Thursday, March 28. 2013
Rapid7 discovered the files by searching for storage 'buckets' - logical pool of storage capacity - whose access setting has been changed to 'public', from the default setting of 'private'. This means that a list of the contents of the bucket can be seen to anyone that knows or guesses the URL.
Goes right back to the absolute basics of Security theory, i.e. nothing f*cks up a secure system quite like the "Man in the Middle" giving it all away, whether by design or accident. If you are going to put data in the cloud, make certain the company security procedures are up to it.
Clouds. Caveat Emptor.
Monday, February 11. 2013
Story in the Grauniad on the Social Media Tracking Big Data system built by Raytheon, ample demonstration of what the art (if that is the word) of the possible (see Guardian video above):
It's called RIOT and is an an "extreme-scale analytics" (Extreme data?) system created by Raytheon, a large US defence contractor, and gathers vast amounts of information about people from Facebook, Twitter, Gowalla and Foursquare, i.e it used different Social Media devices to cross collate individuals with different data, including the latitude and longitude co-ords in smartphones, and mashes it with Google Earth. The Grauniad notes that:
The technology was shared with US government and industry as part of a joint research and development effort, in 2010, to help build a national security system capable of analysing "trillions of entities" from cyberspace.
Quite. And here is the future, imperfectly spread, in these vignettes of RIOT:
The Employee as Corporate property
Digital Stalking Made Easy
The video shows that Nick, who posts his location regularly on Foursquare, visits a gym frequently at 6am early each week. Urch quips: "So if you ever did want to try to get hold of Nick, or maybe get hold of his laptop, you might want to visit the gym at 6am on a Monday."
Mining from public websites for law enforcement is considered legal in most countries. In February last year, for instance, the FBI requested help to develop a social-media mining application for monitoring "bad actors or groups".
Underlying all this is the issue that most people don't have a clue about what is really possible with Big Data. Ginger McCall, an attorney at the Washington-based Electronic Privacy Information Centre:
"Social networking sites are often not transparent about what information is shared and how it is shared," McCall said. "Users may be posting information that they believe will be viewed only by their friends, but instead, it is being viewed by government officials or pulled in by data collection services like the Riot search."
Add to this the developents in automatic face recognition software, and you start to see Big Brother's face emerging from the matrix.
But, we have been consistently over-optimistic when we have predicted people will start to realise what these systems can do, but we seem to way over estimate user concern for privacy. Maybe it's one of these things that has a slow fuse, and then one particular episode ignites it (like Millie Dowler in the phone-hacking cases). In which case, can we predict a riot at that point?
Tuesday, February 5. 2013
Yesterday a UK Was-Once-Important Politico got found guilty for speeding, and transferring the penalty points to his wife (illegal, but lots of couples do it) to avoid a driving ban. Anyway, after he did the original speed deed, there was then a rather textbook affair/acrimonious divorce/etc etc, and the points swopping somehow ( ) got into the public arena, cue faux meedja outrage (as if no-one else does same...), cue the politico still lying about it in public, cue the Wheels of Justice finally grinding out a verdict - and he gets done (backround here - BBC).
So far, so good, I hear you say - justice was done, a speed cheat was punished, what's the issue? (apart from the nagging worry that the only way the British seem to be able to get the Great and Good-gone-Bad into the clink is by going after minor misdemeanors like speeding and expenses rather than oh, lying to parliament, crashing the economy, fiddling the global LIBOR rate etc etc. Mind you, as Sophia Bennet reminded me, it was ever thus - Al Capone would be smiling wryly....).
But the point of this post is that the issue for digital media watchers to note is this one. Some of Huhne's teenage son's anguished private texts to his father were presented as evidence in court, but in such away that the Press were then allowed to publish them. And that the Press did then publish them, all over the front pages, despite there being no public interest at all. There are two major lessons from this, to mark very well:
In the Olde Days of email, it used to be said that you should never write what you didn't want to be read out in a court of law. In Social Media days it needs upgrading to "you should never write what you don't want to be read out in a court of law, picked over by millions on social media, and stored forever on multiple databases". Episodes like this show that there clearly needs to be a far stronger discussion about the rights people need to have over their own data, especially if it is going to be stored and datamined into perpetuity. The new media tools are a wonderful thing, but there needs to be a new social contract, backed up legally, about how they handle private data. If the new technology becomes seen as Just More Big Brother, it won't be trusted, which will - eventually, one byte at a time - massively reduce if not kill its utility
*And I mean sundry - the poor kid is now being lambasted online for some of the words he chose in those private texts, in his anguish. O Tempora, O Mores...
Saturday, December 8. 2012
Very good summary of the fine art of datamining by the WSJ, all you ever need to know is contained in this sentence:
Consider Dataium LLC, the company that can track car shoppers like Mr. Morar. Dataium said that shoppers' Web browsing is still anonymous, even though it can be tied to their names.The reason: Dataium does not give dealers click-by-click details of people's Web surfing history but rather an analysis of their interests.
