Friday, February 19, 2010

pleaserobme.com: The Dangers Of Locational Tagging In Public Twitter And Facebook Feeds

A website was created by some Dutch Internet Developers that showed when people were away from home based on Twitter and other feeds. The developers set up the site in only a few hours - they want it to warn people about the dangers of geopositioning public posts on social networks.
"The site took developers just a few hours to create after thousands began posting updates about where they were in the online social game Foursquare, which is based on a person's geo-location in the real world.

In Foursquare, a free application accessed through mobile phones, people send messages to friends and other players, including via Twitter, to say where they are. The more updates people give, the more places they visit, the more points they get. In some cases players "check in" at their own or a friend's home, giving the exact address.

There are several similar online applications, such as Gowalla, Brightkite and Google’s Latitude service.

The developers, Boy Van Amstel, Frank Groeneveld and Barry Borsboom, said that they did not want to encourage criminals, only to remind people that sharing information on the internet carried risks. "
- Times Online - PleaseRobMe website highlights dangers of telling world your location
----

Time - Please Rob Me: The Dangers of Online Oversharing

UK Press Association - PleaseRobMe website makes a point

about.com - PleaseRobMe Demonstrates How Careless We've Become With the Web

Thursday, February 18, 2010

Use Gmail? Read This! (Major Privacy Leak From New Google "Buzz" Service)

"One problem that immediately caused concern was Google's decision to automatically give users a ready-made circle of friends based on the people they most frequently e-mailed. Unless users changed settings in their profile, this list could automatically be made public, allowing anyone to see who a user corresponded with most frequently. [P]rivacy experts immediately pointed out this could cause problems for journalists, businesses or even people having an illicit affair." - BBC

""If I were working for the Iranian or the Chinese government, I would immediately dispatch my internet geek squads to check on Google Buzz accounts for political activists and see if they have any connections that were previously unknown to the government," [Evgeny Morozov] wrote."
- Andrew Sullivan - Google Fail

READ THIS ONE:

Cnet - Google Buzz: Privacy nightmare

BBC - Google admits Buzz social network testing flaws

Foreign Policy Magazine - Wrong kind of buzz around Google Buzz

----

Go into gmail

Top right corner - click settings

Choose "Buzz" - right most link in settings

You will get the following menu:

Display following lists:
Show the list of people I'm following and the list of people following me on my public
Do not show these lists on my public Google profile

Buzz choices:
Show Google Buzz in Gmail
Do not show Google Buzz in Gmail
This will only hide the Buzz tab in Gmail. You'll still be able to use Buzz on your phone. Your connected sites will continue to create new posts in Google Buzz.

Disable Google Buzz
This will disable Google Buzz in Gmail and delete your Google Profile and Buzz posts. It will also disconnect any connected sites and unfollow you from anyone you are following.


I chose Disable Google Buzz

When it has been tested properly - then i'll use it

Tuesday, February 9, 2010

Message Dissonance - youtube launch vs sexting fail [was: WTF Giambrone]

Adam Giambrone has had big ambition for a long time. He then has a dalliance and leaves a trail?

Even if he was only having a texting (or sexting) relationship - in my opinion - the fact that he didn't take more care to insulate himself is problematic. Especially for a guy who launched his electoral bid with a youtube video to show how hip he was to new media and our new electronic age.

In political parlance (and marketing) we call this message (cognitive) dissonance.


"Cognitive dissonance is an uncomfortable feeling caused by holding two contradictory ideas simultaneously. The "ideas" or "cognitions" in question may include attitudes and beliefs, the awareness of one's behavior, and facts."

"Dissonance normally occurs when a person perceives a logical inconsistency among his or her cognitions. This happens when one idea implies the opposite of another. For example, a belief in animal rights could be interpreted as inconsistent with eating meat or wearing fur. Noticing the contradiction would lead to dissonance"

- Wikipedia - Cognitive dissonance

I expect this incident will sink Giambrone's bid for mayor this time. In 1-2-4 years, he'll be back and will be forgiven.

As a former political staffer (and lifelong political activist) who buried bodies and/or held the light for others who were doing the deed... the sheer incompetence of his handling of this causes me substantial pause.

