The Privacy BlogThoughts on privacy, security, and other stuff.

Archive for June 2010

Lawmakers To Introduce New Internet Privacy Bill : NPR

Rick Boucher (D-VA) has released draft legislation to significantly increase required privacy notifications for Internet users.

Many websites are fighting the proposed bill, claiming it would hurt their business. I am unsympathetic to complaint that their business would suffer if people actually knew what they were doing with your information. Given that this would apply to all websites, if a policy is no worse than average it should not drive people to other sites.

I would very much like to see the market start to enable competition on the basis of privacy policies.

We shall see how this actually turns out once it has been through the sausage making process. My experience is that most bills about technology end up doing more damage through unintended consequences than they actually help.

No tags

The European Parliament appears to be trying to create a regulation to require search engine companies to retain total information about their user’s searches for a period of years. If you are in the EU area, I strongly encourage you to reach out to fight this.

Declaration29: “A group of members of European Parliament is collecting signatures for a Written Declaration that reads: ‘The European Parliament [...] Asks the Council and the Commission to implement Directive 2006/24/EC and extend it to search engines in order to tackle online child pornography and sex offending rapidly and effectively’.

The Data Retention Directive 2006/24/EC requires that details on every telephone call, text message, e-mail and Internet connection be recorded for months, for the entire population, in the absence of any suspicion. As to what is wrong with data retention please refer to DRletter. The Written Declaration even wants to extend data retention to search engines, meaning that your search terms could be tracked for months back.

The proposed declaration has been signed by 371 MEPs (list of names here) – and thus reached the 368 members needed to pass it. Many MEPs signed because of the title of the document (‘setting up a European early warning system (EWS) for paedophiles and sex offenders’), not knowing that they are endorsing blanket data retention as well. More than 30 MEPs decided to withdraw their signature, one even on the day of adoption.”

 

No tags

This Article on Wired.com is about an initiative by Juniper Networks in collaboration with Feeva to sell a new tracking technology to ISPs.

The enhanced router would be sold to ISPs and will automatically insert your ZIP+4 into HTML headers. This will allow marketers to have much more accurate information about the user’s physical location.

They claim that the “consumer is not in any way stripped of their privacy” but fail to actually explain how that is the case. The point is for ISPs to get a piece of the advertising pie. The ZIP will be encoded, not sent in the clear, but will be available to some undefined set of “trusted third parties”. That does not give me much comfort.

I have seen many examples of websites which charge different prices based on where you live, or otherwise restrict access to web pages. This kind of targeting does not help me at all. If I want to be located, I have many ways of explicitly telling the site where I am.

This is another example of why you can’t trust your ISP. Their interests are not the same as yours. They have a strong incentive to track and monetize your activity.

Fortunately it is easy to take back control. If your traffic is encrypted within a VPN, then the ISP will be unable to insert this information. It gives you the absolute ability to enforce your own “opt out” even if the ISP does not want to give you the option. Anonymizer Universal(TM) provides an easy tool to accomplish this.

 

No tags

Many sites, including the Los Angeles Times are reporting on a change to Apple’s privacy policy that allows collection and sharing of “anonymous” location information. The only way to prevent this seems to be completely disabling location services on the iPhone.

It appears that Google’s privacy policy allows a similar level of information collection.

Much of the chatter I have seen about this issue talks about targeted advertising and user tracking. While I have no doubt that both companies are very interested in doing that I don’t think this particular disclosure is about that. Message targeting is more likely to happen within applications where the user has granted explicit permission to push location based advertising and alerts.

I think this is all about improving Enhanced GPS services. My guess (and it is just a guess at this point) is that the phones are reporting back GPS location, Cell tower IDs and signal strength, and all visible WiFi base stations and signal strengths. Given enough of these sets of measurements, they can provide extremely accurate location information given only WiFi information (which takes much less power than GPS and also works indoors). It has been well established that multiple companies, including Google, are building such databases from trucks driving around the world (see my last post).

One purely anecdotal data point I have is from my WiFi only iPad. For background, I live on a fairly large lot and the only WiFi I can detect is my own. One of the first things I did with the new iPad was to open up the map application. It almost instantly centered the location reticule on my house. The only available location information was from the WiFi. I know that the Street View truck has never been through my neighborhood, and doubt that any others have been. My suspicion is that phones used within my house have been providing the correlating data between my physical location and my personal WiFi base station hardware ID.

No tags

Older posts >>