tl;dr → theoretical; witnessing. You tell it, you tell the story! Mentions Bitcoin on page 2; uses the word “hegemon” on page 14. Offers a cook’s tour of the boosterist community and their projects: Freedom Box, Diaspora, Mastodon, Blockstack, Interplanetary File System (IPFS), Solid, Appcoins, Steemit.
Table of Contents
The Rise of the Centralized Web
Risks Posed by the Centralized Web
Structural Interventions as a Possible Solution
Section II: Federation
Section III: Open Protocols
Section IV: Appcoins
Wait and see, only time will tell.
<quote>A precondition for the success of these distributed
platforms is a shift towards user-controlled data,</quote>
Fund the projects (the best-of-breed exemplars, below, and more) e.g. Let’s Encrypt.
The fascination, gee whiz!; it’s simply phenomenal!
circumvent Venture Capital funding.
business model: unspecified, but definitely “not advertising”
A fool and his money are soon parted:
<quote>However, this space also has a lot of potential for scams, and it might be unreasonable to expect users to manage a financial stake in many different networks.</quote>
Digitial Millennium Copyright Act (DMCA)
File Transfer Protocol (FTP)
Wide Area Information Server (WAIS)
John Perry Barlow A Declaration of the Independence of Cyberspace
Fred Turner, Harry and Norman Chandler Professor of Communication
Department Chair, Stanford University.
tl;dr → No. Betteridge’s Law. folk politics as “leaderless” slactivism does not work; “leader”-based, top-down circa 1955-1965 did work; see Zeynep Tufekci.
<quote>Tufekci’s conclusions about the civil-rights movement are unsettling because of what they imply. People such as Kauffman portray direct democracy as a scrappy, passionate enterprise: the underrepresented, the oppressed, and the dissatisfied get together and, strengthened by numbers, force change. Tufekci suggests that the movements that succeed are actually proto-institutional: highly organized; strategically flexible, due to sinewy management structures; and chummy with the sorts of people we now call élites.</quote>
Attributed to Nick Srnicek, Alex Williams in Inventing the Future
<quote>reasoning through individual stories [is] also a journalistic tic</quote>
<quote>a general inability to think systemically about change</;quote>
“This is politics transmitted into pastime—politics-as-drug-experience, perhaps—rather than anything capable of transforming society”
<quote>Their objection to protest and direct action defies generations of radical zeal. “The people, united, will never be defeated!” the old street chant goes. These lefties say that, actually, they will.</quote>
<quote><snip/>the left, despite its pride in being progressive, is mired in nostalgia.
“Petitions, occupations, strikes, vanguard parties, affinity groups, trade unions: all arose out of particular historical conditions,” they say. They think that modernizing these things for an internationalized, digitized world will free us from what they vividly call our “endless treadmill of misery.” Protest is fine for digging in your heels. But work for change needs to be pragmatic and up-to-date. </quote>
<quote>Inventing the Future may be the shrewdest, sanest pipe dream of a book published since the recession.</quote>
Attributed to Michael Hardt, Antonio Negri; Assembly (Heretical Thought);
<quote><snip/>the killings of “more than” forty unarmed black people by law-enforcement officers. A majority of these officers were not indicted, however; of those that were, three were found guilty. To date, only one of the convicted has received a prison sentence.</quote>
Teaser: <shrill>How thousands of companies monitor, analyze, and influence the lives of billions. Who are the main players in today’s digital tracking? What can they infer from our purchases, phone calls, web searches, and Facebook likes? How do online platforms, tech companies, and data brokers collect, trade, and make use of personal data?</shrill>
Table of Contents
Background and Scope
Relevant players within the business of personal data
Businesses in all industries
Media organizations and digital publishers
Telecom companies and Internet Service Providers
Devices and Internet of Things
Financial services and insurance
Public sector and key societal domains
The Risk Data Industry
Rating people in finance, insurance and employment
Credit scoring based on digital behavioral data
Identity verification and fraud prevention
Online identity and fraud scoring in real-time
Investigating consumers based on digital records
The Marketing Data Industry
Sorting and ranking consumers for marketing
The rise of programmatic advertising technology
Connecting offline and online data
Recording and managing behaviors in real-time
Collecting identities and identity resolution
Managing consumers with CRM, CIAM and MDM
Examples of Consumer Data Broker Ecosystems
Acxiom, its services, data providers, and partners
Oracle as a consumer data platform
Examples of data collected by Acxiom and Oracle
Key Developments in Recent Years
Networks of digital tracking and profiling
Large-scale aggregation and linking of identifiers
Analyzing, categorizing, rating and ranking people
Real-time monitoring of behavioral data streams
Testing and experimenting on people
Mission creep – everyday life, risk assessment and marketing
Ibrahim Altaweel, Nathaniel Good, Chris Jay Hoofnagle; Web Privacy Census; In Technology Science; 2015-12-15.
