Ove the last few years, I've dabbled in Facebook, but frankly never really wanted to share all the trivia of my life with others, and nor did I want to know the trivia of other peoples' lives. Periodically, Facebook seemed to make changes to the privacy settings of the system, and therefore my account, and I have been getting increasingly annoyed at having to delve into what's frankly quite an arcane settings system to rectify the situation.So after news reports of what seemed to me to be a rather intrusive set of changes to the way Facebook streams trivia and tittle-tattle between users, I decided to suspend my Facebook account. In part this decision stemmed from the stories about Facebook's cookies tracking users' web activity in a way that was rather difficult to close down. I chose to suspend rather than delete my account because I thought that perhaps I would want to return to the fold, and read updates on peoples' lives, their travails, and above all their bonkers Facebook games. Well, perhaps not the latter.It's been over a month now, and I've not missed Facebook at all. But. I notice that some web companies such as Spotify now require a Facebook account to register. This is no big deal to me, my music listening habits aren't really going to benefit from Spotify membership - while I think I've increasingly embraced the digital music era, the way I think of and listen to my music collection is somewhat rooted in a vinyl LP mindset.However, during my daily perambulations round the internet I follow a good many links, many of these to news sites where the comments are often of interest. In general, I tend not to leave comments of my own (unless it's a subject I'm particularly interested in), but I often like to see what the regular readers of the site have to say. Some sites I've visited recently have required readers to have a Facebook login - not only to post comments, but in some cases to read comments.This is a little sad, I think. It's assuming all internet users are going to buy into the loss of privacy that the Facebook mindset leads to.(The links to Facebook on this site currently point to a page saying "This content is currently unavailable" - if and when I finally knock my Facebook account on the head, those links will go).
The escalating row over the News of the World phone hacking brings further revelations overnight (News of the World hacking row escalates). Hopefully, News International's attempt to deflect all responsibility from Rebekah brooks to Andy Coulson will fail, and blame will fall appropriately.The breathtaking extent of the scandal is rather worrying: why did Surrey Police take no action over the Dowler family phone hacks? Why did the Metropolitan Police appear to do their best efforts to sweep this whole sick story under the carpet at a time when it appeared to involve only 'Celebs'?A campaign for a public inquiry will be launched today - Hacked Off. There's a petition calling for a public inquiry.Will this scandal prevent the UK Government from approving the takeover of BSkyB by the Murdoch empire, further extending the ownership of UK media?
The BBC reports that the UK ISP TalkTalk (also known as StalkStalk) is pressing on with its intrusive malware scanning system (Talk Talk to introduce controversial virus alert system). However a better analysis can be read over at NoDPI (Update: StalkStalk, Time to Switch ISP).Essentially TalkTalk will visit every website visited by every TalkTalk customer, and investigate it for malware. Essentially this is an exercise in recording customers' web activity, in many cases recording URLs containing personal information. TalkTalk customers cannot opt-out of the URL stalking. As NoDPI put it:
Yesterday, TalkTalk announced the forthcoming relaunch of their ‘anti-malware’ service. The same system was covertly tested on TalkTalk subscribers in June/July.[...]Every URL that you visit will be captured, and used to classify the web site that you visit. The technology is supplied by Chinese company Huawei, who are commercial partners with notorious spyware company Phorm, who in turn use technology supplied by malware hackers OCS Lab in Moscow.TalkTalk customers are advised to read the NoDPI article and judge whether their privacy would be best served by leaving for a new ISP. Personally I left BT over their dalliance with the dreadful Phorm.See also
Related articles
- TalkTalk rapped for trial silence (bbc.co.uk)
- TalkTalk to launch controversial Virus Alerts system (v3.co.uk)
- ISP to test controversial alerts (bbc.co.uk)
- TalkTalk reprimanded over Malware trial (ghacks.net)
It would seem as though the UK government has quietly performed an about turn and revived the Intercept Modernisation Plan ('Surveillance state' fear as government revives tracking plan | UK news | The Guardian). As The Guardian reports:
A £2bn plan to allow the police and security services to track the email, text, internet and mobile phone details of everyone in Britain is to be revived, the Home Office has confirmed.The coalition agreement promised to scrap the "surveillance state" plan by pledging to "end the storage of internet and email records without good reason". Both Conservatives and Liberal Democrats voiced criticism in opposition.But the project, known as the interception modernisation programme, has been quietly revived - a decision buried in the back pages of the strategic defence and security review published this week. Senior Home Office officials have confirmed that legislation is being prepared.You might have thought that in the current climate of swingeing cuts in public expenditure this might have remained axed. But no, it's back.The plan doesn't yet include retention of the content of messages (but as ever, beware of 'function creep').
