firefox, trackers and ghostery

[pete smout]

On 17/07/13 10:49, Patrick Asselman wrote:
> On 2013-07-17 09:24, Sajan Parikh wrote:
>> Yay!  Finally somebody with a thoughtful rebuttal.
>
> Thank you :)
>
>> Edit: When I say 'you', I don't mean anyone personally, just in general.
>
> Same here, I'm not attacking you or your company, just talking in general.
>
>> On 07/16/2013 02:11 AM, Patrick Asselman wrote:
>>> It's not unreasonable to ask your users these things, but it is very
>>> unreasonable to simply go ahead and investigate all you can about
>>> them without their consent. Compare it to sending a private
>>> investigator after someone who just visited your grocery store.
>> I think you're mixing two things here.  The private investigator
>> should be thought of as the US Defense Department, as in the one who
>> is doing this secretly and snooping for the purposes of snooping.  I
>> fully advocate being angry at that.
>
> As far as we now know, you are right of course. But there may be more.
>
>> However, what people have reacted to is things like tracking cookies,
>> which 99% do not have any nefarious intent and are not in any way
>> secret.  The simple facts about the HTTP protocol sort of require you
>> to at least give up your IP address to make the connection, the page
>> you want to visit, and some details about your system so that the web
>> developers can work on optimizing the web site for you.  This is what
>> the media have focused on and started to scare people with.
>>
>> Even then, I don't think anyone should have any reasonable
>> expectation of your visit to a web page being private.
>>
>> If you walk into a movie theater, at least one person is going to see
>> you.  You don't get to control who that person then tells about your
>> presence at the movie theater.  The minute people start to think of
>> the internet as a 'place', everyone will start to understand a bit
>> more.
>
> The problem is that the person seeing you in the movie theater will
> forget all about you in a day. Digitally stored data can be stored
> indefinately.
>
>>> You could also set up a little inquiry on some (free) inquiry site
>>> and ask your customers kindly to participate in this inquiry so that
>>> you will be able to help them better in the future.
>> Sorry, but I don't think a form asking users to list every article
>> they've read on CNN.com is reasonable.  Or whatever equivalent that is
>> for other sites.  What items you've browsed on a shopping site for
>> example.  You don't think Walmart review in store footage at test
>> stores to study people's browsing patterns, and change item placement
>> and store arrangements accordingly?  Same thing.
>
> I don't like Walmart doing such analytics either. I feel spied upon if
> (when?) they do this.
> It would be better if Walmart communicated that they do this, so people
> know what is going on and can then decide if they think it is acceptable
> or not.
>
>>> It's not new and it started out as not being unreasonable, but it has
>>> grown way out of hand, to the extent that if the big guys go and
>>> puzzle all the bits of gathered information together they can create
>>> a file on you that contains way more than you want them to know.
>>> There is a story on the 'net about a family who got targeted with
>>> very specific advertisements for pregnant people, based on their
>>> online behaviour. They got upset about it and thought it was a
>>> mistake. It then turned out the woman *was* pregnant, but the
>>> marketing people knew about it sooner than the family. Is that where
>>> we want to go? I don't think so.
>> The dramatic point in that is anecdotal.  The overall point doesn't
>> really hit me either.  Free content is paid for by ads.  You can't
>> want to continue enjoying free content, and then complain the ads are
>> for "junk I don't even need."
>
> Free content is payed for by ads, but ads can also destroy peoples
> interest. If one looks at TV nowadays, there are so many ads that it
> makes people watch less TV. They'd rather go on the internet, where
> there are less and less obknoxious (sp?) ads.
>
>> In what way, specifically, has it gotten unresonable?  That they now
>> know you check prices on NewEgg AND Amazon?  Or that you browse at
>> Overstock, but then really buy at Buy.com?  I mean seriously, what is
>> it that everyone is complaining about?  On a site like Amazon, that
>> probably gets millions of pageviews a day, do you really think that a
>> single Amazon employee is specifically stalking his ex-girlfriends
>> shopping habits?  Well...maybe, but do you think that an Amazon
>> employee is sitting there literally stalking YOUR shopping habits?
>> No!  That amount of data is all just aggregated by layers of software
>> and algos.
>
> The point is, that your company uses Google Analytics, and from that you
