Can’t Drive 55? Blame TomTom

People love to drive fast.  The police love writing speeding tickets to people who do.  Fact of life in the driving age.  So upon hearing this morning’s story I had to chuckle.  You see, the fine folks who make the GPS units known as TomTom have been selling their data to the Dutch police.  The Dutch police have been using the data, primarily the speed of driving data, to set up speed traps throughout Holland.  When people found out about this, they were not amused.  And TomTom publicly apologized for the sale. 

Now before we go any further, according to TomTom, the information is totally anonymous.  The speed data is used  by TomTom to help people avoid bottlenecks, accidents and school zones. And in a world of fastly shifting revenue streams, as more smartphones offer GPS navigation service, TomTom has been forced to compensate for declining profit by increasing sales in other areas, including the selling of traffic data to government sources.

The traffic data helps police and government planners know where the usual bottlenecks and safety problems are so they can plan accordingly.  But the side effect is that data also lets you see the areas where people speed.  The police are unable to see just who was speeding, only that there is speeding occurring in certain places on a consistent basis.  When you know that, you know where to set up your speed trap.

The main concern here is about privacy.  Even though TomTom has said the data is completely anonymous, in the world of data, it rarely is.  It’s not hard to fathom a scenario in which data supplied by TomTom could be used to figure out sensitive information about its users, such as where they live and work.  All it takes is someone dedicated enough to do so.  That is why people are upset. 

Of course, drivers in the US have had the site speedtrap.org to let them know where the usual speed traps are.  The site has been up for years and provides you with exactly where the police regularly set up their speed traps.   No GPS unit required for that one.  Just good, old fashioned information sharing on the message boards.  The thing the internet was originally set up to facilitate. 

I Will Not Be Ignored, Steve…

Q: Steve,

Could you please explain the necessity of the passive location-tracking tool embedded in my iPhone? It’s kind of unnerving knowing that my exact location is being recorded at all times. Maybe you could shed some light on this for me before I switch to a Droid. They don’t track me.

A: Oh yes they do. We don’t track anyone. The info circulating around is false.

The hew and cry that has circulated around the fact that the iPhone is indeed recording your approximate location has increased in the last few days, and during this time, Apple has kept relatively quiet.  So someone decided to ask Steve directly.  And as always, Steve’s brief answer asks more questions than it answers. 

Of course there has been the blowback that Android does it too. Yes, Android has been shown to also gather location information, but the database is limited to a much smaller list of entries and is regularly wiped by the system. But to use Steve’s own logic, Google is not tracking you either. 

So, no one is doing anything with that unencrypted by default database on my phone showing basically where I’ve been.

So, why is it there?

Of course all of this could easily be bypassed with some simple common sense.  Over the last ten to fifteen years, our privacy has morphed due to all the wonderful little gadgets out there that allow us to be the attention whores we have become.  Some of us, however, still cling to the notion that what I do, where I go and what I think is no one’s business but my own.  And there is a large number of us that really do not like the idea that people, companies, and governments are just getting bits and pieces of our lives without out immediate knowledge.  So I propose to all companies out there a simple solution.  You want to know how I am living my life?  You want to know everything about me, even the bits you really didn’t want to know? 

Pay me.

Money soothes a lot of psychic wounds.  You offer enough cash and people will allow you to set up cameras in their bathroom.   Call it “The Magic Christian” effect.  After all, Steve, you are making money off knowing more about me; all I am suggesting is a real time partnership.  You pimp me out to as many companies as you want, and I will live my life like a Kardashian.  You want to know more, pay me more.  I know, why buy the cow when you’re getting the milk for free, but time’s are changing, Steve.  The more people come to dislike the fact that this is being done without their knowledge, the more my little scenario will make good business sense. Why face a revolt, especially in times like these? 

Why Apple Is Your Psycho Ex

Ah yes, the Ex who had to know everywhere you were going.  Some of us have had the displeasure of dealing with someone who feels as if they have to track our every move.  But I bet you didn’t think that it was Apple .  You see, in the Guardian today there was a really great story about how Apple keeps tabs on where you are and when you were there in a secret file on your iPhone (and iPad) that hooks up with a file on your computer when you sync your files.   