In other words, they know who you are, its just that Dataium haven't decided to sell that data on - yet. That "yet" is turning to "now" though:
The use of real identities across the Web is going mainstream at a rapid clip. A Wall Street Journal examination of nearly 1,000 top websites found that 75% now include code from social networks, such as Facebook's "Like" or Twitter's "Tweet" buttons. Such code can match people's identities with their Web-browsing activities on an unprecedented scale and can even track a user's arrival on a page if the button is never clicked.
To repeat "One major dating site passed along a person's self-reported sexual orientation and drug-use habits to advertising companies". All it takes is a decision by some company who has a bit of your datato cross the Rubicon of unique identity handoffs, and bingo - you're outed. No one will tell you, so you have no say.
Now this has been happening for a while - heck, we've been railing about it for 5 years - but I don't think most people realise how prevalent it is:
Today, a single Web page can contain computer code from dozens of different ad companies or tracking firms. These separate chunks of code often share information with each other. For example: If, like Mr. Morar the car-shopper, you give your name to a website, it can sometimes be seen by other companies with ads or special coding on the site.
And if you are on a Social Network, its worse:
The rise of social networks is also making it easier to tie people's real identities to their online behavior. The "Like" button, for instance, can send information back to Facebook whenever Facebook users visit pages that have the button, even if they don't click it.
We have been continually amazed at how little people seem to care about privacy, our experience in talking to people over the last few years is they don't seem to be able to conceive that these organisations could do this, sually don't believe they would, and seem to have very little grasp of what the outcome could mean.
Hopefully an article like this, in something like the WSJ, will help increase awareness among the sort of people who could change opinion.
Friday, August 10. 2012
Creating a Trusted Information Currency on the Web (via Joyoftech)
A few days ago I wrote about "Greshams Law of Information" where, given equal transaction values (ie Google links) then bad information drives out good. This is demonstrable on Google these days as it gets (i) gamed and (ii) all sorts of paid for or belief based sites garner far more links than the boring truth with their superior resources (and now, maybe (iii) allowing interested parties to pay for link manipulation).
I defined 2 types of "crap info" on the web:
Now, in economic theory, "Thiers law" enters the cycle later on into any new ecosystem, correcting this imbalance for crap currency as one currency becomes the "go to" trusted currency:
For money, the argument is that, in the absence of legal tender laws, Gresham's Law works in reverse. If given the choice of what money to accept, people will transact with money they believe to be of highest long-term value. If required to accept all money, good and bad, they will tend to keep the money of greater perceived value in their possession, and pass on the bad money to someone else. In short, in the absence of legal tender laws, the seller will not accept anything but money of certain value (good money)
In that previous discussion I could see how Thiers law for Information will work for avoiding Ad-crap (my Case 1 above), mainly via social nmediation (recommendation sites for example) but I didn't work out how the Truth would Out against Belief Based Dis-information (My Case 2). Except for a small bunch of people who would pay a premium for the facts, I could not see a viable dynamic that woulld reverse Gresham's Law as the wall of self-interested money and time promoting crap is far, far greater than that promoting truth.
I did, however, forget about looking more carefuly at Wikipedia as a possible solution, but meeting Jimmy Wales last week got me thinking about it. In essence, the only resource as freely available and as dedicated to Truth that can counter the vested interests of crap-spreaders is a very large voluntary effort of crowd-sourcing, that creates a "trusted currency" of truth - of which at the moment, Wikipedia is the best example (Though I did like the advice to Marrissa Meyer given in joyoftech - see comic strip at top).
Which makes it all the more imporatnt to ensure it stays that way, as the vested interests are way ahead of me and have have already sussed that it is the Trusted Currency of the web, and know their best bet is to subvert it
Wednesday, August 1. 2012
Quora have made an "interesting" decision - Liz Gannes on AllThingsD:
It seems - at first glance - to be an easy way to annoy a lot of people with no real benefit - so why are the doing it?. Quora has some fairly sensitive subject areas, I'm not sure everyone wants to be seen to be cruising those boards. Also, this doesn't tell you who actually read it, ony whose cookie it was. It's not just them by the way, quite a few of the Social Nets we love are al rying to put an end to "online lurking" (which sounds a bit weighted - can we use the word "anonymity" instead?). Apparently Quara don't like pseudonyms either, in common with Facebook.
Quora exec Marc Bodnick said that the Views project is part of a larger effort to help Quora content creators get broader distribution. Views gives the authors better insight into how their contributions are spread.
“People on Quora are writing to be read,” Bodnick said. “What we’re telling you is that Quora is a distribution mechanism that works.”
But you don't need to display who browsed a piece to all and sundry, merely so authors can see who read their stuff. You just make it visible to authors only, so that can't be the reason, surely? I can see why power-writers will like it, but they are a small minority on any social network.You can disable it, but I have in the past been amazed at how much inertia people show to opting out of privacy reducing tools, and how little care some people have for their own privacy. But I still can't see how this is a great leap forward, and the risks to me seem to outweigh the benefits.
One for us "Digital Lurkers" to watch....
