's rooms*? And then are surprised when people use the network to creep on their children?
posted by tavella at 9:55 AM on January 31, 2020 [1 favorite]


Never underestimate the price for which someone can be bought, but: "Facebook’s and Google’s 2018 contributions accounted for 3 percent of EFF’s corporate donations and .002 percent of its 2018 year-end revenue." Daniel R. Stoller, Bloomberg Law

Here's the thing - is that counting all the money that Alphabet/Google supplies the EFF, including cy pres awards that they maneuvered the courts to give the EFF and individual donations from senior leadership, or is it just specific corporate donations? Because from what I read, the numbers are the latter, which means they're bullshit.
posted by NoxAeternum at 10:04 AM on January 31, 2020


I take satisfaction from the knowledge that after I'm dead, all of my personal data will be absolutely useless, and all of the effort and money spent collecting it will have been wasted

This is wrong unless you think you are such a hapax legemenon that your behavior provides no predictive power wrt the behavior of others. Otherwise, if I am surveilled that impacts you and vice versa. This is truly a public health problem.
posted by PMdixon at 10:28 AM on January 31, 2020 [10 favorites]


My parents got a Ring doorbell for their second home so they can monitor it for days or weeks at a time when they are not there. They are on the end of a dead end street and set the app up to alert them of any motion, the idea being more things like they would see if they got any mail than expecting nefarious stuff. What they actually get is pictures of the local feral cat population walking through the yard 500 times a day. They also have a keypad door lock which i like because then i can just go there and enter without coordinating getting a key. These things do have good use cases, but of course capitalism ruins everything.
posted by WeekendJen at 11:00 AM on January 31, 2020 [2 favorites]


hapax legomenon
A++ (I learned this expression from Michael at VSauce)
As for the rest, well. Dystopia snuck in on little cat feet..
posted by Glinn at 11:08 AM on January 31, 2020 [1 favorite]


I'm constantly amazed at how thoughtless folk are with all this useless networked\ioT - why I'd need a bluetooth keyless front door 'lock' accessed with a cell is beyond me

Doorbell camera and Bluetooth lock accessed via smartphone were very useful tools for my late father-in-law, who was paralyzed from the chest down. He couldn’t transfer to a wheelchair unassisted, so he couldn’t go to the door himself if no one else was home. But with those tools, he could see who was at the door and decide whether to let them in, right from his bed. This meant he could let in his dialysis transport team, home care nurses, visiting friends, etc.

Same thing with the smart lightbulbs, smart outlets, and the voice-activated smart speaker. When you can’t get up to dim the lights, turn the fan on and off, or switch the radio station, those things give you back some control over your environment.

These “useless” things are often actually major increases in accessibility for disabled people. They should be available without the privacy nightmare.
posted by snowmentality at 12:12 PM on January 31, 2020 [13 favorites]


They are indeed a godsend for people living with disabilities, but most of the bafflement people express about their usage relates to fully abled people blithely using products that are openly spying on them for profit and to their detriment while marketed as luxury conveniences. I do feel like there is a distinct difference between this type of deliberate spyware situation and other products specifically developed for disabled people that are mocked by the abled, such as everything we see in late night infomercials featuring comically inept fully abled people seemingly unable to pour a soda with the use of both hands.
posted by poffin boffin at 12:36 PM on January 31, 2020 [2 favorites]


fully abled people blithely using products that are openly spying on them for profit and to their detriment while marketed as luxury conveniences.

Except that they aren't openly spying on them - one of the whole things with the reveal about the Ring app was that there were undisclosed trackers, for example. Most people are unaware of how much data is being harvested, and do get genuinely angry when they find out.

Let's stop with the idea that the problem is that end users are clueless, because that's just another manifestation of techie arrogance.
posted by NoxAeternum at 12:45 PM on January 31, 2020 [4 favorites]


@NoxAeternum: " I find the EFF ... push on Ring to be laughable, given their history of not pushing on private data gathering"

Huh. What you're laughing at ... a 'history of not pushing on private data gathering' is *wrong*. EFF's effort to do just that includes FREE and continually-maintained software like 'HTTPS Everywhere' and 'Privacy Badger' and the website 'Panopticlick'. These are commonly-used tools to *protect and educate* about privacy. The EFF's pushing has also led to many legal pro-privacy cases for decades.
posted by Twang at 12:47 PM on January 31, 2020 [1 favorite]


Huh. What you're laughing at ... a 'history of not pushing on private data gathering' is *wrong*. EFF's effort to do just that includes FREE and continually-maintained software like 'HTTPS Everywhere' and 'Privacy Badger' and the website 'Panopticlick'. These are commonly-used tools to *protect and educate* about privacy. The EFF's pushing has also led to many legal pro-privacy cases for decades.

So in other words they're doing for privacy what industry funded groups did to recycling back in the 70s - shift what is a public issue requiring a communal response to a private issue requiring a personal response. This is not something to be applauded, but opposed.