I say all of this as a person who has met Adam Giambrone, liked him, and thought that his youtube campaign launch video was brilliant (and funny). I am very sad that this has all occurred.

Not that my opinion really matters - I live in the prairies.

----

Just to drag this blog kicking and screaming back from the Giambrone pile-on, this episode, from a privacy standpoint, shows how easily a person's privacy can be violated. How easily something assumed to be transitory as a text message turns into something permanent.

(FYI - I am also an instructor for a technical institute. I also do lectures for youth and schools [and parents] on safe computing)

I have talked about privacy and permanence of record with teenaged girls that have webcammed. They seem to think that their camming sessions are gone as soon as they are done. WRONG!!!! The record is often permanent (you can record or log any data stream - including IM or webcam) usually with a single checkmark on a control tab.

Anything put outside of computer or network resources that you TIGHTLY control MUST be considered in the wild - even if just recorded on a backup somewhere.

I tried to explain it to some teenaged boys who were convinced that files they were transferring through free FTP servers were just available to them because they were the only ones who had their password. WRONG!!!! Server administrators can look at your data. And most servers get backed up. There is a copy of that data somewhere. Even if the teenagers missed the back-up time, there is still an image of that data on the server hard drive. If the police were to scout around, or an enterprising server admin, they could find and recover the data even if it had been deleted.

Oh, and just for the record, some of the open source tools available for free on the internet are used by the police to recover deleted child pornography and other such material. I know this personally because I had a discussion about some of the tools used by the RCMP at a job fair at our local university. We discussed the tools and tricks each of us used - me to recover data my users had accidentally deleted - him to bust pedophiles (he was trying to recruit me to come work for the RCMP). Some of the software and tools were the same.

free

google search

download

install

poof - no more delete

think about it

Politician Privacy Tip: Anything in Writing Can Be Public [was: WTF Giambrone?]

Um, yeah. Big privacy tip for everyone - including politicians - anything you say in text or email or writing can be reproduced. On a more technical note - everyone should learn to use encryption for files they don't want randomly searched by anyone who has access to your computer(s). Even if they don't have access to your computer it is pretty easy to crack windows (and other O/S) passwords (see links below).

As for Mr. Giambrone, this twitter comment I picked up via metronews.ca says it as well as can be said (for the record, I have met Adam Giambrone and think he is a good guy, after this incident, well... read the twitter comment):

"Giambrone can sleep with whomever: but I can't support a pol so clueless he SEXTS someone. What's next, a video with Paris Hilton? #voteto
by maxvaliquette"

free file encryption (open source, of course):

http://www.truecrypt.org/

all ur fileZ R teh miNe:

(open source searches are listed first - again, i prefer open source software)

google: open source windows password recovery

google: open source windows password reset

google: open source windows password crack

google: windows password crack

Monday, February 8, 2010

Brock Student Information Accidentally Put Online

"Brock University officials scrambled this week to secure the private information of thousands of students that was inadvertently put up on the Internet.

An error was made on Dec. 22 when a library staff member accidentally uploaded a file containing all student names, student numbers, phone numbers, mailing and e-mail addresses to the publicly accessible Brock website.

The privacy breach was discovered on Jan. 28 -- four weeks after the file was uploaded -- by a student who accessed some of his own information when he did a Google search of his name."

- St. Catherines Standard - Brock student info inadvertently posted online

Why is this an issue?

Suppose there is a stalker out there someplace?

Also, it demonstrates how easy it is to have a privacy breach - or an "information spill".

There have been instances where people have massive databases with contact and other information onto memory sticks. And then forget to delete it. Or do delete it and don't realise there is still an image of the file left on the memory stick.

This happens with alarming regularity in the medical records field - where people will erase a hard drive - or even format the drive thinking that will get rid of the sensitive data.

NOT!

Minimum 3 times overwrite with random data to get rid of ghost images. Better seven times overwrite.

Or, my preferred method - a hard drive shredder. The drive is worth maybe $10 used by the time it is ready to be retired. Better to turn it into metal powder.

