firefox, trackers and ghostery

Wed Jul 17 09:49:37 UTC 2013

On 2013-07-17 09:24, Sajan Parikh wrote:
> Yay!  Finally somebody with a thoughtful rebuttal.

Thank you :)

> Edit: When I say 'you', I don't mean anyone personally, just in 
> general.

Same here, I'm not attacking you or your company, just talking in 
general.

> On 07/16/2013 02:11 AM, Patrick Asselman wrote:
>> It's not unreasonable to ask your users these things, but it is very 
>> unreasonable to simply go ahead and investigate all you can about them 
>> without their consent. Compare it to sending a private investigator 
>> after someone who just visited your grocery store.
> I think you're mixing two things here.  The private investigator
> should be thought of as the US Defense Department, as in the one who
> is doing this secretly and snooping for the purposes of snooping.  I
> fully advocate being angry at that.

As far as we now know, you are right of course. But there may be more.

> However, what people have reacted to is things like tracking cookies,
> which 99% do not have any nefarious intent and are not in any way
> secret.  The simple facts about the HTTP protocol sort of require you
> to at least give up your IP address to make the connection, the page
> you want to visit, and some details about your system so that the web
> developers can work on optimizing the web site for you.  This is what
> the media have focused on and started to scare people with.
>
> Even then, I don't think anyone should have any reasonable
> expectation of your visit to a web page being private.
>
> If you walk into a movie theater, at least one person is going to see
> you.  You don't get to control who that person then tells about your
> presence at the movie theater.  The minute people start to think of
> the internet as a 'place', everyone will start to understand a bit
> more.

The problem is that the person seeing you in the movie theater will 
forget all about you in a day. Digitally stored data can be stored 
indefinately.

>> You could also set up a little inquiry on some (free) inquiry site 
>> and ask your customers kindly to participate in this inquiry so that 
>> you will be able to help them better in the future.
> Sorry, but I don't think a form asking users to list every article
> they've read on CNN.com is reasonable.  Or whatever equivalent that 
> is
> for other sites.  What items you've browsed on a shopping site for
> example.  You don't think Walmart review in store footage at test
> stores to study people's browsing patterns, and change item placement
> and store arrangements accordingly?  Same thing.

I don't like Walmart doing such analytics either. I feel spied upon if 
(when?) they do this.
It would be better if Walmart communicated that they do this, so people 
know what is going on and can then decide if they think it is acceptable 
or not.

>> It's not new and it started out as not being unreasonable, but it 
>> has grown way out of hand, to the extent that if the big guys go and 
>> puzzle all the bits of gathered information together they can create a 
>> file on you that contains way more than you want them to know. There 
>> is a story on the 'net about a family who got targeted with very 
>> specific advertisements for pregnant people, based on their online 
>> behaviour. They got upset about it and thought it was a mistake. It 
>> then turned out the woman *was* pregnant, but the marketing people 
>> knew about it sooner than the family. Is that where we want to go? I 
>> don't think so.
> The dramatic point in that is anecdotal.  The overall point doesn't
> really hit me either.  Free content is paid for by ads.  You can't
> want to continue enjoying free content, and then complain the ads are
> for "junk I don't even need."

Free content is payed for by ads, but ads can also destroy peoples 
interest. If one looks at TV nowadays, there are so many ads that it 
makes people watch less TV. They'd rather go on the internet, where 
there are less and less obknoxious (sp?) ads.

> In what way, specifically, has it gotten unresonable?  That they now
> know you check prices on NewEgg AND Amazon?  Or that you browse at
> Overstock, but then really buy at Buy.com?  I mean seriously, what is
> it that everyone is complaining about?  On a site like Amazon, that
> probably gets millions of pageviews a day, do you really think that a
> single Amazon employee is specifically stalking his ex-girlfriends
> shopping habits?  Well...maybe, but do you think that an Amazon
> employee is sitting there literally stalking YOUR shopping habits?
> No!  That amount of data is all just aggregated by layers of software
> and algos.

The point is, that your company uses Google Analytics, and from that 
you learn a little bit about your customers, in a convenient way. Fine.

But other companies do the same thing. Google in the mean time can 
puzzle all these things together and learn a LOT about me and my 
behaviour. All the little pieces add up, to a pretty amazingly complete 
picture of 'me' and what I do. To the extent that Google may know more 
about you than you yourself (for example that you are pregnant). So we 
need to discuss whether we want to have one company owning all these 
puzzle pieces, and if we allow them to own all this data (as we seem to 
be doing) we need to talk about how the company is allowed to use this 
data. Are they allowed to use it themselves or not? Are they allowed to 
sell it? Etc.

>> Which is exactly what people are doing by using these plugins :)
>>
>> True, you use a free service and agree to the terms and conditions 
>> of that service. But you do want to know exactly what you are getting 
>> into, and you want to have a choice. After PRISM people are just not 
>> sure anymore how all that information is used. They thought it was 
>> used in a trustworthy way, it turned out to go way beyond their 
>> expectations. It's not strange that people are now weary of all online 
>> information storage.
> Ah, I do agree with you here.  However, my point is that the anger
> should not be directed at those who we've trusted are data with.  I
> don't see them having broken anyone's trust.  The anger should be
> directed toward the secret FISA courts and those that operate PRISM
> and the like.  Once again, those are the ones that are secretly doing
> all this.  Everyone else's data collection is not secret.

Not entirely true. It may be true for your company. But did Google not 
get fined for accidentally snooping wifi data while they were driving 
around taking pictures for their map thing? Data gathering happens all 
the time, and companies need to be more careful about data gathering, 
storing, and analysing.