tl;dr → there are lots of (HTML4) cookies; cookies are for tracking; cookies are bad. factoids are exhibited.
Most people may believe that online activities are tracked more pervasively now than they were in the past. In 2011, we started surveying the online mechanisms used to track people online (e.g., HTTP cookies, Flash cookies and HTML5 storage). We called this our Web Privacy Census. We repeated the study in 2012. In this paper, we update the study to 2015.
“top 1 million”
indistinguishable in the census method
M. Ayenson, D. Wambach, A. Soltani, N. Good, C. Hoofnagle. Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning. 2011-07-20. ssrn:1898390
Chris Jay Hoofnagle, Nathan, Good. Web Privacy Census; 2012-06-01, ssrn:2460547.
B Krishnamurthy, C Wills. Privacy diffusion on the web: A longitudinal perspective, In Proceedings of the 18th ACM International Conference on World Wide Web (WWW). 2009. p. 541-550. citation.
J Gomez, T Pinnick, A Soltani. KnowPrivacy. June 1, 2009-06-01.
A Soltani, S Canty, Q Mayo, L Thomas, C Hoofnagle. Flash Cookies and Privacy. 2009-08-10. ssrn:1446862; Also in Proceedings of the AAAI Spring Symposium on Intelligent Information Privacy Management, also in Proceedings of CodeX, The Stanford Center of Computers and Law.
HTTP header enrichment allows mobile operators to annotate HTTP connections via the use of a wide range of request headers. Operators employ proxies to introduce such headers for operational purposes, and—as recently widely publicized—also to assist advertising programs in identifying the subscriber responsible for the originating traffic, with significant consequences for the user’s privacy. In this paper, we use data collected by the Netalyzr network troubleshooting service over 16 months to identify and characterize HTTP header enrichment in modern mobile networks. We present a timeline of HTTP header usage for 299 mobile service providers from 112 countries, observing three main categories:
unique user and device identifiers (e.g., IMEI and IMSI)
headers related to advertising programs, and
headers associated with network operations.
HTTP header enrichment
Verizon Precision Marketingt Insights
The IETF’s Service Function Chaining (SFC) standards are vague about whether injected headers are good or bad (should be removed).
Collected: 2013-11 → 2015-03.
Belief: no M?NO is yet cracking TLS to insert HTTP headers into the encrypted stream.
Suggested as an ID-less methods of identification: device-unique allocation of the (routable) IPv6 space to identify the device, in addition to routing to it.
RFC 7239 – Forwarded HTTP Extension; A. Peterson, M. Milsson (Opera); IETF; 2014-06.
2014-10 → Vodaphone (ZA) has ceased their practices in 2014-10, nothing to see there, now.
2014-11 → AT&T has ceased their practices 2014-11.
2015-03 → Verion was not respecting opt-out (as evidenced by not inserting the X-UIDH header) through 2015-03.
Verion continues the X-UIDH header insertion.
The X-Forwarded-For header carries extra freight in T-Mobile (DE)
Carrier-Grade NAT (CGN) at 100.64.0.0/10 per RFC 6598 – IANA-Reserved IPv4 Prefix for Shared Address Space (2012-04)
Table 1 & Table 2; Table 3 (not shown)
unstated, an identifier
Access Point Name (APN)
Location-Based Services (LBS)
Mobile Country Code (MCC)
Mobile Network Code (MNC)
Mobile Network Operator (MNO)
Mobile Virtual Network Operator (MVNO)
Hong Kong Metro (subway) (MTR)
Service Function Chaining (SFC)
Transport-Layer Security (TLS)
Unique Identifier (UID); contra the specific UUID or GUID
Virtual Private Network (VPN)
A significant number of newpaper articles, vulgarizations & bloggist opinements.