> learn a little bit about your customers, in a convenient way. Fine.
>
> But other companies do the same thing. Google in the mean time can
> puzzle all these things together and learn a LOT about me and my
> behaviour. All the little pieces add up, to a pretty amazingly complete
> picture of 'me' and what I do. To the extent that Google may know more
> about you than you yourself (for example that you are pregnant). So we
> need to discuss whether we want to have one company owning all these
> puzzle pieces, and if we allow them to own all this data (as we seem to
> be doing) we need to talk about how the company is allowed to use this
> data. Are they allowed to use it themselves or not? Are they allowed to
> sell it? Etc.
>
>>> Which is exactly what people are doing by using these plugins :)
>>>
>>> True, you use a free service and agree to the terms and conditions of
>>> that service. But you do want to know exactly what you are getting
>>> into, and you want to have a choice. After PRISM people are just not
>>> sure anymore how all that information is used. They thought it was
>>> used in a trustworthy way, it turned out to go way beyond their
>>> expectations. It's not strange that people are now weary of all
>>> online information storage.
>> Ah, I do agree with you here.  However, my point is that the anger
>> should not be directed at those who we've trusted are data with.  I
>> don't see them having broken anyone's trust.  The anger should be
>> directed toward the secret FISA courts and those that operate PRISM
>> and the like.  Once again, those are the ones that are secretly doing
>> all this.  Everyone else's data collection is not secret.
>
> Not entirely true. It may be true for your company. But did Google not
> get fined for accidentally snooping wifi data while they were driving
> around taking pictures for their map thing? Data gathering happens all
> the time, and companies need to be more careful about data gathering,
> storing, and analysing.
>
>>> Yes you do, if you want. Some religions prescribe women to wear a
>>> niqab. These woman can walk into buildings just fine.
>> My analogy of a mask might've coincedentally been too literal.  Let
>> me put it this way.  You don't get to walk into a grocery store with
>> an invisibility cloak.
>>>
>>> It is the first one to leak that they are doing it, but there may be
>>> more. The user just doesn't know.
>>> New and bigger data centers are being opened all the time, but there
>>> does not seem to be a good check as to what is stored for how long
>>> and whether it is within legal limits.
>>>
>>> Having the footage is fine, but it would be nice if the footage was
>>> also destroyed after the legal storage time has expired. Or that a
>>> court order is needed to look into the footage. Society needs to have
>>> assurance that these things are happening according to the law, and
>>> that there is not some secret agreement made with a secret 'judge' in
>>> a back room that it is okay from now till the end of time to look
>>> into all information if there is some suspicion (there always is
>>> *some* suspicion), and that the people storing the footage are not
>>> allowed to talk to anyone about the fact that these things are
>>> happening.
>>>
>> I agree a court order should be required for a THIRD party (US
>> Defense Department) to look at the footage.  However, if you walk onto
>> my property and I log your IP address, browser version, screen
>> resolution, and whatever else, that's my perogative and I can store
>> that as long as I want.  The gas station owner has no obligation to
>> destroy security footage.  He just does because he doesn't want/need
>> to buy 10 hard drives a month.
>
> No, this is not your prerogative. You are bound by laws, and the laws
> are agreed upon by our democracy.
>
> In the country where I live (the Netherlands) one is not allowed to put
> a web cam and film the road from your home. This is considered to be a
> privacy violation, even though it is a public road. You need to put up a
> big sign that you are doing this before it is considered to be legal.
> (In some weird way though, the filmed material can be used by the police
> in case you have filmed some crime.)
>
> It is also not allowed to store certain data for an indefinate time. And
> you need to store data in a secure way. And if the data leaks you need
> to tell people about it.
>
> There are all sorts of rules and regulations that you need to comply
> with, and for good reasons.
>
>> On the internet, we like to store data as long as possible because
>> trends over the course of years and soon, decades, matters.
>>> I'm very glad that mr. Snowden gave up his lazy life to show how
>>> wrong things are already. Now we must have this discussion on how far
>>> all this information gathering, storing, and analysing is allowed to go.
>>>