How bad is this? Let us start with what is tracked by going to radar.oreilly.com where they first broke the news: 

All iPhones appear to log your location to a file called "consolidated.db." This contains latitude-longitude coordinates along with a timestamp. The coordinates aren’t always exact, but they are pretty detailed. There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there’s typically around a year’s worth of information at this point. Our best guess is that the location is determined by cell-tower triangulation, and the timing of the recording is erratic, with a widely varying frequency of updates that may be triggered by traveling between cells or activity on the phone itself.

Up to a year’s worth of unencrypted information.  Yes, unencrypted.  Which means that basically anyone could get in and see.  That is not good from a privacy standpoint.  Now, the cell phone companies all ready have this information available to people in the law enforcement sector, but in order to get it, they need a court order to do so.  If the information is on your phone, well, what’s to stop a techno-savvy officer from “accidently” seeing what should not be seen? 

Of course, the first rabid argument is that Google tried it first.  Oh, yes, the great Googly-Moogly tried the “Latitude” system, which allowed people to enable their mobile to give out details of their location to trusted contacts and ran afoul of privacy mavens for that as well.  But here’s the slight but most important difference: Google allowed you to opt into the service.  If you wanted to let the world know where you were in your private reality show, you could.  With Apple, there is no choice.  You are being tracked, whether you like it or not.  And so far, Apple ain’t talkin’.  No word as to why this was created or if this can be disabled.  So there are various theories as to the whys and wherefores, which comes back down to marketing and advertising. 

But in case you want to get mad about this, you may well be out of luck, as you forgot that ever present 15,200-word terms and conditions agreement for Apple’s iTunes program, used to synchronize with iPhones, iPods and iPads.  In it  is an 86-word paragraph about "location-based services".

“Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.”

In other words, you might want to consider alternatives in handsets if you want to keep your life private. 

Epsilon Data Fail

Last week I received a message from my usual grocery store. I have an affiliation card with them, you know one that allows you a few cents off products in return for them getting information from you concerning your buying habits. The message was letting me know that it was possible that my email address had been taken from them. An e-mail hack, I thought.  Great.  Something else to watch out for.  At least that was all it was, I thought.  Then came the same message from another affiliation card.  Then another card.  Then the bank that I have a credit card with.  Then the phone company.

That is when I started to be very concerned, which is a nice way of saying I was on the phone asking questions and trying to keep from yelling at the harried but polite voices on the other end of the line.  Apparently, I was not the only one. You see, I am part of what appears to be the largest breach of data in US history.  And now I am going to be watching my e-mail very carefully over the next few months, because I am now at a high risk for phishing and other scams.

OK, here are the particulars.  When a company gets your e-mail address as part of an affiliation card or customer account, they do not just sit on it.  They use it to contact you concerning any offers they have pending or any type of general information.  But they do not do this in-house.  They use an outside company to do that, like a company called Epsilon.  So if someone should hack into a company like Epsilon, they are able to get information about a lot of customers over a range of companies, not just about people who shop at Kroger, for instance. 

That is exactly what happened.  Epsilon, which provides marketing services via email to about 2,500 companies, put a warning on its website on Friday stating that its systems had been “exposed by an unauthorized entry” into its email system.  It is not yet known who perpetrated the attack, which US law enforcement agencies have begun investigating.

“The information that was obtained was limited to email addresses and/or customer names only,” Epsilon said in its statement. “A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.” Other information, such as passwords or credit card details, are not thought to have been exposed, but never the less, this is a huge hack. 

How many people are affected?  Given the number and names of the companies that use Epsilon (Kroger, Marriott Rewards, US Bank, JPMorgan Chase, Capital One, Citi, Walgreens for starters), it could be millions.  And out of those millions, it only takes a handful of people to fall for a phising expedition to make money for criminals. 

What to do in the interim?  Double check your emails and do not just click onto a link, especially if it is a company that is a part of this breach.  You may also want to change your current account e-mails to another address for these companies.  A pain in the neck, certainly, but it beats dealing with the aftermath of being scammed.

Come Sit By Me Some More

Yesterday, I was talking about Facebook Commenting and being anonymous vs. being private.  Apparently there are a few other people out there talking about this as well and with everyone talking, there is a valid discussion about the two going on.

