Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Privacy Businesses

If You're Not Paranoid About Your Privacy, You're Crazy (theatlantic.com) 373

Muad'Dave writes: Here's an interesting article at The Atlantic about the prevalence of surveillance and the recent uptick in 'deja-vu' moments where devices seemingly hear your conversations and then attempt to market to you. From the article: "One night the previous summer, I’d driven to meet a friend at an art gallery in Hollywood, my first visit to a gallery in years. The next morning, in my inbox, several spam e-mails urged me to invest in art. That was an easy one to figure out: I’d typed the name of the gallery into Google Maps. Another simple one to trace was the stream of invitations to drug and alcohol rehab centers that I’d been getting ever since I’d consulted an online calendar of Los Angeles–area Alcoholics Anonymous meetings. Since membership in AA is supposed to be confidential, these emails irked me. Their presumptuous, heart-to-heart tone bugged me too. Was I tired of my misery and hopelessness? Hadn’t I caused my loved ones enough pain? Some of these disconcerting prompts were harder to explain. For example, the appearance on my Facebook page, under the heading “People You May Know,” of a California musician whom I’d bumped into six or seven times at AA meetings in a private home. In accordance with AA custom, he had never told me his last name nor inquired about mine. And as far as I knew, we had just one friend in common, a notably solitary older novelist who avoided computers altogether. I did some research in an online technology forum and learned that by entering my number into his smartphone’s address book (compiling phone lists to use in times of trouble is an AA ritual), the musician had probably triggered the program that placed his full name and photo on my page."
This discussion has been archived. No new comments can be posted.

If You're Not Paranoid About Your Privacy, You're Crazy

Comments Filter:
  • Another simple one to trace was the stream of invitations to drug and alcohol rehab centers that I’d been getting ever since I’d consulted an online calendar of Los Angeles–area Alcoholics Anonymous meetings. Since membership in AA is supposed to be confidential, these emails irked me.

    Of course the author just told the readership of The Atlantic... and by extension many others.

    On a serious note, I wonder what online calendar it was? Anyway, the AA meetings are "secret." Not so much searches.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      I wonder if the author has malware installed on his computer or is cherry picking coincidences to create a story. Google, Bing, et al do not provide email addresses and query histories to spammers. Similarly, there is no way that visiting a web page should provide your e-mail address to a spammer.

      • The Facebook part of the story is easy to explain. He could have explicitly used the friend finder at some point, which mines your contacts (AND "helpfully" creates shadow profiles for any who aren't on Facebook). Alternatively, he could've been using the Facebook app on his phone, where it was given access to his contacts as part of the blanket permissions the Android version asks for at installation time.

        I also wouldn't be surprised if he's taken some artistic license here and there to enhance his narrati

        • I also wouldn't be surprised if he's taken some artistic license here and there to enhance his narrative.

          Of course. The best stories always seem to do just that. I suspect there's wisdom in both cautious acceptance and jaded disbelief.

          But. Prior to the Snowden revelations, many an extroverted anti-establishment activist was referred to in educated company as a tin-hatter.

          • Re: (Score:3, Insightful)

            by schnell ( 163007 )

            Fine, but the fact that your government spied on you illegally (which honestly should have shocked no one who has been paying attention since J. Edgar Hoover ran the FBI) doesn't justify unrelated and uninformed privacy invasion theories. And while I don't think I want to waste time reading TFA, if the summary is accurate, I am disappointed in The Atlantic, an otherwise reputable source of journalism.

            For example, while I think Google is filled with smug, hypocritical bastards, I have never ever heard a seri

      • by plover ( 150551 )

        Or perhaps the author uses LinkedIn. Their web page periodically asks me to enter my email password to find new people to connect with -- by attempting to mine my (empty) online contact list. Or if he has the LinkedIn app on his iPhone, it, too, asks permission to access his Apple contacts, which it then would monitor continually for changes. I've never let their automation anywhere near my contact lists, but it kept prompting me right up until I uninstalled the damned app.

        While I carefully won't allow my c

    • by Curunir_wolf ( 588405 ) on Wednesday October 14, 2015 @09:17PM (#50732561) Homepage Journal

      Anyway, the AA meetings are "secret." Not so much searches.

      Umm... no, not secret. At all. Anonymous. Which is much different. I assume the author was referring to this online calendar of AA meetings in the L.A. area [lacoaa.org] which is, yes, public.

