Aug 26, 2010

Not really so funny

Recently I posted my thoughts regarding Eric Schmidt's comments about on-line privacy and his prediction that we'll eventually have to change our identities to get away from on-line indiscretions. In a related WSJ article Mr. Schmidt explains how Google will be able to predict what we want because Google knows:

'...roughly who you are, roughly what you care about, roughly who your friends are.' Google also knows, to within a foot, where you are.

So again, if Google knows all of this it then shouldn't it d be able to help us get rid of it? Granted we might not be able to delete every shred of information, but getting to the bulk of it is a good start.

With all its irony this bit by Stephen Colbert makes the point very eloquently:

Of course, there is one other answer. Google and Facebook could stop invasively data-mining and selling our private lives to the highest bidder. But that would be asking them to change who they are. And that's not fair.

Tipper might rate this NSFW although it is safe for Comedy Central.

The Colbert ReportMon - Thurs 11:30pm / 10:30c
The Word - Control-Self-Delete
Colbert Report Full Episodes2010 ElectionFox News

Aug 24, 2010

Aug 18, 2010

The user formerly known as Karen Hobert

The BBC World News Hour presented this report (Chapter 10) in reaction to Google CEO Eric Schmidt's recent comments about personal privacy:

"I don't believe society understands what happens when everything is available, knowable and recorded by everyone all the time," he told the Wall Street Journal. "I mean we really have to think about these things as a society."

Really? You're telling us now that you're hording everything that we're posting on-line and you're giving us no way to retract it? That it's entirely up to us to make sure we don't compromise ourselves - or to trust others not to (hint: it's much harder) - and it's Society's responsibility to ensure that we don't end up looking over our shoulders all the time? That services like Google have no responsibility in the matter to help us to protect our identities? That our only recourse is to change our identities (which BTW violates at least Facebook's policy)?

This is the 800 pound gorilla in the on-line privacy room and the ultimate blame shift. There are some nuggets in the BBC report including comments by Andrew Orlowski, Editor of one of my favorite on-line techzines The Register:

It's an incredibly naive idea but unfortunately it's common in the digital culture of Silicon Valley...In my view, technology should create tools that people use the way they actually want to use them...We shouldn't have (sic) to erase our identities...

There's a paradox here because he [Eric Schmidt] depends on users contributing this information but then doesn't take responsibility for this...this is almost a statement of desperation saying 'Look you have to change who you are, you have to do all the work yourself, and we're not going to help you.'

We should demand we are sovereign in everything we do...One thing that would help enormously is that a lot of this data exchange is done because the services are free...If we pay or the services it would make us a lot more demanding.
The irony is not lost here, especially since this blog is on Blogger, a Google owned service.

Aug 9, 2010

Open Internet != Net Neutrality

Ok, in my time covering technology markets I've lived first-hand how vendors tend to use different terminology to talk about the same ideas. The goal is to make something sound unique enough and create a sort of smoke and mirrors effect when it comes to comparing features with the competition. The ideas and concepts essentially become a sort of branding. You can usually tell who's in which camp based on the terminology they use. For example, Microsoft uses the term "information Worker" and IBM uses the term "Knowledge Worker." They are essentially the same thing but with vendor specific twists.

It's the twists that count. The subtle nuances that support the understanding of how the technology/concept works. Of course that is the competitive advantage for the vendor. If they can define what something is, let's say "open" broadband service, in the minds of the customers then half the selling battle is done. Customers are expecting something based on their understanding of what that something is. Anyone selling something else is at a deficit, meaning that they have to educate customers as to why they want something else.

I've been going through the coverage of Google's and Verzion's "Open Internet" agreement today. To me this is clearly a play to tell the US market (and the FCC) in what we can expect from these two service providers by re-defining, -naming, and -branding "Net Neutrality" as "Open Internet." I find it disconcerting that it's just these two providers defining the new "net neutrality" and what the FCC will regulate. Letting two providers the size of Google and Verizon define how much openness and neutrality we can expect for broadband delivery will have a fox watching the hen house effect.

All of this, not surprisingly, comes on the heels of last week's abandoned efforts by the FCC to come up with an agreement on "Net Neutrality" rules. Usher in "Open Internet" that parses broadband into wireline and wireless network, and proposes rules for the public Internet. One can assume that there will be a private Internet to go with the public one, and that's what consumers and business have been fearing. According to today's Google's Public Policy Blog entry, the agreement with Verizon makes provisions for innovation and "other" networks:

Therefore, our proposal would allow broadband providers to offer additional, differentiated online services, in addition to the Internet access and video services (such as Verizon's FIOS TV) offered today. This means that broadband providers can work with other players to develop new services. It is too soon to predict how these new services will develop, but examples might include health care monitoring, the smart grid, advanced educational services, or new entertainment and gaming options. Our proposal also includes safeguards to ensure that such online services must be distinguishable from traditional broadband Internet access services and are not designed to circumvent the rules.