I talked about this back in the location tracking thread - this issue is is (as PMdixon noted above) a public matter, requiring a societal response, but we see groups who should be ostensibly protecting us reframing it as a personal issue to which our response should personal as well - it's your obligation to put up protection against tracking, and if you fail to do so, it's your fault. It doesn't matter that Privacy Badger is free, because it misses the point - you shouldn't have to be forced to install programs to stop companies from spying on you - we as a society should be making such data harvesting unsustainable.

Again, this is why I keep on saying that the answer is HIPAA For Everything - being someone who works in healthcare IT, I've seen the massive impact that making PHI a genuine liability has had on the industry and how it treats data.
posted by NoxAeternum at 1:15 PM on January 31, 2020 [8 favorites]


The linked article * (aimed at developers) details some of Ring's many shortcomings. E.G. "In December, Buzzfeed News reported ** that over 3,600 Ring owners’ email addresses, passwords, camera locations, and camera names were dumped online. This includes cameras recording private spaces inside homes."

* https://dzone.com/articles/is-ring-iot-protecting-our-homes-or-creating-an-ap

** https://www.buzzfeednews.com/article/carolinehaskins1/data-leak-exposes-personal-data-over-3000-ring-camera-users
posted by Twang at 1:34 PM on January 31, 2020


@NoxAeternum I fully agree with you that, given a vacuum of government regulation - a communal response - the actions open to small org's were inadequate. Post-Snowden, I'm sure we all recognize at least two reasons why privacy legislation has been repeatedly swept aside. Growling about the inadequacies of small orgs putting their fingers in the dike will not, however, lead to that legislation. Such growling also confuses the issue, and weakens the resolve of the needed allies.
posted by Twang at 1:43 PM on January 31, 2020 [1 favorite]


Post-Snowden, I'm sure we all recognize at least two reasons why privacy legislation has been repeatedly swept aside.

Again, this is another one of the ways the EFF tries to change the topic around private data collection - by playing up issues with government data collection. As I've mentioned in numerous threads, the EFF would routinely push government data collection with their "Who's Got Your Back" reports - while not discussing private data collection at all. Snowden has nothing to do with the issue of private data collection whatsoever, and bringing him up in this context is what is serving to muddy the issue, not my "growling". My problem with the EFF is not that they are inadequate - it's that they are captured by the tech industry and as such are disinclined to upset the cart by pushing for policies that would place responsibility and liability on tech companies.

Again, the core problem of private data collection is that there are no real disincentives for them to not collect data. As someone who works in a field where those societal disincentives exist, I've seen first hand how it changes how you approach data to start with, which is why I want to see that expanded.
posted by NoxAeternum at 2:04 PM on January 31, 2020 [3 favorites]


I find it funny that there are more critiques in this thread against the EFF than there are Amazon.

Personally, I'm happy with an ecosystem of activist groups that have their various focuses. The EFF was born out of government overreach of the government in cyberspace; it's coherent to me that they would be weighted in this direction today.

All activist groups have limited resources and decide where to focus their efforts. Certainly this may frustrate some folks that wish they were doing other things - in my mind an answer to that is to start other organizations that focus on the things you want (more more likely, find the existing organization that already has the focus you care about and support them).

Their primary focus is not lobbying the government to pass laws they want passed. Their primary focus is using the court system to achieve outcomes (and precedents) that they find useful to move digital liberties.

I certainly agree that a group focussed on lobbying would be a good idea (although I would also strongly desire to see it non-partisan in nature, staffed with folks from both sides of the isle, lest privacy and security become partisan issues that never have meaningful work done on them). Personally I'm somewhat terrified what lawmakers set their eyes on a digital issues; even with good intentions they can easily pass very harmful bills (plenty of examples abound).

I do take issues with suggestions that the EFF is somehow compromised.

I can imagine some Amazon PR person perusing this thread giggling about how their actions are barely mentioned here as he moves on to the next web-forum to see what the mood there is.
posted by el io at 9:25 PM on January 31, 2020 [2 favorites]


Oh, full disclosure: I've met and like folks who've worked for the EFF, and I've contributed (although have never been a member).
posted by el io at 9:38 PM on January 31, 2020


The reason I'm not focused on Amazon is because I've stated why they collect so much data - they have no reason not to, because the data is pure asset for them. If you want to rein in private data collection, you need to change the corporate calculus - you need to make data a liability, so that indiscriminate collection is no longer beneficial. Again, working in healthcare IT, I've seen how such laws disincentivize indiscriminate data collection.

But to get there, we need to push for real regulation of data gathering, and that's where privacy advocates like the EFF have been falling down. I recommend you read the Slate article I posted earlier - it was written by a former EFF staffer who points out how they and other privacy advocates have reacted with great speed to government data collection - and how that contrasts with how hands off they have been with regards to private data collection.

Finally, the tech community needs to stop reacting to regulation like a vampire reacts to sunlight. In light of all the abuses seen in the tech industry, it comes across as less "principled position" and more "we think we shouldn't be ruled."
posted by NoxAeternum at 10:29 PM on January 31, 2020 [1 favorite]


I read that article.