  • Some basic rules (Score:3, Insightful)

    by Anonymous Coward on Wednesday October 14, 2015 @07:33PM (#50731871)

    The basic rules:

    1) Do not use "free" services that require you to identify yourself in some way. This includes most any service from Google, Facebook, etc.
    2) Do not use "free" apps on your smart phone. It is next to impossible to prevent an app on your smartphone from providing ID information to outside entities.
    3) Basically - learn the first rule of life - there is no such thing as a free lunch. If someone is giving you something for free, then they are taking something from you without telling you - in our modern era, that is almost always your identity in some way shape or form.

    • by aaarrrgggh ( 9205 ) on Wednesday October 14, 2015 @08:03PM (#50732121)

      Those don't help much. Paying for something doesn't do anything to guarantee you aren't being "spied" on.

      The better goal is to become a low-value target and increase the cost of marketing to you. Use ad blocking, and when you do see ads, just click on them. Click around on the site a little bit, and happily close the tab and get on with your life. Try to do so while reciting how much you hate advertising scum and all kinds of negative thoughts while on the advertiser's pages to make sure any association with their brand is negative.

      Focus on the ad block though. If they can't display an ad to you you don't have much value to them.

      • Re:Some basic rules (Score:5, Informative)

        by Altrag ( 195300 ) on Wednesday October 14, 2015 @08:38PM (#50732357)

        The fallacy here is that we're all low-value targets. Those ads you're avoiding are costing something tenths or hundredths of a penny. They really don't give a crap if a handful of people ignore them or try to game it or whatever.

        All this shit is based on scale. If they advertise to 1,000,000 people and only 0.1% even pay any attention, that's still 1,000 people viewing their products and likely 10 or 20 that buy something -- which more than recoups the cost of those 999,000 "wasted" ads.

        Tack on to that the fact that your connections and other such metadata are just as important as your browsing history. If they notice you've been looking at cars for example, they might send ads to your wife with more "girly" models or something.

        You can go ahead and do everything in your power to reduce the visible impact to yourself (adblock and such) but don't mistake that for being immune to the disease -- you're only hiding the most obvious results of the data collection, not stopping the collection itself.

        The only way to avoid all of these privacy breaches is stop using technology. Of any kind. No bank cards, no credit cards, no grocery store discount cards, no accounts on any websites. Hell probably don't even want an internet connection since that IP address is traceable in theory. Perhaps if you take a laptop with you and only use free public wifi and remember to re-image the device between usages so there's no possibility of leftover tracking data.. then maybe you can do something in near-complete privacy. Oh. And you probably shouldn't have any friends either in case they decide to post something about you on their wall/blog/whatever.

    • by MacTO ( 1161105 )

      The "no such thing as a free lunch" rule doesn't actually work. Sometimes there are free lunches. Other times, you are paying for the lunch, but the people offering the lunch want you to pay more than advertised. At the end of the day, you have to look at it on a case by case basis. In some cases, it will be rather obvious (e.g. businesses expecting to generate revenues from free services). In other cases, it won't be obvious.

  • by iamacat ( 583406 ) on Wednesday October 14, 2015 @07:39PM (#50731915)

    Google is not in e-mail advertising business. If you got any ads from maps visit, they would be the usual ones in your search results or banners on 3rd party sites [google.com] (which do not get access to your e-mail or other identity info). Either you shared your e-mail in some other context related to the event, or your browser and/or mobile device are infected by keylogging/location logging malware.

    You should get even more paranoid about your privacy!

    • More likely, a contact's device is pwned. And their contact list is compromised. All of the e-mail or text data was probably consumed.

      Statistically speaking, the likelihood of someone being compromised is small compared to a recipient being compromised.

      Start sending purely nonsense, unrelated e-mails to made up addresses, and see if anything changes. If you like guns and motorcycles, ask about buying a Barbie doll collection, or vintage 8mm porn. If nothing changes, it's a contact.

    • The author of this article might be paranoid for the wrong reasons, but his message and intent are right: if you're not thinking more about how much you're letting your privacy be compromised, then you're not doing yourself any favors.
    • I'll add that spreading baseless conclusions like TFA that a company (Google in this case) is in fact selling off your email address can turn good companies bad. If Google is not selling your email address to spammers, but after enough negative publicity everyone thinks they are, they might just decide what the hell. People are blaming us for selling out anyway, so why don't we just sell out for real and at least make some money off it since we're taking the blame either way.

      If you're going to publish
    • by AmiMoJo ( 196126 )

      Came here to say this too. I read a lot of complaints about privacy invasions online, but it doesn't happen to me on anything like that scale. The little spam I do get seems unrelated to anything I have done, ads don't follow me around web sites because they are all blocked, tracking cookies are blocked too. I only use ublock and Privacy Badger, nothing too fancy.

