Tag Archives: privacy

By viewing our site, you agree to reams of crap

We see it all the time, do we not? “Use of our site constitutes agreement to [a massive Terms of Service that has probably been read once in history, by the paralegal who mashed it up for the lawyer’s signoff, and contains gods only know what].”

I am making the case for paying such TOS little to no heed.

Here’s my approach: I don’t recognize them. Yes, they probably in theory have the law on their side; no, I don’t care. I will not comply, and they can go to hell for trying to give me orders. Here is my reasoning:

  • No one put a weapon to the organization’s head and caused it to publish a website viewable by the random general public. The information now has the moral privacy rights of a billboard, or the side of a city bus, or the painted front window of a business.
  • I am not planning on misappropriating their information, nor plagiarizing it. If the site has downloadable content, it looks to me like a pile of flyers with a sign that says “take one.” Any information whose distribution they wish to restrict, they will put behind closed doors (requiring login and password, perhaps more). The New York Times does just that. In turn, I decided not to keep visiting the Grey Lady in her assisted e-living home.
  • If the site doesn’t like people using itself unless one allows all the data mining and other widgets to work, fine; have the designers break it for anyone who will not. Oh my heck, they say, but that results in a lot of complaints? Too damn bad, not my problem. If the company does not care about my problems, as evidenced by a bulky TOS, it gives me no moral reason to care about its problems. I have the loophole here and I see zero reason not to use it.
  • Absent some moral reason, only enforceable laws and claims matter. One can claim that someone ‘signed’ an agreement all one wants, but unless one is willing to sue to enforce it, and would win, it means nothing. If the law or claim cannot or will not be enforced, the question then becomes whether it has moral force. For example, taking too many napkins at the burger joint: how many is too many? Legally, it’s probably as many as you can pull out before being noticed and kicked out. Morally, it’s as many as necessary to maintain some semblance of civilized dining. Morally, the business has trusted you without putting up an admonishing sign, or putting the napkins behind the service counter, or trying to tell you that your eating here constitutes acceptance of these terms. Trust deserves validation.
  • The best case for a moral reason comes from sites which ask politely, but do not penalize anyone for declining. Fark.com is one. DuckDuckGo is another. In those cases, with no compulsion, the site’s offer has moral validity and deserves reasonable consideration (and will get same from me).

The same is true for license agreements. The law has let the software industry construct a bizarre situation which now allows, for example, a car company to install software in your vehicle and thus claim that you haven’t really purchased all of your vehicle, that you don’t really own it. In service of the legitimate cause of fighting piracy, the law has let them construe it that you don’t ever actually own anything tangible, just a license.

That’s crap. To me, morally, a piece of software looks more like a book (or a coffee maker, etc.) than like a legal right to do a thing. I believe that if I bought a copy, I own that copy. The law says otherwise, and I do not care. If I duplicate the book and sell copies, that’s morally wrong. If I copy part or all of the book and claim it myself, that’s morally wrong. But if I tear a page out of the book because for some reason I don’t like it, I see nothing morally wrong with that. And if I want to hack the software for my own use and purposes, I see no moral problem with that either. It’s when I rob the producer of sales, or misrepresent the producer’s work as my own, that I step over the moral line. If it’s shareware, though, I should (and often do) pay if I plan to use it.

It is an example of how corporations and government frame a situation the way they prefer, and we allow them to get by with it by speaking in their terms, acknowledging the moral legitimacy of their framing. We could cease to do that.

