One of the sadly funny things about watching the politics of this play out is that the folks that traditionally blame the government are all up in arms about the government tracking you. But they seem fine with corporations tracking you. The other bunch, which traditionally blame corporations are all up in arms about corporations tracking you. But they have no problem with the government tracking you.
And for all of that fighting, it never really mattered. The fact is it doesn't matter who tracks you, the information is available to all parties. You're being tracked.
Cross-reference this pile of tracking information to cell phone records, which can locate you within a few dozen meters at all times, and you have a surveillance system Orwell himself could never have dreamed of. It's beyond any state-ran security system ever put into place in the history of the world. Yet we all sit idly around as if none of it matters.
And for all of that political fighting about privacy and anonymity, it never amounted to anything.
Amazing.
Side note: As a movie buff, I've seen lots of dystopian movies set into some far future where the state has taken control over people's lives. Our hero somehow manages to fight the system.
What they never really cover is what happened. How exactly did people sit around and let this happen? Didn't they see this terrible future approaching?
Now I have the answer. Yes, some folks saw what was happening, but the vast majority didn't see an immediate negative impact in their lives, so they didn't care. The rest of us were just -- overwhelmed by events. Threats came from multiple and unseen directions and kept coming until we couldn't fight them. People who owned the data were careful not to share the scariness of what they were doing with the common man. Privacy and anonymity advocates were labeled scaremongers.
> But they seem fine with corporations tracking you.
Not only that. Govt also at some point figured out that if it use private companies to do the tracking for them, they can bypass all kinds of "nasty" constitutional barriers.
Govt agencies for ex. have tap into Choicepoint. How they use it I don't know exactly but it's there.
EDIT: I often slightly modify my name or other info when submitting to these companies and then see when it comes back later as spam. For a while a had a spreadsheet for each variation, but now I've given up, maintaining it.
While I'm not happy about the idea, I submit that we've tipped over a scale within technical surveillance - the same irresistible forces that are reshaping the content industries are hard at work reshaping our concepts of available privacy. It's just too cheap & easy, and getting much easier, and people want to do it (badly).
Part of a subsequent response should be transparency. For example, an organization accumulating health-related data on you should not be able to in surreptitiously influence (directly or through data brokerage) your ability to get health insurance.
Such information asymmetry, in the hands of large, powerful self-interests, is something we should seek to mitigate.
Seems like the best way to combat this "always on" surveillance is not by hiding signaling behavior, but by generating noise. If you intentionally create lots of bad data, you reduce the value of the data to the people buying it and using it.
And to think that this article doesn't even touch on the ability marketer's have to track you across multiple devices, locations, and other insight that Facebook allows.
I believe we're at a point where a legitimate proof of concept could emerge where given a first and last name of a person, one could theoretically track a person's location and browsing behaviors for an indefinite amount of time. Granted, it would require that the person not clear their cookies, grant geo-location on their phone and that you have a bit of money to ensure you win enough ad impressions in that time period. The takeaway would show that people aren't as anonymous as they think they are and that with enough money and motivation, someone could gain valuable insight into your behaviors.
Correct. But even without their permission their phone will transmit it's location to the nearest celltower. Also, in my country we have CCTV-camera's along all major roads with licenceplate-tracking. Public transport requires a chipcard with login. I feel so much safer...
Is it so wrong that I... don't really mind? I feel bad admitting that, but I actually think it's kind of cool. Marketing is moving beyond "generically spam this to millions of people in this 'demographic'" to actually giving me personalized advertisements that I actually might be interested in.
I treat it the same way as I treat the rest of my online identity: if I'm doing something I want to be anonymous I take steps to make it that way, such as using a throwaway account with cookies disabled. I recognize that when I buy store loyalty cards, I'm giving them access to my purchase patterns.
It's a trade-off I make, and I don't put the responsibility for that decision on anyone but myself.
My first brush with this, was near my 16th birthday, in 1994. Gillette sent me a free razor. I had never bought anything from Gillette, and neither had anyone in my family. Yet somehow they knew I was in prime shaving time, and they were smart enough to send me this birthday gift.
Their reward? I've been shaving with Gillette for almost 20 years. A back of the napkin estimation is that initial free razor got them about $500 worth of business in blades (and I don't even shave very often).
I have no idea from where they got this data - but this sort of thing has been going on for a lot longer than people think.
Even back in those days, many products came with "warranty registration cards" which would ask for your name, address, DOB, and other demographic data. It had nothing to do with warranties, it was to collect information about who bought the products for use in further marketing campaigns. And that information was bought and sold (probably on 1/2" magnetic tape reels) even then.
In 1978, you were a newborn male baby. A data broker identified you through your birth record, parents' buying habits before and after you were born, etc. And the tracking began. . .