Here is a story from the U.S. with several breaches:

"...27.7 million pages of scanned documents containing information about 446,000 enrollees and their physicians"

"Kaiser Permanente announced it had sent letters of apology to 15,500 members in Northern California after an employee's laptop containing sensitive information was stolen from her home"

"...drives contained hundreds of thousands of video and audio recordings of customer service calls. The company announced that as many as 500,000 members' information was contained on the drives"

- American Medical News - Connecticut sues Health Net over data security breach

Do Students/Children Deserve Any Privacy? "Smart" Tracking School IDs

Am I the only person who is disturbed by the the potential implications of wholesale tracking of childrens' activity through their Student ID? I have to ask, do children get privacy? Are children allowed to have their own thoughts and activities? When does a child get privacy? What age? How much privacy at what age?

"Student-identification cards have evolved relatively quickly from laminated badges with a student’s name and picture to all-purpose electronic cards that can now be used to check out library books, buy lunch, open lockers, and even track students’ comings and goings."

"For example, it will be possible in the future for students to use their ID cards to keep track of how many calories they burn at the school’s cardiovascular-fitness center, Cullinane says, and then match that information with the calories consumed at lunch.

“It gives you a much more holistic view of the student,” she says."

- Education Week - Student ID Cards Sport New Digital Features

When I read the information above, it makes me think of the kind of activity and thought control used in Orwell's 1984. Remember the line the kid next door says to Smith after the kid turns in his parents? "You're a thought criminal!!!" he accuses Smith (and technically Smith is a thought criminal...)

I suppose, if educators know everything a child does they can correct them... What a fine idea to promote healthy lifestyles and healthy choices... but, do we really want children who are being monitored and re-educated? There is a fine line between guidance and control - and too often I believe schools and teachers (and parents) cross that boundary.

A friend of mine who is in life skills coaching said "Good judgment comes from experience. Experience comes from bad judgment..."

----

I also have concerns about whether schools will decide to sell the information gathered on things like vending machine purchases to market research firms, or to firms who directly market to children. Think I'm out of line in worrying about that? Schools and school boards are often desperate for money. Think about the iron clad locked down contracts some drink machine and vending contracts that exist with some school districts in Canada or the U.S. I will have to poke around for a citation, but I recall articles in the newspaper about some school districts where it was a punishable rule violation to bring soft drinks from competing companies on to school property - until parents and the media found out and the bad press forced a change to the contracts...

----

To return to the original privacy concerns:

If an employer was to routinely track your snack purchasing behaviour, or your gym time, would you be happy? If the human resources department was to call you in and have a discussion with you about whether you had been spending enough time in the company gym because the tracking software had snitched you out, would you be embarrassed? Would you find it humiliating? Would you become a little paranoid at work that you were being WATCHED ALL THE TIME? No matter how well meaning or gentle, if you had been called in at least once about the number of bags of Doritos (TM) that you had bought (because the vending machines dumped your ID card tied purchase records into their tracking database), would it start to stress you? If you knew you were being routinely monitored, would you be afraid you were going to get asked about your lifestyle choices? If you were not just being measured on your results, but whether your behaviours matched a certain set of criteria for positive life choices established by the ever so well meaning HR department (or guidance office), would it bug you? If your boss could just check out your lifestyle choices and activity records while casually trolling - would you get a little itchy? What if you had pissed off your boss by pointing out a safety deficiency and it made your boss's life a little uncomfortable? And they had access to your Dorito (TM) history and your lifestyle database?

----

Does anyone think that the line will not get pushed toward more and more tracking unless we have serious discussion about what we really need to know about our childrens' private lives? Does anyone think that grandstanding politicians and righteous activists will not force the line toward more and more intrusion and tracking in the name of healthy children? Does history give you confidence that decisions will be considered and rational? Or will they be based on who sounds the most holy (or holier than thou) or some kind of "Kids these days..." grumpiness when parents and teachers remember what they did as kids and try to prevent their children from doing the same things, or making the same stupid decisions?

Really, do children have to live in a lifestyle police state?

Do you think it would bug teenagers? Teenagers who are already biologically wired to be paranoid because of the changes in their brains during their teen years?