It's been a while since I noted any news about Phorm, the outfit that hawked a system for illicit DPI snooping in internet traffic. The Register today reports that the EU is to sue the UK over its failure to take action (EU sues UK.gov over Phorm trials).Not before time.
The UK ISP TalkTalk was recently spotted shadowing its customers' tracks around the internet. The excellent NoDPI.org has a comprehensive summary of why this is illegal (TalkTalk becomes StalkStalk). Interestingly the man in charge, despite claiming to have deleted all emails from one protester has had his legal crew write an apparently evasive letter.As with the BT-Phorm debacle, it's going to be interesting to watch this unfold...buy I can't see the UK regulatory bodies acting with any great rapidity if prior experience is anything to go by,
A story that surfaced in TalkTalk forums a while back, and more recently in the Phoenix Broadband Advisory Community and the No DPI forums has now come to the attention of The Register (TalkTalk turns StalkStalk to build malware blocker). This one's interesting - under the guise of harvesting URLs for future malware protection TalkTalk have been following their clients around the web. El Reg:
It's less TalkTalk, more StalkStalk: the UK's second largest ISP has quietly begun following its customers around the web and scanning what they look at for a new anti-malware system it is developing.Without telling customers, the firm has switched on the compulsory first part of the system, which is harvesting lists of the URLs every one of them visits. It often then follows them to the sites to scan for threats.[...]The new system is provided by Chinese vendor Huawei, and customers can't opt out of the data collection exercise. As they browse the web, URLs are recorded and checked against a blacklist of sites known to carry malware. They are also compared to a whitelist of sites that have been scanned for threats and approved in the last 24 hours.If a URL appears on neither list, Huawei servers follow the user to the page and scan the code. According to measurements by webmasters, the TalkTalk stalker servers show up between about 30 seconds and two minutes after TalkTalk subscribers.Isn't this clear copyright violation? On guy in the PABC forums has requested the TalkTalk cease visiting his sites: they have refused to stop doing this, claiming they "reserve our rights to check your site for the protection of our users".It would seem that the URL harvesting takes quite a bit of information along with it. TalkTalk claim that their crawler obeys robots.txt instructions, but from the evidence provided in the PBAC forums this isn't actually true. It would also seem that the process interferes with gamers' online activities and prevents computers from being able to access the iTunes store (see for example this thread).
More (albeit relatively small scale) data losses by the NHS (NHS still rubbish at caring for data • The Register), but once again the totally toothless Information Commissioner's Office response appears to be "Don't do it again".So, does anyone really think the Summary Care Record is a good idea? I mean other that the datacrats in the NHS...
