Privacy | Steve Woods

Family matters

10/10/2022 Steve WoodsBristol, Language, Politics, Privacy, Security

There are some writers whose importance does not diminish with their demise. Take, for example, the ancient Athenian playwright Aristophanes; his plays are still being staged nearly two and half millennia after his death; then there’s that genius in understanding human emotions and the human condition, William Shakespeare.

To these giants of literature, your ‘umble scribe would add the name of George Orwell. Even though he died in 1950, his works still seem startlingly relevant to life in the 21st century and its politics in particular. The major annual prize for political writing in the English Empire (which some still call the United Kingdom. Ed.) is named after him.

Nineteen Eighty-Four (in words, not numerals. Ed.), which was written in 1948 and published in 1949, was intended as a warning against authoritarianism and oppression. However, successive twenty-first century governments seem to have used it as a manual for the implementation of mass surveillance of the population and the removal of their right to privacy, particularly as regards the use of information technology (via e.g. the Regulation of Investigatory Powers Act 2000); and all in the name of so-called security.

What has been exercising your correspondent this morning is a particular passage from The Lion and the Unicorn: Socialism and the English Genius. This was an essay written in 1941 during World War 2 relating to the state of the English, as opposed to the British. In particular, it highlights the outdated English class system as a major impediment in the mid-20th century, as exemplified below.

England is not the jewelled isle of Shakespeare’s much-quoted message, nor is it the inferno depicted by Dr Goebbels. More than either it resembles a family, a rather stuffy Victorian family, with not many black sheep in it but with all its cupboards bursting with skeletons. It has rich relations who have to be kow-towed to and poor relations who are horribly sat upon, and there is a deep conspiracy of silence about the source of the family income. It is a family in which the young are generally thwarted and most of the power is in the hands of irresponsible uncles and bedridden aunts. Still, it is a family. It has its private language and its common memories, and at the approach of an enemy it closes its ranks. A family with the wrong members in control – that, perhaps, is as near as one can come to describing England in a phrase.

Looking at the cupboards bursting with skeletons, one only has to look at the colonial oppressors and crooks that our Victorian forebears sought to elevate to figures of admiration, such as Robert ‘Lord Vulture’ Clive, who used his position in the East India Comp;any for personal enrichment and the likes of Waterloo hero Thomas Picton, formerly a sadistic and cruel governor of Trinidad. Both Clive and Picton have featured in the recent statue wars where the right wing, including government ministers, sought to deny the brutality of empire and its legacy. Sorry, but introducing the system of common law and the game of cricket are not adequate compensation for centuries of plunder, expropriation, conquest, repression and genocide.

Looking at the deep conspiracy of silence about the source of the family income, there has yet to be any official acknowledgement that the family income from the late 16th century onwards was based upon piracy and then increasingly upon slavery, for which some former British Caribbean colonies are clamouring increasingly for reparations.

Finally, let’s come to that family with the wrong members in control. They don’t come more wrong than the current occupant of Number 10 Downing Street, one Elizabeth Mary Truss.

Truss is clearly an admirer – and blatant imitator – of her Tory predecessor Margaret Thatcher, who did so much to destroy the British economy and society in the 1980s. However, what really grates with many people is the manner in which Truss was elevated to the premiership, i.e. elected to the leadership of her party by its 160,000 strong membership which is mainly elderly, white, male and racist (occasionally referred to as a ‘selectorate‘. Ed.), and thus hardly representative of the country.

If England truly is akin to a family, it is one that is deeply dysfunctional.
Surveillance for corporate profit

09/09/2022 Steve WoodsBristol, Language, Oddities, Privacy, Tech

Automatic Number Plate Recognition (ANPR) surveillance seems to be on the rise since your ‘umble scribe first reported on its use by B&NES for access control to the council’s ~~rubbish tips~~ recycling centres some years ago.

It’s now being used by parking management companies to catch drivers who overstay their welcome in private car parks, as shown by the example below spotted in central Bristol today outside the snappily named Double Tree by Hilton hotel on Redcliffe Way.

