Privacy ‘breaches’ and issues have become a lot more important recently and we focused on it to some degree with Real ID – and a recent piece of correspondence I received have made for some interesting thoughts on what privacy is – or lack there of. There is an illusion of the level of control you have over your information.
So in part this a throw at you kinda thing with some recent examples of privacy goings on, to get you thinking, and aware if you were not already
The downloadable list of searchable facebook profiles from Skullsecurity.org ( site seems to be down but a web cache of the post works – and Corporations ( or people employed by them ) are now downloading this Torrent
I cannot think of a reason why I personally would want an indexed copy of 1million facebook users, and their user pics, and usernames but what could you do with that data? I can think of people like Law enforcement, marketing people , social media profilers that would be interested. Especially if friends lists are to be indexed and cross checked. That data hasn’t been torrented yet. “So far, I have only indexed the searchable users, not their friends. Getting their friends will be significantly more data to process, and I don’t have those capabilities right now. I’d like to tackle that in the future” Skull says on his blog. I bet there is someone who does have that capability.
The News that your Smartphone Apps are spying on you is nothing new, but getting more public attention with an App Genome Project , Lookout’s early release findings show that a large amount of Applications had the ability to access a users location, and apparently some even have access to your contact list, and others through 3rd party software are collecting information. All the tech blogs are talking about it now. Last year Palm come to media attention for sending GPS locations back to Palm.
Did you also know that the Photo’s you take with your iphone ( and other smart phones) also contains GPS data. Unless you turn location services off, and that when you upload these photos to various places not all of them strip that GPS information. It’s quite creepy selecting ‘places’ and seeing a map of your city, and all the places you and your iphone have gotten around – and then you wonder who else can see. ( if your interested Picasso has the ability to read any GPS data that is on a picture and put it in a map – it also lets you strip a pic of that data and save a clean copy)
Google was cleared of Wi-fi Snooping in the UK with not collecting ” Significant Personal details” but in Australia they were found to have breached the Australian Privacy Act “On the information available I am satisfied that any collection of personal information would have breached the Australian Privacy Act.” It is a little concerning , whether intentional or not – cars roaming streets collecting mass amounts of data – a street worth of data might not be useful, but a country full, two countries full. What could the data from a collection of unsecured wifi points be useful for – or to whom? I’ve read enough spy/mystery book for my imagination to go wild. I think that’s more of a concern than the bits of data supposedly collected from each. The wifi information however is still publicly accessible. I’m sure quite easy to find using a program like I did with Netstumbler back when I got my first Wifi enabled laptop some years back. Cruise down the local main road, and have a look. It used to be able to record of all the networks secure and unsecured it found. Heck any wifi sniffing capable device would do the same on a small scale.
The key to a lot of these ‘privacy breaches’ seem to be informed control – you had the ability to reduce, or avoid your privacy exposure, but may not have been informed enough as to the potential consequences or use to be motivated to activate that control.
- Your name on the facebook list could have been prevented by turning off public search.
- As for location services on your apps – I’m assuming the majority are ones that ask you ” Such and Such would like to use your location. ANSWER NO. The ones that access your contact information are more of a concern though, but I suspect they some may be apps that ask you to communicate to your friends.
- Turn off location services on your smartphone so your photo’s aren’t being tagged with GPS
- Googles Wifi data collection was only done on unsecured Wifi networks. A German court in May ruled that unsecured Wifi owners can be fined which might be a little extreme, but I’m sure it gets people more worried about it more.Put a password on it.
It is one thing however for the information to be available if you really want to know, and another for it to be index-able, search-able and ‘abuser friendly’. Eg now our electoral rolls in OZ are no longer available on CD – though this seemed to be initiated from a fear of Electoral fraud – not privacy concerns, but it has the same effect. You can still go view a physical copy of the roll and data such as Name, address, date of birth and gender in alphabetical order, you just can’t index it and copy it. However they don’t say what format they give the data to political parties for their local constituent mailing lists I can’t imagine it would be in paper form.
Some things aren’t always in our control. Information / data available on public domain isn’t the only thing we need to worry about.