Yet no one is talking about the one thing everyone should be looking at.

First, as I have said in several posts about the subject, anonymity is a good thing to have on the internet.  It gives people who, for whatever reason, do not have a voice, the ability to be vocal.  For those folks, if being anonymous is the only way you can rock the keyboard, rock on.  But the concept of being anonymous is tricky at best. For every political or social dissident out there that needs anonymity, there are a hundred rabid fan-bois who are simply afraid to man up and publicly embrace their inner troll. As Felix Pleșoianu, one regular commenter to this blog said, “You can’t have a magical fire that can heat but not burn.”  To that, I whole heartedly agree. 

My agument was not about dissidents, however.  It was against people who feel that in order to be “authentic” on the web, you need to be like an internet version of the United States of Tara, and that it was perfectly OK if everyone you knew realized that you were basically a nice guy, but could be an ass under certain conditions.  Happens to me all the time.   

But I also touched on a point yesterday that people should be looking at.  By turning you comments over to Facebook, you are missing more than just random shouts of “Microbloat”, Bloat Farm” or “Epic Fail”.  You are giving data over to Facebook.  Data that can be mined, sliced, diced and sold to the highest bidder.  After all, when Facebook knows what you like, that’s one thing.  When they know why you like or dislike something in your own words, that is another.  Plus, by forcing your name into the comments, they knew that most of the “Epic Fail” crowd would be weeded out, giving them more relevant data without so much of the cost of weeding out the trolls. 

Besides, everyone should realize that there is a way to keep yourself private while continuing to troll.  Just get yourself a different e-mail account, and create a new Facebook identity that has no connection to your current one and troll away.

If You Can’t Say Something Good About Someone, Come Sit Next To Me.

Last week, Facebook launched Facebook Commenting, which means that on many websites, if you have a comment to say about an article, you need to be signed into Facebook to do so.  This means that everyone in your social circle can read what you have to say about matters.

Comments about this have been, well, somewhat muted.  To some, the stripping away of anonymity in comments is a horrible thing.  To others, it has been as if someone opened up a can of “Troll-Be-Gone” and disinfected the comments. While I do not like using Facebook for comments because it is really whoring out FB by forcing people to sign up if they really feel positive/negative about something, this can be seen as a good thing.

Of course, having all your friends and family see what a jackass you really are when you go off on your Apple fan-boi shoot-from-the-hip comment drive-by can put a damper on your fun (EPIC FAIL!!!).  But really, didn’t they all ready know this?  Come on, if you troll comment logs, you probably troll in real life.  It’s just that no one has sat you down and told you so.

Now, some people, like Steve Cheney at Posterous claim that this decreases your “Authenticity”. Quite the contrary.  It forces you to own up to your words.  It makes you think before you hit the ‘send’ key.  At least it does for some of us.  If you have to hide behind an anonymous façade in order to make snarky comments with no real redeeming value to the rest of the thread, then frankly, you don’t deserve to make comments at all.  And if you are one of those people who do not care who knows what you are saying, then you are probably more authentic than most.  It takes a certain amount of personal bravery to “go there”.  Because going there means defending your position, regardless of how many people you may offend, Grandma included.  Being authentic does not mean showing different faces to different people.  If means showing the same face to everyone all the time.

I have a seat next to me if you need to sit and ponder that.

The Internet Never Forgets

A little over a year ago, I wrote a post about the European Union debating a bill that would give net users the option to have old data about themselves deleted.  France’s President Sarkozy said last year: “Regulating the Internet to correct the excesses and abuses that come from the total absence of rules is a moral imperative!”  Strong words.  France’s leadership at the coming G8 summit also signifies more dialogue, as Sarkozy hopes to discuss the right on an international stage.

I mention this again, because in January of this year, Google refused Spain’s request to remove 90 links concerning certain plaintiffs. Many of the links Spain wanted to remove included newspaper articles and information from public record, often painting the plaintiffs in a bad light. Besides arguing that the process would be “expensive” (as every company does), Google argued that such a request would violate the “objectivity” of the Internet search.

The problem is that both the President of France and the corporate entity Google are right.

Now many of us have had a moment (or two) where we are less than perfect.  The only problem is that these days, those moments can be captured and placed on the net for everyone to see, forever (or close to it).  A “right to forget” law could stop us from being permanently held to ransom by unguarded actions from our past. Point for le President.

