EFF Offers an Introduction To Traitorware 263
theodp writes "The EFF's Eva Galperin offers a brief primer on Traitorware, devices that act behind your back to betray your privacy. 'Your digital camera may embed metadata into photographs with the camera's serial number or your location,' writes Galperin. 'Your printer may be incorporating a secret code on every page it prints which could be used to identify the printer and potentially the person who used it. If Apple puts a particularly creepy patent it has recently applied for into use, you can look forward to a day when your iPhone may record your voice, take a picture of your location, record your heartbeat, and send that information back to the mothership.' She concludes: 'EFF will be there to fight it [Traitorware]. We believe that your software and devices should not be a tool for gathering your personal data without your explicit consent.'"
Who really cares, though? (Score:0, Insightful)
Most of us use these devices for completely mundane purposes. If a company is able to aggregate this information and transform it into something that benefits my experiences using the wisdom of crowds, for example, more power to them.
People want to be able to do what they want with devices they purchase. Isn't it inconsistent to deny this freedom to the companies that sell us these devices?
There's yer problem: (Score:5, Insightful)
without your explicit consent
Yup, there's the real issue. They can bury a one-sentence fragment within 52 pages of EULA that gives them "explicit consent." Someone will notice, it'll get a story posted on Slashdot, but still, only maybe one or two out of every several thousand will resist purchasing the next iPhone 5GSXT Pro-Air.
The root of the issue is the backtalk and walls of text used to placate users into 'agreeing' without understanding what rights they're sundering.
Oooooh (Score:4, Insightful)
If your heart rate is elevated or you're palms are sweating, and you're close to an airport/school/gov office building/whatever, you might be planning an attack, why not just be on the safe side and have you come down with the nice men in black down to the local station for questioning?
Turn yourself in, before your own personal (not private) polygraph does!
Re:Who really cares, though? (Score:4, Insightful)
If your heart rate is elevated or you're palms are sweating, and you're close to an airport/school/gov office building/whatever...
Good grief! Maybe I'm just in the back of my window-less Econoline rubbing off a quick one! What's the problem?
The real issue is (Score:5, Insightful)
not that our devices embed information; but how that information is used. For example, having a geo location and serial number on every picture can aid in searching for images as well automating workflow (based on specific sensor characteristics). For me, that is good. Sending that info to the "mothership"" (sic), without my knowledge or permission, is bad because they have no reason to need that data; other than to sell it or use it for marketing.
I'd like to see companies that collect date require a more informed consent than burying it in a 50 page TOS agreement; and perhaps notification the first time teh data is sent.
but with ATT low download cap will apple force tha (Score:4, Insightful)
but with ATT low download cap / high data costs $10 a GIG will apple force that?
what about over seas up to $100 or more in data fees per location?
Re:Open Office Gave Up "Anonymous" Alex Tapanaris (Score:5, Insightful)
Hanlon's (Score:5, Insightful)
Dont attribute to malice what can be adequately explained by stupidity. Sometimes a software can be well intentioned, see a place where a lot of maybe useful information could be place and no look further on that, putting that in. Sometimes in some context that added information could be useful and intended, sometimes not, and you have not enough flexibility to decide by yourself when enable or disable that action.
Could the smtp protocol (and so every software that implements it) be considered traitorware? If you want to send an anonymous message it adds from which IP was sent, how different would be that from cameras that automatically adds gps coordinates in photos?
In the last term, a line between malice in this and what is not should be drawn, and will be very broad with a lot of things in the gray area, but would be good to have a list of what cleary is in the wrong side of it. And if well couldnt call traitorware all that is in the field of what sends somehow away information that could hurt your privacy, awareness of what they send and what exactly implies in that topic to use them, sometimes even in the manuals they warn which private information could be disclosed, well, that it be even the ones that don't disclose that.
Re:A list of such products (Score:5, Insightful)
I like the fact that the EXIF data has the camera serial number. Over the years, I've used a number of different cameras. Even multiple versions of the same model. It's nice to have that information in the database. Giving it to anyone else is another issue entirely. But here again, the onus is on the individual to know how to deal with one's complex modern objects. For EXIF data, it's easy to strip entirely or individually.
What EFF needs to do is to bring this issue up to a level where 'normal' people at least understand the problems. It would be nice if manufacturers would give us the tools to control the flow of data better, but until the drum starts to beat louder, they have little incentive to do so.
Re:A list of such products (Score:5, Insightful)
Digital Cameras put this stuff in the exif data structures.
Add a GPS device to your DSLR and it goes in too.
Many Serious (both Pro & Amatuer) Snappers find this information really useful. Match the GPS up with Google Maps and locating where you took a particular shot is simple.
You can easily get rid of the data in the images you publish.
In fact this is useful to help you prove your copyright of the image.
So not all 'Traitorware' is bad to all people. There is a thriving marked for GPS Addons' to high end DSLR's.
Things like the Laser Printer data is IMHO worse that useless. Just but yourself a $50 inkjet, print the offending pages and junk it. After all, the replacment inks will often cost more than a new printer....
Re:Traitorware? (Score:2, Insightful)
Let's also change "suicide bomber" to "bomb murderer".
People who respect freedom for its own sake care. (Score:5, Insightful)
You have no idea where the collected data goes and what inferences will be made from it. Since corporations don't care about your freedoms of speech, assembly, and other freedoms, there's no good reason to assume that the collected data won't eventually serve malevolent ends. Furthermore, the data is often collected without explicit announcement that it is being collected. The data is often distributed to others without explicitly getting consent on a case-by-case basis so the end user has an opportunity to decide that they trust one party but not another. It's very easy to let those who promote convenience and flashy presentation take away your freedoms; it's hard to regain your freedom after you've lost it. The solution, therefore, is to not lose your freedoms in the first place.