Somebody’s watching you…
The hotel car park in question is ‘managed’ by Smart Parking, whose website boasts the company is ‘Reinventing the Parking Experience’. The manner in which Smart Parking is ‘reinventing’ parking (minus the experience. Ed.) can best be described by your correspondent as ‘Orwellian‘.
The adjective Orwellian is no exaggeration if one peruses the company’s marketing brochure to glean how ANPR is used. It states:

Smart Parking’s automatic number plate recognition (ANPR) / license plate recognition (LPR) parking system is a simple, efficient and cost-effective way of off-street car park management.
Cameras placed at entry and exit points take a timed photo of the number plate of each vehicle entering and exiting the premises. Customers then simply pay and walk, using their license place as identification. We can also configure sites to have validated parking which can include permit only, staff only, free limited time parking and definable grace periods, to name a few.
As with our other solutions, SmartANPR/LPR work with the SmartCloud platform to deliver occupancy, stay rates and enforcement efficiency reporting for car park management and future planning.

Note the American English usage of license.

Of course, for any users who outstay their welcome, the company wants to make a profit with its penalty charges (note to any passing journalists, despite your constantly referring to these charges in your copy as ‘fines‘, they are in fact invoices; only the judicial authorities can impose fines. 😀 Ed.) and so needs to obtain details of the vehicle’s keeper from the DVLA. The DVLA is more than willing to divulge this information for a fee, as confirmed by the answer to a Freedom of Information Act request from 2012.

The law allows the DVLA to disclose vehicle keeper information to those who can demonstrate a reasonable cause for requiring it. Reasonable cause is not defined in legislation but the Government’s policy is that it should relate to the vehicle or its use, following incidents where there may be liability on the part of the driver.

The DVLA also charges a fee for the disclosure of this information, as the response further clarifies:

The fees levied by the DVLA for Fee Paying Enquiries are set to recover the costs of processing requests and ensure that the cost is borne by the requester and not passed onto the taxpayer.

Even so, the agency has fallen foul of the Information Commissioner’s Office for “not using the correct lawful basis to disclose vehicle keeper information“, as The Guardian reported a few months ago.
Your correspondent feels an urge to submit another FoI request for the DVLA to enquire about the amount of money received by the agency for this service, but has more than a suspicion such a request would be refused on the grounds of commercial confidentiality.
DuckDuckGo blocks Microsoft trackers

10/08/2022 Steve WoodsPrivacy, Security, Tech

French IT news site Le Monde Informatique reports that DuckDuckGo has decided to block Microsoft’s trackers in its mobile browser applications and browser plug-ins in an effort to extend its approach to privacy protection. It had already been criticised at the start of the year on the matter.

Protecting internet users from tracking and protecting their anonymity is not simple. DuckDuckGo is part of this move and was very upset to find out that as part of its agreement with the Bing search engine, Microsoft had given the green light for user tracking. This is no longer the case since from that date onwards DuckDuckGo’s CEO, Gabriel Weinberg, has stated that blocking the loading of scripts on websites by the browser was extended to Microsoft’s scripts in DuckDuckGo browser applications for iOS and Android and browser extensions (Chrome, Firefox, Safari, Edge and Opera) and that beta applications will follow next month.

DuckDuckGo is attempting to block tracking scripts from search engines and sites such as Facebook, as well as other types of tracking scripts or software. It uses what it calls third-party tracking loading protection to prevent these third-party scripts or cookies from being loaded into the browser. If they did, they could track movements on the web and build a profile of the user, their preferences, etc. If other browsers and browser plug-ins also enable users to protect their privacy, DuckDuckGo has made privacy its priority.

Delayed neutralising

Mr Weinburg’s decision was taken after the discovery at the start of the year by security researcher Zach Edwards that DuckDuckGo was blocking trackers from Google and Facebook, but was allowing some of Microsoft’s trackers via Linkedin and Bing. The discovery was then reported by BleepingComputer. “Previously, we were limited in how we could apply our third-party tracker download protection to Microsoft tracking scripts due to policy requirements related to our use of Bing as the source of our private search results,” Weinberg explained, adding that, “We’re glad that’s no longer the case. We didn’t have and don’t have similar restrictions with any other company.”

