Bring virtue to the internet by keeping trackers at bay
Everybody has heard of the seven deadly sins, right? Tech evangelist Tim O'Reilly -- with whom I remain unrelated -- explains in a December 7, 2017, post on Medium that Pope Gregory created the list of lethal naughties in the year 590. The Pope based his rotten roster on eight groups of human failings compiled a couple of centuries earlier by an Egyptian hermit named Evagrius the Solitary.
(I bring this up only because I enjoy typing the name "Evagrius the Solitary.")
Did you know there are seven virtues that correspond to each of the sins? They are chastity (lust), temperance (gluttony), generosity (greed), diligence (sloth), patience (wrath), gratitude (envy), and humility (pride). There's not much profit to be made in promoting the seven heavenly virtues. Conversely, O'Reilly writes that entire industries are based on "nudg[ing] us to indulge our failures."
Two classic examples of lead-us-into-temptation industries are advertising and politics. The former encourages wasteful spending and consumption; and the latter preys on our fears and prejudices. (O'Reilly also points out the sin-promoting done by financial services, which make obscene profits by "betting against their customers.")
In their book Phishing for Phools: The Economics of Manipulation and Deception, George Akerlof and Robert Shiller write that "phishing-style deception" is used in business, politics, and society to "prey on human cognitive biases," as O'Reilly puts it. In other words, we're all some kind of "phool." The powerful institutions we deal with every day are experts at determining just what kind of phool we are. They've also figured out how to manipulate "our own flawed estimate of our supposedly rational choices."
Phacebook: The ultimate phishing scam
According to O'Reilly, the 2016 U.S. Presidential election "demonstrated phishing on a grand scale." One good thing about a Presidency that is corrupt to the core is the realization that Facebook in particular and social media in general are addictions. They are designed to hook people into spending as much time and attention as possible using them. You get a little jolt of dopamine each time you like something or post a comment, photo, or timeline update.
The same is true for all advertising-based services, so the best way to bring back truth to journalism is to dump the ad-based model and return to subcriptions. That's about as likely to happen as our corrupt political system finding a way to fix itself from the inside out. O'Reilly calls for Facebook to make its manipulating algorithms more virtuous. He also asks application developers to make products that "encourage time well spent."
Ain't gonna happen, Tim. Not so long as there's a buck to be made by manipulating us "phools." O'Reilly concludes that if social networks don't clean up their act on their own, the government will step in and do it for them. I don't share my namesake's optimism about this eventuality. Instead, I have gone the route of another tech writer/futurist I admire, Cory Doctorow, who refers to himself in a December 28, 2017, post on Boing Boing as "a Facebook vegan."
Doctorow refers to a December 27, 2017, post on Mashable by Foster Kamer, who advocates against people allowing Facebook to filter the internet for them. Instead, go all retro and use your browser. Jump from site to site, like in the old days. Maybe visit some sites that are new to you. You're likely to get a view of the world that's both broader and deeper than your Facebook-induced echo chamber. As a bonus, you'll help publishers wean themselves off their dependence on Facebook clicks for their survival.
Deter sites from recording your keystrokes via 'session replay scripts'
Speaking of using your browser, if you're on a site and get the feeling someone's looking over your shoulder, it may be more than a feeling. Princeton University researchers Steven Englehardt, Gunes Acar, and Arvind Narayanan write in a November 15, 2017, article on Freedom to Tinker that they have detected scripts on some pages that record and play back all the actions you take during your browsing session. The post is the first in a series entitled No Boundaries.
The session recorders collect all keystrokes, including text typed into forms before you submit them. The scripts also record mouse movements, scrolling behavior, and the entire contents of the page. The information is sent to third-party servers without users being aware of it, let alone agreeing to it. As the Princeton researchers report, the data "can't reasonably be expected to be kept anonymous." In fact, some sites allow publishers to link the recordings "to a user's real identity," according to the scientists.
Unfortunately, there isn't much we can do to prevent having our browser sessions recorded and shared without our knowledge or permission. At least one of the seven session replay companies the researchers studied was detected on 482 of the sites on Alexa's list of the top 50,000 sites. While some ad-blocking lists managed to block some of the session-recording scripts, none prevented all recording. Also, none of the sites honor the browser's voluntary Do Not Track setting.