We put our trust in places that hold our personal information, or even our communications like email inquiry’s, catalog lists, organisation memberships – and no guarantee they will follow privacy principles, unless they get caught and fined. Health services seem to get into trouble all the time – releasing customer information accidentally – getting patient records mixed up. Or even breaches as simple as the IPad customer list from AT & T being released, and how can we forget the ESRB breach where a simple ‘reply all’ released publicly the email address to all recipients from everyone else who had contacted them to complain about Blizzards Real ID.
Remember when it was credit card numbers that were the biggest security threat. “Be careful who you give your credit card number.” We now worry when we lose sight of a credit card because the waiter might have a skimming device in their pocket. Our ATMs have skimming devices attached , and Eftpos machines in fast food outlets get modded to collect skimmed data.
Even Night Clubs are scanning and retaining fingerprints of patrons
We have to spend as much time worrying about how safe our information is as we do accessing the services we use. Kind of puts Real ID in perspective. What’s in a name when someone has your fingerprints, your telephone contact list, where you were on Saturday night and where you live . Read How I become a Foursquare Stalker as to how someone tracked a stranger down based on information from looking at people on the app within one mile of him. You can check ‘people near me ‘on twitter and Buzz as with some people tagging their home addresses as their current location. Robmenow collects public data about users geotagging their location – the idea being if the user is at say a coffee shop in the city. They aren’t at home.
The information available is not a danger – until the intent of someone makes it so.
Doesn’t it make you just want to stop and think how much worse will it get? – As we become aware of each incident of what information is available out there and start thinking about the intent of those who are collecting for undisclosed use we become more concerned. Governments are getting worried, ( we can thank Canada for pressure on Facebook for of the privacy changes) Eventually laws will tighten,or Governments will just cut off access to what they can’t control to their liking. Eg look at China and Google. We just can’t switch off the technology age. I like it. I live in it, play in it. However people will continue to make reply all mistakes, mix up files, lose data and your control over your own information gets weaker.
We have a very casual approach to our information we give out voluntarily because we aren’t always aware of the consequences – the trend is changing but we have no idea as to how the data is to be used in the future, or how many people in the privacy chain with access to that information are weak links. No where on a privacy form does someone tell you what they do with your data. “We keep this behind an trillion byte encryption protected by armor plated servers Oh but 20 people including the cleaner can print off copies when they want.” Organizations have to answer to the law- but international boundaries, and inconsistent regulations means that one country will not have the same standards, and enforceability as another.
We are a little wiser now. When Blizzard tried to make the Forum Change to real names a ‘in the future’ thing, we got fair warning, and plenty of time to protest and the potential for misuse by some rather zealous examples splashed across the internet.
We have however, no control over customer purchase lists with our emails being leaked, a laptop with sensitive information left in a cafe, or your inbox being filled with someone else’s personal messages due to a code or software error. Effectively all we can do is scream ‘ breach breach’ after the information has been released. How many incidents do we not know about.
I was at a RSL Club with my family a while ago, and my Id Card was scanned onto their computer on sign in. There was no choice, and it was either eat dinner with my family and get my card scanned, or look like a paranoid prat if I refused. The attendant looked at me strangely when I asked why it was being scanned, and then even more so when I asked how long is the data retained?
Where’s the line between paranoia and sensibility?
I’m going to leave it there, not sure I have come to some deep and meaningful conclusion, but I’m a blogger not a journalist. My intent is to give you with this post food for thought. Just because we should at least think about things like this on occasion, because we as individuals should be responsible enough to control and try and be aware. Even if it means your sister inlaw deletes you off facebook because you disabled access to your wall to stop people from posting things you could not control on there.
Provided by 
Pugnacious Priest's Warcraft Blog 
I had a similar incident at a movie rental store. I asked what information they needed to open an hiring account, and they said they needed:
Drivers License;
12-month-old or newer utility bill showing my full name and address; and
Credit Card or Debit Card.
They said they kept photocopies of the documents on site, and if I didn’t provide them with each item, then I wasn’t going to get an account. Cue the blank looks when I asked them about their privacy policy and retention policy.
Won’t be hiring from (sounds like hock-duster) anytime this side of Year3000.
I recently got a new video store account as well. The amount of ID they asked for was ridiculous. I work at a bank – you can withdraw money from a teller after providing less ID.
