Category Privacy

Entries 56 Total Description

Posts related to digital privacy and privacy technologies.

Texas vs. the TSA

May 27, ’11 12:16 PM

Kashmir Hill has an article up on Fortune about the ongoing battle between the state of Texas and the TSA:

Upset about invasive screening techniques at the airport, the Lone Star State was considering a bill that would make a TSA patdown that involves touching “the anus, sexual organ, buttocks, or breast of another person including through the clothing” a misdemeanor, allowing Texas law enforcement to arrest TSA officials and charge them with sexual harassment. It would have meant that TSA officials could be fined $4,000 and spend up to a year in jail for doing their jobs of feeling up prospective fliers.

Texas ended up folding in the end. Still, I would rather see more states fighting for their rights and the rights of their citizens. Also, I love Ben Brooks’s suggestion to pass a law requiring airports in Texas to opt-out from using the TSA.

Comments (0)

The “Nothing to Hide” Argument

May 24, ’11 10:26 PM

Daniel Solove has a fantastic article in the Chronicle of Higher Education titled “Why Privacy Matters Even if You Have ‘Nothing to Hide.’” Here’s a teaser:

When the government gathers or analyzes personal information, many people say they’re not worried. “I’ve got nothing to hide,” they declare. “Only if you’re doing something wrong should you worry, and then you don’t deserve to keep it private.”

The nothing-to-hide argument pervades discussions about privacy. The data-security expert Bruce Schneier calls it the “most common retort against privacy advocates.” The legal scholar Geoffrey Stone refers to it as an “all-too-common refrain.” In its most compelling form, it is an argument that the privacy interest is generally minimal, thus making the contest with security concerns a foreordained victory for security.

Solove wrote a law review paper on this same topic back in 2007. He’s expanded the concept into a new book titled “Nothing to Hide: The False Tradeoff Between Security and Privacy.” I’ve read several of his books, and I’m almost certain to read this one as well. He writes eloquently about privacy, which is generally difficult to write about well.

Comments (0)

Why Privacy Mattered

May 16, ’11 12:10 PM

Privacy is a difficult concept to explain. Explaining why privacy matters is particularly challenging. Paul Ford attempts to do this in his story Nanolaw with Daughter. It’s a relatively short story, and worth reading. Here’s an excerpt:

My daughter was first sued in the womb. It was all very new then. I’d posted ultrasound scans online for friends and family. I didn’t know the scans had steganographic thumbprints. A giant electronics company that made ultrasound machines acquired a speculative law firm for many tens of millions of dollars. The new legal division cut a deal with all five Big Socials to dig out contact information for anyone who’d posted pictures of their babies in-utero. It turns out the ultrasounds had no clear rights story; I didn’t actually own mine. It sounds stupid now but we didn’t know. The first backsuits named millions of people, and the Big Socials just caved, ripped up their privacy policies in exchange for a cut. So five months after I posted the ultrasounds, one month before my daughter was born, we received a letter (back then a paper letter) naming myself, my wife, and one or more unidentified fetal defendants in a suit. We faced, I learned, unspecified penalties for copyright violation and theft of trade secrets, and risked, it was implied, that my daughter would be born bankrupt.

(via Kottke)

Comments (0)

Smartphones and Social Networks

May 12, ’11 2:16 PM

The Wall Street Journal on the privacy risks of smartphone applications:

Mr. Cortesi said the gaming company, OpenFeint, fixed the Facebook and location issues after he contacted the company about a month ago. California-based OpenFeint provides a gaming network that has more than 75 million registered users across more than 5,000 games, according to the company. Mr. Cortesi described his findings in a blog post last week.

OpenFeint did not immediately respond to a request for comment.

The biggest risks from OpenFeint may have been resolved, but the study raises questions about the way app makers and their partners handle the phone identifiers.

Though they focus on OpenFeint, this could apply to any smartphone app that asks you to connect to Facebook, Twitter, Google, or any other online account. The article cites a previous study the Wall Street Journal conducted on smartphone apps as evidence.

Reputable companies wouldn’t intentionally do things like this, but the update at the end of the article is probably more representative of the state of smartphone application development:

OpenFeint says that upon learning of the vulnerability it immediately stopped transmitting location and disabled the use of Facebook for profile pictures on the service. “We are not aware of any of our user’s information falling into the hands of any third parties as a result of this issue,” CEO Jason Citron said.

The company added: “OpenFeint takes privacy concerns seriously and is constantly monitoring privacy developments in a rapidly evolving industry. We are committed to developing and implementing state of the art privacy policies and to protecting our users’ personal information to the best of our abilities at all times.”

