ILI Student Blog

Category: Uncategorized

  • New privacy study shows top-ranked sites selling user information

    The WSJ just blogged about a recent internet privacy study implicating several high-traffic sites of selling user information to third party SEO companies.  Sites include OKCupid!, RottenTomatoes, and yes, the Wall Street Journal herself.

    Nothing new here, but note WSJ’s clever loophole: they don’t sell users’ email addresses; instead, they sell email addresses used in failed login attempts, meaning that potential privacy issues are squelched because the addresses they sell are technically not attached to any users.

  • CSCW Workshop: Reconciling Privacy with Social Media

    CSCW Workshop: Reconciling Privacy with Social Media

    February 12, 2012

    Full Details: http://phitlab.host22.com/cscw2012privacyworkshop.html

    Call for Participation

    Much research on privacy in social media has focused on limiting personal information disclosure, increasing control, and perpetuating social withdrawal. Therefore, privacy goals are often characterized as diametrically opposed to goals of sharing and connecting via social media. However, privacy can also be characterized as a broader process where individuals and groups coordinate social interaction with others. In this broader conceptualization, privacy behavior moves beyond binary decisions to withhold or disclose and becomes an interactional process that involves the cooperation of others in the relationship. The goal of this workshop is to explore privacy in broader contexts and to understand its relationship to the benefits of social media and the support of online cooperative relationships.

    The workshop will focus on two main themes: Focusing on the benefits and outcomes of interactional privacy behaviors in social media environments, and emphasizing design and evaluation solutions for bringing such benefits to fruition.

    We invite potential workshop participants to submit 2-4 page position papers that describe research related to the workshop themes. The deadline for submission is November 25.

    Please see the workshop website at http://phitlab.host22.com/cscw2012privacyworkshop.html for more information.

    Workshop Co-Organizers:

    Heather Richter Lipford, University of North Carolina at Charlotte

    Pamela Wisniewski, University of North Carolina at Charlotte

    Cliff Lampe, University of Michigan

    Lorraine Kisselburgh, Purdue University

    Kelly Caine, Indiana University Bloomington

    Program Committee:

    Coye Cheshire, University of California Berkeley

    Catherine Dwyer, Pace University

    Woodrow Hartzog, Samford University

    Adam Joinson, University of Bath

    Jen King, University of California Berkeley

    Airi Lampinen, Helsinki Institute for Information Technology HIIT & University of Helsinki

    Deirdre Mulligan, University of California Berkeley

    Fred Stutzman, Carnegie Mellon University

    Janice Tsai, Microsoft

    Michael Zimmer, University of Wisconsin-Milwaukee

  • Twitter, FTC vs. Frostwire, CA and cell phones

    from Joe Lorenzo Hall

    Twitter starts wrapping all hyperlinks through t.co
    http://venturebeat.com/2011/10/10/twitter-url-wrapping/

    “Twitter has various reason for forcing all hyperlinks through t.co.
    It eliminates the security risk posed by third-party short link
    services (like Tinyurl and bit.ly) that don’t allow the company to
    screen for malicious links. But more importantly, t.co URL wrapping is
    central to Twitter’s new web traffic analytics service unveiled in
    September.”

    —-

    FTC vs. Frostwire (filed: 10/7/2011)

    http://www.ftc.gov/os/caselist/1123041/111011frostwirecmpt.pdf

    Interesting because as opposed to much of FTC action lately in this
    space, the violations not only include deceptive practices but *also*
    unfair practices, indicating that not only was Frostwire not
    forthcoming with how their filesharing application works, but also
    that they caused substantial harm to consumers (by default sharing
    private files — “pictures, videos, unprotected applications,
    documents, music and audio files, and ringtones.” — publicly, and
    making it difficult for users to do otherwise).

    —-

    CA Gov. vetos bill that would require warrant to search cell phones of arrestees
    http://www.wired.com/threatlevel/2011/10/warrantless-phone-searches/

  • Elaborate tracking mechanisms revealed

    This summer Ayenson, Wambach, Soltani, Good and Hoofnagle and  published “Flash cookies and privacy II” on SSRN.

    The paper describes a number of technical mechanisms for persistent tracking of consumers.

    The paper was criticized by KissMetrics as inaccurate, and a response by Ashkan Soltani was posted here:

    http://ashkansoltani.org/docs/respawn_redux.html

  • Message from Verizon

    by Helen Nissenbaum

    Over the weekend, I received this message from Verizon. Naturally, it caused me great consternation though, for the life of me, I could not figure out what it really meant. Is this something worse than everyone else is doing. Note: since I have many ongoing relationships with Verizon, I would have liked to know which one it meant, but could not see this:

    Dear Valued Customer, en español

    Your privacy is an important priority at Verizon. We want to let you know that Verizon will soon participate in a program that will improve the ability of advertisers to reach our Verizon Online customers based on your physical address. The goal is to provide online ads that may be more relevant to you.

    This program uses your address to determine whether you reside in a local area an advertiser is trying to reach. However, Verizon won’t share your address with advertisers as part of this process. Advertisers won’t know it’s you specifically or where you actually live. If you do not want us to allow advertisers to send you ads based on your geographic area you can let us know by selecting here.

    What does this mean for you?

    Certain ads you’ll see while browsing the Internet may be directed to you and other Verizon Online customers in your area, so these ads may be of more interest to you. For example, a pizza chain may want to deliver their ad to give a special offer to people living in a particular area. Using this program, national brands and local businesses can tailor their offers, coupons, and incentives to your local area.