Digital Advertising Alliance. Guidance to Marketers for Microsoft IE10 “Do Not Track” Default Setting. 2012. Best Available: Statement from the Digital Advertising Alliance (DAA), press release, Digital Advertising Alliance (DAA), 2012-05-31. Teaser: Digital Advertising Alliance (DAA) Comments on Microsoft Decision to Embed Do Not Track in IE 10 Set “on” by Default.
C. Mulliner. Privacy leaks in mobile phone internet access. In Proceedings of the IEEE Conference on Innovations in Services, Networks and Clouds (ICIN, 2010.
A Petersson, M Nilsson. Forwarded http extension. IETF. Work in Progress, 2012. (becomes) RFC 7239 – Forwarded HTTP Extension; A. Peterson, M. Milsson (Opera); IETF; 2014-06.
N. Vallina-Rodriguez, J. Amann, C. Kreibich, N. Weaver, V. Paxson. A tangled mass: The android root certificate stores. In Proceedings of ACM Conference NEXT (CoNEXT), 2014.
N. Vallina-Rodriguez, S. Sundaresan, C. Kreibich, N. Weaver, V. Paxson. Beyond the radio: Illuminating the higher layers of mobile networks. In Proceedings of The ACM International Conference on
Mobile Systems, Applications, and Services (MobiSys), 2015.
John Gruber; WWDC 2007 Keynote News; In His Blog; 2007-06-11.
tl;dr → reference to Apple (Steve Jobs’) strategy on iPhone & Web
<quote>If all you have to offer is a shit sandwich, just say it. Don’t tell us how lucky we are and that it’s going to taste delicious.</quote>
Whereas The Vergepublishes 40 linkbait packages per day
It is not possible to do this on multiple proprietary publishing systems.
ergo Web publishing in “standard” HTML and “standard” adtech to monetize.
There is some chain of reasoning in the middle that induces a causal relationship between performance and ecosystem health:
Chain of Reasoning
Bad PC software created the opening for The Web
Bad Mobile Web created the opening for Mobile Apps
Unvoiced: something about opening the way for Officework/Desktop/EXE/Apps (again).
Claim: Microsoft is giving away Windows 10 because Windows 10 exe files will “run anywhere” (ahem: write once, run anywhere).
<quote>Apps have become nearly irrelevant on desktops because the web experience is close to perfect, while apps are vitally important on phones because the web experience is dismal. Windows 10 looks like it’s going to be a big step forward for Microsoft, but it won’t be able to bridge that gap. I’m not sure anything can.</quote>
To partly address people’s concerns over web tracking, Google has created the Ad Settings webpage to provide information about and some choice over the profiles Google creates on users. We present AdFisher, an automated tool that explores how user behaviors, Google’s ads, and Ad Settings interact. AdFisher can run browser-based experiments and analyze data using machine learning and significance tests. Our tool uses a rigorous experimental design and statistical analysis to ensure the statistical soundness of our results. We use AdFisher to find that the Ad Settings was opaque about some features of a user’s profile, that it does provide some choice on ads, and that these choices can lead to seemingly discriminatory ads. In particular, we found that visiting webpages associated with substance abuse changed the ads shown but not the settings page. We also found that setting the gender to female resulted in getting fewer instances of an ad related to high paying jobs than setting it to male. We cannot determine who caused these findings due to our limited visibility into the ad ecosystem, which includes Google, advertisers, websites, and users. Nevertheless, these results can form the starting point for deeper investigations by either the companies themselves or by regulatory bodies.
Surely Google opined “we didn’t do it.” Not shown.
A 72-hour press cycle; archaeological order…
Women less likely to be shown ads for high-paid jobs on Google, study shows; Samuel Gibbs; In The Guardian; 2015-07-08; separately filled.
