Posts Tagged ‘privacy’

Facebook and Linked Accounts

18 September 2011

I have had a couple opportunities to “link accounts” in the past couple days. One was with Urban Spoon, I don’t remember the other one.

So in both cases, the Facebook cookie that is on my hard drive was accessed and read to determine who I was. Then FB was invoked and I was asked to confirm that the site could do a couple things: (1) access my basic information, which includes birthday and such; (2) post things to my Wall; and (3) send me email.

I declined both. Items 1 and 3 I had no problem with. It was the posting to the Wall I didn’t want. I want the things I post to be from or about me. I have no problem with some things being posted to my Wall; for example, I was tagged in several photos from my Yosemite backpacking trip by other hikers, and that tagging was posted to my Wall since it was about me.

But what I suspect would be posted by other sites is mainly advertising. I’m not opposed to getting advertising, but I don’t particularly want advertising posted to my FB Wall in my name.

So to Urban Spoon, or any other sites that want to practice cross-site authentication, I would suggest that you ask for the minimum information first, and then ask the user if they want to allow you to post to their Wall. In the case of Urban Spoon, I’m already giving them free content by linking my blog posts to their site, and not asking anything in return except to access other information on the site. I don’t want them to speak for me by posting to my Facebook Wall.


Privacy and City Streets

17 June 2010

There have been two stories involving the concept of privacy in the news this past week.

First, some politicians are heaping poo over Google for capturing images of houses as part of the Google street-level mapping program, and also the characteristics of WiFi hotspots.

Second, the cops in Maryland arrested a guy for a video he took of a traffic stop (the WaPo story is here). They used a Maryland wiretapping law for this, saying that the police were recorded without their consent, and that the police have an expectation of privacy while doing traffic stops.

Some observations about this. I wholly subscribe to the concept that we should each be as private in our homes and businesses as we want to be. Some people might want 14-foot picture windows between their bedroom and the street, and some might want a 14-foot privacy fence. Right on to both.

But the public street is by definition a public street. A homeowner can’t control who walks on that street, and if they take pictures of the house and yard, that’s kind of too bad if you don’t like it. The same goes for stuff that radiates out of your house – sound or music or wifi. You do not have an expectation of privacy for the street. If you don’t want people on the street to see you, put up a fence. If you don’t want people on the street to hear you, build a berm, or talk quieter. And if you don’t want people on the street to record your wifi, turn the power down or otherwise shield it.

This is related to the Maryland incident. To summarize, a guy who likes riding his motorcycle also has a camera attached to his helmet to record some of his rides, including audio. He got stopped, and got a ticket, and then later posted the video of the incident to YouTube. Shortly thereafter, an early morning raid on the house he lived in resulted in the cops carrying away computers, drives, etc.

The Maryland “authorities” claim that the guy broke the law when he posted the audio of the incident, since it’s illegal there to record someone without their consent.

Some observations:

  • Maryland State Police have dash cameras and audio to record all interactions with the public – without their consent. Lots of other police agencies do as well. And ambulances, and fire trucks, and ordinary people. Why should police have an advantage?
  • If you can run a camera and audio on a public street at any time, the cops have no leg to stand on. They have the same expectation of privacy that an ordinary citizen does – NONE.
  • The property and tax assessor people here in Oklahoma County, OK (and others I’ve seen) have photos of most of the properties in the country, on-line, accessible to the public, taken from the streets, going back five years or so. Want to see my house, but you live in New Zealand? You can. They also routinely run photo-recon operations of the county from the air (as do the fed, agencies ranging from the Geological Survey to NASA.
  • News media record people constantly without their consent. If you go to a football game, you can be recorded shouting “Go team” or whatever, without your consent.
  • Most importantly, why should a police officer, who can use anything you say against you in court, and who routinely record people in interrogations, not be subject to the same sort of check?
  • I do not think that the Maryland law passes Constitutional muster. I do think that places with an expectation of privacy, such as telephone conversations, could be subject to such a law. But a city street, I do not think so.

    A couple other observations, unrelated to privacy (you have to read the story for context):

    Why did the officer, in an unmarked car, and in plain clothes, jump out of his car with a weapon drawn, for a traffic stop? That is wrong, the officer seems to have acted in a reckless manner, and could have shot an innocent person (to include the motorcycle rider). Speeding and popping a wheelie does not justify a cop drawing a weapon on a citizen. There was no indication that the rider was doing anything threatening, to anyone.

    Why did the cops use the old pre-dawn raid on the house, and then cart away everything that was computer-related, except out of an attitude of punishment? The video was on YouTube, and that was all the “evidence” they needed. And why not just send a guy to the door and ask for stuff. This was a non-violent “crime” (and there is no victim, either). The motorcycle guy/victim wasn’t going anywhere.

    This sort of thing makes me wonder if the prosecutor is up for re-election.

    Security Software, Webcams, and Privacy

    21 February 2010

    I first heard about the case of the Lower Merion School District using built in webcams to spy on students a couple days ago, and my initial reaction was a bit of anger.

    Today, I read a more in-depth article about the incident, and my anger was somewhat lessened.

    The Washington Post article is here:

    The parents of a student, and the student herself, talked in the story (I think it was on NBC national news, but I cannot be sure), that the webcams in the computers were turned on at random by people hoping to spy in the houses of the student who had the computers in their houses (and so possibly in bedrooms or other very private spaces.

    The WaPo article reveals that the computers were actually suspected of being stolen, or taken without permission, from the school district, and that the ability to turn on the webcam was used to attempt to find out where the possibly purloined computers were located.

    Some comment was made in the article that the presence of “security software” was not disclosed in something like a user agreement. That is a reasonable objection, but I do not think that a lack of disclosure of the presence of security software, on a computer that belongs to the school district, is grounds for the probably inevitable lawsuit.

    One example, the laptop that I carry is issued to me by the Air Force. Every time I log on I have to acknowledge that the computer is subject to monitoring. Now, the Air Force does not tell people what they do to monitor a computer, but merely perusing the task list, or watching the packets flow over the Ethernet port from the computer to the authentication server, can tell you precisely what is being “phoned home”. I also have to sign a form every year that tells me that the computer isn’t mine, and it belongs to the Air Force, and I can’t put my own software on it, and I can’t put non-mission things on it, like music.

    The worst part of this is probably the idea that using a webcam is really needed. I suppose that the idea was to be able to see the users face and so ID the thief/unintentional borrower. I submit that in the case of a true theft, the face of the user likely is not going to be a student, but a person who was given or bought the purloined machine (although the face could be captured for later identification). So the system administrators would be better off with some gathered forensic data.

    They should already know the machines MAC. That would be tied to the IP address, and that takes you to the upstream router, and that tells you the ISP (who in almost all cases are perfectly willing to rat out a customer). In most cases you get login information (a lot of SMTP logins are in the clear), so that gives you a name and a billing address and/or a phone number. A keystroke logger could be activated to get similar information.

    The fact that only two system administrators were able to enable the webcams is good, as long as there are procedural safeguards (administrative and technical) to ensure that randy admins operating “off the books” can be found out.

    So it comes down to who owns the machines. If the school district owns them, then they can basically do what they want with them, and the users can choose to not use the computer if the security requirements are too onerous. And instead of using the webcam, the distract can also DOS the machine for internet use, or something similar, by zorching the Winsock DLL or something similar.