Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Advertising Privacy

Can Users Poison the Data Big Tech Uses to Surveil Them? (technologyreview.com) 79

"Algorithms are meaningless without good data. The public can exploit that to demand change," argues a new article in MIT's Technology Review (shared by long-time Slashdot reader mspohr): Data is fed into machine-learning algorithms to target you with ads and recommendations. Google cashes your data in for over $120 billion a year of ad revenue. Increasingly, we can no longer opt out of this arrangement... Now researchers at Northwestern University are suggesting new ways to redress this power imbalance by treating our collective data as a bargaining chip...

In a new paper being presented at the Association for Computing Machinery's Fairness, Accountability, and Transparency conference next week, researchers including PhD students Nicholas Vincent and Hanlin Li propose three ways the public can exploit this to their advantage:

Data strikes, inspired by the idea of labor strikes, which involve withholding or deleting your data so a tech firm cannot use it — leaving a platform or installing privacy tools, for instance.

Data poisoning, which involves contributing meaningless or harmful data. AdNauseam, for example, is a browser extension that clicks on every single ad served to you, thus confusing Google's ad-targeting algorithms.

Conscious data contribution, which involves giving meaningful data to the competitor of a platform you want to protest, such as by uploading your Facebook photos to Tumblr instead.

Will we someday see "white-hat data poisoners" trying to convince tech companies that the best place to advertise is the classified sections of small local newspapers?

While the researchers believe sporadic individual actions have little impact, the article takes this to its ultimate conclusion. "What if millions of people were to coordinate to poison a tech giant's data well...? That might just give them some leverage to assert their demands."
This discussion has been archived. No new comments can be posted.

Can Users Poison the Data Big Tech Uses to Surveil Them?

Comments Filter:
  • by Spamalope ( 91802 ) on Saturday March 06, 2021 @11:44AM (#61130490)
    What about a browser plugin that uses torrents or some other peer to peer connection to swap trackers between users to poison their tracking. Or copy the same tracker to thousands or tens of thousands of users.
    • by raymorris ( 2726007 ) on Saturday March 06, 2021 @12:05PM (#61130562) Journal

      Sure, if 100 million people did that, it would matter.

      The summary says ""What if millions of people were to coordinate to ...".

      If we could coordinate many millions of people actually taking action, we could do a lot of things. Including several thousand things which would each be more important than making ads more random.

      Lots of kids in poor parts of the world need relatively minor surgeries in order to be able to walk, or use their arm. The surgeries cost a couple thousand dollars, though - two years of wages in those countries. If I could get just ten or twenty Slashdotters to take coordinated action, a four year old boy could have his legs fixed so he'd be able to walk, rather than being stuck in a chair his whole life.

      Unfortunately, 99.999% of people want to spend their day whining about ads for tires or whatever, they won't actually DO anything, to improve any situation.

      • I have not seen an advert in my production environment in a heck of a long time. Thanks to the raging pandemic, I have not even seen one originating from meatspace, let alone cyberspace. I tried not blocking adverts for a while and decided it was a bad idea. Sure, I still see the result of sponsorships but those are not advertisements they are statements made by representatives of the media I choose to consume, rather than random graffiti obscuring it. To stop seeing ads all you have to do is configure y
        • I have not seen an advert in my production environment in a heck of a long time.

          Me too.

          Call me a "thief" or a "shoplifter" if you like but the constant deluge of crap is completely unsupportable to me.

          Worse, I usually have to see the adverts and agree to have my data stolen before I can even see the page content and decide if it's worth my patronage or not. In what other area of life would that be acceptable? None.

      • > If we could coordinate many millions of people actually taking action, we could do a lot of things

        We can't even get them to lie when creating accounts on web sites. Really, change your birthday, its that simple. But no, no one can do even that.

        • Re: (Score:1, Insightful)

          by johanw ( 1001493 )

          Just propagate the use of adblockers. Trackin is useless for those companies if they can't use it to annoy users with ads.

          • I do not see why the person above got downvoted. This is simple and it poisons the well by removing all eyeballs from the equation regardless of detected interests. If the proportion of people blocking advertisements reaches a critical point, companies will stop bidding on adspace and turn to sponsorships and influencers instead.

            Will this reduce the quality of online services? No, quite the opposite. Rather than an Internet of Things, by eliminating scummy advertising and encouraging people to learn a
            • by tlhIngan ( 30335 )

              turn to sponsorships and influencers instead.