Would that even be legal in the EU? “Upscale furniture store Restoration Hardware said that it had sent "your name, address and what you purchased" to seven other companies, including a data "cooperative" that allows retailers to pool data about customer transactions”
The long answer is a bit more complicated by it will result in the same answer. Companies in EU can send data over to NA to have it "processed". Once there, the data is outside the protection of EU law, and can be sold without hindrance.
Saying it is indeed possible is akin to say that "tax evasion is possible".... possible yes, legal, I don't think so
My understanding of my (EU) country law is that you cannot send data outside the EU to have it processed if the data is deemed "sensitive".
Even if you are allowed to export it, you have to guarantee that data won't sold once it has left EU.
For patient data, there are some exceptional laws in some countries. While I hope it does become EU law someday, we are not there yet. I have never heard of any laws that allow one to export data but then to give some guarantee that the data won't be sold. Source?
But for the general case (ie a normal business venture), people are already using services that will exploit/refine any personal data being sent there. Gmail is one, but Facebook is a better example. Facebook will use the data even if it about someone who aren't a Facebook user. Cloud services could be doing things, but I am not sure its true in practice yet. Mobile apps are already getting and selling data, and has a long history of doing exactly that.
Webshops that use paypal are sending their customer data to paypal. If one read their privacy policy, one can see that they use the data to: a) compare information and verify it with third parties. b) Send to companies that perform marketing and "other services" for paypal. c) Send aggregated statistical data to their business partners. d) send any data to eBay Inc. corporate family—like eBay, Skype or Shopping.com (https://cms.paypal.com/au/cgi-bin/marketingweb?cmd=_render-c...)
That PayPal data almost certainly also goes directly to Palantir (another Peter Thiel company), to be added to the vast corpus of information they (and by association the three letter agencies & DoD contractors) hold on you. Palantir arose from the anti-fraud work that PayPal was having to do 10 years ago and is now supposed to be a big deal in data mining for govt, defence etc. Want to bet that they have quite a few "exceptional laws" on their side?
Except that Gmail and Facebook are US companies.
I tend to think that using a belgian/czech/italian (you get the idea) website, my data couldn't be easily exported/sold outside the EU.
I am currently building a data crunching company in the EU. I chose, both from a legal and marketing standpoint, not to export any of my (customers') data outside of EU. In fact, I chose not to export any data outside of my country's borders.
It simplifies (a bit) my legal paperwork, but it also serves as a marketing claim along the tune of "we are doing no evil with your data, and not putting them into the hands of anyone else".
Though, the last time I read a report on the audit of Safe Harbor[2] and US companies that say they abide by it, I decided not to recommend trusting our data to US companies.
It is illegal in the EU to transfer data out of the EU without this safeguard, done variously by contract (EU model contract), two party agreement, assessment of adequacy, or approved safeguards (safe harbour).
Of course, in our modern world of cloud computing even in the EU people place their data willingly beyond the reach of EU law. However, even cloud companies are sometimes inside its scope because of where their offices exist:
The only real way to avoid most of this is to not use loyalty cards (thus pay the marked-up prices) or to give ficticious data when you get them, and change them frequently. Never use a credit card with your loyalty card, they will be linked... pay cash for everything... don't use online services... don't use mobile devices.
I once thought about making a proxy server that would randomly change HTTP request headers (user agent etc...) enough to make you appear to be a different person with each request.
But I suspect service providers (Facebook etc...) would find a way to adapt and it would just result in an arms race that would leave HTTP in a state of disarray.
Health insurance companies could purchase loyalty-card information from grocery stores. Want to know if someone is always eating trans-fats and smoking? There we go.
Want to know how much booze someone is purchasing per week?
The possibilities are endless, and I am sure this has already been thought of many years ago.
And for all of that fighting, it never really mattered. The fact is it doesn't matter who tracks you, the information is available to all parties. You're being tracked.
Cross-reference this pile of tracking information to cell phone records, which can locate you within a few dozen meters at all times, and you have a surveillance system Orwell himself could never have dreamed of. It's beyond any state-ran security system ever put into place in the history of the world. Yet we all sit idly around as if none of it matters.
And for all of that political fighting about privacy and anonymity, it never amounted to anything.
Amazing.
Side note: As a movie buff, I've seen lots of dystopian movies set into some far future where the state has taken control over people's lives. Our hero somehow manages to fight the system.
What they never really cover is what happened. How exactly did people sit around and let this happen? Didn't they see this terrible future approaching?
Now I have the answer. Yes, some folks saw what was happening, but the vast majority didn't see an immediate negative impact in their lives, so they didn't care. The rest of us were just -- overwhelmed by events. Threats came from multiple and unseen directions and kept coming until we couldn't fight them. People who owned the data were careful not to share the scariness of what they were doing with the common man. Privacy and anonymity advocates were labeled scaremongers.