DuckDuckGo still has an advertising relationship with Microsoft, which it will maintain. Clicking through on advertisements on DuckDuckGo is anonymous and Microsoft has undertaken not to profile DuckDuckGo users. If Microsoft continues to save the user’s link, it will not associate them with a profile. On an updated support page, DuckDuckGo has provided a summary of everything which its its browser authorises and does not authorise, as well as providing details of web tracking protection.
Prying Google is not your friend

20/05/2022 Steve WoodsMedia, Privacy, Security, Tech
The Irish Council for Civil Liberties (ICCL) is pointing its finger at Google for spying on users, French IT news website Le Monde Informatique reports. A real-time bidding (RTB) system which is actively used by the company enables it to follow and share what everyone is looking at or doing online and note down this activity’s location. RTB is the technology underpinning all online advertising and it relies on sharing of personal information without user consent, according to the ICCL.

Google’s troubles are far from over. Widely singled out for its actions in terms of the use of personal data, the company is now in the spotlight for its tracking and advertising targeting activity. A report (PDF) published by the ICCL on 16 May accuses the search giant of an unprecedented data breach. The report sheds light on the RTB system, which works in the background on websites and in applications. “It tracks what you are looking at, no matter how private or sensitive, and it records where you go. Every day it broadcasts this data about you to a host of companies continuously, enabling them to profile you,” the report states.

The ICCL report claims it presents the scale of this data breach for the first time.

This data breach takes place throughout the world. The RTB system “tracks and shares what users are viewing online with their location in real time 294 bn. times in the USA and 197 bn. times in Europe each day”, it states. On average a person in the USA has their online activity and location tracked 747 times a day by those using RTB. In Europe, RTB exposes personal data 376 times a day. In Germany alone, Google sends 19.6 million broadcasts about German Internet users’ online behaviour every minute that they are online. “Europeans and U.S. Internet users’ private data is sent to firms across the globe, including to Russia and China, without any means of controlling what is then done with the data”. It is a high-earning business generating more than $117 bn. in the USA and Europe in 2021.

Advertising is an indispensable condition of this system as the majority of advertising on websites and in applications is placed there using RTB. Advertisers spend $100 bn. annually in the USA and Europe. The RTB market’s estimated value was $91 bn. in the USA in 2021 and €23 bn. in Europe in 2019. It therefore highlights that Americans’ online activity and their locations is exposed 57% more frequently than that of users in Europe.

Google is one of the five largest users of this real-time bidding system. No fewer than 4,698 US companies are authorised by Google to receive RTB data on people, whilst in Europe the number drops to 1,058 companies. More specifically, the data collected by Google, like what people are looking at online or doing with an application and their ‘hyperlocal‘ geographical location is broadcast 42 bn. times per day in Europe and 31 bn. times daily in the USA.

The ICCL is working to end the RTB data breach in Europe and has litigation ongoing in three European courts, as follows:
- at the Landgericht in Hamburg against the tracking industry standards body IAB TechLab and against Microsoft’s online advertising exchange Xandr (https://www.iccl.ie/rtb-june-2021/);
- at the Irish High Court against the Data Protection Commission, for its failure to investigate the ICCL’s complaint about Google’s RTB data breach (https://www.iccl.ie/news/iccl-sues-dpc-over-failure-to-act-on-massive-google-data-breach/); and
- in the Brussels Market Court, the ICCL is a party against IAB Europe’s appeal of an order by the Belgian Data Protection Authority, and 27 other EU data protection authorities, against IAB Europe’s “TCF” consent spam system. (https://www.iccl.ie/news/gdpr-enforcer-rules-that-iab-europes-consent-popups-are-unlawful/).
Research reveals websites collecting information without consent

13/05/2022 Steve WoodsPrivacy, Security, Tech

Today’s Journal du Geek reports that some unscrupulous websites do not clutter up their webpages with a Submit button when visitors are filling in a form.

If you have already filled in a web form before changing your mind, your data has doubtless been sucked up by an unscrupulous website. In a recent study carried out by researchers from 3 European universities, which will be presented at the Usenix Security conference in August, we learn that some platforms are capable of spying on every character typed on a keyboard.