              Will this reduce the quality of online services? No, quite the opposite. Rather than an Internet of Things, by eliminating scummy advertising and encouraging people to learn a little, perhaps we can finally bring back the long missed Internet of Nerds!

              No, we just have more people following the Kardashians or whatever the celebrity of the week is.

              And influencers are annoying enough to deal with in real life with many taking their "influence" into real ilfe. If you

          • If they can still get backing for their idea - no matter how shitty it is, an unlikely to actually work - from some venture capitalist spending someone else's pension, then they'll still create these new companies to feed on the VCs. Who cares if the company crashes if you get 4 years as a CEO out of it?
      • If 100million people cared about it, we could probably vote and get a law passed against abusive data collection.

    • Why limit it to the Xzibit-worthy OS-within-a-OS?
      Put it at the TCP level of the network stack of your kernel.

    • There was a Firefox plugin years ago that used to take in RSS feeds and build random junk queries that would flood all the major search engines with semi-realistic junk when the browser was open. I used to have two or three machines with Firefox running flooding them all day every day. Can't remember the name but the slogan was related to the "needle in a haystack" line of thinking. I don't think it would be too hard to do something similar and just flood all kinds of bad data to all of the trackers. Most o

    • If this plugin were to become mainstream, things like this will happen:
      1. Big Tech will work around it, such as for example by starting tracking using things like session tokens, which you really don't want to swap with anyone (imagine the tracker traded your banking session token with a random computer, essentially giving that computer ability to do anything you can do via your banking site, as long as it doesn't require re-authentication).
      2. Someone will use that plug-in to track you, spy on you. This mig

  • Geolocation VPN (Score:4, Interesting)

    by Spamalope ( 91802 ) on Saturday March 06, 2021 @11:46AM (#61130498)
    A VPN that instead of using a single endpoint puts each destination website in a container that goes to a separate VPN endpoint so geolocation is randomized.
  • I always thought it would be interesting to have an app that did random searches based upon some wordlist or dictionary - random times with random words - then let them try and find the real "you"
    • Wouldn't they then be able to find a less random stream in the noise? And that would be you. Maybe it would be better to have random non-random searches.
    • I have an add on for fire fox called track me not. It basically just sends random (clean) search queries to all of the search engines you specify. Not sure if it works though (I use duck duck go and ad blockers)
    • Don't use a normal wordlist. Parse the first 10 pages from the search result, and collect all unknown words into a list, shake, pick words from that, rinse and repeat. A bit like a crawler/spider but for words.
      You can still seed it with a dictionary, every now and then, to keep it fresh so it doesn't exhaust the list due to going in circles.

  • What's the point? (Score:5, Insightful)

    by thegarbz ( 1787294 ) on Saturday March 06, 2021 @11:56AM (#61130530)

    Big data hasn't got a frigging clue. You buy speakers, they advertise to you speakers. You look up a recipe for lasagne, and while you're coming back from the shop Google shares a news article with a recipe for lasagne.

  • by marcle ( 1575627 ) on Saturday March 06, 2021 @11:59AM (#61130546)

    More clocks, even if virtual ones, just means more revenue for Google. It may be that the targeting becomes less effective, but only the advertisers would suffer. And most of them just assume their advertising is effective anyway -- it's very difficult to measure the effectiveness of advertising.

    • it's very difficult to measure the effectiveness of advertising.

      No it isn't. The trick is simply to not advertise everywhere at once. If you advertise in on area and sales go up there but nowhere else that means it's a good advert so you go nationwide with it.

  • by petes_PoV ( 912422 ) on Saturday March 06, 2021 @12:02PM (#61130550)
    Doing things to protest against an organisation only work if that organisation knows it is being protested against.

    So while a data strike might have some effect, if only as P.R. data poisoning will make no difference if the "poison" looks like legitimate personal data. The social media companies will continue to trawl it, package it and sell it on to the advertisers as if it was genuine. Profits will continue to roll in.

    It is only if the advertisers can measure a decline in the quality of personal data (for example, if a billion people all set their birthday to April 1) that it would affect the data gatherers.

    • I don't really want to protest. Protesting at Big Data just dignifies their existence. It makes it seem like I'm looking for their reaction.

      I just want tools to use to damage Big Data.