Teaser: Automated testing and analysis of company’s advertising system reveals male job seekers are shown far more adverts for high-paying executive jobs
Hook: One experiment showed that Google displayed adverts for a career coaching service for executive jobs 1,852 times to the male group and only 318 times to the female group.
R. Mayer, J. C. Mitchell, “Third-party web tracking: Policy and technology,” in Proceedings of the IEEE Symposium on Security and Privacy (SP), 2012, pp. 413–427.
B. Ur, P. G. Leon, L. F. Cranor, R. Shay, Y. Wang, “Smart, useful, scary, creepy: Perceptions of online behavioral advertising,” in Proceedings of the Eighth Symposium on Usable Privacy and Security. ACM, 2012, pp. 4:1–4:15.
R. Zemel, Y. Wu, K. Swersky, T. Pitassi, C. Dwork, Learning fair representations, in Proceedings of the 30th International Conference on Machine Learning (ICML-13); S. Dasgupta and D. Mcallester (editors), vol. 28. JMLR Workshop and Conference Proceedings, 2013-05, pp. 325–333.
F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, E. Duchesnay, “Scikit-learn: Machine learning in Python,” In Journal of Machine Learning Research, vol. 12, pp. 2825–2830, 2011.
P. Good, Permutation, Parametric and Bootstrap Tests of Hypotheses. Springer, 2005.
C. E. Wills and C. Tatar, “Understanding what they do with what they know,” in Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society (WPES), 2012, pp. 13–18.
P. Barford, I. Canadi, D. Krushevskaja, Q. Ma, S. Muthukrishnan, “Adscape: Harvesting and analyzing online display ads,” in Proceedings of the 23rd International Conference on World Wide Web (WWW). 2014, pp. 597–608.
B. Liu, A. Sheth, U. Weinsberg, J. Chandrashekar, R. Govindan, “AdReveal: Improving transparency into online targeted advertising,” in Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks. ACM, 2013, pp. 12:1–12:7.
M. Lécuyer, G. Ducoffe, F. Lan, A. Papancea, T. Petsios, R. Spahn, A. Chaintreau, R. Geambasu, “XRay: Increasing the web’s transparency with differential correlation,” in Proceedings of the USENIX Security Symposium, 2014.
S. Guha, B. Cheng, P. Francis, “Challenges in measuring online advertising systems,” in Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (IM), 2010, pp. 81–87.
R. Balebako, P. Leon, R. Shay, B. Ur, Y. Wang, L. Cranor, “Measuring the effectiveness of privacy tools for limiting behavioral advertising,” in Proceedings of the Web 2.0 Security and Privacy Workshop, 2012.
L. Sweeney, “Discrimination in online ad delivery,” In Communications of the ACM, vol. 56, no. 5, pp. 44–54, 2013.
R. A. Fisher, The Design of Experiments. Oliver & Boyd, 1935.
S. Greenland and J. M. Robins, “Identifiability, exchangeability, and epidemiological confounding,” In International Journal of Epidemiology, vol. 15, no. 3, pp. 413–419, 1986.
T. M. Mitchell, Machine Learning. McGraw-Hill, 1997.
D. D. Jensen, Induction with randomization testing: Decision-oriented analysis of large data sets, Ph.D. dissertation, Sever Institute of Washington University, 1992.
H. Abdi, “Bonferroni and Šidák corrections for multiple comparisons,” in Encyclopedia of Measurement and Statistics, N. J. Salkind, editor. Sage, 2007.
D. Hume, A Treatise of Human Nature: Being an Attempt to Introduce the Experimental Method of Reasoning into Moral Subjects, 1738, book III, part I, section I.
“On pay gap, millennial women near parity — for now: Despite gains, many see roadblocks ahead,” Pew Research Center’s Social and Demographic Trends Project, 2013.
T. Z. Zarsky, “Understanding discrimination in the scored society,” In Washington Law Review, vol. 89, pp. 1375–1412, 2014.
