The Problem Is Greater Than Facebook

Following up on the previous post, a few more random thoughts related to the current Facebook data security mess.

First, the problem with the collection and use of personal data extends far beyond Facebook. Google, Twitter, Instagram, WhatsApp1, SnapChat, and many other social media companies all offer services you don’t pay for.

All make money through selling you, their “members”, to advertisers. All have long, legally detailed terms of service, which you agreed to (even if you didn’t read it), that allow them to use your contributions and data in pretty much any way they want. Which brings up copyright issues that are a whole ‘nother rant.

But it’s not just social media collecting your data. Plenty of companies that charge for products and services – Apple, Samsung, Amazon, your phone and cable companies, your supermarket, gas station, and big box stores (remember your loyalty card?) – collect valuable data on your buying habits. And pretty much anything else they can find. Information they can use to make even more profits.

It will be interesting to see whether Europe’s new data security laws, which take affect in May, will impact the behavior of Facebook and the others. One major goal of the legislation is to give users more control over their data, including the ability to have some of it deleted. Facebook and other data-driven companies, on the other hand, are dependent on users willingly giving over their information and not caring what happens next. 

Over here in the US, despite calls for investigation and pending lawsuits, our current laws probably don’t cover this situation. It’s also very unclear what new regulations on Facebook and other social media companies would look like, considering the long tradition of free speech rights in this country. Plus, if actual data breaches of the past are any indication, there isn’t a lot of political will to do anything related to consumer protection.

I’ve seen many calls on Twitter and elsewhere to delete your Facebook accounts. That’ll show them. Except it probably won’t since the people who actually follow through is a very, very small fraction of their overall membership. Plus, Facebook will still have your data and has the infrastructure in place to continue following you around the web.

On top of everything else, Facebook makes it very difficult to actually delete an account. Bill Fitzgerald, my go-to guy for understanding data security and privacy issues, has some recommendations for people who want to try. If you’d rather continue using Facebook, check out Wired’s guide to the complicated world of their privacy and security settings.

Finally, when Mark Zuckerberg’s name comes up in the news, does anyone else picture Jesse Eisenberg in The Social Network? Considering Zuck’s shall we say “relaxed” attitude towards the privacy of his customers, I’m beginning to think the portrayal of him in that film wasn’t all that far from real life. Maybe he needs to hire Eisenberg to front him and get Aaron Sorkin to write the script. Certainly would be more entertaining.


Cartoon is by the wonderful Randall Munroe, posted at his site xkcd and used under a Creative Commons license. Check out his book What If? in which he answers absurd hypothetical questions with real science.

1. Instagram and WhatsApp are both owned by Facebook.

The Store is Tracking You

Screen Shot 2018 01 23 at 8 30 25 PM

Irony is not dead.

This week Amazon, the 800-pound gorilla of online merchants, opened an actual physical store. From the pictures, it looks like what Whole Foods (which Amazon bought last year) might have come up with if they were designing a Wawa.

However, the unique part of Amazon Go is that there are no checkout lines, cash registers, or cashiers, and the tech press went wild.

On arrival, you launch the Go app, which comes out today for iPhones and Android phones and connects to your Amazon account. It displays a 2D code that you scan at one of several glass security gates. The code identifies you to the store and opens the gate. (You can also check in other people—a spouse, a kid, a friend—whose purchases will be added to your tab.) Once you’re in, AI algorithms start to track you and everything you pick up and keep. You can bag your items as you go if you so choose, and need interact with an employee only if you’re buying alcohol, in which case an associate standing in the liquor area will check your ID.

The article talks about the store using a lot of AI, although I’m not sure this system is all that smart (yet). Really it’s only a couple of steps beyond how I already shop.

At the supermarket I go to most often, I pick up a hand-held device after scanning a loyalty card. As I select the items I want, I scan the bar code and stick it in my bag. At check out, I scan a code on the device, wave my Apple Pay at the register, and leave. Amazon engineers take that semi-manual process and incorporate the scanner into the building itself.

This is only one store, in downtown Seattle, and it’s not clear where Amazon plans to take this concept. But it’s not hard to predict where this general technology is going.

Between the general lust for data by corporations and governments, and the paranoia-fueled push for more “security”, this kind of tracking system will become more powerful. And likely be spread far and wide.

Watch for AI-powered cameras and sensors at your local mall, airport, convention center, wherever lots of people come and go. At your school?

Ok, that’s enough ranting on this topic for now. I have to go work on my sensor-blocking tin foil hat. :)


Tweet by @typesfast, posted January 22.

 

Sunday Short Takes

A few interesting reads and listens from last week.

The New York Times Magazine’s education edition included a long, very interesting look at education in Michigan where they gambled on charter schools and “Its Children Lost”. It’s a story of lax regulation and oversight, coupled with a concerted effort to privatize public schools, led by the current federal Secretary of Education.