By analysing 2.8 mn. webpages on the world’s 100,000 most visited websites, the research’s assessment is definitive: in the case of a web form filled completed in Europe, nearly 2,000 of them are capable of collecting the user’s email address before that user has clicked the Send button. One of the joint authors Güne Acar of Radboud University in Nijmegen states: “We were very surprised by the results. We thought we might find a few hundred sites where your email address is collected before you send it, but the result far exceeded our expectations”.

However, the situation in Europe remains better than that in the United States. Whereas the old continent recorded “only” 1844 cases of abusive data sucking, the same request, when sent from the United States triggered 60% more instances, for a total of 2,950 cases, a difference which can be explained in particular by the presence in Europe of the GDPR , which since 2018 has obliged platforms to obtain users’ consent before collecting data..

How do websites record one’s data without consent?

For all practical purposes the majority of sites collecting data before submission forwards email addresses (encrypted or unencrypted) to third party sites are generally specialist advertising campanies, which collected the data to serve up personalised advertising (aka corporate graffiti. Ed.). In some less frequent instances a key logger is used to enable the keystrokes made to be directly recorded.

In Europe, the matter is even more sensitive since a good number of major sites, including Facebook owners Meta and TikTok were amongst the sites tested.
No Microsoft account, no Windows 11

20/02/2022 Steve WoodsPrivacy, Security, Tech

French tech news site Frandroid reports that there has been a very unobtrusive but significant change to the installation procedure for Windows 11, but one with major implications for users’ privacy and security.

Since the launch of Windows 11, users of the home edition have been obliged to have a Microsoft account and an internet connection for the initial configuration of a machine if a fresh installation is involved. The company could soon extend this obligation to the operating system’s Professional edition.

Do I look like a Mac in this?
Image courtesy of Wikimedia Commons.

This week Microsoft has released build 22557 to members of the Windows Insider programme. This is a rather ambitious new version of Windows 11 packed with new “features“, including a change in policy regarding Windows 11 Pro.

As Microsoft wrote on its blog announcing the release:

Similar to Windows 11 Home edition, Windows 11 Pro edition now requires internet connectivity during the initial device setup (OOBE) only. If you choose to setup device for personal use, MSA will be required for setup as well. You can expect Microsoft Account to be required in subsequent WIP flights.

As you have read, Microsoft has stated in black and white that people will need to have an internet connection and a Microsoft account, even from Windows 11 Pro to enable a machine’s personal use (as distinct from business or educational use).

As a matter of fact, Microsoft is stating what the obligation will be included in all future versions of Windows 11 in the Insider programme. It can therefore be assumed that this new constraint only affects the initial configuration of machines with versions of Windows 11 from the Insider programme.

We will have to await the next major update of Windows 11 which incorporates the new features of build 22557 to check if having a Microsoft account has really become mandatory for the operating system’s Pro edition.

The use of an online account has long been required by Apple and Google on iOS and Android respectively, but less so for Windows, since historically there has not been any Microsoft account to connect, much to the chagrin of the software publisher. Users are therefore not accustomed to such a requirement, which Microsoft has been trying to promote since the launch of Windows 8
Indigestible cookies

08/01/2022 Steve WoodsPrivacy, Tech

In France the Commission Nationale de l’Informatique et des Libertés (CNIL) has fined Google €150 million and Facebook €60 mn. for non-compliance with French data protection legislation, which also covers cookies.

As a result of its investigations following the receipt of complaints from members of the public, the CNIL found that the websites facebook.com, google.fr and youtube.com do not make refusing cookies as easy as to accept them and so penalised them financially. The €150 mn. fine for Google is broken down into €90 mn. for Google LLC and €60 mn. for Google Ireland Ltd.

Furthermore, the CNIL also ordered Google and Facebook to provide French-based internet users lwith a means of refusing cookies as simple as the existing means of accepting them, in order to guarantee their freedom of consent, within three months. If they fail to do so, the companies will have to pay a penalty of €100,000 euros per day of delay.