Third parties gain access to private info saved in password managers
In the second installment of the No Boundaries series posted on December 27, 2017, the Princeton researchers demonstrate how third-party scripts tap into the password managers built into browsers. There's nothing new about the technique used by the scripts to collect user IDs, passwords, and other sign-in data saved in the browser. The researchers found that rather than stealing passwords, the scripts are used by many first-party sites to "extract" email addresses to facilitate tracking the user. The authors provide a list of sites from Alexa's top 1 million that embed scripts designed to extract email addresses from browser password managers.
The exfiltration can be prevented by publishers, browser makers, and individuals. So why haven't publishers and browser vendors stopped it? According to the researchers, each party puts the responsibility for preventing access to saved login data on the other party. What users can do is install ad blockers and tracking-prevention tools such as the Electronic Frontier Foundation's Privacy Badger.
Sites using browser session recorders could get sued by unsuspecting visitors
Casper Sleep and Quicken Loans have been sued for illegal consumer tracking, as Richard Larson reports in a December 28, 2017, article on JD Supra.
Brady Cohen is the plaintiff in a New York federal court complaint against mattress company Casper Sleep and tracking vendor NaviStone that alleges a violation of Electronic Communications Privacy Act. Cohen visited the Casper Sleep site many times but never made a purchase. NaviStone's software was used to collect Cohen's keystrokes, mouse clicks, and other electronic communications without Cohen's permission, according to the complaint. The plaintiff asserts that his activities on the site were outside the normal course of business, and that the way the companies collected his personal information is "contrary to the legitimate expectations of website visitors."
Days after the action was filed against Casper Sleep and NaviStone, a "virtually identical lawsuit" was filed in New Jersey federal court against Quicken Loans and NaviStone. The plaintiff in that case claims his electronic communications were illegally intercepted by the defendants to establish a "detailed profile."
Casper Sleep responds that its advertising practices are "standard in the industry," and NaviStone believes a simple discussion with the plaintiffs will be sufficient to "clear up any misunderstandings."
How low will sites stoop to get your private info? Dark Patterns are "tricks used in websites and apps that make you buy or sign up for things that you didn't mean to." The people behind the Dark Patterns site want "to spread awareness and to shame companies that use them."
You already know about bait and switch, and you may know to watch for hidden costs when you get to the last stages of the checkout process, but did you know that ads are often disguised as content or navigation, or that granting a site permission to access your contacts could lead to all your friends being spammed by the service?
Other dishonest internet practices are forced continuity (credit card charges starting automatically at the end of a free trial), misdirection (distracting you from noticing particular items), and "Privacy Zuckering" (being tricked into publicly sharing more private information than you intended to).
Save the planet: Go local. Even with a nut-job President tweeting nuclear threats, hope springs eternal. We know things will get worse before they get better. How much worse is anybody's guess. Yes Magazine's Sarah van Gelder writes in a December 28, 2017, post on Common Dreams that people are waking up to the realization that they must organize to save humanity from itself. According to van Gelder, the re-establishment of our democracy has to begin at the local level.
Van Gelder states that "[t]op-down revolutions become corrupt and authoritarian." The grassroots approach lets us "create diverse and democratic economies and widely distributed power." A strong local community "supports emotional and spiritual resilience," according to van Gelder. I would add that when you spend your money at local businesses, the money is more likely to stay in the community.
Journalists need all the help they can get. That's why the Reporters Committee for Freedom of the Press has released the Digital Journalist's Legal Guide, which offers tips for filing Freedom of Information Act requests, gaining access to courts, and determining when the "reporter's privilege" applies to a source or subpoena. Also provided are guides to government overreaching (prior restraint), libel issues, and press credentials/news-scene access.
Putin's "daring aggression" masks his weakness. Is Russia's president a "manipulative genuis" as many Americans believe, or are both Putin and his country "aging, declining," as Julia Ioffe claims in the January/February 2018 edition of the Atlantic? Skepticism about the former is epitomized by one Russian citizen Ioffe quotes as saying, “You’re telling me that everything in Russia works as poorly as it does, except our hackers?"
Ioffe presents Putin as holding "deep resentments" toward the west that he wishes to avenge, related in large part to the disclosure of his tremendous personal wealth as part of the release of the Panama Papers in 2016. She concludes that now Putin personifies Russia, and each exists only because of the other. As soon as Putin goes -- most likely in 2024 -- Russia collapses.
But look on the bright side. I don't know what that bright side is, but when it shows up, we can all look at it.
The tweet of the year came early. "Can I share a secret? Your life is enriched and much happier when you root for other people, when you genuinely want good things for them. That's all."--Louise Patterson Stan
I'm rooting for all of you to have a rip-roaring seven days, and a rootin'-tootin' new year to boot. See you next Weekly!