      • I don't really want to protest. Protesting at Big Data just dignifies their existence. It makes it seem like I'm looking for their reaction.

        Yep, it will just make them try harder and be even more intrusive.

  • Data strikes, inspired by the idea of labor strikes, which involve withholding or deleting your data so a tech firm cannot use it

    Ummm, I think you might not understand how computers work.

    Data poisoning, which involves contributing meaningless or harmful data. AdNauseam, for example, is a browser extension that clicks on every single ad served to you, thus confusing Google's ad-targeting algorithms.

    The problem is, this can be very difficult. For ad clicking, they can track mouse movements. Even if you build in a way to feed that fake mouse data, with time they can start to see patterns to help detect the fake data. Likewise, if you try to give them fake data, they're getting damn good (and only getting better) at figuring out what is good and what is bad. It's becoming increasingly difficult to avoid accidentally revealing which data is real an

    • "The problem is, this can be very difficult. For ad clicking, they can track mouse movements. Even if you build in a way to feed that fake mouse data, with time they can start to see patterns to help detect the fake data. Likewise, if you try to give them fake data, they're getting damn good (and only getting better) at figuring out what is good and what is bad. It's becoming increasingly difficult to avoid accidentally revealing which data is real and which is fake."

      Kind of like keeping track of one's trut

  • Not really (Score:5, Interesting)

    by gweihir ( 88907 ) on Saturday March 06, 2021 @12:02PM (#61130554)

    Sure, if enough users would do it, it would work. But people cannot even vote rationally, how would they ever do something like this in a coordinated fashion? "Big Data" will simply use some of the manipulation potential they are already using on politics to fend this off and that is that. You know, if people voted rationally, there would be privacy laws that work and that have a bite. Look at the situation we have instead and how things work becomes very clear.

    Another naive idea that ignores that on average, people are stupid and easy to influence.

    • You know, if people voted rationally, there would be privacy laws that work and that have a bite.

      We already do. The only thing those laws achieved is that every single web page now has an overlay saying "We care about your privacy!!" then send you off to an incomprehensible maze of options if you dare to click anything other than "I agree".

       

      • by gweihir ( 88907 )

        You know, if people voted rationally, there would be privacy laws that work and that have a bite.

        We already do. The only thing those laws achieved is that every single web page now has an overlay saying "We care about your privacy!!" then send you off to an incomprehensible maze of options if you dare to click anything other than "I agree".

        That is not consistent with "works" or "has a bite" in my universe.

  • I'll have to ask my butler. I think he's polishing my Mercedes though, and I don't want to disturb him while I'm buying tu-tus for my daughter on Amazon with my Visa so that she can be ready for the performance at the private school that she totally attends when she's not riding her Specialized bicycle through the bustling streets of Kenosha.

  • Sure, and small groups of people have been doing so in an organized way for years. See the book Obfuscation: A User's Guide for Privacy and Protest [goodreads.com] published back in 2015 to read up on it. The magnitude of the impact completely depends on the percentage of people who deliberately try to mess up the data; this is a simple mathematical truth. For the time being I imagine it's noise, but also that the data for individuals who actively participate in such activities is at least corrupted.
    • by malkavian ( 9512 )

      Absolutely. I've always been selectively poisoning, or segregating information.
      I have email accounts for doing various different tasks (so that one will actually be used for shopping around in mainstream areas, and allow advertising, so if I'm using it, I'm open to suggestions). I have many that're keyed to companies I'm not sure I trust them to be good with my data (and in many cases, they aren't, and as they're the ONLY ones with that key, they have a big finger pointing right at them, and the Informati

      • It's very easy to try and burn down the whole benefit of a system, without having anything better to replace, or continue it.

        What if I just need some charcoal?

  • My idea that have kicked around for a while is setting up some kind of online cookie exchange.

    Users would install a plugin that looked up if the exchange had any unexpired cookies for a domain before first connecting to that domain in the current session. If it did not it would just go ahead make the connect and get cookie'd converting them to session cookie for the purpose of the current session but retaining the expiry information to forward to the exchange when they close the browser.

    Users would designat

    • a) You'd never get enough people to do it
      b) The advertisers would set up sites to send you fake "unexpired cookies" and gather even more data about you than before.

