Tagprivacy

Are Online Security and Convenience Fundamentally Incomptible?

Latest from me at Wired:

Staying secure online is a pain. If you really want to protect yourself, you have to create unique passwords for every web service you use, turn on two-factor authentication at every site that supports it, and then encrypt all your files, e-mails, and instant messages.

At the very least, these are tedious tasks. But sometimes they’re worse than tedious. In 1999, researchers at Carnegie Mellon University found that most users couldn’t figure out how to sign and encrypt messages with PGP, the gold standard in e-mail encryption. In fact, many accidentally sent unencrypted messages that they thought were secured. And follow-up research in 2006 found that the situation hadn’t improved all that much.

As many internet users seek to improve their security in the wake of ex-government contractor Edward Snowden exposing the NSA’s online surveillance programs, these difficulties remain a huge issue. And it’s hard to understand why. Do we really have to sacrifice convenience for security? Is it that security software designers don’t think hard enough about making things easy to use—or is security just inherently a pain? It’s a bit of both, says Lorrie Cranor, an expert in both security and usability and the director of Carnegie Mellon’s CyLab Usable Privacy and Security Laboratory, or CUPS for short. “There isn’t a magic bullet for how to make security usable,” she says. “It’s very much an open research project.”

Full Story: Wired: Online Security Is a Total Pain, But That May Soon Change

(I don’t care for that headline — there’s not really much evidence that this is necessarily going to change anytime soon)

Ad Blocking Tool Ghostery Sends Data To The Ad Industry

Count me amongst the users of Ghostery who didn’t know it was owned and supported by the ad industry:

Whenever discussion starts about how to hide from the tracking code that follows users around the Web to serve them targeted ads, recommendations soon pile up for a browser add-on called Ghostery. It blocks tracking code, noticeably speeds up how quickly pages load as a result, and has roughly 19 million users. Yet few of those who advocate Ghostery as a way to escape the clutches of the online ad industry realize that the company behind it, Evidon, is in fact part of that selfsame industry.

Evidon helps companies that want to improve their use of tracking code by selling them data collected from the eight million Ghostery users that have enabled a data-sharing feature in the tool.

Full Story: MIT Technology Review: A Popular Ad Blocker Also Helps the Ad Industry

(via Paleofuture)

Cypherpunk Rising: WikiLeaks, Encryption, And The Coming Surveillance Dystopia

Cypherpunks

R.U. Sirius wrote:

If, in 1995, some cypherpunks had published a book about the upcoming “postmodern surveillance dystopia,” most commentators would have shrugged it off as just a wee bit paranoid and ushered them into the Philip K. Dick Reading Room. Now, it is more likely that people will shrug and say, “that ship has already sailed.”

Full Story: The Verge: Cypherpunk rising: WikiLeaks, encryption, and the coming surveillance dystopia

Panopticon Now

TrapWire

Jon Evans at TechCrunch (one of my employers) on TrapWire:

Is it being used for “monitoring every single person via facial recognition“? Probably not. Doesn’t matter. Let’s not kid ourselves: the point is that as cameras get cheaper and more connected and more ubiquitous, facial recognition gets more accurate, and data-mining software gets better, something like conspiracy theorists’ worst nightmarish fantasies of Trapwire will come to pass. I’ve said it before, I’ll say it again: this is only a matter of time, and not all that much of it.

Little pieces of the panopticon are already being built all around you. [...]

Even relatively enlightened governments are becoming, if anything, more secretive than ever. Did you know that the Obama administration has persecuted more whistleblowers than every other presidency in history combined? Did you know that (PDF) government security classification activities alone cost more than $10 billion a year? These are not exactly statistics that fill me with hope for our panopticon future. In the name of so-called security, we’re charging headlong into a future filled with one-way mirrors behind which the rich spy on the poor, and the strong on the weak. It’s a disconcerting thought.

TechCrunch: Move Along, No Panopticon To See Here

Image: watchingfrogsboil / CC

Putting An End To The Biggest Lie On The Internet

New post from at TechCrunch:

It’s long been said that “I agree to the terms of service” is the biggest lie on the internet. And even if you do read them, many TOS are so ridden with legalese that you practically need to be a lawyer to understand them. Also, as I wrote in a gloomy post last weekend, users have no choice but either agree to the terms offered by a web app or simply don’t the service at all.

But a new project called TOS;DR wants to change that. The site aims to give more power to users by summarizing terms of service, flagging potential issues and rating apps on a scale from A (the best) to E (the worst).

So far the only company with an E, the worst possible rating, is TwitPic, which reserves the rights to sell users’ photos to news agency without giving the photographer a cut.

Project lead Hugo Roy tells me that he considers Wikipedia to be an exemplary service, though it hasn’t been rated by TOS;DR. He says both Wikipedia’s short, clear summary of its TOS and its practice of soliciting feedback from users before a change in terms should be widely adopted as best practices for the web.

TechCrunch: Putting An End To The Biggest Lie On The Internet

Puketastic interview with Mark Zuckerberg on Facebook privacy

Pumpkin Puke

Zuckerberg’s constant refrain about making the world more open place makes me retch. Example:

A lot of times, I run a thought experiment, “If I were not at Facebook, what would I be doing to make the world more open?” Because I think when I got started six years ago, building a social network was the best thing to do. Now, today, I’m not sure that’s the best thing to do. Now we exist and there is a big opportunity to build atop the platform. There are all these awesome, new technologies that didn’t exist back then, like EC2 and S3. [...]