They just don’t know about these privacy problems. What smartphone app doesn’t want to be able to put a Facebook or Twitter logo on their product at some point? From their perspective Facebook and Twitter are incredibly popular and easy to interoperate with. Potential risks to the user aren’t always immediately clear. Add in the fact that most smartphone apps are made by tiny software development teams, often just one or two engineers, and you’ve got a recipe for bad privacy practices.

Comments (0)

Facebook Apps Security Hole

May 11, ’11 1:09 PM

The Wall Street Journal has an article up about a security hole in the way Facebook Apps are allowed to access users’ information. It was recently discovered by Symantec, but it’s possibly been around for some time:

The issue, which Symantec described as accidental, centers on Facebook applications, the third-party programs that allow users to play games, shop and do other tasks on the Facebook website. In some cases, those applications shared with advertisers and analytics companies so-called access tokens, which act like spare keys (originally intended for the apps) to access or post information on a user’s account, including reading wall posts, accessing a friend’s profile, posting to a user’s wall and mining personal information.

As of April, Symantec estimated that the flaw affected close to 100,000 Facebook apps—and that since Facebook introduced apps in 2007 potentially hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.

It is possible that the third parties didn’t realize they had the ability to access this information. Still, “the repercussions of this access token leakage are seen far and wide,” wrote Symantec researcher Nishant Doshi in a blog post.

Symantec informed Facebook of the problem in the second week of April, and the social network took steps to address it.

Note the use of responsible disclosure in that last line I quoted. This is somewhat unrelated to this post, but I found it interesting.

There are two things about Facebook and privacy that I believe are often misunderstood:

  1. Facebook apps are a bigger threat than Facebook friends, which are more often the focus of Facebook privacy discussions. Many Facebook users don’t realize how much information they are giving to apps just so they can take quizzes or play games.
  2. Facebook has a more pressing business interest in protecting user information than people think. Their ability to market to incredibly specific consumer groups is paramount to their business.
Comments (0)

Google Location Data Lawsuit

May 10, ’11 3:03 PM

Google is being sued about the storage, collection, and use of location data on Android phones:

Last week developers also revealed that Android devices keep a similar cache of cell tower and WiFi data, though Android limits the amount of data to 50 recently accessed cell towers and 200 recently accessed WiFi networks. Like iOS devices, a person would need to “root” (similar to “jailbreaking”) an Android device to get the data, but in contrast to iPhones this data isn’t synced to a computer.

More disconcerting, however, is the fact that Android devices collect “its location every few seconds and transmitted the data to Google at least several times an hour,” according to research by security expert Samy Kamkar. Google said it uses this data for a variety of uses, but unlike Apple, Android attaches a unique ID number to the data. While that ID number is effectively random and can’t be directly linked to a particular device or user, it is possible to analyze such data and correlate it to particular individuals using increasingly advanced “deanonymization” techniques.

Detroit area residents Julie Brown and Kayla Molaski filed a class action lawsuit against Google over concerns that the location data that Android devices send to Google “several times per hour” is tied to a unique (though random) device ID. The lawsuit further alleges that this data is sent to Google unencrypted. “The accessibility of the unencrypted information collected by Google places users at serious risk of privacy invasions, including stalking,” according to the complaint.

It was really only a matter of time after Apple’s recent location data revelations.

Comments (0)

Creepy Location Tool

May 2, ’11 12:27 PM

Since I’ve been examining location privacy recently, I can’t pass up mentioning creepy:

creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown accompanied with relevant information (i.e. what was posted from that specific location) to provide context to the presentation.

The authors go on to describe it as a proof of concept tool, similar to Firesheep. I don’t believe creepy will be as widely covered by the media as Firesheep was. It’s not immediately exploitable the way Firesheep could be. However, I would bet that it will be used as a stalking tool, despite the wishes of the authors.

Comments (0)

Apple Responds to Location Data Concerns

Apr 27, ’11 10:59 AM

Yesterday, I wrote about Apple and Location Data, and I ended that article with a list of questions:

  1. Should there be a master switch that actually prevents location tracking?
  2. Should location data be deleted after a reasonable period of time?
  3. Should users be able to manually wipe location data at will?
  4. As my colleagues point out, we should also ask whether users should be able to provide a slightly randomized bogus location within 10 miles for services that don’t require precise latitude and longitude, like weather.