  • Getting into a technology battle with trillion dollar companies is not a winning move. A small percentage of individuals may be able to avoid tracking (though most will be marked as "tracking avoiders") but the majority will find their lives constantly monitored. A significant fraction of the online economy is based around the valie of that tracking data. Laws need to prevent the "effects" of tracking, not just specific technologies, because there are an unlimited number of possible ways to track peopl
    • by ebvwfbw ( 864834 )

      The time for laws has passed. About 20 years ago, chance in hell 10 years ago. Not a chance in hell now. They *OWN* the democrats. The democrats know they owe them big time. From contributions to material help.

      The only way to fight back now is with free applications that can make the data they have useless. Could do that by things I search for going out through an old lady that does crafts for example. She has no interest in airplanes, computer stuff. Her stuff could go out through my connection, or your co

      • How can you win a technology battle against trillion dollar companies. Writing your own web browser to compete with the big corporate ones is a fantastic amount of work, and if it doesn't allow tracking, sites like Google will just not let it work. The problem is that the great majority of users want / need access to the big corporate services, and they can easily make their sites not function correctly with a browser that doesn't provide tracking. Some small percentage of people can get by without the b
        • by ebvwfbw ( 864834 )

          They don't control Firefox for example. Work it out so it'll derail them.

          Thing is, these AI algorithms are fairly fragile. Corrupt them to a small degree and they can become completely useless. They're also spending I bet Billions on storage, CPU and other resources. So it won't take much to spook them.

          Might be easier to get someone on the inside to booger up their data.

  • Except where there's a legal requirement, there's no reason to enter accurate information about yourself on any web site, and plenty of reasons not to. (In case of a database leak, accurate info can be leveraged to access other accounts, identity theft, etc.)

    Leaving false ad-click trails and the like isn't quite so helpful, but it probably can't hurt.

  • This falsely implies such "businesses" as a given that we just have to accept because $randomExcuse.

    When really, this is billions of people against maybe a million of them. >1000:1 odds against them. We can just decide "No", and in a democracy ... that's it. Servers offline, businesses closed, CEOs in prison if we want.
    They can have their own dystopia, with A.M. and cameras, on Pluto if they don't like it.

    The GDPR was the first big step.
    The next one is already on the way.
    Even old people are pivacy-consci

    • by malkavian ( 9512 )

      Wouldn't say "Pest control", it's more like setting sensible boundaries when people get to grips with something new.
      Privacy consciousness is good. I quite like the GDPR; it sets good and sensible boundaries on what corporations can do, and they better bloody well act responsibly with things people entrust to them, because that legislation has teeth.
      It'll always be evolving as the tech comes along, but it's always an equilibrium, where you can't stomp on business, because otherwise they'll either all fail (

  • So if adnauseam clicks on all ads, does that register as a paid hit for a website? I generally block ads but not from a few websites whose content I really value and want them to get the ad revenue to stay free; even if in some cases I donate to them as well. If it does, it would be a great way to help small websites.
    • I understand that it does. Looking at my AdNauseam log (they call it the "Vault") it says I have sent clicks to 4072 ads since 1st Feb and they estimate that it has cost the advertisers a total of $6433 - money which is supposed to have gone to websites I have visited. They assume that clicks earn websites an average of $1.58 each. From AdNauseam's website :

      As the precise cost generated by clicks is not visible to the client, AdNauseam calculates an estimate using an average value of $1.58 for each clicked Ad. This value is taken from this analysis, in which various advertising models and platforms are taken into account.

  • Most "AIs" are really bad when overwhelmed by signal. Just be an interesting person, who doesn't fit into a mold, and they won't know how to deal with you. Have diverse interests, research your opinions, be inquisitive. Don't ever click on an advert - the first and only thing an advert tells you is that you don't need the product being presented...

    • by malkavian ( 9512 )

      That's a case of no signal, merely noise. If you have diverse interests, it's fairly easy to detect. You make your own mold, and that'll be detected.
      I'd say just be careful what you click. There are many ads I've looked at that've been interesting and led me to interesting things (which is what I want, as it's enriched my ability to do what I want to do and saved me a lot of time). There are ones that I look at and just think "Vaguely interesting, but I'm not up for having them chasing me down that rab

  • I sometimes do this when I get annoyed by ads for something i bought weeks ago. I just purposefully search for nice things. Searching for flower shops really makes the banners a nice thing that follows you
    • I sometimes do this when I get annoyed by ads for something i bought weeks ago. I just purposefully search for nice things. Searching for flower shops really makes the banners a nice thing that follows you

      Now, that is an idea that I have not seen before! 8-)
      I think I will start doing that ...