      It makes me think most of these people have really bad computer security habits. I can't think of any other explanation for the huge difference in

  • by Anonymous Coward on Wednesday October 14, 2015 @07:46PM (#50732003)

    Many of us have been warning about that trend for decades, to be ignored by the vast majority who do not mind a world with not a single shred of privacy. "What do you have to hide?" they ask.

    Those of us who don't want to live in that world sadly have little choice. It's increasingly hard to avoid it, try as you might. You can wall yourself off, refuse to use the privacy-invading tech that everyone else favors, but at the cost of being increasingly cut off from mainstream society and even your own friends who no longer use any non-corporatized online communication. "Why use email when there's Facebook? Dude, get with the times! Nobody's on email man!"

    People appear to hate the idea of the original internet: open standards with communications that were not monitized or centrally controlled. They much prefer that it be replaced with proprietary services, closed non-interacting protocols, and corporate-censored for-profit services that monitize everything they do. Thereby, the rest of us are forced to watch the internet we knew and loved be dragged in a direction we hate to see. It feels like destroying everything that made it great. In fact, destroying the very things that allowed it to become as world-changing as it did.

    And I say that as somebody who was not young when it was arpanet and Vaxen. Rips out my heart to see what's happened to the place since then. Improvement, good. Development without wisdom, not so much.

    • by phantomfive ( 622387 ) on Wednesday October 14, 2015 @08:06PM (#50732143) Journal

      People appear to hate the idea of the original internet: open standards with communications that were not monitized or centrally controlled. They much prefer that it be replaced with proprietary services, closed non-interacting protocols, and corporate-censored for-profit services that monitize everything they do.

      That's kind of sad, actually

    • by hughbar ( 579555 ) on Thursday October 15, 2015 @02:36AM (#50733691) Homepage
      Agree. I've been around computing since 1976 and the intertubes since it moved steadily out of academia into the 'world'. I've proposed a couple of times, half seriously, that we just choose another couple of ports and 'leave' the 2015 web to Coca-Cola, Facebook [of which many people believe that IS the web] etc. etc.

      I've noticed that every commercial web 'strategy' tries to maximise supplied user information. For example, I don't want to reveal my mobile number [it's usually switched off or in the kitchen drawer anyway, I'm old] so I put 99999 etc. in that field, unless I feel it's really necessary. I tick/untick the 'supply information to third parties and receive offers from third parties boxes'. I am on the mail preference list and telephone preference list in the UK, very little or no junk mail or robocalls. I'm with a cooperative that supplies telephone and broadband, not one of the big commercials. I've started using a lot of cash again, just to annoy anything that's datamining my shopping habits.

      I'm aware that all this is somewhat quixotic and minimal, but it's better than inaction.

      One last thing join where something = something-else is a powerful enemy, phone number, email address etc. and we don't really know who's doing that, on which set of databases and where. But 'they' [I don't necessarily mean NSA, could be Walmart, ASDA in the UK] are doing it. Maximise shareholder value baby and fuck your bratty whiny protests about 'privacy'.
      • by AmiMoJo ( 196126 )

        The phone number requirement when signing up for email is very annoying, but it's not there because Yahoo or whoever wants your phone number. It's there to stop abuse. It's much more work to get a new, working phone number than it is to create another email account. This is after pressure from people who have been harassed and sites getting put on spam block lists etc.

  • by MobyDisk ( 75490 ) on Wednesday October 14, 2015 @07:54PM (#50732065) Homepage

    Just because you are paranoid doesn't mean they aren't out to get you. But in this case, the author kinda is paranoid. He could use a course on web browsers and email.

    The next morning, in my inbox, several spam e-mails urged me to invest in art. That was an easy one to figure out: I’d typed the name of the gallery into Google Maps.

    It sounds like the author is alleging that Google gave his email address and marketing information to spammers. Is that true? Considering I have a gmail account that receives no spam at all, I think a more believable explanation is that he dropped his business card into a box somewhere, or signed-up on a list. In reality, 100% of my spam comes to the email address I have registered to my domain. My personal email gets nothing because I don't give it out.

    Some people receive almost no spam. Other people get a 200:1 ratio of spam to real emails. Having done tech support, I can tell you by talking to someone for 5 minutes how much spam they get. Do they click on ads? Do they sign-up for stuff and give out their email? Do they play the lottery? Then they are in the high spam category. I bet a reporter is one of those people who gives out his contact information to absolutely everyone.