Re:Oh Noes! (Score:5, Insightful)
The whole point of the EFF is to think about such problems and issues before they become common; hence the 'frontier' in their title. They are trying to alert people to a potential situation so that people can be aware of it and start thinking about the implications, and formulate either consumer strategies or legal frameworks before there is wide spread abuse.
Your point is still valid in that you yourself may not be interested until there has been abuse, but to ask the EFF not to write about it until that point does not make much sense.
Re:Oh Noes! (Score:0, Insightful)
Your retort sounds eerily similar to the 'if you aren't doing anything wrong, you have nothing to hide' chanters. Or, 'you conspiracy theorists are such nutters'.
The EFF have identified an issue and provided scenarios of why this may be unwanted. Does the scenario really have to transpire before you see the danger? Does someone have to fall off a cliff before you see the potential danger of the cliff?
Even if you are so lacking in vision that you cannot see the danger from the described scenario, surely you can draw references from past events. How many times has it already transpired that something such as this was put in place only to have it misused by someone in a position of authority or for marketing purposes? What is the benefit to the consumer of putting the serial number in every picture? Furthermore, if there is a benefit to the consumer, why is that fact hidden rather than advertised as a feature? What's the consumer benefit to printing serial numbers or other identifiers(yellow dots) on every printed page that comes out of a printer? And, if there is a benefit to the consumer, why is that fact hidden rather than advertised as a feature?
The fact is that these "features" are regularly added to these devices without the knowledge or consent of the consumer. It is also typically the case that these "features" are leveraged against the consumer or to the benefit of government agencies or corporations without the consumer's knowledge. The fact that you lack vision doesn't mean that the problem or, at the very least, the potential of the problem doesn't exist.
Re:Who really cares, though? (Score:5, Insightful)
Isn't it inconsistent to deny this freedom to the companies that sell us these devices?
What about a person's right to not be secretly recorded, logged, tracked and monitored purely for corporate greed?
I'm pretty sure that AC was just trolling. At least, I'd really like to think so.
Unfortunately there really are a lot of people who, for some reason, will act against their own self-interests and vehemently defend this kind of intrusive surveillance. I believe the term for them is "useful idiots".
Throughout history, every time a relatively free nation became a brutal dictatorship, there were such people who welcomed it with open arms at least until it was finally their face smashed by a jackbooted thug. The GP might be one of those.
Re:Who really cares, though? (Score:5, Insightful)
So when I sell you a chair I should be allowed to dictate when and how you may sit on it, that you may ONLY use it to sit at a table and ONLY to eat your soup but not your burger? And when I sell you that burger, I should be allowed to dictate that you may ONLY drink MY soda while you eat it (I bet McD would love that!)? Yes, even if you order it to take it with you.
When I sell you something, I also have to relinquish the right to determine its use and purpose. If you take my chair and use it to juggle, I can't do jack about it. If you want to burn it, I can't say you must not do it because I invested so much work into it, you can't just burn it! I sold it to you. I surrendered every right to it to you.
Why the fuck should this be different with things like iPods and XBoxes? Because they're sold at a loss because its maker thinks they'll recover the loss with the add on gizmos? Then sell it for a profit! It's not my fault that your business model is flawed!
Protecting a flawed business model with laws is pretty much what kept communism afloat so long.
Re:The real issue is (Score:5, Insightful)
That would be true in an idealised fantasy world where everyone had infinite time, were lawyers, and were aware of the potential problems with EULAs. Back here on Earth...
EULAs aren't upfront. Nobody reads them and nobody expects them to be read. People couldn't understand them if they tried. They're created with that fact in mind:
EULAs aren't specific. They are to a lawyer, but for the people reading them the text is incomprehensible obfuscated gibberish. Clearly they don't give a shit about agreement since it's physically impossible for most people to agree:
Consent requires comprehension. Perhaps you've heard of statuatory rape, a law that employs this principle. Contracts are also supposed to require mutual understanding because the entire concept is logically incoherant otherwise.
But of course that wouldn't be convenient in consumer electronics. So it's ignored, leaving us with a nonsensical system that bears no relevance to reality whatsoever. We pretend to agree and they pretend we agreed. And everyone knows it's bullshit.
Except for the law of course. "Legally binding" loses meaning as a defence when the law itself loses relevance. A law which completely fails to take into account how society operates is a law that should not exist.
Therefore, EULAs are hokum, people are dumbasses, companies are shitheads and the law is morally wrong. Merry Christmas!
Re:Maybe have a max-limit on contracts? (Score:3, Insightful)
Flamebate this all you like /.'ers but frankly this is a bullshit, asshat perspective and it pisses me off.
At what point is it NOT laziness? 20 pages? 40 pages? 10,000 pages? How about 1,000,000+? My privacy should not be subject to whether or not I've taken the seconds/minutes/hours/days/weeks/years necessary to filter through, read and comprehend every line of small print just so I can protect my family from corporate abuse. That's akin to being taken hostage by legal process and absolutely NOT reasonable. Whether or not this is legal practice doesn't make it right and I thank God we have groups like the EFF out there calling this shit out.
Thought processes like yours sir serve only those who have something to gain from screwing people.
Re:Hanlon's (Score:4, Insightful)
We put up with far too much of both. I see no reason not to treat both as malice.
Don't Forget Cars (Score:4, Insightful)