  • Donâ(TM)t use apps. Use the browser instead. Use pi hole on your network. Donâ(TM)t stay logged into social media. Donâ(TM)t put the truth about yourself into your social media accounts. That âoelikesâ page on Facebook is a goldmine.

  • by blahplusplus ( 757119 ) on Saturday March 06, 2021 @01:08PM (#61130798)

    ... is the fact that software is licensed and not owned, you can't have privacy when every iphone/googleplay, steam, uplay, social star rock club, battle.net drm app is back ended. Without property rights to stop the client-server software as a service scam, you can't stop privacy invasion when it's legal to dispossess you of your right to get a complete local compiled executable. Micrsoft has been trying to kill honest EXE's with the UWP initiative and most of the public is none the wiser since it has no idea what a computer is or how it works.

    Client server software anything means you don't control your computing devices. Since the public has long since proven they didn't understand the agenda of Microsoft and the rest of silicon valley tech companies like the game industry's wanting to take control of our PC's and turn them into locked down mobile phones.

    The last 23 years there has been a full blown war on general computing beginning with mmo's in the late 90's with Ultima online, the success of that game told the entire industry the average member of the public was a computer illiterate moron. That's how we ended up steam/online drm to begin with.

    The idea we are somehow going to take our privacy back when games like Fortnite and PUBG (client serrver) software are some of the most popular software on the planet with kids and their parents...

    You'd have to be out of your mind, since client-server software is the ultimate sercurity risk, the public has already taken the poison pill.

  • Just don't click any ads lol. Clearly anyone who is willing to poison the data isn't going to click them anyways. I have never clicked on an ad, ever so any data they collected from me is isn't making them any money.
    • Just don't click any ads lol. Clearly anyone who is willing to poison the data isn't going to click them anyways.

      I click on every single ad, over 4000 in February. The AdNauseam plug-in for Firefox does it for me and I don't even see what ads it is clicking on.

  • If you really want to "redress this power imbalance" between users and Google, then simply stop using Google services! It's really quite simple. But who's willing to do that? The fact of the matter is that Google provides great online services (web search, email provisioning, maps, cloud storage, etc.) in exchange for user behavior data to get advertising revenue. If you don't want to give up your user data, then don't use their offerings.
    • And the alternatives are? For search you can use DuckDuckGo Bing or Yahoo. Any others? For email you can use outlook yahoo gmx proton mail....any others? How about YouTube? Drive with its apps?

    • I think this gets to the real issue, though. Individual fears about being advertised at are really only a minescule issue compared with the modern ability for certain corporations to provably influence whole populations in ways that aren't always obvious, because advertising can be so direct and personally targeted rather than where everyone can see and comment on it, and which were simply not possible until maybe they past decade. We're now all stuck living in this new world whether we choose to avoid the

  • Over a decade old
    https://youtu.be/7eIUOUfhoJ8 [youtu.be]

  • I have been doing this since 1970. Credit to Abby Hoffman, "Steal this Book" Whenever I fill out credit card statements, I misspell my own or illegibly write my name. I have done a search on other people with similar names and cross-forward mail. Call them up and make them change information about you. Look up your old driver's state of issue and change the address to someone else with a similar name. Mistype your SSN whenever asked. My phone is 8675309!
  • In college we had "customer loyalty card" swinger parties where you'd go home with someone else's card (and hopefully them). Always wondered what the data scientists made of everyone's erratic shopping behavior

  • Whenever I'm asked for my zip code (not related to a shipping or credit card transaction), I provide 99723, which is Barrow, Alaska. It's the northernmost zip code and is so far outside the continental US that I've surely poisoned a few companies' reports showing average latitude/longitude of where customers are from.
  • Ever since like 2007 or something, I deleted all my actual "likes" from Facebook on things I actually liked (music, films, games etc...) and instead just clicked "like" on random weird shit my friends like.

    For at least a decade, whenever I went to the panel in FB that shows you what it thinks your biggest interests are, mine were "women's shoes" and "haybailing". Neither of which is anywhere remotely true LOL

Pascal is not a high-level language. -- Steven Feiner

Working...