Having opted out from having my medical records exposed to an astounding number of people via the NHS Summary Care Record (SCR) scheme, I'm always interested in seeing opinions on the SCR. There are a couple of open access opinion piece articles in the British Medical Journal. In the first, Mark Walport (Director of the Wellcome Trust) offers the view that the SCR will do more good than harm (Do summary care records have the potential to do more harm than good? No -- Walport). Walport takes the view that the SCR represents an excellent opportunity to benefit medical research - I have to confess that the usage of the SCR as a research tool had escaped me, and it occurs to me that this isn't one of the original functions intended for it. I'd also worry that this would represent a further extension of the already large group of people with access rights to the data. As Walport says:
The primary purpose of electronic patient records is to improve patient care. As a patient I expect the following: that my records will be accurate and that I can work with my carers to improve their accuracy; that they will be treated confidentially; that they will be shared between the members of the healthcare team that collectively look after me in primary care and in hospital; and that they will provide a basis for accountability for the quality of my health care. In addition I would hope that my records could be linked to "expert systems" that would minimise the chance of treatment errors and maximise the chance of my being prescribed the best treatment.Of course the expected benefits depend on quality data being entered in the system, and this is one issue that's been highlighted as a potential problem (though it's been noted that GPs and other medical practitioners make informed judgement on the information held). As an aside, how accessible will these data be to a practitioner attending to someone who's unconscious on the roadside? How quickly can unambiguous identification be made?In a counter opinion, Ross Anderson (Professor of Security Engineering, Cambridge University) takes an opposing view (Do summary care records have the potential to do more harm than good? Yes -- Anderson), principally taking into account the security of the data, the potential for misuse, and indeed the illegality of the means of enrolling patients into the scheme. As one might expect, Anderson approaches the issue from a very different perspective than Walport - that of data integrity and security. Anderson points out:
The showstopper though is privacy. In 2008, the European Court of Human Rights decided the case I v Finland. Ms "I" was a nurse in Helsinki, and HIV positive; the systems at her hospital let her managers find out about her status, and they hounded her out of her job. The court awarded her compensation, finding that we have a right to restrict our personal health information to the clinicians involved directly in our care. Other staff must be unable to access records, not just "not allowed." In 2009, colleagues and I wrote a report for the Joseph Rowntree Reform Trust, examining the impact of this and other cases on UK central government systems and concluded that the summary care record had serious legal problems. With the additional data being added, it is now clearly unlawful.There is always a great worry about "function creep" in large-scale database systems - for example, it may well be that Walport's view of the SCR as a research tool is an example - but the real issues for me are in data integrity and security. Both relate to individual privacy, and the letter I received explaining I was in "by default", and giving a very one-sided and over-optimistic opinion of the benefits of SCR raised my ire. That, and the hoops one has to jump through to avoid being included. Recall that once your data are in, they are there for good.As I write this, Neil Bhatia (who maintains a website providing an opposing view of the SCR) has written a "rapid response" comment.
The much-disliked company Phorm, who develop probably illegal systems for probing web traffic using deep packet inspection with a view to selling on internet users' browsing habits, have been hitting rocky times lately. With no commercial partners currently working with them in the UK, Phorm have moved further afield and explored markets in Braxil and South Korea. In both locations, their plans appear to have hit the buffers (according to postings at the No DPI forums). Faced with a bit of a crisis, they appear to be trying to raise a spot of cash, accroding to The Register (Phorm issues shares to raise cash • The Register).What's interesting there is the named markets currently being explored are Brazil and China. Now there's a market the might succeed. In the meantime, I wonder who would buy the projected shares in light of the woes that Phorm have been suffering of late?
Courtesy of Information is Beautiful, we now find out what the UK is best at (Because Every Country Is The Best At Something).So, where Madagascar is best at vanilla, the Netherlands is best at Ecstasy, and Estonia is best at Adult Literacy, what is the UK best at?CCTVOh crap!
I've been using the Firefox plug-in Ghostery for some time now to prevent web-tracking scripts, except when there was a buggy release that prevented Firefox from closing down cleanly. I just upgraded Ubuntu GNU/Linux to 10.04 (Lucid Lynx), and as ever, the process was pretty much flawless. The upgrade brought with it a newer version of Firefox (3.6.3), and when I started it, a few updated plugins were installed, including Ghostery 2.1.It seems however that Ghostery 2.1 might not be playing ball with a couple of websites. In my work Outlook web access, all links (e.g. to open mail messages) are dead. And FaceBook gives blank pages (no bad thing, one might think! Disabling Ghostery brings back functionality to both sites.