>>> That is too easy. Basically you are saying that companies are allowed
>>> to make any demands that they seem fit in their contract with the
>>> users. I beg to differ. I just want to buy a newspaper and read the
>>> news, not get a private eye chasing me around for a week after buying
>>> the paper. The government should make sure that I can just buy the
>>> paper. Unfortunately they seem to have decided to join the companies
>>> into stalking their citizens. That is why people are now taking all
>>> the actions they can by themselves.
>>>
>> Really? "private eye chasing me around for a week", is that really
>> how you would characterize what is actually happening?  That's the
>> over hyping that I'm referring to.
>
> The comparison is flawed, of course, because the internet is different
> from the real world. But the fact is that the shop owner has someone
> looking at his customers while they are in his store. And the other
> stores do the same. And have it done by the same "service company". And
> this "service company", because it provides this service to so many
> companies, is now following customers around every time they enter a
> store. The store itself is not doing anything wrong, but the "service
> company" is now gathering so much data, that I hope someone is checking
> what they do with all this data.
>
>> Also, if you want to do that, wear a hoodie and go buy one from the
>> paper stand on the street corner.  Don't use the internet where you
>> need to go through about 30 different parties to buy that paper. (ISP,
>> IP transit providers, datacenter hosting the site, the site itself,
>> the payment processor, etc.).
>>> Maybe they are overhyped, but you can't blame them, in my opinion.
>>> Their trust has been broken in a pretty bad way.
>>>
>> No, you can't blame them.  I'm not.  I just wish they didn't see
>> people like me who use Google Analytics and other tracking software
>> companies as the bad guys.  We have no interest in sharing our hard
>> earned data with other organizations.  We keep it private to ourselves
>> (and the company we use to retrive it obviously) so that we can make a
>> better product for our customers.  Why would we want our competiters
>> to have access to that?
>
> I don't think they see people like you as bad guys. That may be the
> picture the media is painting, but most media don't know a lot about
> internet and all that digital stuff. They only go by what they hear from
> more knowledgable people, and try to translate it into something
> everyone can understand. (Much like a gossip magazine trying to write an
> article on quantum physics for their regular clientele.)
>
>> No, the only people you should be angry about are complete third
>> parties.  So far, only the US Defense Department.  They are the only
>> ones collecting data that have no reason or right to.  If you're
>> buying a news article from me, you have a right and I have a right.
>> You can't get made at either of those parties.  Go nuts on the Defense
>> Department though.
>
> Not just the DD but the government. They should be making sure that all
> the gathered data is not abused, but instead they are tapping into it
> and analysing it for their own purpose. Supposedly for tracking down
> terrorists, but it is such a powerful tool, that abuse is just waiting
> to happen, especially with secrative courts deciding on what is or isnt
> allowed.
>
>> Yet the media want to make us the bad guys with headlines
>> like...."How much data are you giving away by shopping online?" - The
>> answer to that is..."The same as if you walked into a store!" In fact,
>> less, because you're not interacting with any particular person who
>> could memorize your face and personally identify you.
>>
>> Thanks,
>> Sajan Parikh
>
> I just realised all this is not very Ubuntu related anymore, but imho
> it's a good discussion to have.
>
> Best regards,
> Patrick Asselman
>
>
Hi,

It is a Very important discussion to have (if not Ubuntu related) & let 
us try and involve as many people as possible in this discussion! As it 
affects everybody.

And let us not make it personal, our web designer friend is doing a 
perfectly logical thing, trying to improve their service. My big gripe 
is what Google (and others) then do with the data they have gathered, 
from millions of sites (the one site improving it 'offer' is fine), but 
the data gathered by Google Analytics (for example there are others!) is 
stored for years and not related to one site but lots and why is it 
personalized ie the IP address stored, surely if it was only to improve 
products and services offered anonymous data would give the end user the 
same information (how many visits, what products were viewed, even what 
browser was used on what system).

Obviously there can be legit reasons for personalized data to be viewed 
but this should be the exception rather than the norm.

Pete