    Another simple one to trace was the stream of invitations to drug and alcohol rehab centers that I’d been getting ever since I’d consulted an online calendar of Los Angeles–area Alcoholics Anonymous meetings. Since membership in AA is supposed to be confidential, these emails irked me.

    Unless he created a dedicated email address specifically for the AA membership, he has no evidence of this. Again, more likely, he enaged in networking.

    I don't even want to consider his example where his bluetooth somethingorother was transcribing his words and turning that into spam. That one is technically possible, but we just aren't there... yet.

    With those complaints registered, many of the anecdotes in the story do make sense. A Google search triggered targeted ads on YouTube. Well yeah, Google owns both sites. This is one of the reasons people feared Google Plus: it was just *too* well integrated. I am just surprised that this is news to people at all. What do you think is in that 35 page license you clicked "accept" to in order to play that free Facebook game? Why do you think that flashlight app needs access to your contact list and the internet?

    • Also the spam thing would require Google to sell your information, which is very much what Google doesn't like to do. What they know about people and their ability to gather it is their value, and they hold on to it jealously. They want companies to sell ads through them, they are not interested in handing out your info so people can advertise to you directly and cut them out of the loop.

      Everyone I know has a G-mail account (no surprise, they are common with tech users) and none of them experience anything

    • by pr0t0 ( 216378 ) on Wednesday October 14, 2015 @09:20PM (#50732569)

      Hmm. I don't know.

      Ad networks, tracking, cookies, etc, allow even disparate ad companies to deduce information about an individual user without having to resort to the "sell your information to spammers" mantra. Google doesn't sell your information to spammers, they instead provide detailed demographic information for better ad targeting. So you add that data to referring URL information on sites that track user movements across the web, the cookies created at the various sites, etc; and you have a pretty good idea of who a person is and what their interests, habits, and proclivities are. There's no doubt that Google has this information, and they likely aren't the only ones. Do a search on something like "how can I better target my advertising online" and behold the cesspool that we've built.

      The issue's not whether you're paranoid,... the issue is whether you're paranoid enough.

      BTW - uMatrix reports that Slashdot works with the following advertising/tracking networks: Google Analytics, Google Ad Services, Google Tag Services, RPX Now/Janrain, and Taboola. There's also ntv.io, I'm unable to quickly find what that is.

    • by caseih ( 160668 )

      Yeah I agree.

      Of course his bluetooth thing didn't intercept the word, walnuts, and then try to advertise it to him later. But the way we're heading, technology is rapidly enabling that kind of thing to actually happen.

      What today is, or yesterday was, a conspiracy theory spouted by those crazy people we all know, tomorrow becomes reality. Like the example of TVs watching people back. Okay we're not there yet, but TVs are listening in a way. Maybe the crazy conspiracy theorists were more reasonable than

  • With GPS, facial recognition, voice prints. Everything that the US/UK gov and mil used to have in the 1970's~90's is now at a consumer level.
    The "number into his smartphone’s address book" is all part of the free social media experience.
    The "William Binney, a government whistle-blower and former top NSA cryptologist, the answer was simple: almost everything, today, tomorrow, and for decades to come." should be clear to most readers.
    The "Its employees dealt with us in an upbeat, tightly scripted
  • by Gravis Zero ( 934156 ) on Wednesday October 14, 2015 @08:09PM (#50732169)

    if you use closed source software then there is no way of knowing what your handheld computer is actually doing without going to extreme measures.

    will they ever learn? nope.

    • by AHuxley ( 892839 )
      Yes copy the phone number down on a note pad (paper and pen), copy it to a Rolodex like device at home.
      Use a desktop computer with Linux to store, sort and manage contacts. Most distros do not phone home unless they offer that as a service or a user wants that service.
      The doing part surround the "had probably triggered the program that placed his full name and photo on my page" would be facial recognition gold to city, state, federal and foreign intelligence services.
    • If you use open source software then there is still no way (for the average user) of knowing what your computer is doing without going to extreme (for them) measures.

  • by JoeyRox ( 2711699 ) on Wednesday October 14, 2015 @08:26PM (#50732289)
    That's like keeping your front door wide-open and putting a sign in your yard that reads 'Steal my shit' then getting mad when you're robbed.
    • That's like keeping your front door wide-open and putting a sign in your yard that reads 'Steal my shit' then getting mad when you're robbed.

      No it's not. The sign provides consent.

  • It does not require esoteric knowledge to prevent some of the "coincidences" the article discusses. Block ads, block third-party cookies, refuse unnecessary scripts... those actions will actually prevent some of this from happening and the authour is negligent to not mention them.