I'm reminded of something I used to hear a lot when the group 'anonymous' was 'big': 'anonymous isn't your personal army'. That resonated with me because many of the other critiques I've heard about the EFF are very much along the lines 'why didn't they do this thing I wanted them to do, they can go to hell.'

I can understand that you may have the position that data gathering by private companies is the greatest risk to our civil liberties; and apparently those aren't the EFF's priorities.

Personally I think sunlight isn't a perfect disinfectant, but it's a great one. I'm super happy that the EFF did this research and published their findings. I imagine that everyone assumes that Amazon data-mines the hell out of data it has access to (Ring data in this case), but I also imagine they'd be surprised to see their security hardware/software giving data to third parties. While thoughtful legislation could help (people in one country where that legislation is passed), I also think that market forces could help change the behavior of this company (who, unlike google, isn't in the *sole* business of violating privacy). Hopefully this report and information (which the EFF provided) will help change the company's behavior.

Personally I'm even more troubled by the relationships Amazon has been building with police (data that could be shared even if there were restrictive commercial data-sharing prohibitions). Ring is creating a public/private partnership that seems to be resulting in a defacto panopticon.
posted by el io at 11:04 PM on January 31, 2020 [1 favorite]


I also think that market forces could help change the behavior of this company

Literally, when has this ever happened wrt privacy?
posted by PMdixon at 6:55 AM on February 1, 2020


"Literally, when has this ever happened wrt privacy?"

The new Microsoft Edge?
posted by el io at 9:42 AM on February 1, 2020


I'm reminded of something I used to hear a lot when the group 'anonymous' was 'big': 'anonymous isn't your personal army'. That resonated with me because many of the other critiques I've heard about the EFF are very much along the lines 'why didn't they do this thing I wanted them to do, they can go to hell.'

I can understand that you may have the position that data gathering by private companies is the greatest risk to our civil liberties; and apparently those aren't the EFF's priorities.


Just like when Anonymous used the statement, this is not an actual argument, but just a dismissal without actually facing the actual content of the criticism being leveled. People are pointing out that the EFF's rhetoric around privacy and their actions with regards to private data capture are incongruous, and want to understand why. And dismissing such inquiries tends to lead credence to the idea that the answer is something that the EFF would rather not discuss - like the fact that they receive significant funding from the very companies who are heavily engaged in private data collection.

Which comes back to your statement of taking issue with the idea that the EFF is compromised - do you have any argument as for why such concerns are unfounded? My position is simple - if you look at the EFF's positions a hole becomes quickly apparent, defined by moving to actually direct regulations at the tech industry. Furthermore, there's the fact that the EFF is heavily funded by those very organizations through things like donation matches for employee donations. This very much looks like the EFF has been captured, and as such works to push people away from the idea that the tech industry should be regulated. This is a serious problem for all advocacy organizations, because of the nature of their funding, and it can't be answered with dismissal.

Finally, you bring up trying to use "market forces" to move companies like Amazon to end indiscriminate data collection, but equate doing so to a form of public shaming, that exposure would be enough to get them to change course. My whole argument throughout this has been that public data gathering is currently driven by those very market forces, in particular the fact that there is little downside to doing so (and public shaming will do little to change that.) As I've said before, if you want to get market forces to work in your favor here, you need to change the calculus for the value of data, and the most effective way to do this (as seen with HIPAA) is to make data a liability to own, so that its value is counterbalanced to cost. But you can't do that just through private action - that will take government regulation to do, because the government is the one entity that can counterbalance large corporate interests.
posted by NoxAeternum at 11:24 AM on February 1, 2020 [4 favorites]


The new Microsoft Edge?

How new? The MS Edge in my recent laptop is something that I have to keep stopping from running as a background app, because it keeps turning itself back on. When it's on, it collects bunches of information about my browsing history and the like. If that's an example of a company responding to public pressure in favor of privacy, I'm not impressed.
posted by Kirth Gerson at 4:58 PM on February 1, 2020


I think we can coherently be critical of the EFF, Ring and "market forces."
posted by aspersioncast at 4:57 AM on February 4, 2020


The new Microsoft Edge?

Do you mean that it has basically the same features as Mozilla because Microsoft doesn't make its money off of being one of the two online advertisers that matter? If you do, I reject that as relevant to what we're talking about. 1 player matching another player when in both cases it disadvantages the largest player in the space is in no way shape or form an example of all players doing something that would disadvantage themselves because the privacy violation is a major income stream.
posted by PMdixon at 5:04 AM on February 4, 2020


I should clarify that when Edge is running as a background app, it collects all that data even though I never open the browser and use it. Does the data just sit on my computer, or does Edge think it should send it somewhere to enhance my experience, or something? I have no way of knowing.
posted by Kirth Gerson at 5:47 AM on February 4, 2020


« Older The Little-Known History of Palestine's First Rock...   |   One for Your Anxiety Dreams Newer »


This thread has been archived and is closed to new comments