  • “The TOS says you agree to take cookies and not to block our ads.”
  • “That conflicts with my own TOS, which say screw you, since there’s nothing you can do about it.”
  • “But you made a legal agreement!”
  • “Great. Sue to enforce it, and see how well that works. I don’t recognize agreements done in slimy ways, like four pages of fine print written in legalese full of hidden gotchas. If you want us to make an agreement, make it up front, sensible, and readable. If it’s not stupid, maybe I’ll agree to it. If it’s stupid, I’ll just say screw you.”
  • “You can’t do that!”
  • “Then stop me. There are a lot of things I would stop you from doing as well, perhaps, but I can’t. Better hope I never can. In the meantime, tough; screw you.”
  • “But the ads are part of our revenue stream!”
  • “The implication is that I care about your future. I don’t; we all have our problems. If you feel that way, then break your site for anyone who blocks them.”
  • “That’s not feasible!”
  • “I’m still waiting to hear how your problem is my problem. Some of your scripts, cookies, and such serve useful purposes for site operation; some are just data mining and shoving stuff in my face. My own TOS, which are not written down but which I consider binding, say that I should avoid all data mining that I can, and that once your site attempts it, you forfeit all moral anything and I can use your site however I want provided I don’t damage it.”
  • “If everyone looked at this your way, we’d have to become a pay site.”
  • “No one held a knife to your neck and required you to publish a website. You think it looks like your office filing cabinet. I think it looks like a billboard. I can look at the billboard all I want, and I don’t owe the billboard any data about myself. And if the billboard demands data, I get to flip off the billboard. Do what you have to do, but I’m not letting you frame this from a standpoint of legal or moral superiority. Legally, there’s nothing practical you can do. Morally, you have done the opposite of establishing moral high ground, turning the gesture of flipping you off into a pleasing act of rebellion. Party on.”

The philosophy in play here is simple: we are not morally obligated to comply with a situation/agreement/TOS just because it has some tortuous legal basis. Law is not morality and shouldn’t ever be mistaken for it. And when we forget that, we are letting government and corporations define all the terms, set all the parameters, dictate right and wrong.

They’d like that, wouldn’t they? They do like that. They hope you will troop along in submission.

And what of my own website, this one? Well, I’m the maintainer, not the user. I can’t do anything about whatever rules WordPress imposes; it imposes some on me, and I have to abide by them or they’ll kick me off. I have no difficulty with that in an ongoing relationship as a trade for a permanent hosting platform, since I get something of value.

But perhaps some users don’t like something about whatever TOS WordPress may have. If so, someone will probably circumvent them, with a minor impact on me–one is user data. But how, then, do I feel about the missing visitor data? I feel great about it. My right to compile visitor data doesn’t reach the moral level of my readers’ right to privacy, and if I ever try to say that it does, someone needs to put me out to pasture. Therefore, if you are reading this yet blocking a bunch of cookies or scripts or what have you, okay. I have no opinion on it. If I were the type to set up hoops for you to jump through, I’d be doing that. I am not, and it’s not feasible, and you could just ignore them, so it’s a stupid discussion that we need never have. I am just glad you are a reader, and that you visited today, and I hope you come back again regularly. Thank you for not plagiarizing or misappropriating; those are all I do ask, and I appreciate that you do not do them.

I hope more of us, in more situations, will require a better reason for obedience than “because a corporation tells us so.”


Let’s wait until drones are completely out of control, and it’s too late to do anything

Why not? We did it with jetskis, cell phones, cell phone cameras, and quite a few other technological advancements.

Suppose a game-changing technology comes along. There are a couple of approaches we could take:

  1. Stop and consider the implications, and restrict at least the worst potential abuses. We’ll probably miss a few, but at least we won’t let people get comfortably entrenched in some of the bad behaviors. When the other bad behaviors become issues, we’ll restrict those. Orderly adjustment.
  2. Do absolutely nothing until they are ubiquitous and people are used to misusing them. Then, and only then, come in with draconian rules that are poorly thought out, unenforceable, and cause far more annoyance than if reasonable basic rules had been enacted at the start.

Guess which way we roll as a society?

This is foolishness. It is not an infringement of freedom to say “You cannot drive while using that device.” It is not an infringement of freedom to say “We are going to restrict some areas so you can’t ruin it for everyone with that goddamn noise.” It is not an infringement of freedom to say “You can’t use that to invade people’s privacy.” Unless, of course, your definition of ‘freedom’ includes freedom to put other lives at risk, screw up every decent lake for everyone else, and so on.