So how does this work now? Is this just an end-run around the FCC and this is what we get? At least we know how Google and Verizon see the broadband business in the US and what we can expect from them if the FCC doesn't come up with anything better.

For more in the "What do they know?" department...

I shared with you last week Google's Social Circle, to demonstrate how Google maps you're social network. You can also see all the data Google keeps on you here. Make of it what you will.

Robin Sage revisited

I recently blogged about a ComputerWorld interview with Tom Ryan who posed as cyber-hacking ingenue, Robin Sage, to see what kind of friends Robin could connect to in the intelligence business. This experiment, while unscientific, had the potential to reveal some interesting data points on how people connect, trust, and accept identities.

Accordingly, Mr. Ryan delivered his findings at the BlackHat conference a couple of weeks ago. My friends over at SecurityCurve posted a disappointed review of the talk.

It’s not that the discussion didn’t lay out how Tom Ryan did what he did – oh sure, there was plenty of that. He even had the woman whose picture he pilfered in attendance. But at the end of the day, the discussion was very heavy on the titillation factor: from the girl he exploited to the practitioner he embarrassed via their connection to a wife swapping site. But why do we care? So he tricked some people into friending him… And (surprise, surprise) Facebook and Twitter make it easy to link together various information about someone – that’s the point. So if you went into that talk wondering why you should care, you came out of it the same way.

It's really too bad Mr. Ryan didn't dig a bit deeper into the security ramifications of the ease in creating relationships on-line. BTW Diana at SecurityCurve told me that the name Robin Sage is likely to be a red flag for anyone trained in covert operations, which is probably why no one in the CIA or FBI accepted the friend request.

Still, despite the anemic analysis of the Robin Sage experiment, the issue still stands; what are the criteria that people use to make on-line connections and how deep does that trust go? Clearly Mr. Ryan experienced more than a cute face and a blue-chip pedigree gets you connected. His final comment in the CW interview points to the fact that it was Robin's contacts that got noticed:

Toward the end of the experiment, there was this massive influx of Arabs from overseas that were trying to get on the Robin page where all the military stuff was. I didn't really care for it. That was a bit scary.

Aug 2, 2010

The Business of Online Ads and Browsers

The Wall Street Journal recently published a few articles on Online Privacy issues. In "Microsoft Quashed Effort to Boost Online Privacy," the article points out that today's browser business is primarily in support of advertising sales:

As online advertising grows more sophisticated, companies playing prominent roles in consumers' online experiences have discovered they have access to a valuable trove of information. In addition to Microsoft, such companies include search-engine giant Google Inc., iPhone maker Apple Inc., and Adobe Systems Inc., whose Flash software makes much of the Internet's video, gaming and animation possible. These companies now have a big say in how much information can be collected about individual users.

The article details the internal struggle at vendors who are in the business of producing browsers and online advertising solutions. Big stakes for all, basically putting the consumer in charge of their privacy. As if we had a clue. This was the topic of a conversation I was having with Diana Kelley at SecurityCurve this morning; consumers have little to no idea what's being tracked or how. We trust the vendors and the providers that they have our best interests in mind when in fact they have their own best interests in mind. That usually involves making as much money as they can giving away free stuff to consumers.

For more insight on what is tracked and by whom, check out WSJ's article "What They Know."

Will the real Robin Sage please stand up?

"I had access to e-mail and bank accounts. I saw patterns in the kind of friends they had. The LinkedIn profiles would show patterns of new business relationships."

This is a quote from a ComputerWorld interview with Thomas Ryan, a security professional who created a fake persona to see how much information he could access via social networks. He stacked the deck by creating a young, cute, and highly intelligent woman, Robin Sage, and put her out on Facebook, LinkedIn and Twitter. The flirtatious cybergeek was able to make a few hundred friends in Intelligence and Government circles and gained access to sensitive information. It's an interesting lesson based on common sense: "The big takeaway is not to friend anybody unless you really know who they are." Like the recent Soviet Spy discovery, a cute face with a smarty pants background goes a long way in how we "trust" someone.

Fake femme fatale shows social network risks - Computerworld