Here's a report criticising recent Government pronouncements on DNA data retention (one of many to surface on the internet today) Public being misled over DNA benefits - Public Service. In the runup to the UK elections, the main political parties are jostling for the right message - in this case, to be seen to be "tough on crime".Having been smacked down by our European protectors (at least where human rights and privacy are concerned), the Government still plan to keep DNA fingerprint data on unconvicted individuals for a considerable period. Everyone collared for an offence has there DNA sampled and fingerprinted. It's what happens to those data if said individual is not charged, or is found not guilty of the offence that's the issue here. In Scotland, this is limited to 3 years. In England, the Government proposes to hang on to these data for 12 years in cases where the individual was charged with a serious offence, or 6 years where the charge was of a less serious offence.Pause to think. In both situations, the individual will have been found not guilty. So the Government is effectively suggesting there are two degrees of innocence! Someone found not guilty of rape is somehow less innocent that someone found not guilty of car theft.A further point is that the case being used to argue for long term DNA data retention does not in point of fact support the retention of DNA data from unconvicted individuals. As the article points out:
Because Bowman's killer was arrested after a pub brawl, Labour has claimed he would have been much tougher to find under Tory proposals as his profile would have been deleted.But GeneWatch said the killer, Mark Dixie, was arrested after the murder. This means his DNA did not need to be retained for an indefinite period as it would have been checked against the database at the time of the arrest.It said there are "numerous other high profile cases cited by ministers" that also did not require the retention of innocents' DNA."Murders solved by keeping innocent people's DNA records are as elusive as the weapons of mass destruction in Iraq," said Dr Helen Wallace, GeneWatch's executive director. "If the government has a case to make why can't it produce the evidence?"Genewatch also claim that "crimes brought to court following DNA detections have not increased since 2002/03, despite the DNA database more than doubling in size." How much truth will be sacrificed in the pre-election posturing?
I picked the news that Better Advertising Acquires Ghostery via the No DPI forum. Ghostery is a very popular plugin that identifies tracking scripts on webpages, and offers the option of blocking said scripts. I'm not sure how significant this will prove to be, but I note from the Better Advertising web page that
We created Better Advertising because we knew there had to be a better way to conduct online behavioral advertising. Our goal is simple: provide solutions that help deliver the best ads and provide the best privacy, bringing transparency and trust to the online advertising ecosystem.
We do this by helping advertisers, advertising agencies, advertising networks, publishers, consumers, and industry associations to be accountable to each other and to make it clear, simple, and easy to understand how online behavioral advertising is occurring. We think improving the way data is collected, used and disclosed – and doing so in a transparent manner – will raise the quality of the entire online advertising industry. Most importantly, Better Advertising understands the importance of privacy to consumers.
Better Advertising’s technology helps online advertisers, agencies and networks continue to self-regulate. Working closely with our design partners, Better Advertising is at the vanguard of online advertising. The Better Advertising platform will enable advertisers to maximize their use of innovative digital strategies, including behavioral targeting, while meeting anticipated demand for enhanced transparency and consumer privacy.
I'm not sure that the acquisition of Ghostery by this lot is a good thing, and it's probably worth keeping an eye on the situation. The NoDPI forum also points out a bug in the current Ghostery plugin which causes Firefox to take ages to close down. This is something I've noticed lately, but not pinned down.
British Telecom's customer help forums appear to have moved from beta to a final version. During the great Phorm Phiasco, when BT were planning to use the vile Phorm DPI system to illegally pry into their customers' internet usage, there was great censorship in the beta forums (BT Total Censorship). I bailed out when I got my final warning from the mods for using the word "it" - to refer to matters that were forbidden, in this case Phorm/Webwise. All very amusing. So how do the new forums shape up? Not well.
