click the image to see the original video

I saw the most horrifying ad ever during the Super Bowl this last weekend. Ring (the company that makes camera doorbells) tried to convince us that their AI-assisted image recognition software would help save the PWOOR WIDDLE PUBBIES! when it's clear as day that they're building a surveillance network using customers who are opted in to the 'service' by default without their consent.

Even if you weren't already aware of and terrified of the surveillance by corporations like Google, Meta, and others, hopefully you get that when they sell this to government agencies like ICE, the NSA, FBI, and so on, that's a big, big problem.

Ring needs to be given the finger in every way possible. We need to tell the to shove their surveillance where the sun don't shine – encourage state Attorney Generals to sue and block this and, ideally, to do go further and investigate/fine/pass laws to protect our data gathered by Amazon echos and similar.

Click the thumbnail above or click here to see the video on BlueSky.

There are consequences for broadcasting to the world that you're not at home.

(Image used under: Fair Use doctrine)

Though people like to say they they have nothing to hide, the truth is that sharing information carelessly is reckless. You might assume no one would care or go to the trouble of using your data against you, but have you ever thought about how very easily it actually is?

For ID Theft, all I need is some basic information about you to buy a TV in your name, but it's not the only thing I can do. What if I just watch your Twitter, Facebook, or Instagram posts to find out when you're not going to be home to burgle your home in peace? What if I'm just some jerk online who didn't like what you said in an argument? Using a technique known as "swatting", I could trick your local police into breaking down your door, destroying your house, and drawing weapons on you and your family (sometimes fatally).

Last December, officers shot and killed an unarmed 28-year-old man on his front doorstep after receiving a call that he’d shot his father in the head and was holding his mother and two siblings hostage. He’d done nothing of the sort. The Wichita, Kansas, resident’s fatal mistake was living at an address that a “Call of Duty” gamer had fabricated and posted online during an escalating argument with a fellow gamer.

(Quote source)

Or, if I don't want to go the criminal route, it's still quite legal to track, monitor, and collect information about you based on your Internet and financial activity. Then I can use that data to profit from your Internet searches, medical data, or fear and insecurities:

She was concerned that she might have a drinking problem, and so she went on Google and asked one of those questions, ‘How do you know if you have a drinking problem?’ Two hours later, she goes on Facebook, and she gets an ad for her local liquor store.

(Quote source)

Redirect, resist, block. Bad guys can't misuse data that they don't have.

(Image used under: Creative Commons 3.0 [SRC])

The US Government, military, and large corporations are already aware of the threat and developed the formalized "OPSEC" (or "Operations Security") program to counter it. Luckily for you, in the more-than-decade I've been teaching OPSEC principles, I've realized that it's just "Privacy Skills with a lot more steps". We can both save a lot of time with the same effect by reducing it all to a simple philosophy:

Bad guys can't use or abuse information if they don't have it.

From here, it's just a matter of identifying the ways your data is lost or stolen and equipping you with appropriate countermeasures. If you're ready to get started, click below for the next lesson.

Lexis Nexis - The bottomless pit of user data

(Image used under: Creative Commons 3.0 [SRC][Mod])

LexisNexis (which acquired ChoicePoint) is the largest data-broker in the world. They create vast profiles on people and use that information to create various reports that they sell to companies of all kinds. These reports are used to make decisions about renting, insurance and more. In the past these reports have been purchased by law enforcement and criminal organizations; all to find out more information about you.

It might be a good idea to find out what's in your report, but it turns out neither simple web searching or LexisNexis themselves do much for listing out all the types of data they know about you. Well here's the list of information they had (or could have had) from my personal LexisNexis dossier:

Does that make you uncomfortable?

Data brokers are just a business like any other, but as the credit report companies proved, buying and reselling data carelessly leads to disaster. Considering that these reports are FAR more detailed with a much wider variety of information, I can only imagine the consequences of allowing them to proceed as they have been.

Fortunately, you may not have to.

I was able to order my report using this webpage. I believe that doing so would be a good idea, but after that, make sure to also use their opt out procedures if you can.

It turns out that they'll only let your data go if you can prove that you're an identity theft victim or in imminent danger of bodily harm (police officer, public officials, etc). But it's easy to understand why they make it hard. After all, why would you set free one of your prize milk cows for no good reason?

In the end, I hope that strong regulation is introduced before we reach a problem like we did with identity theft.

(Image used under: Creative Commons 2.0 [SRC])

This is not surprising.

"Apps" are pieces of software that let Facebook's 500 million users play games or share common interests with one another. The Journal found that all of the 10 most popular apps on Facebook were transmitting users' IDs to outside companies.

The apps, ranked by research company Inside Network Inc. (based on monthly users), include Zynga Game Network Inc.'s FarmVille, with 59 million users, and Texas HoldEm Poker and FrontierVille. Three of the top 10 apps, including FarmVille, also have been transmitting personal information about a user's friends to outside companies.