    Going to visit the NSA data center, in contrast, accomplishes jackshit.

  • We have several drugs for paranoia that you might be interested in!

    Don't want to have your information collected, don't use Facebook. I mean seriously, what the fuck is wrong with you? Also, don't let Google or anyone else store a permanent cookie on you, don't stay logged in, don't keep a personal account on the search engine you use. For starters. Also don't use a web-based E-Mail service like gmail and encrypt all your E-mails fanatically. At this point the number of people willing to talk to you will

  • by Berkyjay ( 1225604 ) on Wednesday October 14, 2015 @09:20PM (#50732567)
    Except maybe people still using Hotmail or Yahoo Mail. I use Gmail exclusively and the only time I see spam is when I check the spam folder for emails accidentally getting put in there.
    • by jez9999 ( 618189 )

      On the rare occasion I look at my Gmail spam folder, I almost always see one or two false positives in there, even though I always mark then as Not Spam. I'm pretty glad my main email provider is my own server.

  • by AndyKron ( 937105 ) on Wednesday October 14, 2015 @09:20PM (#50732573)
    I clicked on the link, and AdBlock warned me the site uses targeted ads. LOL. Or maybe not LOL.
  • You are paranoid about security and have a Facebook account? You bring shame to Paranoid schizophrenics everywhere. Please join your local chapter of technologically illiterate anonymous.

    On a more serious note. I know people who are convinced that Navy seals sit in the trees outside their house. You are halfway there. Get help before it is too late.

  • First run-in (Score:5, Interesting)

    by Tablizer ( 95088 ) on Wednesday October 14, 2015 @10:11PM (#50732825) Journal

    My first run-in with online privacy happened in the late 1990's when a persistent troll found personal info on me and broadcast it all over discussion boards in an attempt to embarrass me into silence.

    I realized after the "breach" it's easy to leave inadvertent clues. Somebody with enough patience and persistence can put these clues together to dig around in search engines for personal info and your online trail.

    And there are plenty of freaks out there who make the Interwebs their sadism engine. It's their only "power" in life.

    I'm much more careful about "crossing topics" now. For example, if I'm on a board about pets, I don't talk about IT and vice versa. But, that's probably still not enough as one tends have certain phrasing patterns that leave sufficient clues for "statistical linking". Most trolls probably don't go that far or are not smart enough, but you never know. They may have a script-buddy to barter for zombie PC time or something.

  • Comment removed based on user account deletion
  • Dont use a smart phone, don't use google products, and dont use social media.

    I guess that's what passes for "off the grid" these days. Not hard.

    • by 0123456 ( 636235 )

      Dont use a smart phone, don't use google products, and dont use social media.

      Good God, man! How could I survive without my daily dose of mildly amusing cat pictures?

    • Wrong. Use them. And use them to your advantage. Feed them information you want the world to hear about you. True? Why would it have to be true? Be creative!

  • Poison the Well (Score:2, Informative)

    by Anonymous Coward

    Whenever I read one of these articles about how tiny fragments of information are gathered and assembled into a personal profile I'm struck by how much is based on so little. They make a lot of assumptions about the veracity of these little details that they collect. Thins makes me wonder if active and deliberated injection of miss information could serve as an effective defense mechanism.

    If course, you'd have to be sure that the false picture you paint is a favorable one. And that the resulting ad targetin

    • by AHuxley ( 892839 )
      Re AC and the "Perhaps a browser plugin could be developed that does occasional random searches in the background."
      trackmenot https://cs.nyu.edu/trackmenot/ [nyu.edu] "... actual web searches, lost in a cloud of false leads"
    • Way ahead of you. If you google my name, you will notice that I have accomplished a lot. Most of it is hard to verify (I didn't give myself a Nobel Prize, because that could be debunked) but I made sure that you will come up with me being one of the hottest things in IT security. And I know everyone that matters. Of course all this can only be found on pages I own (sometimes via proxy), and they only link to each other in a circle jerk kinda way, but if you data mine me, getting bogus information is what yo

  • allowing google maps to link search data with your account (were you logged in as well?)? giving your phone number to a stranger who uploads his contact data to facebook. using google and probably not even a private browser window for searches. even using facebook in the first place. i'd call that rather naÃve, using all these services without paying money for them and expecting to not give some data back in exchange.
  • I just updated to Marshmallow, where you can see and control app privileges. I went through the apps and disallowed anything they didn't need. Almost every app had the right to look at my contacts. Music apps, map apps, fitness apps - everything. None of them need this access, but they are all selling it. Hopefully, those days are now over...

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...