However, if that memory is currently part of a public record; i.e., newspapers or courts, then any researcher has a right to be able to find such records.  To “forget” is to destroy the entire idea of archiving. Point for le Google.

As I originally wrote, this whole idea becomes complicated when going beyond the personal.  In the case of corporate personhood, this could possibly be used as a tool to whitewash the past.  Union Carbide and Bhopal India?  History to be remembered or an embarrassing “corporate moment” that should be left in the past?  As someone once said, “Laws are not made to be broken, they are made to be interpreted.”  Given a poorly written law and room full of smart lawyers, you can start to see where history could be rewritten because certain things could no longer “exist”.

While I have had more than my share of bad moments, I will grudgingly own up to them.  Mainly because I know that while some people never forgive, the fact is, for now, the internet never forgets.

It’s A Festivus Miracle!

Today is Festivus. In accordance with tradition, I submit my 2010 Airing of Grievances. The following have disappointed me over the past year, in no particular order:

• Carol Bartz for still not figuring out what Yahoo is, $@#$#%#^^$%!!!!!!!!!!!. Of course no one else has either, but really, she is the head Hooligan, so she should have some idea.
• Steve Jobs for not allowing Chris Chang’s company to make a really cool action figure of him. Yeah I know, someone would put a mini Darth Vader helmet on it and then make a viral video which would piss him off to no end. But really, Steve, I promise I wouldn’t skewer you too much.
• Ray Ozzie for not gathering the Microsoft developers French revolution style and storming Ballmer’s office for cancelling Courier. Of course I get the fact that Ray didn’t want his breast exposed as in the painting. But still, it would have been awesome.
• Every single TV maker in the world. 3-D. Really? After all these years and the only thing you can offer as an advancement in 3-d technology is polarized glasses? Really?
• Google. Before rolling out Google TV, don’t you think it would have been a really keen idea to get the networks to buy into it?
• Apple. Ping. The less said, the better.
• Airlines that think that voice recognition is really cool. It isn’t. It’s annoying. I have to say the same thing five times before the system recognizes it, or else do my impression of Lillith from Frasier.
• The TSA. Come on guys, I’ve been looking for a real good grope, and nothing. Am I that undesirable? I feel cheated.
• People on Facebook who immediately are up in arms when a change is made to the system. There’s a life out there. Go get one.
• By that same token, Facebook. You know if you set everyone’s privacy to the highest and let them decide to open themselves up, you wouldn’t have so many people out there screaming. Just a thought.
• Apple again for pretending to be East Germany over losing an iPhone, complete with Stasi-like raids in the middle of the night.
• Steve Jobs again, this time for telling left handed people that the iPhone is perfect and they are not.
• Viacom, for still continuing with a lawsuit that has been thrown out of court once.
• Microsoft for allowing Kin to see the light of day.
• Telecom companies that have made a standard like 4G a marketing tool. When you do things like that, then we know you aren’t telling the truth about anything, OK?
• And finally, to politicians who decry Net Neutrality really loud. Please to note that those who cry the loudest are the ones who have received huge amounts of money from the telecom companies. I still think that our legislators need to wear NASCAR jumpsuits with patches of the companies and groups who have sponsor them. Now that would be transparency I could get behind.

Die, Cookie, Die!

Ah yes, cookies that refuse to die.  Delete them, they come right back.  All your privacy fears on display.  And Apple is in the middle of it.  Surprised?  Don’t be.  Job’s total embrace of HTML 5 is what got the ball rolling. 

According to ArsTechnica, RLDGUID, which is a Safari database, has been popping up more and more on iOS devices.  A Safari database is just another name for some of the client-side database storage capabilities of HTML5. It allows a website to store information locally that can be pulled at a later time.  It makes pulling pages faster.  And while it is called Safari, Chrome and Opera uses the same process. 