Do you think that teachers and guidance counselors who get lipped off by a teen or child are going to be fully beneficent when dealing with that child's lifestyle database? What if the teacher has a bad day and gets mad at a kid inappropriately - and the teacher gets into trouble for it? Will that teacher always be gentle and kind when they have information from the lifestyle tracking database that they can use to make the students' life a little more difficult? Does it work that way now? Do teachers ever inappropriately retaliate against their students?

What are the benefit offsets related to this kind of tracking? And do those benefits outweigh the cost in paranoia and potential abuse? Is the better choice education and persuasion, or monitoring?

----

How did East Germany do in the bad old day when 1 in 4 people was being watched by the Stasi? Did people feel safer? Did they grow up knowing that the helpful hand of the state was ready to "guide" them? Or did they become paranoid and learn how to hide and conceal?

"Unlike the prison camps of the Gestapo or the summary executions of the Soviet Union's KGB, the Stasi strove for subtlety. "They offered incentives, made it clear people should cooperate, recruited informal helpers to infiltrate the entire society," says Konrad Jarausch, a historian at the University of North Carolina at Chapel Hill. "They beat people up less often, sure, but they psychologically trampled people. Which is worse depends on what you prefer."

That finesse helped the Stasi quell dissent, but it also fostered a pervasive and justified paranoia. And it generated an almost inconceivable amount of paper, enough to fill more than 100 miles of shelves. The agency indexed and cross-referenced 5.6 million names in its central card catalog alone. Hundreds of thousands of "unofficial employees" snitched on friends, coworkers, and their own spouses, sometimes because they'd been extorted and sometimes in exchange for money, promotions, or permission to travel abroad."

- Wired - Piecing Together the Dark Legacy of East Germany's Secret Police

Remember the words above:

"They beat people up less often, sure, but they psychologically trampled people. Which is worse depends on what you prefer."

"...it also fostered a pervasive and justified paranoia."

Friday, February 5, 2010

Super Injunctions

Super Injunctions: the rich, famous, and powerful getting extra protection from scrutiny. The rich and the powerful have their privacy protected in the courts - even when their actions should be transparent - regular people have their privacy sold...

----
"Injunctions have become one of the most effective tools powerful individuals and corporations reach for when they want to silence the media."

""Super-injunctions" that prevent news organisations from revealing the identities of those involved in legal disputes, or even reporting the fact that reporting restrictions have been imposed, have emerged recently."

- The Guardian - How super-injunctions are used to gag investigative reporting

"...he absurdity of the imposition of a legal gag on the publication of a Parliamentary question."

"Under the terms of that injunction, the paper could not report the question, the name of the MP who was asking it, the name of the minister to which it was addressed, or where the question might be found.

Worse even, the injunction also forbade the paper — in double jeopardy style — from explaining to its readers why it was prevented from telling them why it could not report the question it could not publish."

- London Evening Standard - Rise of ‘super injunction’ is serious threat to free speech

"MPs have condemned the “super-injunction” which was used by oil company Trafigura to stop journalists reporting a question tabled in the House of Commons."

"The injunction had by that time been rendered ridiculous by users of the social networking site Twitter, and by other websites, which pointed out that the question tabled by Paul FarrellyMP regarded an injunction brought by Trafigura last month banning The Guardian and others from publishing the contents of the Minton report about the alleged dumping of toxic waste in the Ivory Coast."


- Press Gazette - MPs slam 'super injunction' which gagged Guardian

"Last week, a judge decided to make John Terry’s problems public knowledge. Though they were widely rumored, an injunction was granted the week before to keep them out of the media. How was this injunction granted and why was it removed?"

- goal.com - Media Microscope: Why John Terry’s Private Problem is Now Public

"If it had not been for Mr Justice Tugendhat, you would not have been able to read in this newspaper or any other the story of the English football captain's misdeeds with a colleague's partner, let alone the ensuing furore over his right to stay on in the post"

- The Independent - Leading article: An issue of power, not privacy

"Celebrities, sports stars and the super-rich will have to take a more rigorous approach when using the courts to safeguard their privacy after a High Court judge allowed the publication of allegations about England's football captain."

