Tuesday, 5 July 2016

Your supermarket is spying on you and other shocking news

It’s easy to forget that we already live in a dystopian future. The breadcrumbs of personal data we scatter around us wherever we go are already being collected, aggregated and analysed to an extent where harmful privacy breaches are practically inevitable.

We’re under surveillance everywhere we go, including during our weekly supermarket shop. Surveillance in supermarkets is nothing new. For decades they’ve offered store cards which collect detailed information about your purchasing habits in exchange for (frankly insulting) incentives. The data collected includes when and where you shop, what things you routinely buy, when you tend to buy extravagant things, how likely you are to take advantage of special offers and much more. It is used to come to surprisingly complex (and often accurate) conclusions about you, your family, your lifestyle and your family’s lifestyle. With schemes such as Nectar in the UK, even more data is collected and more valuable conclusions drawn, because data is collected from a wide variety of shops of different kinds, moreso if you also have a Nectar credit card.

Many people feel that this information is a fair price for the incentives offered. Privacy activists like me disagree…. but that isn’t the point isn’t the point I’m making here. The point I’m making is that surveillance via store card is the tip of the iceberg. There are plenty of other very creepy things supermarkets routinely do and more that will surely appear in the near future.

With online shopping, supermarkets are able to track the items you buy, the ones you look at but don’t buy and the ones you buy instead. In physical stores, this has not been possible until recently. Nowadays, supermarkets can and do track your movements around their physical stores. If you (like most people) leave your phone’s wifi turned on when you visit the supermarket, then the store can track your movements, even if you don’t connect to the store wifi. From this, it can build a very intimate picture of your shopping habits. For example, it can determine how long you stare at a shelf of near-identical brands of washing powder before deciding which to buy and can compare that with your past behaviour. How easily are you affected by the specific placement of certain items? Can you be manipulated into buying the one with the highest profit margin? It can note the things people always forget to buy as they walk around the store and have to go back for. Are there trends in this data that can manipulate customers into buying things they don’t really want? Could the supermarket put a shelf with the things everyone forgets right at the far end of the supermarket, but put only the brands with the highest profit margins on that shelf?

With data like this, already being collected by supermarkets, coupled with eventual buying choices and place/time data collected by use of a store card, supermarkets can build a very intimate picture of what their customers buy and how they make buying decisions. This is not data you’d want to fall into the wrong – or even the ‘right’ - hands. And it’s set to get worse. Trials are already being carried out on various means of monitoring shelves so that data can be collected about which items a customer picks up but doesn’t eventually buy and which items they most closely scrutinise (and then whether that’s the one they buy). There are also trials being carried out on automatic expression recognition via CCTV. What are you thinking when you look at a product or display? Pleased? Excited? Disgusted? Bored? Confused? Will supermarkets also start to use automatic facial recognition to track those of us who turn our wifi off and pay in cash? I don’t see why not.

Data like this is used to create profiles of customers, to optimise displays, shelving and pricing and to offer customer incentives such as sales and coupons. It’s up to individual customers to decide whether they think this is creepy and manipulative or genuinely useful, but it’s not up to customers whether they are tracked in the first place.

The data is very valuable, of course, and will not be used only to decide where to put the baked beans. It (or subsets of it) will be sold to other companies, which will aggregate it with the things they know about us. And it will be stolen by people who want to use it to also steal our identities. It will be used to draw possibly false conclusions about us, which might haunt us in the future. If you don’t look sufficiently concerned when putting high value items into your trolley, will you be considered poor credit risk by a completely different company in the future? Will health insurance companies count how many doughnuts you bought and look at your waist size as calculated from CCTV footage over time to decide whether to pay for your heart attack? I’m being flippant, but I don’t think these are particularly unrealistic scenarios.

Store cards are all very well. I don’t have one but I don’t look down on anyone who does. For them, the trade-off between privacy and money-off coupons is worth it. I’d argue with them that the trade-off only seems worth it because they probably don’t understand how their data is being used and misused, but that’s OK too; taking the time and effort to understand these things is a cost many people don’t think is worth paying. It’s up to them. They’re helping – like parents refusing to vaccinate their children – to create an environment that’s more dangerous for everyone else, but I think we have a little way to go yet before most people really start to see the downside of this abandonment of privacy. I’m not saying I won’t gloat when they do, but I understand why it’s difficult to take privacy seriously when it comes at the expense of convenience.

But while store cards are opt-in, the other surveillance methods employed by supermarkets are not. If I have to turn off my phone wifi, pay with cash in unordered notes and wear a disguise to the supermarket, then I can’t honestly say I’ve been given a realistic opportunity to opt out.

But I can’t end on a negative note. I think there are some excellent uses for store cards and supermarket tracking. Here’s my suggestion:

Your store card is issued 100 points when you enter the supermarket, to be redeemed upon checkout. This number ticks down the longer you are in the store and ticks down even faster whenever you stand still. That way, perhaps everyone in the supermarket will finally get out of my fucking way.