Several of these questions are answered directly by Apple’s response:

Software Update

Sometime in the next few weeks Apple will release a free iOS software update that:

  • reduces the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone,
  • ceases backing up this cache, and
  • deletes this cache entirely when Location Services is turned off.

In the next major iOS software release the cache will also be encrypted on the iPhone.

Looks like most of my questions will be addressed. Definitely my first and third questions will be addressed. My second question will probably be addressed by the reduced size of the cache, but they didn’t actually word it exactly like I did. My fourth question is based on new research done at NC State, and it could take more than a few weeks to implement in Apple’s Core Location Framework. More interestingly, Apple decided to encrypt the cache on the iPhone. Encrypting the database is probably partly genuine concern for privacy and partly a move to break tools like iPhoneTracker. I’ll leave it to others to figure out which part weighed more heavily. In the meantime, I’m satisfied with this announcement.

I should end by noting that Android systems do the same sort of location tracking. If you’re interested in more and you have a technical bent to you, start here.

Comments (0)

▶ Apple and Location Data

Apr 26, ’11 9:53 AM

The NY Times reports that some European governments believe Apple may have violated privacy laws by collecting and storing location data. From the article:

“This data that was supposedly discovered yesterday has existed in earlier iPhones,” said Alex Levinson of Katana Forensics, a company that specializes in extracting data from electronic devices for legal cases. Mr. Levinson said that he and colleagues had explained Apple’s practices at conferences and in research papers, and that his firm has helped law enforcement agencies “harvest geolocational evidence from iOS devices,” a reference to the Apple operating system.

The article goes on to mention that the data collection isn’t entirely new, and was discussed in a letter delivered to Congress last July from Apple. If you want to read the letter in its entirety, it’s online here (PDF). Ars Technica has more coverage of why this is suddenly news again and what Congress wants Apple to tell them now.

Jacqui Cheng makes an important point in that first Ars Technica article:

From the end-user point of view, Apple only does one kind of location tracking, and it happens via GPS. The company makes sure to notify you on your iPhone or iPad every time you use an app that will grab your GPS location so that you’re always informed of when you’re being tracked. However, that’s not all that’s going on behind the scenes. Apple also triangulates your location from cell phone towers and logs that information in order to help get a faster GPS lock (or to find your location without GPS if you’re getting bad GPS signal).

[...snip...]

Users don’t get to decide whether their locations are tracked via cell towers or not—unlike GPS, there is no setting that lets users turn it off, there’s no explicit consent every time it happens, and there’s no way to block the logging. (Nitpickers will point out that you do give your consent to iTunes when you download and install iOS 4, but this is not treated the same way as the consent given to the iPhone every time an app wants to use GPS.) So, whether or not you’re using GPS, if you’re using your iPhone as a cell phone, you are being tracked and logged constantly without your knowledge. This is why my trip to Hong Kong wasn’t logged (because I had all cell connections turned off while GPS was on), but my stop-over in Tokyo Narita on the same trip was logged (I had turned on my phone to make a quick call, but did not use GPS).

In short, simply turning Location Services to the “off” position doesn’t actually prevent you from having your location tracked.

I’m not convinced this is a uniquely Apple problem. Location is a killer feature for everything from getting driving directions to finding a place to eat to knowing what the weather will be like. It’s worth pointing out work that some of my colleagues at North Carolina State have done on Android-based phones:

Jiang says TISSA could be easily modified to incorporate additional settings that would allow more fine-grained control of access to personal information. “These settings may be further specialized for different types of information, such as your contact list or your location,” Jiang says. “The settings can also be specialized for different applications.”

For example, a user may install a weather application that requires location data in order to provide the user with the local weather forecast. Rather than telling the application exactly where the user is, TISSA could be programmed to give the application generalized location data – such as a random location within a 10-mile radius of the user. This would allow the weather application to provide the local weather forecast information, but would ensure that the application couldn’t be used to track the user’s movements.

Any smartphone worth the extra expense is going to have to track location some of the time, so we’re really talking about what level of control to give to users over that data. Should there be a master switch that actually prevents location tracking? Should location data be deleted after a reasonable period of time? Should users be able to manually wipe location data at will? As my colleagues point out, we should also ask whether users should be able to provide a slightly randomized bogus location within 10 miles for services that don’t require precise latitude and longitude, like weather. There’s a lot of room for innovation here.

Comments (2)

Dilbert on Privacy

Apr 17, ’11 4:22 PM

These are from last October, but will probably remain relevant for many years to come…

Dilbert.com
Dilbert.com
Dilbert.com
Comments (0)