The problem of privacy-conscious people being put to unnecessary effort to reject cookies is widespread. For instance, when visiting a Reach plc newspaper site (Reach owns the Mirror, Express and scores of regional news titles around the country. Ed.), users who wish to reject all cookies have to work through the options; this entails four clicks of the mouse, as opposed to one to accept all cookies. The best sites have a one-click option to accept or reject all cookies.

As someone who has been using the internet since the days of dial-up modems, your ‘umble scribe has long believed rejecting cookies should be the default and those who want to accept them made to go through the same laborious process to which cookie refuseniks are currently subjected.
More comprehensive, transcendental abuse?

30/10/2021 Steve WoodsLanguage, Media, Politics, Privacy, Social Media, Tech

In the small hours of Friday morning, news came in that Facebook Inc. is to change its name to Meta, allegedly better to “encompass” what it does as it expands from social media to other sectors such as virtual reality.

Meta, from the Greek μετα-, meta-, meaning “after” or “beyond“, is a prefix meaning more comprehensive or transcending.

Whether the rebrand will involve the more dubious of Facebook’s more comprehensive or transcending business practices being extended to those new sectors remains to be seen.

Facebook was founded in February 2004 by Harvard student Mark Zuckerberg. Not long afterwards, the controversies and abuse of users started. As The Register recalled in 2010, the then 19 year-old Zuckerberg called his first few thousand users “dumb f*cks” in a private conversation with a friend.

However, even that early sign of contempt did not prevent Zuckerberg’s social media infant growing into an obese behemoth of the social media sector, with a current user (i.e. product. Ed.) base of 2.85 billion people.

Perhaps Zuckerberg is secretly delighted there are so many dumb people in the world. They’ve been paying his bills for more than one and a half decades, after all.

After those early days, Facebook’s user base grew, as did the propensity for abuse, culminating in the Cambridge Analytica data scandal. Cambridge Analytica was established in 2013 as a subsidiary of the private intelligence company and self-described “global election management agency” SCL Group by 3 long-serving SCL executives. The company offices in London, New York City and Washington, DC. Cambridge Analytica was implicated in affecting the results of the 2016 US presidential campaign, where data it hoovered up from Facebook users was used to build psychographic profiles, determining users’ personality traits based on their Facebook activity. These profiles were then used for micro-targeting voters displaying customised advertisements on various online platforms. The key point of this activity was to identify those who might be enticed to vote for Trump or be discouraged to vote for their opponent. In addition, Cambridge Analytica was allegedly hired as a consultant company for Leave.EU and the UK Independence Party during 2016 as an effort to convince people to vote in favour of the UK leaving the European Union in David Cameron’s amateurish EU membership referendum. However, the UK Information Commissioner’s official investigation found that Cambridge Analytica was not involved “beyond some initial enquiries” and the regulator did not identify any “significant breaches” of data protection legislation or privacy or marketing regulations “which met the threshold for formal regulatory action“. Cambridge Analytica cased operations in 2018 following the revelations of its privacy-busting operations, although firms related to both Cambridge Analytica and its parent firm SCL still exist.

Zuckerberg subsequently apologised for Facebook’s involvement with Cambridge Analytica, calling it an “issue“, a “mistake” and a “breach of trust“, as well as pledging not to let such abuse occur again.

Nevertheless, the abuse of users didn’t stop and have continued right up to the present.

The latest revelations come ex-employee Frances Haugen, who was employed by Facebook as a data scientist, leaked documents revealing that the company placed “profits over safety“. Since her revelations, Ms. Haugen has given evidence to a US Senate sub-committee and testified in person to a UK parliamentary committee scrutinising the online safety bill.

Reporting on the name change, The Register noted beneath its headline that Zuckerberg’s social network has “Meta-stasized“. Leaving aside El Reg’s overt reference to the former secret police of the so-called German Democratic Republic, metastasis is defined as a change of position, state, or form. The primary use of metastasis today is in medicine where it defines the development of secondary malignant growths at a distance from a primary site of cancer.

Finally, as a further dampener on the rebrand’s distraction value, a report in today’s Guardian reveals that Meta translates as dead in Hebrew.