Two podcast episodes that explain in clear language why a do-nothing Congress can actually harm people. Planet Money has three examples our legislators risking the American economy by failing to pass a budget and risking the good credit of the country by playing chicken with the debt ceiling. The third segment addresses immigration and DACA, as does a short edition of DecodeDC, in which they fact check Jeff Sessions. Spoiler: he’s mostly wrong.

In-between watching continuous coverage of Hurricane Irma, read about the men and women who fly aircraft into the middle of those storms to gather crucial information for scientists and forecasters. We often take all this for granted but collecting that data is tricky, dangerous, and very necessary work.

Related to that, the BBC programme (British spelling :-) More or Less explains why the phrase “one in 500 year storm”, used so frequently during the coverage of Hurricane Harvey, has very little meaning. By the way, More or Less does a very good job of explaining those kind of statistical measures used by the media, in a short and very interesting weekly podcast.

With all the stories about data security this week, Motherboard explains why you should never post pictures of your airline tickets or even house keys on social media. Their warning should also extend to any documents that include numbers or barcodes that contain identifying information. If you teach, you may want to explain this to your students as well.

Finally, National Geographic offered a couple of interesting pieces this week, complete with great images, of course. One is a photographic essay of abandoned, decayed resorts in Pennsylvania and New York, side-by-side with post cards of the same scenes. Very creepy. The other profiles a small city in China (where a population of 1.2 million is “small”) that produces “60 percent of the worlds cheap consumable goods”.

I’m Back

This post is going to be long, rambling, and geeky. You may want to skip it.

Many bloggers take occasional breaks from writing. Sometime life just gets in the way. Other times you run out of things to say. The recent almost month long hiatus around here is strictly technical: my site was compromised.

This was the third time this year that someone has injected malicious code into my WordPress files and taking the site off line. In addition, there were other instances that caused problems but not to that extent.

Now, I’ve been online long enough1 to know that some of this is my fault. Website security takes time to do right and I don’t have the time, background, or interest to learn enough about the field. Plus, like 95% of the world, I probably don’t pick very good passwords.

That’s why, if you’re going to own your own presence on the web, you need a good hosting service. They should have the tools and people who can monitor for intrusions like the ones that hit my site. Maybe even block them. At the very least, the company should have support resources in place to help resolve the issues and get a compromised site back up quickly.

With my now former hosting company2 I certainly wasn’t paying enough to get top level, direct communication, personal service. And I never expected it.

However, what no one, even on the cheapest tier (which I wasn’t), should get from support is a dismissive attitude, reflecting all blame back on the client, and working from a one-size-fits-all script. A script that includes pushing “solutions” with a monthly cost that’s more than the product itself. Actually all of this should be true of any company, regardless of what they’re selling.

So this last mess was the final straw, sending me looking for a new web host, which is my fourth or fifth hosting company counting the early free services. There are many, many options out there, with prices and features all over the map. But the choice was actually pretty easy and I’ve now moved everything to Reclaim Hosting for several good reasons.

Reclaim is a relatively small (and somewhat local) company that specializes in working with educators and students. And they emphasize service over pricing, very different from most of the large hosts I’ve looked at that that push low, low prices and rely on volume and upselling. Plus one of the co-founders is a friend, so you can’t beat that.

By the way, you might have noticed that nowhere in this piece do I call what happened to my site “hacking”. My introduction to that concept came from the 1984 book Hackers by Steven Levy. The subtitle was “Heroes of the Computer Revolution” and it’s one of the few paper books still on my shelf. This kind of crap does not rise to the level of “hacking” as I see it, something I’ll expand on in another post.

Anyway, the whole transfer process was very easy (Reclaim also offers a free migration service), much smoother and faster than the last time I did this, nine or ten years ago. And after a few additional bumps, everything seems to be working well around there. Time to spend more time writing and less on the techie end of blogging.

Not What You Would Call “Hacking”

How would you define “hacking”? Probably not like this:

A 14-year-old eighth grader in Florida, Domanik Green, has been charged with a felony for “hacking” his teacher’s computer. The “hacking” in this instance was using a widely known password to change the desktop background of his teacher’s computer with an image of two men kissing. The outrage of being charged with a felony for what essentially amounts to a misguided prank should be familiar to those who follow how computer crimes are handled by our justice system.

The modern use of the term “hacker” originated in the 1960’s and started life as a compliment, used described someone who worked on a tech problem in a “different, presumably more creative way than what’s outlined in an instruction manual.”

But even if you accept the current malicious application, this teenager is no hacker.

Instead blame the boy only for taking advantage of the irresponsible and careless adults working at his school. And a legal system more interested in making a high profile example of a kid’s “misguided prank” than fixing the stupidity of his teachers.