Monday, October 5, 2009

On the move to nowhere.

Sunday, October 4, 2009

Just Curious

Google crawls and tracks nearly everything from every user to every click and every social link. They probably know yours friends connectivity three, six, perhaps a dozen times deep. That's the fiends of friends of friends of friends of friends of friends of friends of friends of friends of friends of friends of your friend. Perhaps. They know what you buy online, what you search for, click on, linger on, how you got there and maybe more. Facebook collects some personal information and lots of public information. The sell the use of API's for advertisers can track you with the use of resistant cookies, super cookies, fingerprints (MAC & IP addresses), and who knows what else. They also know the same info about your friends, and the links you may not even know about. The Google API's mashed up with Facebook's, Twitter's, flickr's, etc., etc., etc. can match user names, groups, affiliations, with individual activity. It just takes the time and effort along with sufficient skills and motivation.

Google once proclaimed on their public blog that they were proud to have hired to top-level programmers away from the CIA. Really? There was a rumor that the CIA had an office on the same campus as the Google complex, and even shared a wall. Probably not true, but that was the rumor that I had heard in three different web sites at the time. Hard to believe. Even scary to think it could be true.

Is it possible that could could publicly fight tooth & nail against disclosing any personal data without a wiretap warrant and at the same time, perhaps unwittingly (denial is a powerful adversary), be providing detailed personal data to a government agency? Maybe the CIA is just a platinum class member of advertisers, who may have storefront websites set-up as a rouse. They can buy all the API's they want from the search engines and social websites or create their own API's to collect data with social engineering, advertising and super-persistent cookies. They may be able to garner information on perhaps 90% of all web users, with semi-publicly available computer codes and databases.

Just what is the worst case scenario possible today or next year? Assuming someone pulled all the resources available from the top five of each of the most populace social websites (via advertiser's tools) together, with advertisers access to Google data, and performed a remarkably efficient mash-up of scripted API's and created their own coherent database of records for individuals with links to all of their associations. How much information can they cull for each individual? What could they tell me about me? How scary is that?

Saturday, October 3, 2009

Matt Cutts might not like what I have to say.

I apologize in advance for the disjointedness of the following rant. I attempted to make two comments to Matt Cutts blog about "Studying a Study". The last that I saw was that my comments were waiting for "moderation." I cleaned up the spelling after the fact, but below are the two comments that I ranted about. He may feel they were a bit off topic or too revealing, or what ever. Don't know, yet anyway.

From an article I read in a personal blog of a Google employee, he raises the concern that a survey didn’t fully disclose the principle involvements of the survey presenter.
(From: )

The information regarding the survey:
This morning I saw an article in the New York Times with the headline Two-Thirds of Americans Object to Online Tracking:
ABOUT two-thirds of Americans object to online tracking by advertisers — and that number rises once they learn the different ways marketers are following their online movements, according to a new survey from professors at the University of Pennsylvania and the University of California, Berkeley.
And the objection:
Studying a study
September 30, 2009
in Google/SEO

…”Most people know that the choice of questions in an study can make a huge difference to the outcome. To fully inform the people who read the study, do I wish Chris Jay Hoofnagle had mentioned his connection to EPIC in the paper’s bio section? Yeah, I kinda do.”

My submission of a comment (corrected for spelling now):

I don’t believe a well worded question requires the disclosure of who is asking it. Given that the current state of law is lagging so very far behind the technological advances, and the penchant for the government, businesses, and criminals to manipulate and misuse data, and completely disregard the fundamental constitutional right to privacy, it is abhorrent that Google, advertisers, social websites and others use extremely covert tactics to sell or provide the means to discover every shred of activity a specific user is involved with. IF, and only if, all this techno-voyeurism was benevolent, perhaps it wouldn’t matter so much. But we are on the verge of total information awareness of all activity by everybody except ourselves. And so, when Joe Agent says to Ad Agent, I would like to have all you got on Qpublic, we have them under investigation, the government has access to more information than they can understand, and so minimum wage Charlie says, I think we found a person of interest, lets start an assessment. My RIGHT to privacy has been usurped in the name of profitability. All of this, just because I allowed FarmLand to connect to my FaceBook. I didn’t need or want all those advertisers know that I also have a Flickr account, a boss with a foreign name, an old classmate that has gone ex-patriot, and a relative that likes pot-related music. We are demanding transparency from our governments, our social networks, and the businesses that are exploiting our habits. Answer the question on the face of it. Do you like mustard – yes or no? Who cares if I am the sole French’s mustard heir? The question would stands well on its own. (Sorry for the passionate ramble). I do not like all these API’s being used to uncover my every web encounter. For any reason. Period. It’s the same answer to anyone asking this question.