R. S. Zemel, Y. Wu, K. Swersky, T. Pitassi, C. Dwork, “Learning fair representations,” in Proceedings of the 30th International Conference on Machine Learning, JMLR: W&CP, vol. 28. JMLR.org, 2013, pp. 325–333.
Something about a legal precedent in the early oughties that established that tracking was not wiretapping; it was (something about) being with your friends. No citation. Julia Angwin voices the statement.
Something about eCommerce preferences via your social media account (your Facebook account).
Still spoken of in Episode 4 as if it were current & available.
is very big.
is very bad.
There be dragons.
causes polarlization (polarization is bad)
Facebook uses Collaborative Filtering
∴ Facebook is bad
Twitter uses Collaborative Filtering
∴Twitter is bad
Depicted, but not discussed.
Content farms in general
Associated Content (Yahoo)
… that if consumers all, each, paid some … it would all be wonderful & ad-free.
Facebook → $9/year
Ethan Zuckerman, MIT Media Lab
Claims he invented the popup ad to ensure Ford Motor Company did not get car ads on anal sex sites (or a story substantially similar to this line of causality). He claims he invented the popup ad. And: Ethan Zuckerman, Who Invented Pop-Up Ads Says ‘I’m Sorry’; In Forbes; 2014-08-15.
The Internet’s Original Sin; Ethan Zuckerberg (MIT); In The Atlantic; 2014-08-14.
Teaser: It’s not too late to ditch the ad-based business model and build a better web.
tl;dr => apps run gobs of beacons; 20-33% is ad-related. Yet nothing to see here.
reminder => the consent event of the consumer pertaining to this treatment occurred when the app was purchased (requested for download). Contractually & regulatory framing: the consumer was notified, they consented, and the experience was delivered as was transparently indicated in the terms of service. The consumer asked for it.
There are over 1.2 million applications on the Google Play store today with a large number of competing applications for any given use or function. This creates challenges for users in selecting the right application. Moreover, some of the applications being of dubious origin, there are no mechanisms for users to understand who the applications are talking to, and to what extent. In our work, we first develop a lightweight characterization methodology that can automatically extract descriptions of application network behavior, and apply this to a large selection of applications from the Google App Store. We find several instances of overly aggressive communication with tracking websites, of excessive communication with ad related sites, and of communication with sites previously associated with malware activity. Our results underscore the need for a tool to provide users more visibility into the communication of apps installed on their mobile devices. To this end, we develop an Android application to do just this; our application monitors outgoing traffic, associates it with particular applications, and then identifies destinations in particular categories that we believe suspicious or else important to reveal to the end-user.
Table of Contents
Application Destination Characterization
Detailed Apps Characterization
App Category Behavior
No Such App (NSA)
Their app is called NSA, ’cause that’s cool.
Not available in Google PlayStore
Direct link https://db.tt/Cx8fB5Xz (who knows what that is)
SandroProxy for MITM of the SSL
HTTPS is not analyzed
It’s an Ad Related Endpoint if it has come to the attention of Ad Block Plus’ EasyList.
It’s a Malevolent Endpoint if it has come to the attention of Webutation, VirusTotal or Google Safe Browsing.
20-33% of data usage is categorized as “ad related”; Table 11.
The percentage of apps in from the Google Play Store which contact these domains. Recall though that the act of downloading the app onto your box was the consent event that makes this all copacetic (i.e. formally, you asked to have this happen to you)..
The percentage of data use in apps. Table 11 (reordered & re-presented to highlight the most-common categories. The “IT” category is a default “other” type of category meant to include any bookkeeping traffic that wasn’t otherwise categorizable.
<quote>AT&T’s best pricing may not be available in cities where it doesn’t compete against Google Fiber. In Dallas, where Google Fiber hasn’t arrived, AT&T was charging $120 a month for gigabit service and still requiring the customer to opt in to Internet Preferences.</quote>
<quote>AT&T describes Internet Preferences as “opt-in,” but its website advertises the lower price without mentioning the traffic scanning unless you click “See offer details.”</quote> An actuality of the AT&T consumer acquisition screens is exhibited.