"However, Mr -Justice Tugendhat lifted the injunction on Friday after spending a week examining the case in which he came to the conclusion that the gagging order was largely to protect commercial deals and not justified by "the level of gravity of the interference with the private life of the applicant".

- Financial Times - Lifting of Terry super-injunction sets tougher standard for privacy

----

Super Injunctions: "In England and Wales a new form of injunction known as a "super-injunction" is a form of gagging order in which the press is prohibited from reporting even the existence of the injunction, or any details of it.[1][2] An example was the super-injunction raised in September 2009 by Carter-Ruck solicitors on behalf of oil trader Trafigura, prohibiting the reporting of an internal Trafigura report into the 2006 Côte d'Ivoire toxic waste dump scandal."

- Wikipedia - Gag order

Facebook Beacon Web Activity Tracking Service: Your Privacy For Sale

"Facebook's Beacon was released in early November as a part of its Facebook Ads platform. It is ostensibly designed to track the activities of Facebook users on more than 44 participating Web sites, and to report those activities back to the users' Facebook friends, unless specifically told not to do so.

The idea is to give participating online companies a way to monitor the activities of Facebook users on their Web sites and to use that information to then deliver targeted messages to the friends of those Facebook users."

[There was] "...a series of damaging disclosures by a CA Inc. security researcher that show that Facebook's tracking was far more invasive and extensive that the company originally let on."

" According to the researcher, Facebook's Beacon tracked the activities of users even if they had logged off from Facebook and had declined the option of having their activities on other sites broadcast back to their friends.

Likely to be even more damaging was another disclosure Monday afternoon that Beacon's tracking did not stop with just those of Facebook users. Rather, it tracks activities from all users in its third-party partner sites, including IP address data of people who never signed up with Facebook or those who deactivate their accounts.

Unfortunately, such tracking is not at all unusual in the online world -- it's far more the norm than the exception, Dixon said. "One of the things we have been saying about behavioral advertising is that people don't know it's happening.... You have to be tremendously technically savvy to know what is happening under the hood," she said."

- ComputerWorld Security - Facebook's Beacon just the tip of the privacy iceberg

- ComputerWorld Security - Facebook comes out swinging at critics of settlement offer in Beacon lawsuit

----

What can I really add to these articles? Read them.

Understand that the corporate universe is essentially unconstrained by anything but an activist core that finds these kinds of abuses.

Your elected representatives are for the most part clueless about how any of this stuff works - stuff - like computers and the internet. They may use one, but do they really have any clue what is going on behind all of it?

NO

I am not advocating that every citizen, or every representative be put in some kind of computer awareness re-education camp, but a level of minimal awareness would be fine.

Or maybe some of the ossified boomers who run our show - politically or in government - could make the tiniest bit of room for younger people that have grown up with computer mediated technology. Maybe could work with them as equals instead of viewing them as a threat. (**** yes, yes, yes - personal baggage alert again... I have been vilified, mocked, deprecated, disciplined and even had a contract terminated when I insisted that privacy and technology issues be looked at and addressed by politicians/cabinet ministers I worked for. Being that my job is now as a technology and privacy officer no-one can terminate my contract for being on about these issues [oh, happy days!] ****)

Electronic Privacy Information Center Files FOIA Over Google, NSA

ComputerWorld - EPIC files FOIA request over reported Google, NSA partnership

"In addition to the information request, privacy group also files lawsuit against NSA"


"Computerworld - Privacy advocacy group Electronic Privacy Information Center (EPIC) has filed a Freedom of Information Act (FOIA) request with the National Security Agency (NSA) asking for details on the agency's purported partnership with Google Inc. on cybersecurity issues.

In a separate action that was also taken today, EPIC filed a lawsuit against the NSA and the National Security Council, seeking more information on the NSA's authority over the security of U.S. computer networks.

EPIC's FOIA request relating to Google was filed after a story in the Washington Post about an impending partnership between Google and the NSA on cybersecurity issues"

----

And this is why we need the ACLU, EFF, EPIC, Amnesty International and all the other groups that protect our freedom.

I may not agree with all the actions taken by some of the above named groups, but I put money and time into all of them.