So I don’t know, one thing that is personally a bit disheartening…. It bums me out that people immediately go to “You must be doing this to make money.” Because that’s just so different from the ethos of the company. It is so different from how we actually think about stuff that you feel so misunderstood.

Gag me.

Epicenter: Mark Zuckerberg: I Donated to Open Source, Facebook Competitor

See also:

Chris Saad: “Facebook’s Claims About Data Portability Are False”

The Half Truths of Mark Zuckerberg

10 Things You Need To Know About Today’s Facebook Privacy Changes

Facebook

-You Can Opt Out Of Applications
-You Can Hide Your Friends List
-You Can Hide Your Interests
-Much Information Is Still Public By Default
-Instant Personalization Is Still Opt-Out
-You Can Hide Information From The Past
-You Should Review Your Settings
-Privacy Now Only Takes One Click
-There Is Now A Single Directories Settings Page
-Settings Will Be Rolled Out Over The Next Few Weeks

All Facebook: 10 Things You Need To Know About Today’s Facebook Privacy Changes

(via Mediabistro)

Facebook’s Gone Rogue; It’s Time for an Open Alternative

Facebook by _Max-B

There’s obviously a big opportunity for a start-up here – “PrivateBook”:

Setting up a decent system for controlling your privacy on a web service shouldn’t be hard. And if multiple blogs are writing posts explaining how to use your privacy system, you can take that as a sign you aren’t treating your users with respect, It means you are coercing them into choices they don’t want using design principles. That’s creepy.

Facebook could start with a very simple page of choices: I’m a private person, I like sharing some things, I like living my life in public. Each of those would have different settings for the myriad of choices, and all of those users could then later dive into the control panel to tweak their choices. That would be respectful design – but Facebook isn’t about respect — it’s about re-configuring the world’s notion of what’s public and private.

Epicenter: Facebook’s Gone Rogue; It’s Time for an Open Alternative

(Photo by _Max-B / CC)

Previously: Facebook steps up lobbying, deepens ties with intelligence agencies, FTC

Facebook steps up lobbying, deepens ties with intelligence agencies, FTC

Facebook by _Max-B

Facebook has been gradually boosting its profile in Washington D.C. over the past year and is on the hunt for a second senior lobbyist to add to its office of four. Disclosures released a few days ago show that, on top of lobbying the usual suspects Internet companies reach out to like the Federal Trade Commission and the U.S. senators and representatives, the fast-growing social network has also been busy deepening ties to government intelligence and homeland security agencies. [...]

At the very top of Facebook’s agenda in D.C. is privacy, he said. There’s much at stake. The ease of data collection and sharing on the web is on a collision course with privacy. The suite of projects the company unveiled yesterday at its f8 conference in San Francisco may spark further privacy concerns about the mass of data it will now be tracking on users as they traverse the web. To head off concerns that it is too cavalier with pushing users to be more public, Facebook made a savvy move when it brought longtime privacy advocate Tim Sparapani from the American Civil Liberties Union on-board last year.

Venturebeat: Facebook steps up lobbying, deepens ties with intelligence agencies, FTC

See also Facebook May Not Be Skynet, but It Is Getting Smarter, and That’s Bad for Google:

This is all a very big deal if it’s successful. Bigger than you think. And It makes Facebook a direct competitor to Google. Facebook has managed to succeed where Google has failed — turning your social behavior into actionable intelligence. Google’s major attempts at insights into web-wide consumer behavior (Orkut, FriendConnect, Checkout, Buzz) have not had anything close to the success that the Facebook platform has had. The intelligence collected from relationships with others, social micro-interactions (e.g., “likes,” “shares,” comments, updates), location (yup, Facebook’s working on that) and even transactions (see Facebook Credits) will be inherently more valuable to advertisers than click-through and search behavior (as advertisers get smarter themselves about what those kinds of behaviors mean to their bottom lines). And make no mistake, this data will be collected en masse. Facebook expects to serve 1 billion “likes” in just 24 hours. By applying this kind of statistically significant intelligence to its Engagement Ads, Facebook can deliver even more efficient, impression-generating advertising for its customers.

And also: EFF sues CIA, DOJ, others over Facebook surveillance

(Photo by _Max-B / CC)

White House Cyber Czar: ‘There Is No Cyberwar’

White House Cyber Czar Howard Schmidt

Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing.

“There is no cyberwar,” Schmidt told Wired.com in a sit-down interview Wednesday at the RSA Security Conference in San Francisco.

“I think that is a terrible metaphor and I think that is a terrible concept,” Schmidt said. “There are no winners in that environment.”

Instead, Schmidt said the government needs to focus its cybersecurity efforts to fight online crime and espionage.

His stance contradicts Michael McConnell, the former director of national intelligence who made headlines last week when he testified to Congress that the country was already in the midst of a cyberwar — and was losing it.

Threat Level: White House Cyber Czar: ‘There Is No Cyberwar’

See also:

Cyberwar Hype Intended to Destroy the Open Internet

Cyber warfare: don’t inflate it, don’t underestimate it

Comprehensive National Cybersecurity Initiative

© 2014 Technoccult

Theme by Anders NorenUp ↑