Drones are the Next Big Bungle.

We’ll find out when they start to endanger air traffic near airports.

We already found out how easily they can wind up in supposedly secure locations (White House lawn, for example).

We’ll find out as they become the police snooping tools of choice.

We’ll find out as they become neighbors’ snooping tools of choice.

We’ll find out as people start to take out .22s and shoot them down.

We’ll find out as citizens hover them over protests to capture police responses on film.

We’ll find out when some poor helicopter pilot, who was following things called rules, collides with one.

We’ll find out when a few other things happen, thanks to drones, that are sufficiently undesirable I’m not willing to mention them lest I give bad people ideas.

And by the time we step in to lock yet another barn door after another horse has already escaped over the hills, the impact will already be made.

The Great Facebook Garbage Patch

You might be aware that the Pacific Ocean contains a Sea of Garbage. No exaggeration (and it’s not the only one of its kind). While it’s nature is popularly misunderstood, the reality is disgusting enough: enough discarded plastic is floating in the North Pacific Gyre for the deteriorated particles to be an environmental problem at best, a disaster at worst. It doesn’t quite resemble the ‘many miles of floating used diapers’ vision many people have, but that actually might be less of a problem. One might gather up and dispose of used diapers, for example. Not so simple with deteriorated plastic particles.

I apply a related philosophy to my Facebook page ‘Likes.’

Why? Because one’s Likes feed the data hydra, which enables the following:

  • Serving suitable ads. I don’t like ads, and even though I block Facebook’s, that doesn’t mean I want to help them create a clear picture of my true preferences. And since we are the product, and we are not compensated nor cut into the profits, I see no reason to cooperate.
  • The collation of a dossier on me, which I expect either will be or is being sold to other people. There’s probably a clause deep in some TOS that says that I authorize that, but here’s a novel concept: I do not recognize those. I don’t care whether the law does or not. To me, anything buried in impossibly legalistic fine print designed to discourage me from reading it simply isn’t morally binding, just as I do not recognize as morally binding any form of coerced oath.

If I cannot prevent the dossier from compilation, I can ruin it by drowning it in trash. Thus, the Great Facebook Garbage Patch, containing at least a hundred spurious Likes for every valid Like. I Like flower shops in Indonesia, restaurants in Warsaw, bands in Chile. I Like a bizarre variety of movies. I Like numerous celebrities I’ve never heard of. I did this by feeding a random word to the search function, then Liking the first couple dozen pages that turned up. Over and over, once a week or so.

Does it bother me what people might think, surfing through my Likes and wondering what a strange creature I must be? No. I wouldn’t be sure what to make of anyone who based a judgment on that, if I was the type to care much about public opinion to begin with. Would it be great if they could be authentic, leading me to points of actual common interest? Sure, but it’s not worth knowing that I’m fleshing out the dossier in accurate manner.

What to mass Like today? Well, the Seagulls play the Broncos in a couple of hours. I think it’s time to bulk Like ‘seagull.’

How the Google data hydra begins to die

I think I watched a head of the Google data hydra wither and die today–the second one in two weeks. It’s hard to predict the future, but this may have meant something for someone besides me.

What it is

Let’s define what this ‘data hydra’ is all about, and why I call it that. Here’s what Google does. It provides a very useful free service or software product to the public. The idea is to entrench that service to the point where it becomes a need, not a want. Here’s the catch: each of these services will phone home to Google on what you did, helping them to assemble a multi-faceted portrait of you for marketing purposes. Google can then sell advertising targeted at you. Some of it is camouflaged as stuff other than advertising.

You may not resent this. If you do, it doesn’t bother me; the choice is very individual. But if you do not resent it at all, the rest of this post may be of marginal interest. You may consider that it’s a voluntary business transaction in which we use the service in return for fair compensation of surrendering some data for their use. If so, you probably don’t think this whole subject is worth discussing. Okay.