Once you install a 3rd party application, you no longer have control. Think twice before touching any "app" about how much you care if your information remains private or is sold on the information black market.

(Image used under: Creative Commons 2.0 [SRC])

Rule number 1: don't trust Facebook or any other marketer with your information. Anything you provide should be carefully researched to see how safe it is then provided only after deciding what risk you face.

Rule number 2: don't use automated processes to share information without even MORE careful research.

Breaking both rules is a new app from Facebook which will allow you (or one of your friends) to violate the privacy of many people at once by uploading your phonebook.

The greatest part is that you don't have to give up your phone number since one of your friends can instead! This is just like how Facebook let friends tell stalkers where to find you or add you to groups so someone who's mad at you can make you look like a pedophile.

Don't you love Facebook?

Surprise, surprise. A company has giant data breach due to negligent security, but not to worry! They'll protect you by offering you credit monitoring for one year free!

Credit monitoring is a waste of your time and is likely only offered to make it seem like they're doing something for you when they probably don't. I wouldn't be surprised to find out that the credit monitoring companies have a "data breach plan" where companies can get a bulk discount by offering monitoring to all their victims.

It's a classic win-win-lose. The breach company wins PR points, the monitoring companies continue to make money for not providing any real service, and we all lose.

If you're worried about id theft, just freeze your credit reports!

(Image is used under the Pixabay license)

Australia has so much Big Brother nastiness going on, sometimes they make even the UK look tame!

The newest development comes where the government is demanding service providers to store all e-mail and possibly web browsing history for all its subjects citizens.

According to the directive, where internet access is concerned, this means the ISPs must retain the user ID of users, email addresses of senders and recipients of email, the date and time that users logged on and off from a service, and their IP address — whether dynamic or static applied to their user ID.

Like most ideas of this nature, it's sold with a plausible premise of catching criminals, but if innocent people are to accept such an invasion, it must first be shown that:

1. The data actually DOES help catch bad guys.
2. The data won't be abused and misused by the government.

In the US, we fail most consistently on the second. I don't know, but I'm going to guess that Australia's track record isn't a lot better.

(Image used under: Creative Commons 2.0 [SRC])

I found this pretty amusing:

The world needs a simple word or term that means "the act of creating deliberately confusing jargon and user-interfaces which trick your users into sharing more info about themselves than they really want to." Suggestions?

Although we didn't specifically mention Facebook in our question, … suggestions included "Zuckermining", "Infozuckering", "Zuckerpunch" and plenty of other variations on the name of Facebook's Founder and CEO, Mark Zuckerberg. Others suggested words like "Facebooking", "Facebaiting", and "Facebunk".

In the end, they went with a suggestion of "Evil Interfaces" which refers to any user interface that is designed to trick people out of their data or make them do something they don't want to do. Check out the source article for examples of the kind of "Evil Interfaces" they're talking about.

And one more thing before we go:

OK, perhaps the word "evil" is a little strong. There's no doubt that bad user-interfaces can come from good intentions. Design is difficult, and accidents do happen. But when an accident coincidentally bolsters a company's business model at the expense of its users' rights, it begins to look suspicious. And when similar accidents happen over and over again in the same company, around the same issues, it's more than just coincidence. It's a sign something's seriously wrong.

Beautifully worded.

(Image used under: Creative Commons 2.0 [SRC])

Looks like they're doing it again. This time, they've made a change where even information you've set to private will be fully visible to strangers.

Today, Facebook removed its users' ability to control who can see their own interests and personal information. Certain parts of users' profiles, "including your current city, hometown, education and work, and likes and interests" will now be transformed into "connections," meaning that they will be shared publicly. If you don't want these parts of your profile to be made public, your only option is to delete them.

Of course, this doesn't affect me since my REAL friends already know all that stuff so I saw no reason to enter it into Facebook in the first place, but if you or someone you know has it, tell them to pull it down or put in fake data instead. Why broadcast information to strangers hoping that none of them will use it against you?

Update

It looks like Lifehacker posted an article on how to restore your privacy after the change. Check it out

No more invasive than a pat down. Really?

Privacy groups like The Electronic Privacy Information Center - EPIC have been warning us about these things for a long time and it seems like as much as the TSA would want us to believe otherwise, we were justified in raising the alarm.

In this case a male worker at Heathrow flipped the machine on as an attractive female co-worker walked near the machine. He apparently made some lewd comments and though I haven't been able to find any sources saying what those comments were, I think I can make some general guesses.

The British House of Commons said this of the machines when they were deployed:

"Having witnessed these full-body scanners working at first-hand, we are confident that the privacy concerns that have been expressed in relation to these devices are overstated and that full-body scanners are no more an invasion of privacy than manual "pat-downs" or searches of bags," the committee said.

Oh really? A pat down and a nudie scanner are the same thing? What do you think?