Friday, 20 May 2016

Free Chelsea Manning

This is not an offer to get a free Chelsea Manning, it's a post about why she shouldn't be in prison: https://boingboing.net/2016/05/19/eff-files-chelsea-manning-appe.html
The issue with Manning being found guilty of a criminal offense for violating her employer's terms of use is one of precedent: if Manning is sent to jail for violating the fine print in her employment agreement, then so can anyone else who breaks their own employer's terms and conditions. That means that most of us could be sent to jail for things we do every day.
This isn't hyperbole.

13858609833_3ab5048441_bI once signed an employment contract that prohibited 'horseplay'.  And a flat rental agreement that was altered to allow a pet which read "providing that the pet in question is not a horse kept in the bath".

The latter was a joke by the estate agent, but the horseplay clause (not sure what's going on with all these horses) was completely serious.  It was a clause designed to be deliberately vague so they could sack people with impunity for arbitrary reasons.

Of course, this was a company which had a light sensor to turn off the security lights, positioned directly in the glare of a security light.

We also built a test rig which was so poorly earthed that it was vitally important that you went to the toilet before touching it.

More spying on kids

There are some very worrying online resources about how to spy on your kids.  Many of them assume that spying on your kids is the right thing to do.

Some, like this one, purport to ask whether it's OK to spy on your kids but also include statements about the alleged tactics kids use when they find out you're spying on them.  Almost as if they answer to the question is self-evidently "yes".

That particular link contains the following on when you shouldn't spy on your kids:
Image result for spying on your kidsIf you have a teenager who meets her responsibilities, comes home on curfew, is where she says she’ll be when she said she’d be there, is hanging out with the people with whom she said she would be hanging out, and you have no reason to be suspicious about anything, I suggest you stay out of her room. And I think you should tell her that, too. You can say something like, “I’m not going to interfere with your privacy, because you’re doing so well. I have no reason not to trust you.” That way, she knows she’s being rewarded for her behavior—your lack of interference in her personal space is a direct result of her actions.
Yeah, that's.... creepy.  And nonsensical. Threatening to invade your kids' privacy if they don't behave exactly according to your standards isn't going to develop trust and likely is going to foster risky behaviour.
So when you spy on your otherwise responsible child, the message you’re sending is, “I don’t trust you, even when you haven’t done anything wrong.”
Way to miss the point.  Kids are going to make mistakes.  The way to deal with that is to talk about it and then let it go, not to invade their privacy in a doomed attempt to prevent them making further mistakes.  Mistakes are how we learn.
To be honest, I don’t like talking about rights; the word is just too overused in our culture. But here’s the deal: I believe that whoever’s name is on the mortgage has a right to look anywhere in their house. In my opinion, that’s your right because you own the house. 
Yeah, the thing here is that kids are people and you don't own them.  It's not like they even have much of a choice about where to live.  After all the rhapsodising about how it's a parent's responsibility to keep their children safe, we get this:
Many parents will ask, “Why should I tell him I’m going to [search his room]? He’ll only hide it outside of the house.” But that’s not your problem as a parent.
Yeah, as long as presumably dangerous activity isn't happening under your own, mortgaged, roof, there's nothing to worry about.

Here is a (hilariously inept) instruction manual for how to spy on your kids. That's it's actual title - "how to spy on your kids online". This isn't beating about the bush.  But to be fair, there's some good advice in that article, hidden amongst the bullshit.

This is sort of sweet:
And be warned: Kids can learn how to delete the history to cover their tracks, so ask questions if you discover that the history was cleared by someone other than you.
Yeah, if your kids aren't smarter than that, you probably have more problems than you think.  Especially if you're not smarter than that either.
With most issues of safety -- climbing a tree, riding a bike, crossing the street -- we progressively give kids more freedom. But in the digital world, new and different risks come up as they grow. Your instinct might be to back off as they approach the tween years, but that's when to get even more involved.
This is not a clear thinker.  There is a considerable difference in risk between a four-year-old climbing a tree and a 14-year-old climbing a tree. They're climbing different trees.  There are 'nImage result for spying on your kidsew and different risks [in tree climbing] as they grow'.  The last sentence is worrying on every level.

The article ends with a very telling 'decoding' of some common abbreviations.  The author seems at least as concerned with figurative use of the word "fuck" as about actual safety.  As I said, telling.

 Abbreviations and code words speed up instant messaging and texting, but they also mask what people are saying! Brace yourself. Here are some commonly used terms:
ADIH: Another day in hell
A/S/L: Age, sex, location
BTDT: Been there done that
CULTR: See you later
GTFO: Get the f-ck out (expression of surprise)
H8: Hate
ILY or 143 or <3: br="" i="" love="" you="">JK or J/K: Just kidding
KWIM: Know what I mean?
LLS: Laughing like sh-t
LMIRL: Let's meet in real life
LYLAS (B): Love you like a sister (brother)
NIFOC: Naked in front of computer
PAW or PIR or P911: Parents are watching or Parent in room (drop the subject)
POS: Parent over shoulder (can also mean "piece of sh-t," used as insult)
Pr0n: Intentional misspelling of "porn"
STFU: Shut the f-ck up (expression of surprise rather than reprimand)
TMI: Too much information
TTFN: Ta ta, for now (goodbye)
WTF: What the f-ck?