The data hydra has tentacles. These fasten into your system and begin to report back. The best known are cookies, little data bits that can report back to Google from many non-Google sites. I don’t know what all they report, but I know that they want to remain on your machine between sessions. Less known are web trackers, little beacons that also may be on many non-Google sites. Thousands of web advertising companies use them, and most of you have no idea they are there. However, if you wonder how Facebook knows you just went to a site pertaining to travel to Bali, that’s how. Google, of course, uses them as ubiquitously as possible. A tentacle that presents Google with the richest harvest is actual applications and helpers that you download. If the thing is on the web, there are at least ways for you to refuse to let it work on your machine. If it’s on your machine, it can do whatever it wants, phone home any time it cares to. The most common would be Google Chrome (web browser; what’s better positioned to listen at your e-keyhole?) and Google Earth (surface view software). I’ve always loved it when people claimed that Google Chrome gave them better privacy. If anyone honestly believes that a Google application running on his or her computer will not make 100% sure that it has a backdoor saying ‘Google is the exception; Google gets everything’, that’s fine. You’re in the position of Native Americans signing treaties, pretty much, but have fun.

Everyone has to decide where his or her front line is, if there is to be one, in the battle with the data hydra. Or just do what most people do: say “screw it, who cares.”

My battle fronts

If you don’t use anything by Google, you still don’t shut out the data hydra, though Google would have to go further to profit from knowing what you read. I block all Google things that I can on as many sites as I can, selectively enabling some when it’s easier than fighting. Thus, everything from Google presents a decision: will I use it, and what will I tolerate in order to use it?

Google Chrome: will not use. I assume that if I use that, all other privacy efforts are defeated.

Google Earth: tried, uninstalled. Novelty application, but clunky and just isn’t very necessary.

Google Accounts: a key feature of all Google tracking. In their ideal world, you would always be logged into your Google account. Thus, as often as possible, they deny you features unless you login to a Google Account, in which case you are offered a richer experience. I have one, but I don’t use it very often.

Google Search: have long used, blocking all the cookies. Also have several browser add-ins to lie to it about my location, spam it with spurious searches, and otherwise feed it mountains of baloney. Still useful to me, though they are gradually making it worse, and driving me toward others.

Google Documents: probably the smartest trick Google ever pulled, with the potential to make Microsoft irrelevant. Offers cloud computing: ‘here, let us store your data; it will never get lost, and you or anyone you permit can access it anywhere.’ Of course, the big draw here is to make you login to a Google Account. Sometimes, they demand this just to view the document. In most cases, they demand it if you want to modify it. I fear this one the most, because due to my line of work, it’s possible I could be forced into doing Google’s bidding in order to get paid. Employers don’t care about your data hydra concerns–they do what’s easy for them, and if you don’t like it, find another job.

Google Groups: Google decided to simply swallow Usenet whole. Google Groups allow a fairly clunky form of collaboration and discussion, which can be as private as you wish. They were the cause of me creating a Google Account, because my RPG group was run by someone who embraced Google whatever and I wanted to be able to communicate and participate. However, I always hated this in silence, and I’ll admit that (years later) when they waited until I missed a session, turned it into a behind-the-back bitchfest about me, and kicked me out by phone call without the slightest phase of ‘here is what bothers us, we will face you honestly and give you opportunity to change your style,’ one of my consolations was that I never had to use the Google Group again. Easily dispensed with, unless your esoteric interest happens to exist in a Google Group.

Google Translate: will translate to and from some thirty languages, with passable accuracy. I have used it mostly as a dictionary. Bing has one that seems just as good. Recently, Google has been periodically breaking some of its features for people who block as many tentacles as I do. Today, I deleted GT from my toolbar. I wanted to do something, Google was refusing to load GT, and I decided I’d had enough.