Have fun in Zuck’s metaverse, y’all! 😀
Anonymity and hypocrisy

20/10/2021 Steve WoodsPolitics, Privacy, Social Media

Priti Patel, inexplicably promoted beyond her competence (i.e. unfit to clean a public office, let alone fill one. Ed.) by part-time alleged prime minister Alexander Boris de Pfeffel Johnson to Home Secretary, announced her latest authoritarian measure last Sunday; this time mis-targeted at reducing online harassment and abuse on social media.

Reporting on her appearance on Sky’s Trevor Phillips on Sunday, The Independent writes:

Ms Patel indicated she is considering going a step further by requiring sites such as Facebook or Twitter to retain details of the identities of people posting material which could be handed over to police investigating crimes.

Needless to say Patel’s announcement of the proposed slap of firm government has gone down well with the more right-leaning members of the British establishment, one of whom took to the very same social media to become a cheerleader for repression.

Lance who?

At this point someone steps forward with no style at all and inserts his foot firmly between his teeth, namely Mr Lance Philip Forman, educated at Haberdashers’ Aske’s Boys’ School and Trinity College, Cambridge. However, this scion of the British establish is better known as a former Brexit Party MEP, as well as the owner of London-based salmon smokers H. Forman and Son.

Forman is not backwards in coming forward to support Priti Patel’s proposal to ban social media anonymity, tweeting:

Excellent. Anonymity should be removed from social media.
However,and it’s a substantial however too, Mr Forman’s support for the alleged home secretary’s anonymity proposal comes with a large helping, not of smoked salmon but cordon bleu grade hypocrisy.
Use quick internet search on Mr Forman quickly turns up his Wikipedia page, which just happens to mention the following information which does not lend support to his stance:

Lance Philip Anisfeld (born 13 October 1962), known professionally as Lance Philip Forman, is a British politician and businessman,…

Known professionally as… Isn’t that the same as concealing one’s true identity which is not too far removed from hiding behind anonymity? 😉
Reasons to be fearful

16/09/2021 Steve WoodsPolitics, Privacy, Social Media, Tech

As your ‘umble scribe writes this post, part-time alleged prime minister Alexander Boris de Pfeffel Johnson is now on day two of an extensive reshuffle of government ministers.

His first cabinet was chosen more for loyalty to Brexit than for talent and included some who had done a complete 180-degree turn on their pre-referendum stance in order to climb the greasy pole of political ambition.

The latter include the singularly untalented Liz Truss (whose biggest achievement as Trade Secretary was copying and pasting new copies of pre-existing EU trade agreements with third countries so they could continue in effect in a post-Brexit context. Ed.), who can now carry on filling in the ministerial My First Foreign Secretary’s Colouring Atlas where Dominic Raab left off, following the latter’s demotion to Justice Secretary.

The singularly unattractive Priti Patel remains as Home Secretary. The less said about that the better.

However, given the shallowness of the Tory talent pool, the most surprising appointment of the first day of Johnson’s rearranging the deckchairs on the Titanic was his appointment of Nadine Dorries as Secretary of State for Digital, Cultural, Media and Sport. Nadine was put on Earth to demonstrate that potatoes are more intelligent beings than the Rt. Hon. Member for Mid Bedfordshire.

Part of the fragrant Nadine’s brief includes all things digital, including the minor matter of IT security. To gain an insight into the new Secretary of State’s attitude to this subject, I refer readers to 2 Dorries tweets from 2017.

Cavalier doesn’t quite describe such an attitude to basic security and privacy.

Then there’s the whole question of gravitas – a necessary pre-requisite for public office, not that you’d know it with Bozo the Clown’s appointments.

A quick glance across the English Channel and North Sea to 2 European counterparts reveals some startling contrasts. Besides being French Culture Minister, present incumbent Roselyne Bachelot is an opera fan who has written a well-regarded work on Verdi. Monika Grütters, Germany’s Culture Minister was a university lecturer before entering politics and is still an honorary professor at Berlin’s Free University. On the other hand, Dorries’ biggest claim to fame (after her fiddling expenses) is eating ostrich anus on a so-called reality television show.

Delayed neutralising

How do websites record one’s data without consent?

Posts navigation