I remember a friend from Chile talking to me about what it was like to be a platoon leader in the army there. How most of his friends believed the Pinochet government when they told him/Chile they were cracking down on terrorists and rebels. How the people were scared by the potential of "Marxist Revolution". How they believed that the people who were taken were just taken for questioning... After all, how could their government - their military - just start killing their own citizens? (Chile had been a liberal democracy since around the same time as Canada)

And how it quickly became obvious that the people were being lied to. But by then it was too late. People were too frightened to defy their new military masters. Especially him - inside the military.

He deserted and left for Canada.

He has warned me about complacency many times. He has warned about rulers that start incrementally taking away freedoms. About the underlings that are only conscious of their own narrow worldview.

iPhone Security Not Up To Snuff: Apple Claims Exaggerated

"Apple's claims about iPhone privacy and security are exaggerated, according to software engineer and security expert Nicolas Seriot, who gave a presentation yesterday about the iPhone at the Black Hat Conference in DC."

"Seriot noted a number of iPhone apps, including one called Aurora Feint and another called mogoRoad, that made it into Apple's App Store before being de-listed for privacy violations involving the harvesting of iPhone users' contacts, e-mails and phone numbers. Apple reviewers can be fooled, and the likelihood of this continuing to occur appears high, especially as the iPhone, now at about 34 million devices in the market, becomes an increasingly appealing target for [cracking], he said."

- PCWorld - iPhone Privacy, Security Not What Apple Claims, Researcher Says

This article illustrates something I have been harping on for decades in the internet world, and prior to that the online service, shareware and (fidonet) bulletin board world.

People don't understand that the internet is like a giant third world market. There is little policing, and pretty much everyone is one their own. Would you go wandering around a market in Kinshasa with your wallet in plain sight, flashing your cash everywhere, wandering into dark alleys and talking to strangers about who you are and where you are staying?

Before downloading "free" software a person has to at least do a cursory check of whether or not the software has any malware complaints against it. Would you hire a house cleaner and give them keys to your house without checking their references - just because they seem nice or are good looking? That is the criteria most people i see willy nilly downloading apps on their cell phones and computers - "It's funny", "Look at this, it's hilarious", "But it's pretty" (I hear that one mostly from women), "It has pretty colours, how else will I be able to get the perfect shade of cherry mauve blossom on my screensaver?"

When someone has cleaned out your bank account (has happened), turns your computer into a slave for an attack and the police show up on your doorstep (has happened), all your data and pictures are gone forever because of the virus (malware) embedded in your download (happens more times than can be counted), and on and on - then will the few minutes it might have taken to just check around on that app be such an onerous event?

Or will you just call your nearest computer nerd and whine at them about how you don't know what has happened, and then get mad at them when they can only recover part of your computer and information (**** yes, yes, yes, personal baggage alert - the preceding scenario has happened to me at least twice a year for about the last 20 years ****).

Bottom line: Be careful. Read first. Research first. Do not impulse install apps or install one just because your friend says it's cool and it's safe.

Thursday, February 4, 2010

Just A Little Less Information - Last Speaker Of The Bo Language Dies

"The last speaker of an ancient language in India's Andaman Islands has died at the age of about 85, a leading linguist has told the BBC.

Professor Anvita Abbi said that the death of Boa Sr was highly significant because one of the world's oldest languages - Bo - had come to an end."

"Languages in the Andamans are thought to originate from Africa. Some may be 70,000 years old."

BBC - Last speaker of ancient language of Bo dies in India

Times Online - Oblivion for 65,000-year-old tribe as last of the Bo takes her language to grave

Google Teams With NSA - How Secure Will Your Privacy Be Now?

Google and the U.S. National Security Agency (NSA) have teamed up to allow the NSA to poke around their records of the "Chinese" attacks on google. While sources close to the arrangments say that google is "insisting" on severe restrictions on the NSA's access to user data and searches, I'm not quite so confident... The NSA illegally wiretapped U.S. citizens and went through their electronic communications records since at least 2001...