Kids are complicated

Kids are complicated. They need privacy.
In this article, Livingstone walks us through the daily routine of her research subjects -- the way networks ebb and flow through their face to face interactions, family time, homework and leisure. Her account sharply highlights danah boyd's finding from her indispensable book It's Complicated, that teens prize face-to-face time above computer and phone time, but it has to be time with their peers and away from adult supervision -- a rare commodity in the era of bubblewrap child-rearing.
I've come across a few real life reasons why kids need privacy.  In one case, a girl was being abused by her parents and confided in a friend. They spoke about it on their phones.  The parents of the friend snooped her phone, found messages about the abuse and confronted the abusers. This made things much worse for the girl and put her in even more danger.

Image result for spying on your kidsI'm not suggesting that the abuse should have been kept secret.  Clearly the abusers needed to be stopped.  I'm saying that snooping your own kid's phone can have dire consequences for other people.  Because kids are complicated.  In this case, the assumption of privacy was vital; the girl likely wouldn't have confided in anyone if she thought it would be intercepted.  If your kids know you're snooping their phones, they won't use them to communicate about sensitive things.  If they know you're tracking their phones they won't take them when they go somewhere without their approval.

Spying on your kids is likely only to put them at greater risk.  Fostering a trusting environment is a lot more difficult but obviously superior.  Respect your kids, Accept their need for privacy.

Monday, 16 May 2016

Restricted mobility

Another example of restrictions in digital mobility is China's great firewall.  Chinese citizens face severe restrictions to their online activities. However, it isn't only traditionally oppressive governments and regimes that restrict people's digital mobility.  The current UK government is trying it's best to remove our digital autonomy too.

Image result for mobilityMobility is crucial to privacy and is generally considered a basic human right.  If you're not free to go (more or less) where you want, it becomes much more difficult to have secrets.  This is especially worying when governments place restrictions on their citizens' mobility because it becomes more difficult to express and share negative views about that government and to effect change.

It's not only governments that can restrict people's mobility.  Other groups can do so too (more on that in a moment) but mobility can also be restricted by circumstance.  Illness, lack of money and responsibility can restrict mobility, so it's important to support people with such restrictions.  The most important tool we have for this is the internet and digital mobility should also be considered a basic human right.

Needless to say, therefore, governments and oppressive organisations are keen to restrict their citizen's digital mobility as well.  Here's a particularly illustrative example:
When people sign up to fight for ISIS, their passports and mobile phones are immediately taken away.  There are many who immediately regret their decision to join ISIS, so both their physical and digital mobility are severely restricted throughout the term of their military and religious training. 
Once training is complete, their phones are returned.  Make no mistake, though, this isn't a return of digital mobility; by then the soldiers know better than to use their phones to contact the outside world.

First, there's the porn filter.  Everyone in the UK who gets a new internet connection must inform their ISP if they wish to opt out of using a filter that supposedly screens out pornography.  Aside from the fact that porn filters don't work, having to opt out of the filter is an oppressive mood, albeit a fairly mild one.  I'd personally rather avoid telling the government that I want to opt in to porn, not because I'm embarrassed but because it's information that the authorities might use against me in the future.

Then there's the government's determination to ban encryption without a backdoor.  The possibility that governments (or criminals) can snoop our private conversations at will is a more severe limitation on digital mobility.

This is why it's so important to oppose these measures.  They compromise our digital mobility and, as usual, the most vulnerable members of society suffer the most.

Evil Wednesday relaunch coming soon!

In the next week or so, I'll be relaunching this blog on a different domain and with more content including much more frequent posting, a wider variety of content, guest posts and a discussion forum.

I'm just putting the finishing touches to the new site then need testing. Things should be up and running by next (evil) Wednesday (25th May).

Friday, 22 April 2016

Is Amazon marketing to bike thieves?

Image result for bike thief
I'm interested in cycling and I'm interested in lock picking.  I've searched for paraphernalia related to both on Amazon and consequently my recommendations include items related to each.

Recommendations are sometimes categorised in a weird way.  Practice locks (locks mounted in clear plastic for learning lock picking) are listed under the cycling category, when they'd seem to have nothing to do with cycling.

At first I assumed that this was due to a generalised algorithm not taking into account subtleties of classification, meaning that their ontology sucks.

But then I started to wonder if Amazon had actually got it right.  I'm not a bike thief but an interest in bikes and lock picking might suggest that I am.  So perhaps Amazon is marketing to the niche Gentleman Bike thief crowd.

I'm not sure which I prefer.