We have threads being locked, and repressive conditions. The whole edifice seems to be a kind of BT newthink where dissent is curtailed, and where moderators' responses differ as a discussion proceeds. It's notable from the conditions, which explicitly state (and these are drawn from a banning email sent to one of the nodpi.org forum members who had posted there):
[..] Terms of Use, section 6.3 (g) which states: You must not upload, post, or otherwise transmit any content (including but not limited to text, links, communications, software, images, sounds, data, or other information) that includes any of the following inappropriate content: (g) Repetitive or continuous complaints about BT policy including allegations of abuse of privacy, use of third party suppliers or any other policy for any purpose. If you contravene these terms, this will be grounds for your access to the community to be suspended or revoked.
Ho hum business as usual, I think. There's been a very interesting thread on new firmware that according to the OP allows BT access to the HomeHub, and is actually quite insecure. Now, I'm not technically experienced enough to comment on the basis of the OP's complaint, but just read how the moderator's story changes as the thread proceeds, ending with an abrupt brush-off and locking the thread.
Finally, the BTCare home page has a twitter feed from @btcare. A comparison of that twitter feed with the messages on btcare is very interesting. Are they filtering out critical tweets?
I have a Google Mail account, principally because it was the easiest way to set up an account with Google (for things like Google Maps APIs and a few webmaster tools). I noticed a bit of a buzz on the interweb, but hadn't really looked into it (I normally use Evolution to access my gmail account via IMAP).
I was more than a little surprised to find that I'd been signed up for Buzz by default. Fortunately I only had two contacts, because I rarely use gmail except as a mail drop for subscriptions, and I hadn't set up a public profile, so there was rather little impact. I've now turned it off (via the little letters at the bottom of the gmail screen). For others however, their contacts have been spread around as followers, and their mailboxes receive additional and frequently unwanted input.
The Register reports that Mobile networks line up to bash net snooping plan. El Reg has used FoI requests to obtain information related to the public consultation on the UK Government's euphemistically named "Internet Modernisation Programme", under which all ISPs were expected to eavesdrop and record information about their clients' communications. Criticism has been severe enough to stall development of this vile and intrusive plan until after the next election. The Register reports that
The mobile operators variously attack IMP's technical feasibility, its legality, its impact on customer privacy and its opaque £2bn cost estimate. They also question the consultation's assertion that the ability to access records of all communications is essential for law enforcement and intelligence agencies to do their jobs.
Here's a <sarcasm>nice</sarcasm> tracker revealed by the excellent Firefox plugin Ghostery. According to the forum at nodpi.org, this tracker was noticed by a poster on Guardian Unlimited, and it tracks when people highlight and/or copy text, and phones home (presumably to the company HQ in Canada) this information tied to your IP address.
Apparently the noscript Firefox plugin will block it (as does Ghostery). Ghostery says this about Tynt Tracer:
I figured I'd better make sure my own house was in order if I was going to blog about web tracking! I've reviewed my websites and blogs, and find the following.
Flies & Bikes (this website) - Ghostery doesn't reveal any trackers. Joomla sites do, I think use cookies however.
The unelected Sith Lord Mandelson, who appears to have collared vast acres of political power in the UK via his all-encompassing ministry has his Digital Economy reports Ars Technica: UK "Pirate Finder General" law innocuous now, could get ugly. This bill seems to fit the needs of big media rather than any form of human rights and justice. Ars Technica reports:
The bill implements the Digital Britain report, which was completed earlier this year and attempted to chart a course forward for Britain in a high-tech world. It initially imposes two obligations on ISPs: they must forward warning letters from copyright holders to their subscribers, and they must maintain an anonymized list of the number of such warnings received by each subscriber. If a copyright holder asks, they must be shown the list, at which point the rightsholder can go to court and seek to uncover the names of the top offenders, and then sue them. There are no sanctions, but such sanctions could be coming. The government has written "reserve powers" into the law that can be deployed at a later date without needing Parliamentary approval.