<quote>AT&T Internet Preferences works independently of your browser’s privacy settings regarding cookies, do-not-track, and private browsing, If you opt-in to AT&T Internet Preferences, AT&T will still be able to collect and use your Web browsing information independent of those settings. Using the IP address assigned to each GigaPower account, AT&T scans for your AT&T Internet Preferences election, AT&T will treat your Internet browsing activity in accordance with your election. If you chose to participate in the AT&T Internet Preferences program, your Internet traffic is routed to AT&T’s Internet Preferences Web browsing and analytics platform.</quote> attributed to AT&T, either to a document or a speaker (unclear).
Privacy Is Becoming a Premium Service; David Auerbach; In Slate; 2015-03-31.
Teaser: AT&T wants customers to pay the company not to spy on them. And it’s not an outlier.
Teaser: AT&T Gigapower: The company wants you to pay it not to sell your data
wholly derivative of the Ars Technica piece; somewhat more cogent.
Original reporting, a month earlier, in archaeological order (derivatives on top, original work below).
<quote>AT&T’s new service uses searches terms entered, Web pages visited, and links clicked. The tracking remains in effect even if you clear cookies, use an ad block program, or switch on a browser’s do-not-track settings. The company uses the data it collects to help advertisers target ads on Web pages, email messages or direct mail.</quote>
+ $70/month for service
+ $29/month for “opt out”
✕ 30% user fees & taxes
Framing (by AT&T press relations)
<quote>not as a charge to people who opted out of tracking but as a discount to those who didn’t. “We can offer a lower price to customers participating in AT&T Internet Preferences because advertisers will pay us for the opportunity to deliver relevant advertising and offers tailored to our customer’s interests,”</quote>
Jonathan Mayer, activist, Stanford University
Marc Rotenberg, President & Executive Director, Electronic Privacy Information Center (EPIC).
Bobble, a Chrome extension
Exhibits diffs of personalized & unpersonalized Google search.
In archaeological order, newer more derivative works on top, older original matieral down below
Motahhare Eslami, Aimee Rickman, Kristen Vaccaro, Amirhossein Aleyasen, Andy Vuong, Karrie Karahalios, Kevin Hamilton, Christian Sandvig; “I always assumed that I wasn’t really that close to [her]”: Reasoning about invisible algorithms in the news feed; In Proceedings of ACM Conference on Human-Computer Interaction (HCI); 2015-04-18; 10 pages.
tl;dr => developed FeedViz to exhibit the difference between all output possible in a Facebook News Feed and the Facebook-presented (algorithm-curated) News Feed that consumers actually see. Consumer awareness levels are reported.
Christian Sandvik, Kevin Hamilton, Karrie Karahalios, Cedrik Langbort; Algorithm Audit; 6 pages; Within Seeta Penã Gangadharan, Virginia Eubanks, Solon Barocas (editors); Data and Discrimination: Collected Essays; Open Technology Institute, New American Foundation; 2014-10.
Latanya Sweeney (FTC); Online Ads Roll the Dice; In Their Blog; 2014-09-25.
Latanya Sweeney is Chief Technologist at the Federal Trade Commission (FTC)
Teaser: Online ads, exclusive online communities, and the potential for adverse impacts from big data analytics
tl;dr => content targeting is bad, audience targeting is insidious.
<quote>Personalization appeals to a Western, egocentric belief in individualism. Yet it is based on the generalizing statistical distributions and normalized curves methods used to classify and categorize large populations. Personalization purports to be uniquely meaningful, yet it alienates us in its mass application. Data tracking and personalized advertising is often described as “creepy.” Personalized ads and experiences are supposed to reflect individuals, so when these systems miss their mark, they can interfere with a person’s sense of self. It’s hard to tell whether the algorithm doesn’t know us at all, or if it actually knows us better than we know ourselves. And it’s disconcerting to think that there might be a glimmer of truth in what otherwise seems unfamiliar. This goes beyond creepy, and even beyond the sense of being watched. </quote>
Hollington, Kyprianou; Technology and the Uncanny; At The EVA Conference, London College of Communications; 2008-07-11?; admitted to ISEA 2008,
tl;dr => cites as authorities & seers: Wilhelm Jentsch, Sigmund Freud, Karl Marx.