"The U.S. government, with assistance from major telecommunications carriers including AT&T, has engaged in a massive program of illegal dragnet surveillance of domestic communications and communications records of millions of ordinary Americans since at least 2001" - Electronic Freedom Foundation (EFF [sort of an online ACLU])

"Google and the NSA declined to comment on the partnership. But sources with knowledge of the arrangement, speaking on the condition of anonymity, said the alliance is being designed to allow the two organizations to share critical information without violating Google's policies or laws that protect the privacy of Americans' online communications. The sources said the deal does not mean the NSA will be viewing users' searches or e-mail accounts or that Google will be sharing proprietary data." - Washington Post - Google to enlist NSA to help it ward off cyberattacks


NPR - Warrantless Wiretaps: A Guide to the Debate

"Lawmakers, legal scholars and civil libertarians have raised fundamental questions about the legality of the National Security Agency's warrantless wiretapping within the United States." - NPR - NSA Wiretapping: The Legal Debate

Facebook Privacy - Friends Using Applications Like Mafia Wars Can Allow Access To Your Information

"Watch out for Facebook applications - the thousands of programs and services made available through the site. If you play a Facebook game like the popular Mafia Wars, you’re providing a lot of basic personal data to Zynga Game Network Inc., which runs the game. In addition, if a friend uses an application, he shares information about all his friends, including you. Click on “Applications and Websites’’ to block friends from passing data to strangers."
- Boston Globe - Privacy still a nagging concern on Facebook

I have always been deeply suspicious about games and applications on Facebook. It didn't make a lot of sense to me to click "allow" when it comes to "answer 20 questions about your friend". Why does answer 20 questions need access to my pictures or my videos? Why do the applications need access to my personal information - unless they are going to use it somehow. Even though I click on NO to most everything for external applications, my friends don't. And I'm friends with my young teen daughter and some of her friends. They click on every application you can think of. Until the new privacy settings came along a month or two ago my information was fully exposed to all their fun...

I didn't ever think of Facebook as private. As a computer and internet guy for 27 years, personally, I would trust half the porn sites out there to keep my information private before I would trust Facebook or any of the applications running on it.

So I have always treated anything I put on Facebook as essentially an open book. That someone I don't know and/or don't really want looking at my shit will be looking at it or have access to it. That anything I put on Facebook will eventually become public. And that any privacy settings I define are only about as useful as a low picket fence around my yard is to keep out intruders.

The bottom line? Anything you put on Facebook is not private. Don't put anything you would want to keep private on Facebook. Assume anything on Facebook is open to the entire world. Period. Full stop.

Oh, and another thing, the article I have linked to above says:

"Of course, many of my “friends’’ are indeed strangers, techies, and business folk I barely know. I’m probably telling them too much about myself. Too late, I’ve discovered a solution - Facebook’s “limited profile’’ feature. This lets you create a special category of friends who get much less access to your information. You set it up on the main Friends page, then go to Privacy to pick out which bits of data to conceal."

I just spent 20 minutes looking through all my privacy settings for the limited profile settings and couldn't find it. I will be emailing the author to get directions - if you find it - let me know please.

Tuesday, February 2, 2010

CBC Quotation Police - And Some Thoughts Of The Supreme Court of Canada On Copyright

I am including in this post a number of excerpts from a Supreme Court of Canada ruling that I think are relevant: CCH Canadian Ltd. v. Law Society of Upper Canada, [2004] 1 S.C.R. 339, 2004 SCC 13. I AM NOT A LAWYER.

This ruling discusses the fact that "...the fair dealing exception is perhaps more properly understood as an integral part of the Copyright Act than simply a defence. Any act falling within the fair dealing exception will not be an infringement of copyright."

Thank-you to folks who pointed the CBC quotation police story out. I have removed the only CBC quotes from my blog. This is a sad day for the CBC and for Canada. Someone over at the CBC obviously doesn't understand how the web works, or how traffic gets pointed to major sites through aggregators and secondary sources. The CBC needs to understand shopping mall economics and needs to embrace it's role as the information anchor tenant of Canadian news - that the boutique operations (like our blogs) can cluster around.