Tuesday, July 31. 2012
For some odd reason* Twitter chose to alert NBC about a British journalist who was being rude about NBC's coverage of the Olympics, so that NBC could then complain and Twitter could then ban him. He was banned because he suggested that those who did not like the Olympic coverage should email a specific NBC executive, and then quoted his email on Twitter. Now that's just the sort of pro-activeness you want your social network to take against you when you want to campaign against Big Brands - not. He did seem to be the sacrificial lamb though - you should have seen the Twitterstream, it was far, far more than one person who was being rude! The Atlantic is as good as any summary of the main issues of the story:
Let's stipulate that Twitter banning journalist Guy Adams for posting NBC executive's Gary Zenkel's corporate email address was a very bad idea. They have begun fixing the damage they did by reinstating his account. NBC retracted its complaint, according to Adams.
Exactly - finding someone's corporate email address is hardly rocket science. Anyway, cue hullabaloo (on Twitter and elsewhere), cue Twitter apology:
That said, we want to apologize for the part of this story that we did mess up. The team working closely with NBC around our Olympics partnership did proactively identify a Tweet that was in violation of the Twitter Rules and encouraged them to file a support ticket with our Trust and Safety team to report the violation, as has now been reported publicly. Our Trust and Safety team did not know that part of the story and acted on the report as they would any other.
No doubt the fault can be blamed on The Intern....
But you kinda know where this is all going to go, don't you. This won't be the last time.....the interests of Social Networks looking for Ad funding, and those Social Networks' own users, are not aligned here. There probably needs to be some form of regulated code of conduct, weg email addresses fine, house addresses not fine etc etc.
* Did we mantion that Twitter and NBC are business partners - sorry, how remiss of us
Friday, July 27. 2012
Much to no-one's surprise, Google still has some of the data its streetcars desired so much - TCUK:
Today Google confirmed that it had located additional payload data collected by its Street View cars prior to May 2010 and the ICO [Information Commissioner's Office], which has repeatedly asked Google to delete the extra data, has thrown a few choice words in Google’s direction. While the ICO’s head of enforcement Steve Eckersley wrote in his reply to Google that he was “grateful” for the information about the data, and noted Google’s “commitment to continued cooperation with the ICO on this matter,” it’s not all hearts and roses.
I love that last line....
The answer of course is first to save it to another secret stash, then hit the delete key and smile innocently.....
I think this reluctance to delete data is best explained by a recent McKinsey report on the benefits of holding user data, when they noted wistfully that, sadly for companies:
"Other risks involve breaches of consumer privacy, which could constrain a company’s ability to develop the most revealing consumer insights"
You can stop reading at "The Most Revealing...." as all is revealed
The ICO is going to need something stronger than words to force these companies to give up their big data motherlode, and ever more so in my view - Roosevelt said "walk softly, but carry a big stick". A blunt (financial) instrument and a large digital crowbar are going to be increasingly necessary....
Friday, March 23. 2012
This was a fascinating article that has been on the spike for a few days, Alan Mitchell from Ctrl-Shift arguing that YOU (the digital citizen) are actually a digital vegetable crop:
Consider some differences between a human being and a vegetable. A human being has some sort of ownership and control over their own assets, a vegetable doesn’t. The farmer grows cabbages, wheat or coffee, and appropriates what they produce. The coffee plant doesn’t have any say over what its beans are used for. The only agenda that matters is the farmer’s: how to maximize the yield; what different uses to which the crop can be put; how to make more money out of it.
As he points out, if only the buyer can set the price of your data, its hardly going to favour YOU
The problem with the model – free services in exchange for personal data – is that it makes it impossible for individuals to establish the real market price of their data. Is it worth $1 a year or $10? $100? $1,000? $1 million? With "free" services they’re all equivalent: the individual gets a service but the Big Data farmer gets the cash – without limit. The individual is the crop; the service is the data farmer.
Alan argues that technology is emerging to empower the YOUser, and needs to be used:
This has been the aim of VRM for some time, to give people the tools to participate more or less equally in the market, and, as the whole issue of privacy becomes more understood (and fought for) one can only hope that we do not become cash crops. But it still has to be worked at, powerful interests want to reap what you sow.
So next time you jump onto Facebook and play Farmville, (or whatever app that sucks lots of your data at no cost), you might want to consider who is farming who.
Wednesday, February 29. 2012
1. Go to the google homepage and sign into your account.
By the way, its not just Google.....
This is a public service announcement. You have been publically served. Do it or you will be served on a platter, as you are the Free Lunch. Thank you.
(Update - as Steve G notes in the comments, if you do not have Web history turned on you are OK- but check tomorrow, I am not certain what will be "opt in auto" then.
Also, I see the EFF are advising you to clear your browser history stacks anyway, and to stay off Google or do searches in browser Incognito modes now)
(Page 1 of 14, totaling 137 entries) » next page
More Broad Stuff
Poll of the Week
Will Augmented reality just be a flash in the pan?
Creative Commons Licence
Original content in this work is licensed under a Creative Commons License