There are still video stores around?
things are a little off when banks who need to comply with AML require less information then a video store – but yeah if its worth fighting for, then it might be worth doing what I suggested to Scouris about the blacking out unrequired data, and if worth it take it to the next level and make a complaint
With the video shop you would probably be within your right to black out any non required information Eg the only thing they need on your utility bill is your name and address and the logo showing it’s a utility bill. Ask for a texta and black out ( before they photocopy/scan any unecessary information. I see bank statements in my line of work that customers have blacked out unrequired data – which is fine. It would be interesting to have the shop assistant explain why the collection of your electricity account number and how much your bill is a requirement for their business, ( you can tell alot of from one bank statement)
“my Id Card was scanned onto their computer on sign in. ”
This is for police purposes. It enables the club to be able to identify who was at the premises in the case of a night of violence/crime.
I believe the retention is 7 years as per other types of record keeping requirements. I once knew someone who worked on this here in WA.
7 years is too long with no reported incident. I can’t see the privacy commisioner being ok with that. Thats a detailed database of gambling /eating / company habit – plus after a long arderous read from the Privacy Commissioners site http://www.privacy.gov.au/materials/types/infosheets/view/7074 – also collects indirectly information such as donor status, race, ethnicty – all of which are not required under their licencing laws. They need to Sight the ID for proof of Age. I could complain under the National Privacy principles that their collection of data is uncessary – and they would need to prove their compliance – which includes a required privacy statement outlining their data retention, and training to staff to answer questions..
and should
“tell people when they collect personal information:
why they are collecting information
what it will be used for
who they will pass the information onto
how people can gain access to it
any law that means the information has to be collected
what the consequences are if the information is not given
when they will destroy it
None of that was readily available upon club entry. Thats Oz law – though am sure other countries have similar guidelines
The common thread in all of this is technology. iPhones, unprotected wi-fi routers, etc. The early adopters of technology often pay the heaviest price.
I knew that smartphones had GPS capability, but I’ve never heard of encoding your location to pictures you snap. That just seems like a “feature” that should be turned off by default, and only enabled after you are aware that it’s there.
The same goes for people that buy a laptop computer and have no idea that there are trojans on the internet that will enable the webcam and start snapping pictures of you without your knowledge. I have tape over mine.
With each new technology purchase you have to consider “What is the absolute worst abuse of my privacy that this device could expose me to?” Like you mentioned, there is a fine line between paranoia and sensibility. We’re making these choices without all the facts. By the time we have all the facts it’s usually too late.
http://www.theregister.co.uk/2010/07/29/suspicious_android_app/
I doubt anyone that downloaded this app had any idea what it was capable of. This was an easy article to find. There are 10-20 any given day of the week. You don’t have to go very far to see the consequences of living in the “digital age”.
Disclaimer: I should clarify that I’m not a technology isolationist. In fact, quite the opposite. I’m a tech nerd. I love tech gadgets and own way more than I care to admit.
and that was with no clear malicious behaviour – its only a potential for collection, just need one person with malicious intent to change it
Someone knows.. or maybe we need people to sit down and thinktank worst case senarios for new tech and potential leaks /risks and make them public. So we are either aware of them, or can plug them leaks.
I knew privacy was an illusion 10 years ago when the car dealer pulled out a credit report on me. I spew that fact constantly. That’s why I don’t care and put my name on the blog, and post crazy pics on facebook.
It just doesn’t matter anymore, if I got the time, money, and ambition, I can find out anything about anyone.
Welcome to the Information Age.
In oz we are required by law to get free and reasonable access to any data held on us by credit reporting agencies, and a business can only make a enquiry on this now after we have signed a privacy consent form – dated prior to the enquiry – and not everyone can access it. I hope you guys have similar laws.
Great article! Although I don’t agree with you on all matters, (I’d love it everyone knew and cared about where I am all the time) I do think that “Where’s the line between paranoia and sensibility?” is an excellent question.
Google maps” my friends location 😛 Bad enough your status updates reduce your need to tell your friends what you are doing, ” I went to blah beach on saturday” ” Yeah I know.. saw you on google maps” Id like to sit in the middle of paranoia and sensibility.