Welcome to European Tribune. It's gone a bit quiet around here these days, but it's still going.

Recalibrating convenience, privacy and security

by danps Sat Jan 8th, 2011 at 06:35:08 AM EST

The computer era has largely been marked by a willingness of users to go with the easiest security options available even when those choices weren't terribly secure.  Recent developments in courts and the industry may give users reason to re-think that approach, however.

Cross posted from Pruning Shears.


No Associated Press content was harmed in the writing of this post

We will probably always have to balance computer security and ease of use.  Ideally security is baked in, and we go on our merry way without having to think about it.  This is the case with viruses.  Users were once expected to download service packs, signature updates, and so on.  Since most people would not, the industry gradually moved to a silent update model.  Now these things generally happen in the background.  Provided you trust the company it is a much easier arrangement.

The IT industry is not always so helpful.  The real money in the consumer market will be made on advertising, the most lucrative form of which will be targeted: using detailed user information to tailor a specific ad.  This in turn can only succeed if, like software updates, the data is quietly collected.  It is why over a decade ago then-CEO of Sun Microsystems Scott McNealy said "You have zero privacy anyway...Get over it."  It is why Facebook CEO Mark Zuckerberg seems to have no use for it.  For several years now - starting with Beacon - Facebook has tried to sell user data without provoking a revolt.  Many do not seem to be aware of this; they just signed up and started posting status updates.  However, in what seems to be destined to be one of the great pearls of wisdom from this era Andrew Lewis (aka blue_beetle) quipped (via (via - woo!)) "If you aren't paying for it, you are not the customer; you're the product being sold."

Thinking of ourselves as commodities seems terribly depersonalizing, but it could be a good defense mechanism.  It could help raise awareness that we leave digital traces of ourselves whatever we do, even something as innocuous as a local print job.  The point is not to make everyone paranoid, just more knowledgeable about the footprints we leave behind.

Keeping that in mind will only become more important as data collection becomes more sophisticated.  Web sites were once content with writing the odiously-named cookies to local hard drives, but are now turning to more invasive techniques.  This week a class action lawsuit was filed (via) against several companies engaged in what is called "history sniffing."  Look at the defendants:  CBS News and McDonald's among them.  Do you think it will played up by CBS or any of McDonald's major ad outlets?  By its very nature it will not get widespread coverage.

Together with the recent California Supreme Court decision approving warrantless data seizures by police it paints a picture of users' data being substantially more at risk.  That data is only as secure as the policies protecting it, and they can be surprisingly weak - even with extremely sensitive data.

As the printer hard drive issue illustrates, data can be exposed in ways most folks simply never think of.  It is not an accusation of bad faith to say law enforcement may not be competent to keep or copy seized data.  There are simply too many vectors.  People have jobs, and (someone else's) data security will naturally gravitate pretty far down the "to do" list.

Protecting against that is a hassle and requires some work.  You can encrypt a laptop hard drive and feel reasonably secure even if it does not make it past customs.  You can look for browsers that offer a private mode, where history and cache get cleaned out.  You can go with "security through obscurity" and pick products with relatively small market share - Opera for your browser, Eudora for email, etc.  Conversely, be wary of the ones getting all the buzz.  For as cool as the new Android phones are, they are also a fat, juicy bulls-eye for hackers.

Consider learning the basics of the GNU Privacy Guard, an email encryption program.  It is not an intuitive program, especially if you have never worked at the command line, but getting conversant in it will give you confidence that you can keep your communication from prying eyes as it wings its way across the Internet.

None of these are perfect, nor are they meant to be.  The point is not to be 100% safe; that will never happen.  The point is to make it difficult to track you.  Not because you are involved in some kind of top secret cloak and dagger skulduggery, but because what you do and what you write should be yours alone - unless you knowingly choose to share it.  ("Knowingly" does not include some line buried in a 20,000 word End User Licence Agreement, either.)  To the extent you do not want to bother, at least make peace with the idea that your data is substantially easier to get at.  And that you are indeed the product being sold.

Display:
by danps (dan at pruningshears (dot) us) on Sat Jan 8th, 2011 at 06:35:30 AM EST
I would reply to this but for my fear of what information footprints I would leave behind.
by njh on Sat Jan 8th, 2011 at 06:06:54 PM EST
Well played.
by danps (dan at pruningshears (dot) us) on Sun Jan 9th, 2011 at 06:08:02 AM EST
[ Parent ]
You'll be shocked to discover that privacy consideration are very, very asymmetrical: according to our übermeisters, we should abandon all hope of privacy and control over our information now and then.

Scott McNealy's famous quip "You have zero privacy anyway. Get over it." is over ten years old (1999). Google's CEO Eric Schmidt mentioned two years ago: "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place".

And what's the surprise of such headlines as "Mark Zuckerberg doesn't believe in privacy"? Believe? Heck, his whole business and personal fortune is based on selling his customers products private information. It's not about belief, it's about business.

Try turning the tables around however, and it's a whole new ball game: back in 2005, CNET reporters published a piece about all the information one can find on Google, taking as an example, Google's own CEO Eric Schmidt. Schmidt, however, was not amused and ordered that Google would not speak to any reporter from CNET for a year. Said the New-York Times ("Google Anything, So Long as It's Not Google"): "the company reacted in a way better suited to a 16th-century monarchy than a 21st-century democracy with an independent press."

Not to mention Bill Hader's impersonation of Julian Assange on SNL: "I give you private information on corporations for free and I'm a villain. Mark Zuckerberg gives your private information to corporations for money and he's 'Man of the Year.'"

by Bernard on Sun Jan 9th, 2011 at 07:10:21 AM EST


Display:
Go to: [ European Tribune Homepage : Top of page : Top of comments ]