Did I go way off topic? I don’t think so. Matt’s objection was one regarding full disclosure. Yet he fails to mention that the average Joe, doesn’t know a darn thing about API’s. My understanding, which could be flawed, is that these can be hooks in to gaining access to the collected data of some host. Google collects and saves for posterity a plethora upon a plethora of data, from nearly every web page on every web site it can get its crawlers on. These sites may also collect a plethora of data on those who access their pages. What is this information and what is it used for and who gets to see it, sell it, measure it, and store it? What about laws protecting any of it? It will not be in the year 2525AD that everything you think, say, and do will be in the bills that are sent to you. Loosely speaking of course.

Regarding the full disclosure of whom is asking the question and why, I believe a well worded question doesn't need such transparency. I don't care if CATO, EFF, EPIC, NSA, CIA, FBI, or Google asks if I object to online tracking. As it stands today, in general, yes, I object. The API's that provide this functionality are easily abused. The average Joe User simply doesn't have any clue as to how deeply these API's track data. They can effect data collection off family, friends and others with-out their knowledge that they have been assessed by these creepy crawlers. If Matt wants transparency, why didn't he mention that Google has publicly posted that they had hired top-level programmers who had previously been employed by the CIA? Does Matt know he works with these folks? Does anybody know if any former CIA agent every really quit the CIA? Yes, I agree that transparency and accountability are desirable, but it should be across the board, in every direction. We should all know who is doing what with whom. Total Information Awareness for everyone, about everything. Let's start with all of the various US government entities. Then work our way in to all the search engine companies and tele-communication entities; then let's open up the advertisers and their databases. Once everybody knows everything about everybody else, then we can have our customized content and advertisements too.

I did all of the above in haste, and haste makes waste. But that never stopped me before. Occasionally, I am a bit eccentric, just for the fun of it. I hope Matt Cutts considers posting my comments or sending me a thanks, but no thanks note.

Person of Intrest?

I am not sure. I don't know for a fact. However, it appears that I may have inadvertently become a person of interest in an ongoing investigation regarding WMD. OK, maybe I am being a bit Chicken Little here, but I got visited this morning by some agency, not the local police force mind you, but somebody with big badges. I couldn't see which agency was on the ornate badges, they didn't offer their department name association, like "I'm agent Joe Friday, FBI, I carry a badge." or anything, and I was bit nervous about asking for a business card. I should have followed them to the street when they left, to see if their car gave it away. But I had other things to attend to.

"We're looking for Rojer." he said. "I am." I replied. "Do you drive a white Volkswagon?", "Yes." "Is it here?" "Yes." "Were you at Smart & Final this morning?" "No, I was yesturday." "Did you by Hydrogen Per Oxide, bleach and drain cleaner?" "I did." "Do you still have it?" "I do, it's still in the trunk of my car." "What's this about, drugs or bombs?" I asked. "Bombs, you know the guy who did the Oklahma City bombings used Hydrogen Per Oxide?" he replied. "He had fertalizer" I responded. "What are you using it for?" he asked.

I explained that I have a very long sewer line out to the street and that I have somekind of major clog that I thought was between the sinks and the street and that this was a cheaper way to clear such a long sewer line. They asked to see what I had left. I stepped inside to hit the garage door button, he was looking in to see how much he could gander upon. I opened the garage and let him see the few bottles left. Closed the door and they left. I went back in the house.

I saw on the news about the dude who was arrested for WMD's and thought to myself - they think I'm doing the same type of thing? All I want is a cleared sewer line, all 300 feet or so.

The lessons I could learn from this? Don't shop Smart & Final for bulk drain cleaner, Clorox, and Hydrogen per Oxide in the same trip. Ask for the officers' business cards. Watch the news more.

So, I know that I have an FBI file. I was in the military, worked in communications, was overseas. Now, I am curious what has been amended to that file that got the authorities at my doorstep less than 18 hours after my otherwise innocent purchase? I guess that's the power of the news media. Or perhaps Smart & Final is under somekind of mandate or guidlines to report such purchases. What will be in my file on Monday?

The scarry part is that they may choose to make me a target of one of their "assessments." See: the third paragrah. And who knows what erroneous conclusions they might choose to drum up? After all, I am blogging about it.