    Protection of Your Personal Information

    Verizon protects your personal information as described in our privacy policy. You can learn about Verizon’s ad practices or let us know that you do not want to participate by selecting here. If you don’t want to participate, you will need your User ID and Password to access the opt-out page. Please note that declining to participate won’t impact the number of ads you see, just their potential relevance to you.

    For answers to your frequently asked questions, select here.

    Sincerely,

    Verizon

  • Comic Relief

    Note the location of MySpace. Amazing how rapidly the value of Internet-based intellectual property can plummet. Note the cyber-police at the bottom right, as well (image from Mashable.)

  • Piracy and Privacy

    ArsTechnica reports that the California legislature is currently considering an anti-piracy bill that threatens to undermine privacy in a big way. Proposed by Senator Padilla, SB 550 would prohibit a person who manufactures optical discs for commercial purposes from making, possessing, or adapting any optical disc mold for the purpose of applying a forged, false, or deceptive identification mark or identifying code (under existing California law, every person who manufactures an optical disc for commercial purposes to permanently mark the manufactured optical disc with an identification mark or a unique identifying code). See Legislative Digest. In an attempt to bolster the ability of law enforcement to catch violators, SB 550 also provides for warrantless searches of commercial disc manufacturing facilities and warrantless seizures of violating discs. Wow.

    According to §7 of the bill, officers “whose primary responsibilities include investigation of high-technology crime or intellectual property piracy” are authorized to perform inspections at commercial optical disc manufacturing facilities to verify compliance with the bill. This search can be executed without prior notice. Officers performing inspections have the authority under the bill to, among other things:

    (1) Take an inventory of all manufacturing equipment, including the identification mark or unique identifying code that any piece of equipment has been modified to apply.

    (2) Review any optical disc, manufacturing equipment, optical disc mold, or production part.

    (3) Seize any optical disc or production part manufactured in violation of the law.

    (4) Obtain and remove four samples each of the optical discs molded by each mold that has been used or could be used to manufacture optical discs.

    Again, wow.

  • NY case underscores Wi-Fi privacy dangers

    Available at:
    http://news.yahoo.com/s/ap/20110424/ap_on_hi_te/us_wi_fi_warning

    In Buffalo, a 25-year-old guy logged in to his neighbor house’s Wi-Fi connection and downloaded child pornography through the wireless signal.

    Firstly, the FBI agents suspected the homeowners. They denied and agents tapped away at the homeowner’s desktop computer, eventually taking it with them, along with his and his wife’s iPads and iPhones.

    Within three days, investigators determined the homeowner had been telling the truth: If someone was downloading child pornography through his wireless signal, it wasn’t him. About a week later, agents arrested the guy and charged him with distribution of child pornography. The case is pending in federal court.

    Experts say the more savvy hackers can go beyond just connecting to the Internet on the host’s dime and monitor Internet activity and steal passwords or other sensitive information.

    This case revealed two major issues. One is how to protect privacy of Wi-Fi users and the other is whether internet users are legally responsible to secure their wireless connections to prevent others from illegally downloading data.

  • iPhone Location Tracing Controversy

    Controversy over revelations regarding iPhone and iPad location tracking has been growing quickly. As the New York Times reports, the German, French, and Italian governments have either started or will soon start investigations into whether the tracking violates those countries’ respective privacy laws. In the United States, Senator Al Franken of Minnesota and Congressman Edward Markey of Massachusetts have sent letters asking for further explanation from Apple.

    A letter from Apple’s general counsel to Congressman Markey last July suggests that the data is in fact being transmitted to Apple for use in its location-based services. However, the letter indicates that location data is anonymized and only collected when users agree to use location-based services. Last Friday, Google confirmed that it collected similar data from Android users for similar location-based service purposes, again anonymized and with user consent.

    Some commentators have questioned the need for retaining the location data on users’ devices, arguing that it leaves them vulnerable to hackers who would be able to learn a user’s day-to-day movements. Others question whether users are fully informed about the extent of location tracking due to the sometimes-vague and difficult-to-understand privacy policies that describe its use.

    The New York Times article also reports that the data has been used for law enforcement purposes, raising interesting questions about the applicability of the Stored Communications Act and the 4th Amendment to such data. Though the article doesn’t specify the legal basis upon which law enforcement gathered this data, it seems possible that the SCA would apply. Would a court hold that compelling Apple to produce such data under the SCA but without a warrant violates the 4th amendment, much like the compelled e-mail production in United States v. Warshak? On a related note, the ACLU recently reported that Michigan State Police officers have been using forensic cellphone analyzers to download the contents of smartphones during routine traffic stops. The ACLU has issued a FOIA request for more information on this practice, but the Michigan Police have requested over $500,000 from the ACLU to cover the costs of retrieving and assembling such documents. Given the recent revelations about location tracking on Apple products it seems plausible that such data collection from Apple users could include the location-tracking file, thus possibly giving the police information about the user’s every move for the past few months.

  • iPhone and iPad Store Location Data of Everywhere You Go

    Researchers Pete Warden and Alasdair Allan have discovered a file on the iPhone and 3G-enabled iPads that contain the “latitude and longitude of the phone’s recorded coordinates along with a timestamp.”  This file is also copied to the owner’s computer when synced.  There appears to be no current use for the data and Apple doesn’t seem to be transferring the data to itself.  See the full article here.

    Warden and Alasdair have created a webpage with more information and a downloadable application to check what data your iPhone or iPad has retained.