Google News: aggregates world and local news, very handy for avoiding mainstream media’s ‘here is the story we order you to care about today’ manipulation. How do they decide what’s local to you? They look at your IP and figure out where you are. GN was the first of my Google uses to begin periodically breaking itself unless I gave it what it wanted. Happily, news aggregators are everywhere. I deleted the toolbar button several days ago, tired of dealing with ‘will it work for me today, or not?’. I don’t like its replacement’s layout as well, but it always works for me, and it gets my current location wrong enough that I can bear it.

Gmail: will not use. Obviously.

Google Toolbar: will not use, same reasons as Chrome. I’d rather comprise my own toolbar.

Google Maps: not needed. Alternatives are just as good.

Google Books: useful now and then in research, long as I can limit what they get.

Google everything else: not relevant to my world.

When you think about it, deciding to resist Google is a formidable task. Look at all that stuff. I don’t even want to use Google Anything ever again if I can help it, and they have even me caving in on some of it. By now, surely, you understand where they get all this information. Most of us give it to them because it’s easier than resisting. Basically, Google is like the annoying guy who has some redeeming features, who keeps subtly pressuring the woman for sex. The woman finally decides to get it over with, since he’s not that gross and she sort of likes him in some ways, and gives in. Google: analogous to the grey area between actual date rape and authentic consensuality.

What happened, then

Last week, I decided that if Google wanted to make News a crapshoot for me, I just didn’t need their version. Today, the same thing happened with Translate. Two data hydra heads, rendered meaningless for me, battle over. And it makes me wonder, because Google is sort of like a giant mudflow with enough weight behind it to seep into just about anything that isn’t solid, watertight and strong. It will continue to push: to offer new services, but exact a privacy toll for their use. When someone decides they just don’t need that particular Google service, Google loses a product. You are the product. You generate evidence of preferences, thus you create Google’s merchandise. Less use of anything from Google is what Google rightly fears. Thus, the day someone just stops using a piece of Google, a data hydra head is vanquished.

Google should pay us

So should Facebook. The default assumption, never questioned by most of us, is that Facebook and Google services represent fair trades for our marketing data. There are a lot of ways to look at this. “That was the deal, and you took it, so don’t renege. By refusing them all possible information, you’re stealing from them.” I guess if you see the world that way, most of my blog posts probably don’t interest you. My own way is simple: while Google and Facebook do the above, and probably specify their rights to do the above deep in the bowels of legalese-laced Terms of Service, they have never frankly disclosed all the data they mine, how they mine it, and how much money each of us makes them. They just kinda sorta did it the backdoor way. That’s not forthright business, so I reserve the right to be less than forthright myself. Telling the truth to deceptive people is a fool’s game; we are entitled to deceive the deceptive.

If they offered us real money for our data, telling us up front what they’d collect, that’d be different in my eyes. They won’t, naturally, because they don’t need to. We’ll give it away to them as the barter toll on the information highway, and since it doesn’t come out of our pockets, it doesn’t register.

What you do is your call. My goal is to use as little Google as I can get away with. If they want my data without resistance, they can make me an offer. Until then, I fence with the heads and tentacles of the data hydra, and for the most part, I think I win.

My current privacy array

I’m fairly sure I’m at the right asymptote of ‘willingness to go through headaches and try new things in order to thwart people’s data gathering just because.’ The tools for this are in a state of constant change, so this might be a time for an update.

My basic browser is Firefox 16.0.2, not because I want to be on that version, but because I was forced by sunsetting to upgrade from a previous version. FF has heavy memory leaks, and has become clunky, but a) it has the most add-ins, b) I hated Safari, c) there is no way I’m going to let Chrome have its way with me, and d) these days, if you use Internet Explorer to do anything but download a real browser, your friends will stage an intervention. “Jonathan, we’ve all come here because we care about you. Your use of IE has affected my life negatively in the following ways…” For all FF’s flaws, it has the most dynamic privacy tool authoring community, and that’s what matters most to me.