"48 Before reviewing the scope of the fair dealing exception under the Copyright Act, it is important to clarify some general considerations about exceptions to copyright infringement. Procedurally, a defendant is required to prove that his or her dealing with a work has been fair; however, the fair dealing exception is perhaps more properly understood as an integral part of the Copyright Act than simply a defence. Any act falling within the fair dealing exception will not be an infringement of copyright. The fair dealing exception, like other exceptions in the Copyright Act, is a user’s right. In order to maintain the proper balance between the rights of a copyright owner and users’ interests, it must not be interpreted restrictively. As Professor Vaver, supra, has explained, at p. 171: “User rights are not just loopholes. Both owner rights and user rights should therefore be given the fair and balanced reading that befits remedial legislation.”"

"56 Both the amount of the dealing and importance of the work allegedly infringed should be considered in assessing fairness. If the amount taken from a work is trivial, the fair dealing analysis need not be undertaken at all because the court will have concluded that there was no copyright infringement. As the passage from Hubbard indicates, the quantity of the work taken will not be determinative of fairness, but it can help in the determination. It may be possible to deal fairly with a whole work. As Vaver points out, there might be no other way to criticize or review certain types of works such as photographs: see Vaver, supra, at p. 191. The amount taken may also be more or less fair depending on the purpose. For example, for the purpose of research or private study, it may be essential to copy an entire academic article or an entire judicial decision. However, if a work of literature is copied for the purpose of criticism, it will not likely be fair to include a full copy of the work in the critique."

"70 The availability of a licence is not relevant to deciding whether a dealing has been fair. As discussed, fair dealing is an integral part of the scheme of copyright law in Canada. Any act falling within the fair dealing exception will not infringe copyright. If a copyright owner were allowed to license people to use its work and then point to a person’s decision not to obtain a licence as proof that his or her dealings were not fair, this would extend the scope of the owner’s monopoly over the use of his or her work in a manner that would not be consistent with the Copyright Act’s balance between owner’s rights and user’s interests."


Supreme Court of Canada

http://www.canlii.org/en/ca/scc/doc/2004/2004scc13/2004scc13.html

This post copyright frozen... used to be: "Report: Grade School Age Kids Actively Subvert Privacy Protection"

This post used to have a link to a story from CBC about how kids actively subvert privacy protection on Club Penguin and other kid-oriented websites.

This post used to have quotes from the CBC story showing how kids got around the rules of the kids sites - even to the point of using rhyming words like mine for nine in order to ask age questions - because the sites software would filter numbers in chat sessions.

This post used to encourage you to go to CBC and read their quality content.

Except now, the CBC has hired an American firm to hunt down people who quote the CBC. As I learned from the blog "Buckdog", I could get fined or sued for quoting the CBC:

"The Canadian Broadcasting Corporation has signed up with iCopyright, the American copyright bounty hunters used by the Associated Press, to offer ridiculous licenses for the quotation of CBC articles on the web (these are the same jokers who sell you a "license" to quote 5 words from the AP)" - BoingBoing

Buckdog also provided a link to a facebook page: Canadians against CBC's iCopyright DRM

So I will be pulling all CBC derived content from this blog, and not using or linking to any CBC content until this is all settled.

----

[the editorial from the original post]

EDITORIAL COMMENT: I'VE NEVER TRUSTED NETWORK BLOCKERS OF ANY VARIETY

Remember - these are nine, ten, eleven, twelve year old kids...

I have never trusted network blockers or filters. I have always tried to be around my kids when they are online and to encourage an open dialogue on what they encounter. I have been shocked at some of the material they have seen and shared with me that they have seen, because they are still my kids, but there is little choice - their ability to get around network blocks that I might throw into place is fairly good. I have taught them about computers and the internet since a very young age. I know that they can crack or get around most anything I put up if they really want. I would literally have to padlock/steel enclosure our household network access to even be able to try to limit their access. Except they would use any of a number of encrypted proxy tunneling services to get around even that...

So the better path, in my opinion, and my case, is to try to discuss what they have seen and to help them interpret it and guide them through the ugly rather than block it.

I should also note that many of their friends have unblocked networks because of lack of skill and will on the part of their friends' parents - so my kids would have access elsewhere anyway (just like when I was a kid my parents wouldn't let us play with toy guns - so we did it at our friends' places).

For better or for worse...