Apparently it was put there by an outfit called Ringleader Digital, and is a special HTML 5 cookie that operates completely out of sight.  Ringleader Digital is a mobile advertising company which offers a targeted service for its clients.  RLDGUID stands for Ring Leader Digital Globally Unique ID, which is how Ringleader Digital identifies your mobile device when tracking you.  Ringleader says it only collects "non-personally  identifiable" information, such as:

• browser identifiers
• session information
• device type
• carrier provider
• IP addresses
• unique device ID
• carrier user ID
• web sites visited

Not much at all, really.  After all, its not asking for your name, Social Security number, Bank account and mailing address.  Just some “stuff”.  From ArsTechnica:

"Whether that amount of information is truly "non-personally identifiable" when pieced together is one of those topics that is constantly up for debate. A device ID and type, combined with IP address and sites visited could be combined to finger users for all manner of embarrassing things. Regardless, you’ll soon find out why what the company says should, at the very least, be suspect."

The fact is, the above information pieced together certainly can identify you to any authority whosoever wants to know.  It’s what is known as a trail of breadcrumbs.  While it doesn’t scream your name at first glance, someone determined enough can track you down. Considering that IP addresses are used in P2P Piracy lawsuits, that someone doesn’t really need to try all that hard. 

"But wait," you may interject, "I can delete it."

No, you can’t.  The fine people at ArsTechnica tried.  And failed. Again from ArsTechnica:

"When we deleted the RLDGUID databases on our phones, we found that it would instantly re-spawn with the same unique identifier we were previously assigned. It’s pulling that ID from somewhere—likely a different Safari database generated by another Ringleader Digital partner site, or a traditional cookie working in conjunction with the database. We found that clearing cookies and the Safari databases still resulted in a recreation of the database with the same ID."

So how does one rid themselves of Zombie Cookies?  According to Ringleader, you can opt out.  Just go to the site and do so.  Only one small problem.  It replaces one cookie with another.  And it does not stop Ringleader Digital’s partner sites from recreating the cookies and Safari databases with a new persistent RLDGUID.

Ringleader’s response?  "Trust us. Once you opt out, you’re out."

My response:  "Yeah, right."

It would be remiss to say that Ringleader Digital is the only company out there that is using this procedure.  If you have an iPhone, iPad or such, you may note  a similar database named QWAPI—Quattro Wireless API.  If that sounds familiar, it should.  They were bought by a large, well known  company at the beginning of this year.  The company that bought QWAPI?

Apple.

Now hush and eat your cookie.

WordPress Tags: Privacy, Cookies, Zombies

Now Playing: The Cranberries – No Need to Argue – Zombie

Place Your Bets

I’ll cut to the chase.  What’s the over under concerning Facebook’s new Privacy settings?  How long before ‘ole Zuck and company decide to change the rules of the game yet again?  Six months?  Eighteen?

You know he will.  He has before.  A couple of times.  And each time, there is a hue and cry from the public and they take a slight step back.  Not a whole step.  Just enough to calm some of the fears. And once everyone has settled back into playing Farmville, they do it again.

But there are a couple of things in this year’s revision that I do like.

• You can hide information from the past. By shifting your information to “Friends Only” you can prevent previous status updates from being made public. By making settings that work for all information, users should now be clear about what is public and what isn’t.
• You can hide your friend’s list.  One major upgrade is that users’ friends lists can now be made private. That means applications and other third-party developers will not be able to find out who your friends are. Additionally, all friends can be made private which means anybody who found your Facebook profile through Google can be prevented from finding out who your friends are.  Big plus.
• You can opt out of Applications.  If I read it right, I will no longer have to hear about Farmville, Psychotic Aquarium, Pet Store of the Damned or any of the other games I never play.  That right there would be more than enough to keep me on Facebook.

However…

• Much of the information is still public be default.  Of course it is.  Banking on the stupidity of people is actually very profitable.  Just ask politicians.
• Instant Personalization is still an opt-out.  Of course Facebook says it will be easier for a person to opt out.  .  Yeah, and IKEA says it is real easy to put together one of their bookshelves.  We’ll see.
• Items will be rolled out over the next few weeks.  OK, so are you going to tell people when a new feature has been rolled out?  I’m thinking not, but I may yet be surprised.

While it is a step in the right direction, one is left to wonder which direction the next step will be taken.  And how soon we will have to do this dance again. 

Place your bets…

WordPress Tags: Facebook, Privacy

Now Playing: Viva Voce – The Heat Can Melt Your Brain – Business Casual