It begins with Adblock Plus, which hides just about all the advertising, everywhere. There is a certain irony in all the efforts I exert in order to ruin Facebook’s data mining, when I don’t in fact see their consequent advertising. ABP is low maintenance. It has the added benefit of allowing me spot removal of any image I happen to find offensive and just don’t need to see again.

NoScript is a very helpful package that doesn’t let JavaScripts run unless I say so. It probably also accounts for most of the headaches and tweaks I go through, because it goes by site, and some pages have scripts from fourteen different sources (some of which you only learn of after unblocking this other one). Which one is the one needed in order to do what I came to the page to do? At times I have to turn it off temporarily, but I usually just enable scripts one at a time for the session.

FlashBlock is easier than NoScript because it shows a ‘play’ button on the screen where the Flash content is. Usually it’s a video. Do videos automatically play when you go to a page? Not for me, they don’t, and that’s how I want it.

TACO is wonderful, because it does the best job on cookies. For example, I can accept Facebook cookies on Facebook and on the one game that I play, while blocking them everywhere else. I have to do that one page at a time, but once you do it for the pages you visit most, it’s less necessary every day. That also lets me blow away Google’s ubiquitous cookie-mongering. There is no reason either of those sites needs to set a cookie on my browser just because I visited, say, CNN. That visit, and what I did there, is neither Google’s nor Facebook’s business. While TACO also blocks most web trackers, it doesn’t do it as well as…

Ghostery. In addition to cookies, many sites use beacons/web trackers to keep tabs on what you do. Ghostery blocks nearly all of them by default. If it finds one unblocked, you can choose to add it to the list. Very easy to use, and very satisfying.

GoogleSharing partly convinces Google that I’m somewhere else. Currently, Google News thinks I’m in Austin, TX. Once in a while, I believe when GS resets to a new ‘location,’ my GN shows up in a foreign edition and I have to change it. Although if it’s a language I understand, sometimes I’ll do a bit of reading first. GS says that it anonymizes my search results in some way; sounds good to me.

TrackMeNot spams Google with spurious searches on mundane things. The effect of this is to bury my actual Google searches in a sea of irrelevant crap. Slight downside is that sometimes it gets a little zealous, and Google makes me do Captcha in order to search, announcing that it has detected a lot of traffic from my IP address. This is rare.

WebOfTrust assigns reliability/safety icons to links, especially in Google searches. This mainly keeps one from blundering into sites that attempt to emplace spyware or viruses on your machine. Foolproof it’s not; helpful it is. Part of the problem is that the color of the icon could mean anything from ‘naughty pictures’ to ‘unsafe due to spyware,’ and you have to hover the mouse in order to find out. Part of the problem is that the safety rating of a page comes mainly from user input, so it’s possible that a given page was given adverse ratings simply because a bunch of people wanted to hurt the page’s owner. Use it with some discernment, and it’s helpful.

What are the downsides?

The biggest one is the need to selectively enable JavaScripts until a page works. I admit that sometimes I just punt and use another, unshielded browser. Since I don’t go from place to place with other browsers much, the dossier they compile from them is a tiny fraction of my web surfing. It’s also pretty much impossible to know which script unlocked what I wanted, unless I do it one at a time, which is often more futzing that I desire.

Second biggest is needing to go into TACO each time I go to a new page and block/delete all its cookies. You’d be amazed how many sites stick you with Firefox or Google cookies; WordPress and Yahoo are also frequent offenders.

Third would be the inability to save Google search settings because I won’t take Google cookies on their search page. At times, the non-evil folks at Google break Google search for people who do this–I’m convinced it’s to teach us a lesson.

Fourth would be that you have to use Firefox, which isn’t a very efficient or robust browser compared to others. For games, I use Sleipnir, Opera and/or Maxthon. Sleipnir and Maxthon are very robust. Opera is lousy, but it’s good to have some backup without resorting to IE. Maxthon’s update nags are very annoying; haven’t found out how to get them out of the system tray. At least I can ignore Opera and FF’s update nags.

Anyway, if you want to try browsing my way, there are all the links. Enjoy.