Don Marti

Surveillance Marketing pays

Katrina Lerman of Communispace explains how surveillance marketing pays. First of all, people don't like being tracked in general.

We found that consumers overwhelmingly prefer anonymity online: 86 percent of consumers would click a “do not track” button if it were available and 30 percent of consumers would actually pay a 5 percent surcharge if they could be guaranteed that none of their information would be captured.

What would get them over their resistance? Discounts, of course.

On the flip side, consumers may be willing to share their data if there’s a clear value exchange: 70 percent said they would voluntarily share personal data with a company in exchange for a 5 percent discount.

Got it? This is some heavy Chief-Marketing-Officer-level stuff here, so pay attention. Yes, you'll be spending a lot of money on Big Data and all the highly paid surveillance marketing consultants and IT experts who go with it. (Big Data experts are a rare breed, and feed primarily on between-sessions croissants at Big Data conferences.)

But look what you get for that increase in the marketing budget. You get to cut your price to get people to sign up for it.

Somewhere this all makes sense. Maybe Bob Hoffman can explain it.

Posted Sun 13 Apr 2014 07:52:44 AM PDT
#

Movie plot

(Entry for Bruce Schneier's Seventh Movie-Plot Threat Contest)

Ann has completed Agency training for a job as a non-official cover agent at an international oil firm. But now she's assigned to the release engineering team at Aloodo, a large Internet company where the source is open, the culture is wild and free, and release engineering, without management's knowledge, installs back doors for the Agency. A change in the company's elaborate list of security checks means the Agency needs one more inside person, fast, and Ann is the only NOC-qualified agent available.

Hijinks ensue as Ann must make it through the technical interview with a flaky radio connection to an Aloodo-employed NOC agent for support. When it fails, she aces the interview by dropping some petroleum science.

Ann struggles to keep up with both her release engineering work and her Agency responsibilities. But when an series of intricate heists has police baffled, she realizes that the gang is using information that could only come from within Aloodo. Do the back doors have back doors? Who are her new co-workers really working for? Is there anyone she can trust?

Posted Sat 05 Apr 2014 06:54:10 AM PDT
#

The underground collaboration system we (mostly) already have?

Underground publishing is nice, but what if you want to run something like an underground newspaper with an editing process? Or an underground wiki? Or an underground software or design project?

It seems to me that the tools to do it are already coming into being, and most of them have corporate uses, which means that most of the work to implement this is being done on the clock.

You can start your underground collaboration system with Git, but in order to actually organize on work you need an issue tracker, something like Bugs Everywhere. Fortunately you can use git as the backend for miscellaneous collaboration applications using databranches, so you can have just Git as the only data store. No separate database needed for the meta-info such as status, owner, deadline, comments.

The system doesn't need all of the stuff in How Git Could Grow into an Enterprise SCM System, but it would be nice to have multi-blob files, bup style, and essential to have some kind of network object store. Tahoe-LAFS? Or just run a bunch of parts of enterprise-ish software stacks that will work as DHT nodes, as Tor hidden services? Swift? You could have a variety of network object stores feeding the same projects, since they're all the same to Git.

(A first step in adding network object stores to Git would just be a tool that walks through a repository and inserts Git objects into the DHT, or gets objects from the DHT to fill in the gaps. Eventually the corporate SCM market is going to need Git repositories larger than the smallest hard drives they're willing to buy for their code monkeys, so this is likely to improve.)

Put any references you want to share long-term into Namecoin and there's your publishing. To read the publication, a user would get the reference from Namecoin and populate a local Git repository with the required objects. (Naturally most people would use an RSS-reader-like client to do this.)

For live collaboration action, a group could stand up a Git repository as a Tor hidden service (using Gitbucket would make this not such a tweaky sysadmin task) or use something like piehole, with the etcd instances as hidden services and relying on the DHT to share objects. Then periodically "archive" refs to Namecoin.

The final result is subversive as hell but all the parts are either already done or mainly useful for Enterprise IT.

Posted Sat 29 Mar 2014 07:39:33 AM PDT
#

Five more questions on ad fraud

Just saw The Five Questions That Will Eliminate Ad Fraud. I'm not sure if those will do it. How about five more?

Since adtech is based on the idea of cheating writers using computers, is anyone surprised that someone came up with the idea of cheating adtech using computers?

Can you seriously expect any site that lives by ripping off other people's content to be completely honest with its ad networks?

Since adtech intermediaries make money from fraud just as they do on other ads, can you expect them to take fraud seriously, or just give conference talks about it?

Because IAB is run by and for the Big Data intermediaries who make money from fraud, do legit advertisers and content sites need an independent organization?

How can improving privacy protections for users make online ads more valuable?

More: Adtech, privacy, fraud control: pick two?

Posted Fri 21 Feb 2014 08:48:50 AM PST
#

Fun with Facebook ads?

I use dlvr.it to share blog posts and links with Facebook, through the magic of RSS. Every once in a while I go to the Facebook site to read comments on something that dlvr.it gatewayed there for me, but Facebook is not one of the places I check habitually (see How can I break the Facebook habit).

Most of the ads that I was getting to start with were for free-to-play NSFW games, so I changed my profile to "female". Jackpot! All of a sudden I started getting much more professional ads, including IT products and services for big companies, and training classes for online marketing skills (yes, including a Facebook ad for a class on how to advertise on Facebook). What I guess happened is that the more business-focused advertisers put in gender-neutral bids, and while I was "male" on the site, they got outbid by the game companies specifically targeting male users.

(Dudes, I highly recommend going "female" on Facebook if you haven't already, especially if you might be embarrased about people seeing too much décolletage in the ads when they walk by. So there's your personal infotainment tip for today.)

But what did I do? I had fixed a problem, so I broke it some more. I went ahead and stayed female, but increased my age to 88. Big mistake.

Now, I look at the ads, and I'm getting the bottom-feeders of the bottom-feeders. The above ad goes to a page that has nothing to do with a celebrity scandal. It's some kind of laser surgery racket. Oh well, the "dynamic corporate IT professional" ads that I had been getting as a younger woman were good while they lasted. I don't know if I'm now getting the low bidders who didn't want to pay more to reach younger users, or if some of these advertisers are targeting me.

Bob Hoffman points out that marketing ignores people over 50 but that's just legit marketing, from the kind of places that hire people like Bob Hoffman. All those ad spots that the big brands don't buy are still getting snapped up, and the result is pretty icky.

Posted Thu 13 Feb 2014 07:33:45 AM PST
#

Tylenol

The last time one of my kids was sick, I gave her some Children's Tylenol.

Yes, Tylenol is still a thing. Even after the infamous Tylenol poisonings.

Why?

Johnson and Johnson, the brand's owner, recalled all the existing Tylenol, started a campaign to tell people not to take it, and, most important, fixed some key security problems.

Bottle seals are expensive.

Redesigning an openable capsule into a solid, coated caplet is even more expensive.

But the company did it. Today, the Tylenol story is the classic business-school example of how to save a product that has a severe security flaw. And I'm giving the stuff to my kids.

Today is supposed to be "#StopTheNSA" day. I'm just glad that the people who came up with that weren't in charge during the Tylenol crisis. Tylenol would have sponsored a big, attention-getting "#StopTheFBI" day, while customers quietly swore off the stuff.

Bonus link: Will the cloud divide America and Europe? by Rajesh Ram

Posted Tue 11 Feb 2014 06:41:15 AM PST
#

QoTD: Doug Weaver

One can argue, and maybe I'm the first one to do it, that all this targeting and audience segmentation might be creating an internet that's worse for the consumer. By downplaying the need for context, we're actually dis-incentivizing the creation of quality content and environments.

Doug Weaver

(no, you're you're not the first one, but you won't be the last.)

Posted Wed 22 Jan 2014 03:53:56 PM PST
#

Fedora Linux on ThinkPad T440s

First of all, go read Havoc Pennington's report on putting Fedora 20 on a ThinkPad T440s. Good stuff, and a big reason I bought this machine in the first place.

The main problems with the T440s from my point of a view as a long-time Linux/ThinkPad user are...

Yes, this is the kind of little stuff that Linux laptop users are down to complaining about, now. When I was starting out we had to recompile the kernel just to get PCMCIA working. (What's PCMCIA? Get off my lawn.)

The Fedora 20 install was easy, as usual. Since I now have several Fedora, RHEL, and CentOS machines kicking around at work, I wrote an RPM spec to depend on or conflict with all the stuff I like to have or not have, so that I don't have to do as many "I thought that was already on here, oh well, yum install" moments.

Clickpad "trouble"

On previous ThinkPads, I only had to use the "synclient" command once to turn off the TouchPad. Now, with no hardware mouse buttons, there's some more tweaking required. Fortunately, people had already hashed it out in the comments on that Havoc's Blog piece (you did read it, right?) so all I had to do was stick the right commands into a script. Since I will never remember how to make a .desktop file, the script will take care of that, too.

So now I have a Synaptics TouchPad that's set up for just three mouse buttons and for two-finger scroll. One-finger motion or accidental palm contact does nothing. Anyone who has claimed that blogging is dead is clearly Wrong.

Human factors

Nice screen. The speakers have always been a weak point for ThinkPads compared to other laptop brands IMHO, but the T440s is a refreshing change. Not hi-fi, but not pathetic either. Still needs headphones for extended listening.

The keyboard is similar to the one on the T430, with island-style keys. At first glance you might think, oh, crap, another laptop vendor hired an Apple fanboy as a product manager. But somehow Lenovo managed to make this keyboard much more usable than the Apple version. Not sure why, possibly because the keys each have a slight depression instead of being pure minimalist RoundRects. Anyway, good keyboard, and the IBM TrackPoint is unchanged.

Everything just works

Yawn. Have not tried the Ethernet or VGA ports, but no surprises so far. (update 7 Apr 2014: Ethernet and VGA work fine.) Let's put it this way: you're not going to learn anything about reverse engineering, driver development, or hardware vendor politics here. It's open box, click buttons, watch cat video time.

Time for another round of license poker?

The mid-range ThinkPads have been stealth Linux boxes for a long time, so it's not a surprise that this one is, too. Built from well-supported Intel components, and there's little if any drama getting the pre-loaded MS-Windows off, and Linux on.

Speaking of pre-loaded MS-Windows, well, that's a tough business these days. PCs are getting cheaper. But they're not making much money for their makers. Welcome to the value trap, writes The Guardian.'s Charles Arthur. Time for another round of preloaded Linux laptops, to get a better license deal from Microsoft? Any time Lenovo needs to do that, this hardware is ready for it.

Posted Sun 19 Jan 2014 05:28:53 PM PST
#

We're All Gun Nuts Now, So We Had Better Get Good At It

Why are the people of Silicon Valley, including a venture capitalist slash Stanford professor, seemingly ignorant about questions that any gun show shopper would get right the first time? Michael Dearing, in The NSA and the Corrosion of Silicon Valley, writes,

Inside our companies and research centers, talented minds are being conscripted into surveillance. Think about the software developers who wrote the code behind your email service. Or the team who built the guts of a blogging service’s geolocation features. Not one of them chose to work for the NSA. But their work has been co-opted, effectively turned into surveillance tools.

Turned into surveillance tools.

Turned into.

Maybe the gun nuts have just been thinking about this stuff longer than the Valley crowd has. When the question of gun registration comes up, nobody beard-strokingly says, well, we need to reform the government so that the data collected will never be used for a confiscation program. Any Second Amendment fan will jump straight to assuming that the government, or someone inside the government, will go Pol Pot on them and do the worst possible thing with the data.

A good computer programmer doesn't trust the user's input, or servers out on the network. Why trust the government?

Maybe there's a simple answer. First, wishful thinking, and second, ambitious marketing. People normally interact with companies in a guard-up shopping mode. Users know that a company is trying to sell them something, and protect their internal decision-making process. But using what Rebecca J. Rosen calls the Grossest Advertising Strategy of All Time, a company can try to get inside the user's decision-making process.

In most cases, behavioral marketing goals are nowhere near achieved. The basic data that goes into user profiling is often wrong, and even hot "social" data Isn’t Actually A Good Way To Judge Potential Employees.

But what if there's a deeper problem. What if the Valley crowd really does know that whining about NSA reform is useless? Even if the marketing is weak, the surveillance is Good Enough For Government Work. What if, as Christopher Caldwell suggests, the surveillance-marketing complex is going through a public-private bonding period?

Big Data algorithms often escape common sense and easy regulability. Those who create them have a powerful incentive—as the designers of financial derivatives did a decade ago—to render them opaque. Yet the privacy problem that most agitates the authors is the prospect that companies might have to reveal "confidential business strategies to outsiders." The authors' suggestion of a "privacy framework...focused less on individual consent at the time of collection and more on holding data users [corporations] accountable for what they do" sounds awfully convenient for the data users. In fact, it sounds a great deal like the voluntary compliance that was expected of banks in the Alan Greenspan era.

That's going to be a problem when the inevitable "let's disrupt the incumbent" startups come along. The users and makers of privacy tools could already go to jail under the Computer Fraud and Abuse Act. And clearly, regulation will be more of an aid to the marketing-surveillance complex than a hindrance. In the system that passed CAN-SPAM, the most that Congress will come up with is a a complex set of regulations to protect incumbents (who have the budget to hire people to figure out the regulations) from startups (who don't).

So if adtech is so firmly joined to the NSA (and, of course, to other countries' intelligence agencies) to the point where disrupting it is, well, they don't call it "disrupting" when it's the government, do they? If the surveillance-marketing complex is really a thing, and not just a bunch of naive IT vendors being taken advantage of by the big bad NSA, what can we possibly do?

Users won't learn new stuff. They're content to calmly chew their malware. Germans are switching away from NSA-connected companies, but they have experience that most of the rest of us don't.

Are we supposed to become Cypherpunks 2.0? Bruce Schneier says The US government has betrayed the internet. We need to take it back. and Make Wide-Scale Surveillance Too Expensive. But who can do that? That's a lot of coding.

patent drawing for a Eugene Stoner invention

If you're a citizen looking to keep your Fourth Amendment rights, well, look at the people who have kept their Second Amendment rights. Read pieces like Thoughts on militia kit from Bob Owens. And if you're an IT vendor, then think like a firearms manufacturer.

What's the equivalent of "militia kit" for information freedom? Has to include something like Disconnect (interview). Second Amendment defenders don't have to adopt a Merry Men lifestyle to be effective, and many Fourth Amendment fans can get by with basic privacy tools instead of becoming slow-Internet-using PGP/Tor nerds.

Can we strangle surveillance marketing with easy-to-use off the shelf privacy tools such as Disconnect? Maybe. The big problem for surveillance marketing these days is that they can't have adtech, privacy, and fraud control—they have to pick two. If the user base picks privacy for them, then the presence of fraud rings is a big problem for surveillance marketing. It's easier for a bot to hide if it can pretend to be a privacy-sensitive user.

But can users and developers, without advertisers, squeeze out adtech? Probably not. When I mock Fourth Amendment fans for failing to protect their rights as well as the Second Amendment fans do, I'm leaving out an important fact. The Second Amendment doesn't have a whole industry devoted to wiping it out, while the Fourth is under attack from every "online advertising" line item in every Marketing budget in the world. And as long as that's true, you're risking prosecution under the CFAA every time you block or scramble an ad cookie.

Ouch.

The last piece that needs to come together for this privacy thing to work at all is for advertisers to realize that targeted advertising loses the valuable signal that they're buying ads for in the first place. The Fourth becomes as easy to defend as the Second when violating the Fourth loses its economic constituency, not before.

Adtech is just cold calling with too much math, and it's time for the bubble to pop. More on that in Targeted Advertising Considered Harmful.

Posted Tue 07 Jan 2014 06:16:18 AM PST
#

Adtech, privacy, fraud control: pick two?

This is based on a couple of questions about adtech fraud that have come up on mailing lists and in private email recently.

You know how half of online ad money is being stolen by con men and swindlers? And, at the same time, people are talking about how to make online advertising work in a more privacy-sensitive way?

It looks as if it's impossible for adtech as we know it to do both. We can't go directly from today's online ad environment to one that protects privacy. Current adtech has kicked out some of the essential supports, so a privacy-sensitive online ad business is going to have to rebuild some important connections.

Just to review, here's the fundamental value proposition of adtech.

The fundamental value proposition of these ad tech companies who are de-anonymizing the Internet is, "Why spend big CPMs on branded sites when I can get them on no-name sites?"

That's from Michael Tiffany, CEO of an adtech security firm called White Ops.

Here's the same explanation from the publisher's point of view. Alexis C. Madrigal:

The ad market, on which we all depend, started going haywire. Advertisers didn't have to buy The Atlantic. They could buy ads on networks that had dropped a cookie on people visiting The Atlantic. They could snatch our audience right out from underneath us.

With me so far? Yes, adtech proponents are going to try to snow you with talk about Big Data and disruption and all that jibber-jabber, but the object of the game from the adtech point of view is to track the users well enough that advertisers don't have to pay for reputable content.

Can't tell the players without a scorecard

Player one is the adtech firms. Their role in the game is relatively simple. First, move ad budgets away from high-value sites to cheaper ones, you know, the sites that run a bunch of crappy, infringing, violent, or otherwise Bad content. And track the same users from reputable to bottom-feeder sites. Adtech firms are all selling essentially the same thing. (Of course, they dress it up with technological-sounding language but the premise is simple. Writers cost money. Everybody needs money. Therefore, take money away from writers.)

Player two is the actual advertisers, the clients. For now, just think of them as the parents who are eventually going to come home and discover the party and the credit card receipts.

Player three: the users. The conventional wisdom is that Given a choice between dancing pigs and security, users will pick dancing pigs every time, and the same goes for privacy. But a Pew Research Center study has found that 86 percent of US Internet users have taken steps online to remove or mask their digital footprints. And People Are Changing Their Internet Habits Now That They Know The NSA Is Watching.

Privacy tools are getting easier. Here's the most promising trend. Google and Microsoft, two companies that both make browsers and do adtech, are looking to replace the cookie with a new identifier.

Instead of trying to micromanage cookies, privacy software developers will be able to deal with a single big target. Just scramble or block a single Google identifier and a single Microsoft one. (Facebook will probably do one, too.) Other companies, though, may go with sneaky browser fingerprinting, which requires fixing a bunch of bugs to deal with. But if Google and Microsoft are both staying away from this technique, it will be easier for those fixes to make it through the browser development process.

Now player four. The fraud rings. Remember the bottom-feeder publishers on which adtech depends? Well, as you might expect, many of them are fraudulent. We fill up our site with infringing copies of other people's content, but we play it totally honest with our ad networks, said no one, ever.

Google has everyone else in the game outclassed technically, but some of the ad fraud gangs have been able to score a few points against even Google. And if you can hang with Google, you can clobber the adtech ankle-biters.

More examples in the bonus links below. The deeper you dig, the more fraud you find.

As Jack Marshall points out, Manufacturers of false traffic intimately understand the performance indicators on which agencies are paid and know exactly how to game the system without making it obvious as a result. As Kuntz pointed out, that can lead to agencies tweaking campaigns and reallocating budgets based on completely false information, and they have little idea they’re doing so. Agencies are just following the numbers.

If you're working for an agency, you're pwned. Fraud rings are inside your OODA Loop. When you see the major industry publication, Ad Age, run the subhead Metrics, Fraud and Piracy Remain Concerns in the Marketplace, that basically means HOLY SHIT THEY'RE ROBBING US BLIND.

Wait a minute, though. Adtech firms need to get more data in order to get a handle on fraud. But they need to get less data in order to give users some privacy and make online ads work better. As a matter of fact, the adtech business needs to do three things at the same time.

  1. Take money away from reputable sites and their contributors.

  2. Give users some privacy, because spam carries no signal.

  3. Limit the amount of fraud in the system before the clients lose their patience.

But this might be one of those "pick two" situations. Right now the industry has picked option 1 already, and is trying for 3. That means throw away 2. So the current trend is toward Peak Advertising. The medium will eventually get burned out, like email spam. That would be a shame.

If you agree with me that you can't have effective advertising without user privacy, and with Eaon Pritchard that the great thing about brand advertising is exactly that it is unable to deliver precision targeting and lacks quantifiable ROI., then the choice is whether you want to throw away 1 or 3. If you give up on 3, then the whole system falls apart when the fraud gets too obvious for the clients. After all, if a user has good enough privacy tech, there's no way to tell him or her from any other user, or from a bot.

Which leaves the option that looks to me like the sound one. Keep 2 and 3, and give up on ripping off the writers. Of course, this means abandoning the fundamental value proposition of adtech, so that means giving up on the whole creepy industry and building a new one.

Bonus links

BOB HOFFMAN: eBay: Paid Search Is Worthless

Tim Peterson: AOL Will Launch Ad-Tech 'Upfront' In Hopes Of Challenging Google

John: New York Times “Don’t Track Us” Editorial includes 19 Digital Trackers

Adam Tanner, Contributor: Here's The Most Amusing Way To Learn The Depressing News About Your Vanishing Privacy

Zach Rodgers: Could A Nasdaq-Style Glitch Bring Ad Trading To Its Knees?

Matthew Gertner: Advertisers Should Love AdBlock Plus

Doing Good in the Addiction Economy | Kaj Sotala

Judith Aquino: Mozilla Opens Up On Cookie-Blocking, Ad Targeting

Kelly Liyakasa: Battle Lines Drawn: We’re Not All About Blocking Ads, Says No. 1 Ad Blocker

Ben Williams: An open letter to Twitter

John Koetsier: Adblock Plus whitelists less than 10% of sites that apply (like Reddit)

Matt Kapko: Fake Display Ad Impressions Comprise 30% of All Online Traffic [Study]

Jack Marshall: Here Come The Bots: Assessing the Latest Ad Fraud Fear

Ian Bogost: What Is 'Evil' to Google?

Brian Fung: The Internet’s best hope for a Do Not Track standard is falling apart. Here’s why.

Adam Tanner, Contributor: Google And Facebook Get A Thumbs Down From This New Site That Reviews Privacy Policies

BOB HOFFMAN: Insights That Lead Nowhere

Venkat Balasubramani: Google Wins Cookie Privacy Lawsuit

Jack Marshall: Inside Ad Tech Fraud: Confessions of a Fake Web Traffic Buyer

Evgeny Morozov: Why We Are Allowed To Hate Silicon Valley

BOB HOFFMAN: The Scam What Am

The Tech Block: 1.2% of apps on Google Play are repackaged to deliver ads, collect info

BOB HOFFMAN: Astounding News From Moronsville

David Kaplan: Bots Are Hot, But Publishers And Advertisers Are Cold To Combating The Situation

Adam Tanner, Contributor: The Revolutionary Way Marketers Read Your Financial Footprints

BOB HOFFMAN: Delighting In Digital Dumbness

Eric Picard: How targeted advertising can be saved

Mike Shields: Questionable Traffic Seems to Follow This Video Company Everywhere

Kence Anderson: Stop the Family Feud: How Agencies, Ad-Tech Vendors and Brands Can Be Friends

John Naughton: Here's how data thieves have captured our lives on the internet

Posted Sun 05 Jan 2014 06:22:52 AM PST
#

Look what the Internet dragged in: business links

Working hours: Get a life | The Economist

Gregg Easterbrook: How the NFL Fleeces Taxpayers

Jon Lund, Guest Contributor: Why tablet magazines are a failure

Jack Clark: NHS tears out its Oracle Spine in favour of open source

Emily Washington: The Value of Walkability

Peter Frase: Delusions of the Tech Bro Intelligentsia

Vijay Govindarajan: India’s Secret to Low-Cost Health Care

Andrew Price: What About The Elderly?

polkadotjello: Engineer’s “Pico Dwelling” Micro Apartment

Catherine Price: Can a $400 Blender Change Your Life?

Sue Gardner: What’s really wrong with nonprofits — and how we can fix it

Derek Thompson: Writing for Free

Orson Welles’ War of the Worlds panic myth: The infamous radio broadcast did not cause a nationwide hysteria.

The U.S. Needs To Retire Daylight Savings

Cyrus Farivar: Man sues DHS, NSA for the right to parody them on mugs, T-shirts

Sweden’s billionaires: They have more per capita than the United States.

Rose Eveleth and Rachel Nuwer: Show Me the Money: The Economics of Freelance Science Journalism

Bob Bly: Further adventures of a cranky old man

Rob Bricken: Subway is making official Hunger Games sandwiches like it's not insane

Dan Gillmor: Thanks to WikiLeaks, we see just how bad TPP trade deal is for regular people | Dan Gillmor

Doc Searls: How to rescue radio

Ryan: The Secret to Selling on Craigslist

Lydia DePillis: Car companies are picking sides between Apple and Google (via The Big Picture)

Stuart Wall: Mile-High disruption: Why Denver should be on your tech radar next year

Posted Thu 02 Jan 2014 07:53:21 AM PST
#

Privacy snake oil

Remember how Bruce Schneier used to do those security snake oil posts? Somebody needs to start doing that for privacy.

Here's a great example of privacy snake oil. The primary NSA issue isn't privacy, it's authority by Jeff Jarvis.

I also think that my cancer hospital, Sloan-Kettering, should collect data about how many penises, including mine, still function properly after prostate surgery there because that information and associated metadata about surgeons and age and other conditions could be valuable to the patients who follow. Of course, I expect that data to be held anonymously.

But there is no such thing as depersonalized or safe data about a person. You can't magically assume that because some large institution has a policy where everyone has to raise his or her right hand and say something nice about privacy, that the data won't get out there.

And "white dude who chooses to write about his penis" shouldn't be the benchmark for privacy policy anyway, but that's a whole other issue.

Here's the real problem, explained in an Atlantic piece by Rebecca J. Rosen: It Is Trivially Easy to Match Metadata to Real People.

As federal district judge Richard Leon wrote in his decision last week, "There is also nothing stopping the Government from skipping the [National Security Letter] step altogether and using public databases or any of its other vast resources to match phone numbers with subscribers."

Yes, that's right. Real people. Not hypothetical "wouldn't it be nifty if in the future..." people, but real people with all the stalkers, scammers, data brokers, and assorted creeps who have just as much access to the surveillance-marketing complex as anybody else.

Gervase Markham thinks it through, in Location Services and Privacy.

Now, as Mozilla, our initial impulse as an open organization would be to release all the raw collected data to the public so people can build awesome things we haven’t even thought of yet. However, it turns out that this data comes with some interesting privacy challenges.

Yes, code should be free, and so on, but what about wireless MAC addresses? What about all the other privacy use cases?

Privacy is hard.

Schneier's snake oilers were always trying to re-use one-time pads. You can't do that. Likewise, you can't collect and store PII—and it's all PII—and not have it come back to bite the people that it's about.

Bonus links

RAND: Commentary by RAND Staff: Opt-In, Opt-Out; Why Not Forced Choice?

Top News - MIT Technology Review: Data Discrimination Means the Poor May Experience a Different Internet (via Hack Education)

Mason Weisz: California Ballot Initiative Would Create Presumption that PII is Confidential and that Unauthorized Disclosure Causes Harm

Doc Searls: Marketing isn’t getting the market’s message

Mike Williams: Easily block cookies, images, scripts and more with Chrome's HTTP Switchboard

Bruce Schneier: A Fraying of the Public/Private Surveillance Partnership

Michelle Richardson: Feinstein's NSA bill shows she doesn't have a clue about intelligence reform

Evgeny Morozov: The Real Privacy Problem

Chloe Green: Survey warns of looming consumer revolt on private data sharing

Bruce Schneier: Surveillance as a Business Model

Alice Marwick: How Your Data Are Being Deeply Mined

Posted Tue 31 Dec 2013 08:02:51 AM PST
#

Trend: finally, tough times for patent trolls?

Daniel Nazer: Patent Troll Lodsys Settles for Nothing to Avoid Trial

Eugene Kaspersky: The patent trolls can be defeated – just never give up!

Mike Masnick: Patent Troll Intellectual Ventures Running Out Of Cash; Looking For $3 Billion From Investors

Finally, a bill to end patent trolling | Ars Technica

Joe Mullin: Patent troll asks judge for gag order to silence opponent

Timothy B. Lee: Patent law is so broken that casinos, supermarkets, and realtors are demanding change

Eugene Kaspersky: Breathe the pressure!

Patent war goes nuclear: Microsoft, Apple-owned “Rockstar” sues Google | Ars Technica

Kate Tummarello: Mark Cuban, Reddit co-founder join patent fight

Daniel Nazer: Six Good Things About the Innovation Act: Part Three, Ending Discovery Abuse

Timothy B. Lee: The House votes on patent reform today. Here’s what you need to know.

Posted Mon 30 Dec 2013 07:27:03 AM PST
#

From inside the filter bubble

(This is feedback for my filter bubble tool, which lives here: read the whole thing. You've probably seem most of these when they made the rounds.)

Sarah Green: Research: Cubicles Are the Absolute Worst

Remy Van Elst: DigitalOcean Sucks. Use DigitalOcean! - Raymii.org

Megan Garber: English Has a New Preposition, Because Internet

Mike Masnick: Microsoft Front Group Struggles To Find App Developers To Sign Letter Against Ditching Bad Patents

Margot Kaminski: The TPP and Copyright

John Gruber: Why an 80 Percent Market Share Might Only Represent Half of Smartphone Users

The Universe of Discourse: Insane calculations in bash

Janet Levaux: Pinball Museum Set for New Alameda Home

When We Lose Antibiotics, Here's Everything Else We'll Lose Too - Wired Science

Kevin Drum: Why Are American Doctors Paid So Damn Much?

David Heinemeier Hansson: Microsoft's dystopian pitch for remote work by David of 37signals

John Bergmayer: If You Love Fair Use, Give It A Day Off Once In a While

Why open-office layouts are bad for employees, bosses, and productivity

Michael Geist: The Trans Pacific Partnership IP Chapter Leaks: The Battle Over Internet Service Provider Liability

sogrady: The Difficulty of Selling Software

Columbia Journalism Review: The NYT's paywall overtakes digital ads

KillerMartinis: Why I Make Terrible Decisions, or, Poverty Thoughts

James Hamblin: The Fist Bump Manifesto

Andrew Raff: Google Book Search is a Fair Use

Staring Down The Taliban In The Race To Eradicate Polio

kohsuke: Summary Report: Git Repository Disruption Incident of Nov 10th

Mike Linksvayer: Upgrade to CC-BY(-(NC(-(ND|SA))?|ND|SA))?-4.0

Rich Miller: Intel: Pollution in Asia Shortens Server Component Life

Docker 0.7 runs on all Linux distributions – and 6 other major features | Docker Blog

Timothy B. Lee: Here’s why Obama trade negotiators push the interests of Hollywood and drug companies

Matthew Yglesias: Can't Talk San Francisco House Prices Without Talking Zoning

James Kwak: Why JPMorgan Is JPMorgan

Doc Searls: Marketing isn’t getting the market’s message

Ben Bajarin: Android is Eating the World

Ian Bogost: For Adults Who Want to Feel Good About Themselves

'Algorave' Is the Future of Dance Music (if You're a Nerd) - Creating Music With Computer Code | VICE United States

Chris Heilmann: Help me write a Developer Evangelism/Advocacy guide

John Hempton: Google Plus will get your children murdered

IPv6-only servers? - Nom de domaine et hébergement cloud - Gandi.net

xkcd.com: Git Commit

Matthew Yglesias: Conservatives' Curious Affection for the Doctors' Cartel

Dan Roberts: Elizabeth Warren challenges Obama to break up 'too-big-to-fail' Wall St banks

OK to clone software by testing it and reading the manual, rules UK court.

Order Of Truth: The great UK #government #internet porn filter con – what you are REALLY signing up to

Ernesto: What Piracy? Removing DRM Boosts Music Sales by 10 Percent

Stop Being A Bookstore Asshole

Guest Author: On Go’s Web Application Ecosystem

Bill Black: NYT: Not Prosecuting JPMorgan Proves DOJ’s Vigor ?!

Go 1.2 is released - The Go Blog

oliveremberton: The real reason we have meetings

Matthew Green: How does the NSA break SSL?

Patrick Stokes: The digital soul

Steven Rosenberg: I'm looking at the Fedora Power Management Guide

George Monbiot: The lies behind this transatlantic trade deal | George Monbiot

Matthew Garrett: Subverting security with kexec (via LWN.net)

Christina Farr: Swarm Mobile gets $3.5M to track shoppers in physical stores

Andrew Rossignol: A Testament to X11 Backwards Compatibility

Edward Hasbrouck: Witness in “no-fly” trial finds she’s on “no-fly” list too

Eli Dourado: New Dourado and Tabarrok Paper on Intellectual Property

Why you should use OpenGL and not DirectX - Wolfire Games Blog

Bruce Schneier: The Problem with EULAs

Mike Masnick: German Court Says CEO Of Open Source Company Liable For 'Illegal' Functions Submitted By Community (also Court: Open Source Project Liable For 3rd Party DRM-Busting Coding)

Tom Scocca: On Smarm

Welcome To The Memory Hole

Jean-Marc Valin's random rants on DSP, Speex, open-source: Opus 1.1 released

Jeff John Roberts: Supreme Court to review patents on software

Timothy B. Lee: The Supreme Court could abolish software patents next year. Here’s why it should.

Michael Nielsen: How the Bitcoin protocol actually works (via Marginal Revolution and Schneier on Security)

BBC News - World: More men chat in girls' 'dialect'

Mike Masnick: Patenting University Research Has Been A Dismal Failure, Enabling Patent Trolling. It's Time To Stop

Justin Ellis: The Guardian experiments with a robot-generated newspaper with The Long Good Read

Charlie Stross: Lovebible.pl

Simone: Radio Arcala Antenna Collapsed

Florian Mueller: Federal Patent Court of Germany invalidates Microsoft FAT patent, appeals court may disagree

Restaurant on Google Glasser: Man-child stinking up the joint | Technically Incorrect - CNET News

Carmel DeAmicis: The last person on Earth not burned by Facebook’s privacy settings realizes her entire wall is public

etbe: A Basic Income for Australia

Mike Masnick: The USTR's Revolving Door With Copyright And Patent Maximalists Removes All Credibility

Adele Peters: Turning Vacant New York City Office Space Into A Fun Pop-Up Hotel

Dan Gillmor: Six months after NSA story broke, Edward Snowden looks even more patriotic | Dan Gillmor

Denis Duvauchelle: The most valuable lessons I learned from managing a virtual team

steveblank: When Product Features Disappear – Amazon, Apple and Tesla and the Troubled Future for 21st Century Consumers

jdieter: Multiseat in Fedora 19 and Setting up a multiseat system

Richard Posner: Raise the Federal Minimum Wage (But Not Too Far)—Posner

There’s a 1,200-year-old Phone in the Smithsonian Collections | Ideas & Innovations | Smithsonian Magazine

Michael Geist: The U.S. Stands Alone: How the U.S. Is Increasingly Isolated on Intellectual Property Policy

Anil: Learn to Code Switch Before You Learn to Code

Adrianne Jeffries: CyanogenMod rolls out encrypted text messaging by default

Tom Morris: Why I'm turning JavaScript off by default (via Tobie Langel)

How journals like Nature, Cell and Science are damaging science | Randy Schekman

Jeff Jarvis: Eight tech giants have sided with citizens over spies, but it's not enough | Jeff Jarvis

Sean Hollister: One standard to sync them all: AllSeen Alliance forms to accelerate Internet of Things adoption

Ed Felten: How to stop spies from piggybacking on commercial Web tracking (via Deeplinks)

Planet PostgreSQL: Josh Berkus: Meet your new NoSQL Database

Joshua Koran: Reports of the Cookie's Death Are Greatly Exaggerated -- and That's Good

Charlie Stross: Trust Me (I'm a kettle)

Red Hat Enterprise Linux 7 Beta - Red Hat Customer Portal

Adi Kamdar and Rainey Reitman and Seth Schoen: NSA Turns Cookies (And More) Into Surveillance Beacons (via Schneier on Security)

How AT&T;, Verizon, and Comcast are working together to screw you by "Discontinuing Landline Service" | Timmins.net | The personal website of Paul Timmins – Telecommunications expert, father.

UPDATE 3-New U.S. FDA rules aim to cut antibiotic use in farm animals | Reuters

Eugene Kaspersky: Top-10 tips for fighting patent trolls. (via nonpracticingentities)

Chris Roberts: Fedora 20 final status is a go

News is bad for you – and giving up reading it will make you happier | Media | The Guardian (via ploum.net)

Jeffrey Zeldman: This is a Website (via Adactio, Mike Linksvayer, willnorris.com)

Jim Motavalli: Driving VW's Astonishing 200 MPG XL1

Charlie: Stainless steel, the metal bacteria love.

Peter Eckersley and Peter Eckersley: Google Removes Vital Privacy Feature From Android, Claiming Its Release Was Accidental (via John Battelle's Search Blog and Global: Dan Gillmor | theguardian.com)

Zev Winicur: (Gluten-Free) (Vegetarian) Tamale Pie

Keith Packard: xserver-warnings

Johannes Ernst: There are only Three Base Business Models

CoreOS Blog: Running etcd in Docker Containers

Daniel Kahn Gillmor (dkg): OpenPGP Key IDs are not useful

Charlie Smith: How US News Organziations Should Respond to Censorship in China

Bruce Schneier: World War II Anecdote about Trust and Security

DigitalOcean's guide to using Docker on their hosts (via taint.org: Justin Mason's Weblog)

Doc Searls: Fred Wilson’s talk at LeWeb (via Marc's Voice)

Robinhood The world's $0 commission stock brokerage.

Benjamin Meyer: Large Git repositories

Colin Ian King: Detecting System Management Interrupts

Tantek Çelik: XFN 10th Anniversary (via Mike Linksvayer, Marc's Voice, and The Promised Planet)

Tobie Langel: "Counter intuitively, it may be better not to sit with your developers, you may get a better idea of..."

Mike Hadlow: Are Your Programmers Working Hard, Or Are They Lazy?

Kevin Drum: Repeat After Me: There's No Such Thing as Socialsecurityandmedicare

Ardi Kolah: Marketers face ‘double legal whammy’ on DM activity in 2014

Tom Philpott: Will Factory Farms Finally Have to (Gasp!) Get a Vet's Approval to Use Antibiotics?

Ronald Bailey: Kill Off Software Patents

Switch to open source successfully completed, city of Munich says | PCWorld

RT: Uruguay faces UN backlash for legalizing pot

BBC News - World: Moon rover sends back first photos (via SWJ Blog and Core77)

dotCore: Simple Binary Encoding, a new ultra-fast marshalling API in C++, Java and .NET

Kent Anderson: Print’s Retreat — Are the New Metrics of Online Actually Devaluing Publications?

Jan De Deken: The Architect of Uruguay's Marijuana Legalization Speaks Out

Caleb Garling: A modest proposal: Lose the tint, Tech Buses

John Brownlee: This Genius Spoof Rebrands Santa For The 21st Century

Matthew Yglesias: Central Planning in America (via Moneybox)

Andy Greenberg: ‘A Genius Among Geniuses’ (via Standblog and Nieman Journalism Lab)

Beat the Press: Paul Krugman and TPP (via Crooked Timber)

News You Can Bruise: Markov vs. Queneau: Sentence Assembly Smackdown

Baylen Linnekin: Small-Town Raw Milk Farm Faces Dubious Attack in Massachusetts

Svati Kirsten Narula: Americans Still Care About Their Public Libraries (via The American Conservative)

Joey Hess: completely linux distribution-independent packaging

Sean Gallagher: Update: NSA surveillance critic Bruce Schneier to leave post at BT (via Schneier on Security)

Matthew Yglesias: You Can't Talk Housing Costs Without Talking About Zoning

Matthew Yglesias: How To Save Money on Amazon With a Fake Baby (via Ars Technica)

Elsevier steps up its War On Access | Sauropod Vertebra Picture of the Week (via Hack Education)

rob: Less is exponentially more

On undoing, fixing, or removing commits in git (via taint.org: Justin Mason's Weblog)

Mark Dominus: Moonpig: a billing system that doesn't suck

adamw: PSA: Use Fedup 0.8 for Fedora 20 upgrades

Inside the Saudi 9/11 coverup | New York Post

The Mission to De-Centralize the Internet : The New Yorker (via Planet Intertwingly and O'Reilly Radar - Insight, analysis, and research about emerging technologies)

Daniel Genkin, Adi Shamir, Eran Tromer: RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis (via Schneier on Security and Planet Intertwingly)

Sean Gallagher: NSA leaks blamed for Cisco’s falling sales overseas (updated)

Charlie Stross: Why I want Bitcoin to die in a fire (via amor mundi and see shy jo)

Dean Takahashi: Google’s Niantic Labs formally launches massive mobile game Ingress

UPDATE 3-Saab wins Brazil jet deal after NSA spying sours Boeing bid | Reuters (via Cato @ Liberty)

Timothy B. Lee: Obama administration sued over its secretive trade negotiations

Kashmir Hill, Forbes Staff: Data Broker Was Selling Lists Of Rape Victims, Alcoholics, and 'Erectile Dysfunction Sufferers'

jbat: Facebook Must Win The Grownup Vote

sogrady: DVCS and Git Usage in 2013

Nathaniel Mott: Why the HP Chromebook 11′s exploding charger is its best feature

Moxie Marlinspike >> Blog >> A Crypto Challenge For The Telegram Developers

David Kendal: Block-chains and Bitcoin

Gregory Ferenstein: Tim Draper Wants To Split California Into Pieces And Turn Silicon Valley Into Its Own State (via TechCrunch)

Dylan Love: BitTorrent Is Building An NSA-Proof Chat Product

Dan Brekke: Bus Vandalized as Protesters in S.F., Oakland Target Silicon Valley Shuttles

Kyle: Using Copyright to Keep Repair Manuals Secret Undermines Circular Economy

Dan Brekke: Google Bus Protesters’ Manifesto: ‘Get Out of Oakland!’

doingitwrong: When “Life Hacking” Is Really White Privilege — Medium (via Chris Hanel)

Sam Biddle: Tech Titan: Let's Break Up California and Make Silicon Valley a State

BitTorrent secures and open-sources DHT bootstrap server

Francois Marier: Creating a Linode-based VPN setup using OpenVPN on Debian or Ubuntu

BBC News - AK47 assault rifle designer Kalashnikov dies at 94

Mikko Hypponen: An Open Letter to the Chiefs of EMC and RSA

Mike Masnick: RSA's 'Denial' Concerning $10 Million From The NSA To Promote Broken Crypto Not Really A Denial At All

The Tech Block: Edward Snowden, after months of NSA revelations, says his mission’s accomplished (via WIL WHEATON dot TUMBLR and Firedoglake)

Jason: Ho Rudolph

PHILIP B. CORBETT: Getting Guns Right (via JIMROMENESKO.COM)

Molly Samuel: The KQED Blog Posts That Just Won’t Go Away

samzenpus: Interview: Bruce Sterling Answers Your Questions (via Giles Bowkett)

Paul Nijjar's Internet Landfill -- Firehose: Why Libraries Still Matter

Guy Somerset: Manufacturing Outrage

Matt Blaze: How Worried Should We Be About the Alleged RSA-NSA Scheming?

Krzysztof Kotowicz: Rapportive XSSes Gmail or have yourself a merry little botnet...

Network & Infrastructure Blogs: Offshore Cloud Services: Who's in control?

Derek Jones: How to use intellectual property tax rules to minimise corporation tax

Marco.org: → iA makes patent threats (via Prolost and And now it’s all this)

Platypus Reloaded: Data Extortion

Steve Kovach: Why Your Android Phone Will Always Be Out Of Date

Felix Salmon: Why cab drivers should love Uber

Mat Honan: Generation X Is Sick Of Your Bullsh*t

Eric Blattberg: Apple-backed Rockstar group reportedly hawking its patents

essjaybee: Philip Guo - The Two Cultures of Computing (via Bucktown Bell)

Jeremy Stieglitz: Monster Madness – creating games on the web with Emscripten (via Standblog)

Arik Hesseldahl: Talk of an RSA Boycott Grows After Reports It Colluded With the NSA (via AllThingsD)

On Hacking MicroSD Cards « bunnie's blog (via LWN.net)

67p – British government porn filters block EFF, Linux, Amnesty and more

Catalog Reveals NSA Has Back Doors for Numerous Devices - SPIEGEL ONLINE

Posted Sun 29 Dec 2013 06:40:27 PM PST
#

Good news, bad news

You want the bad news first, or the good news?

All right, let's start with the bad news.

Censorship in Airstrip One: Content filtering by UK ISPs (via taint.org: Justin Mason's Weblog)

Office sprawl is still a thing: Why Apple's Suburban Spaceship Could Lose The War For Tech Talent (via Samizdata)

And so is income inequality: The Second Class Citizens of the Google Cafeteria

And this guy: Jesse Willms, the Dark Lord of the Internet - Taylor Clark - The Atlantic (via taint.org: Justin Mason's Weblog)

Speaking of people not in prison who probably should be: Outrageous HSBC Settlement Proves the Drug War is a Joke | | Rolling Stone (via Eschaton)

Good point from Andrea Peterson: 2013 is the year that proved your ‘paranoid’ friend right

And the news is bogus anyway: The Year We Broke The Internet (via WIL WHEATON dot TUMBLR) addictive, and bad for you in general.

Ready for the good news?

Bill Gates on progress fighting polio: Good News You Might Have Missed in 2013

One of the dumbest and most politically connected US policies may finally be going down:A Bipartisan Group Of Lawmakers Is Out To Kill The Corn-Based Ethanol Mandate (but wait, Sen. Feinstein is for it...what's the catch?)

Food Safety Modernization Act and "Ag Gag" would have been gifts to big rent-seeking agribusiness, but they're not doing so well: Food Freedom Dodged Bullets in 2013

All aboard: BART, Unions Reach Deal in Contract Dispute

Forgotten? Not if you're from Northern Indiana. The Largely Forgotten, Cynical Genius Behind A Christmas Story

Who knew "stunts your growth" was a marketing lie? The Devious Ad Campaign That Convinced America Coffee Was Bad for Kids

Posted Sun 29 Dec 2013 08:31:14 AM PST
#

Older stuff: archive