>> Yes you do, if you want. Some religions prescribe women to wear a 
>> niqab. These woman can walk into buildings just fine.
> My analogy of a mask might've coincedentally been too literal.  Let
> me put it this way.  You don't get to walk into a grocery store with
> an invisibility cloak.
>>
>> It is the first one to leak that they are doing it, but there may be 
>> more. The user just doesn't know.
>> New and bigger data centers are being opened all the time, but there 
>> does not seem to be a good check as to what is stored for how long and 
>> whether it is within legal limits.
>>
>> Having the footage is fine, but it would be nice if the footage was 
>> also destroyed after the legal storage time has expired. Or that a 
>> court order is needed to look into the footage. Society needs to have 
>> assurance that these things are happening according to the law, and 
>> that there is not some secret agreement made with a secret 'judge' in 
>> a back room that it is okay from now till the end of time to look into 
>> all information if there is some suspicion (there always is *some* 
>> suspicion), and that the people storing the footage are not allowed to 
>> talk to anyone about the fact that these things are happening.
>>
> I agree a court order should be required for a THIRD party (US
> Defense Department) to look at the footage.  However, if you walk 
> onto
> my property and I log your IP address, browser version, screen
> resolution, and whatever else, that's my perogative and I can store
> that as long as I want.  The gas station owner has no obligation to
> destroy security footage.  He just does because he doesn't want/need
> to buy 10 hard drives a month.

No, this is not your prerogative. You are bound by laws, and the laws 
are agreed upon by our democracy.

In the country where I live (the Netherlands) one is not allowed to put 
a web cam and film the road from your home. This is considered to be a 
privacy violation, even though it is a public road. You need to put up a 
big sign that you are doing this before it is considered to be legal. 
(In some weird way though, the filmed material can be used by the police 
in case you have filmed some crime.)

It is also not allowed to store certain data for an indefinate time. 
And you need to store data in a secure way. And if the data leaks you 
need to tell people about it.

There are all sorts of rules and regulations that you need to comply 
with, and for good reasons.

> On the internet, we like to store data as long as possible because
> trends over the course of years and soon, decades, matters.
>> I'm very glad that mr. Snowden gave up his lazy life to show how 
>> wrong things are already. Now we must have this discussion on how far 
>> all this information gathering, storing, and analysing is allowed to 
>> go.
>>
>> That is too easy. Basically you are saying that companies are 
>> allowed to make any demands that they seem fit in their contract with 
>> the users. I beg to differ. I just want to buy a newspaper and read 
>> the news, not get a private eye chasing me around for a week after 
>> buying the paper. The government should make sure that I can just buy 
>> the paper. Unfortunately they seem to have decided to join the 
>> companies into stalking their citizens. That is why people are now 
>> taking all the actions they can by themselves.
>>
> Really? "private eye chasing me around for a week", is that really
> how you would characterize what is actually happening?  That's the
> over hyping that I'm referring to.

The comparison is flawed, of course, because the internet is different 
from the real world. But the fact is that the shop owner has someone 
looking at his customers while they are in his store. And the other 
stores do the same. And have it done by the same "service company". And 
this "service company", because it provides this service to so many 
companies, is now following customers around every time they enter a 
store. The store itself is not doing anything wrong, but the "service 
company" is now gathering so much data, that I hope someone is checking 
what they do with all this data.

> Also, if you want to do that, wear a hoodie and go buy one from the
> paper stand on the street corner.  Don't use the internet where you
> need to go through about 30 different parties to buy that paper. 
> (ISP,
> IP transit providers, datacenter hosting the site, the site itself,
> the payment processor, etc.).
>> Maybe they are overhyped, but you can't blame them, in my opinion. 
>> Their trust has been broken in a pretty bad way.
>>
> No, you can't blame them.  I'm not.  I just wish they didn't see
> people like me who use Google Analytics and other tracking software
> companies as the bad guys.  We have no interest in sharing our hard
> earned data with other organizations.  We keep it private to 
> ourselves
> (and the company we use to retrive it obviously) so that we can make 
> a
> better product for our customers.  Why would we want our competiters
> to have access to that?

I don't think they see people like you as bad guys. That may be the 
picture the media is painting, but most media don't know a lot about 
internet and all that digital stuff. They only go by what they hear from 
more knowledgable people, and try to translate it into something 
everyone can understand. (Much like a gossip magazine trying to write an 
article on quantum physics for their regular clientele.)

> No, the only people you should be angry about are complete third
> parties.  So far, only the US Defense Department.  They are the only
> ones collecting data that have no reason or right to.  If you're
> buying a news article from me, you have a right and I have a right.
> You can't get made at either of those parties.  Go nuts on the 
> Defense
> Department though.

Not just the DD but the government. They should be making sure that all 
the gathered data is not abused, but instead they are tapping into it 
and analysing it for their own purpose. Supposedly for tracking down 
terrorists, but it is such a powerful tool, that abuse is just waiting 
to happen, especially with secrative courts deciding on what is or isnt 
allowed.

> Yet the media want to make us the bad guys with headlines
> like...."How much data are you giving away by shopping online?" - The
> answer to that is..."The same as if you walked into a store!" In 
> fact,
> less, because you're not interacting with any particular person who
> could memorize your face and personally identify you.
>
> Thanks,
> Sajan Parikh

I just realised all this is not very Ubuntu related anymore, but imho 
it's a good discussion to have.

Best regards,
Patrick Asselman