Thursday, November 6, 2008

Big Brother may not be watching, but everyone else is.

How paranoid are you?

I used to count on anonymity by obscurity to protect my privacy. I figured I was too boring for anyone to make the effort to track everything I do and profile me. In the less than 10 years since I last said that, it turns out that I am valuable and it is not too difficult to track and correlate every last thing I do.

Know that shopper’s card you use at the grocery or drug store? By watching your purchases, they know how many cats and kids you have, whether you live a healthy lifestyle, and possibly even specific ailments or habits. Meanwhile, your credit card company knows the health of your finances and when you’re away from home as well as how often you eat at McAlister’s and whether your hobbies are gardening or fishing. Your cell phone carrier knows within a few feet where you are as well as having a record of all your calls and copies of your contacts list, txt messages, and photos. Even your belt or shirt (and if Homeland Security gets its wish, your drivers’ license) could be blabbing your position every time you walk in or out of a store through the RFID “inventory control” chip embedded in it.

Modern voluminous databases and large amounts of computing power allow companies to gather all the information they collect and infer the pieces that apply to a single person. They can identify you even if traces don’t share identical identifying information. And then they look for a way to make money off your dossier.

You think it’s great for the grocery to send you a coupon for one oat cereal because you’ve bought another one. The competing manufacturer pays them without knowing who you are. But what if the grocery decided to sell your cigarette purchases to your insurance company?

It should be even scarier online. You’re already plugged into the biggest computer in the world and you are instantly moving from place-to-place. One moment you may be talking to your broker, the next buying a shirt with PayPal, and after that jumping among friends at MySpace.

Who can follow you at the speed of a click? How do they know who you are? Weren’t all those financial transactions protected with https?

Every webmaster knows at least what your personal IP address is, what type of browser you’re using, and where you came from if you clicked a link to get there. If you’ve got cookies on the computer (and you can hardly surf the web without collecting them), they know a lot more about you. By looking your identifiable cookie up in their database, they know everything you’ve told them including possibly your name and address, credit card numbers, and every thing you’ve looked at on their site.

It’s good that the outdoors store reminds you to buy a scarf, saves you having to look up your wife’s shirt size, and doesn’t make you retype your shipping address, right? But what if they give you a list of targets because you just bought a bow and arrow somewhere else? How did they know that?

When a site has an ad on its page, that probably is put there by another company which now has permission to add their own cookie to your gut. Go somewhere else and the same ad server reads its cookie and may have a lot of inferred or specific information from your previous stops. Don’t bother trying to parse their EULA and Privacy Statements – most of them allow free exchange with “affiliated partners.” And they are also permitted to change them on a moment’s non-notice.

A few months ago (http://pc3.org/smfpc3/index.php/topic,121.0.html) I challenged you to search on a random topic, but warned you not to be signed into your Google account while you did it. Remember that IP address I said all websites can connect to you? The search engines know it too and intentionally save all your searches by your IP address. Their stated purpose is to improve their search algorithms, but there’s a lot of information there. And that information could be available to Google’s subsidiary Doubleclick. Doubleclick is a major provider of targeted display advertising on the net and was one of the early users of the idea to track you with their cookies as you surf to various sites. If you have any account with Google, you are known across all their other subsidiaries from Checkout to Finance to Health to YouTube; it’s all in the same database.

Google is just the goliath for this example; I’m sure everyone else tries to leverage the same technology. AOL knew your identity wherever you went long before Google. Yahoo and Microsoft encourage a single login for all their services. As the old sayings go: you live in a fishbowl; be wary, very wary.


References:
http://www.sciam.com/article.cfm?id=privacy-in-an-age
http://www.sciam.com/article.cfm?id=do-social-networks-bring
http://www.google.com/intl/en/options/
http://www.sec.gov/Archives/edgar/data/1288776/000119312507044494/dex2101.htm http://www.doubleclick.com/
http://www.torproject.org/


(c) 2008 Bill Barnes
Disclaimer - Home Page - Blogs Home

No comments: