Defending Internet Freedom through Decentralization: Back to the Future? | Barabas, Narula, Zuckerman

Chelsea Barabas, Neha Narula, Ethan Zuckerman; Defending Internet Freedom through Decentralization: Back to the Future?;a book?; The Center for Civic Media & The Digital Currency Initiative; MIT Media Lab; 2017; 113 pages.

tl;dr → theoretical; witnessing.  You tell it, you tell the story!  Mentions Bitcoin on page 2; uses the word “hegemon” on page 14.  Offers a cook’s tour of the boosterist community and their projects: Freedom Box, Diaspora, Mastodon, Blockstack, Interplanetary File System (IPFS), Solid, Appcoins, Steemit.

Table of Contents

  • Executive Summary
  • Introduction
    • The Rise of the Centralized Web
    • Risks Posed by the Centralized Web
    • Structural Interventions as a Possible Solution
  • Section II: Federation
    • Freedom Box
    • Diaspora
    • Mastodon
  • Section III: Open Protocols
    • Authentication
    • Blockstack
    • Interoperability
    • IPFS
    • Solid
  • Section IV: Appcoins
    • Steemit
  • Conclusion


  • Wait and see, only time will tell.
    <quote>A precondition for the success of these distributed
    platforms is a shift towards user-controlled data,</quote>
  • Fund the projects (the best-of-breed exemplars, below, and more)
    e.g. Let’s Encrypt.
  • The fascination, gee whiz!; it’s simply phenomenal!
    Use Appcoins

    • circumvent Venture Capital funding.
    • business model: unspecified, but definitely “not advertising”
  • A fool and his money are soon parted:
    • <quote>However, this space also has a lot of potential for scams, and it might be unreasonable to expect users to manage a financial stake in many different networks.</quote>


  • Bitcoin
  • Facebook
  • Reddit
  • Let’s Encrypt
  • Appcoins
  • Digitial Millennium Copyright Act (DMCA)
  • File Transfer Protocol (FTP)
  • Gopher
  • Archie
  • Wide Area Information Server (WAIS)
  • John Perry Barlow
    A Declaration of the Independence of Cyberspace
  • Fred Turner
    ambiguous reference

  • World Wide Web (WWW)
  • Domain Name System (DNS)
  • “lock the web open”, attributed to Brewster Kayle.
  • Peer-to-Peer
  • cypherpunk worldview
  • Diffie-Hellman key exchange
  • Bitcoin
  • ledger
  • accounts
  • Hyper-Text Transport Protocol (HTTP)
  • Simple Mail Transfer Protocol (SMTP)
  • <quote>Distributed, peer-to-peer protocols like HTTP and SMTP</quote>
    um, what?
  • Millennials
  • Baby Boomers
  • Google competitors
    • Baidu,
    • Yahoo,
    • Microsoft,
    • Yandex.
    • hey … what about DuckDuckGo?
  • Twitter
  • Arab Spring
  • Tunisia
  • Baltimore
  • BitTorrent
  • YouTube
  • WhatsApp
  • software stack
  • surveillance
  • decryption keys
  • Thailand
  • Thai Royal Family
  • “lock



  • Freedom Box
  • Diaspora
  • Mastodon
  • Blockstack
  • Interplanetary File System (IPFS)
  • Solid
  • Appcoins
  • Steemit


  • Facebook
  • Google
  • Reddit
  • Twitter
  • WhatsApp
  • YouTube


  • User and developer adoption
  • Security
  • Monetization and incentives


Elaborated in the Introduction

  1. Top-down, Direct Censorship
  2. Something. Couldn’t identify what it was. His second point, and surely they had one…



  • decentralized
  • good old days of unmediated publishing
  • critical safeguard for user privacy
  • mainstream
  • “disrupt” this new class of power elites


  • mega-platform
  • centralized
  • third-party intermediaries
  • marginalized voices
  • for-profit
  • today’s online hegemons.


  • John Perry Barlow, theorist.
  • Philando Castile, executed by police, on live TV.
  • David Chaum, polymath.
  • Fred Turner, Harry and Norman Chandler Professor of Communication
    Department Chair, Stanford University.
  • Frederick Jackson Turner, Wisconsin, Harvard, 1861→1932.
  • Mark Zuckerbirg, CEO, Facebook


There are 201 references, presented inline, as footnotes, in the style of a legal tract.

They are <omitted/> herein.

Previously filled.

Out of Action: Do protests work? | The New Yorker

Out of Action: Do protests work?; Nathan Heller; In The New Yorker; 2017-08-14.
Teaser: Skeptics suggest that “folk politics”—marches, protests, and the like—are a distraction from the challenges of real change.

tl;dr → No.  Betteridge’s Law. folk politics as “leaderless” slactivism does not work; “leader”-based, top-down circa 1955-1965 did work; see Zeynep Tufekci.


<quote>Tufekci’s conclusions about the civil-rights movement are unsettling because of what they imply. People such as Kauffman portray direct democracy as a scrappy, passionate enterprise: the underrepresented, the oppressed, and the dissatisfied get together and, strengthened by numbers, force change. Tufekci suggests that the movements that succeed are actually proto-institutional: highly organized; strategically flexible, due to sinewy management structures; and chummy with the sorts of people we now call élites.</quote>


  • “folk politics”
    • Attributed to Nick Srnicek, Alex Williams in Inventing the Future
    • Constitutes
      • authenticity-mongering
      • <quote>reasoning through individual stories [is] also a journalistic tic</quote>
      • <quote>a general inability to think systemically about change&lt/;quote>
    • “This is politics transmitted into pastime—politics-as-drug-experience, perhaps—rather than anything capable of transforming society”
    • <quote>Their objection to protest and direct action defies generations of radical zeal. “The people, united, will never be defeated!” the old street chant goes. These lefties say that, actually, they will.</quote>
    • <quote><snip/>the left, despite its pride in being progressive, is mired in nostalgia.
      “Petitions, occupations, strikes, vanguard parties, affinity groups, trade unions: all arose out of particular historical conditions,” they say. They think that modernizing these things for an internationalized, digitized world will free us from what they vividly call our “endless treadmill of misery.” Protest is fine for digging in your heels. But work for change needs to be pragmatic and up-to-date. </quote>
    • <quote>Inventing the Future may be the shrewdest, sanest pipe dream of a book published since the recession.</quote>
  • “the multitude”
    • Attributed to Michael Hardt, Antonio Negri; Assembly (Heretical Thought);
    • Constitutes
    • …some things…


  • <quote><snip/>the killings of “more than” forty unarmed black people by law-enforcement officers. A majority of these officers were not indicted, however; of those that were, three were found guilty. To date, only one of the convicted has received a prison sentence.</quote>
  • …more…



In The New Yorker



  • New York
  • London
  • 2003
  • Occupy Wall Street
  • misdeeds of the finance industry
  • stranglehold of corporate power
  • predations of inequality.
  • Autumn 2011
  • Zuccotti Park
  • lower Manhattan.
  • 2014.
  • Black Lives Matter (B.L.M.)
  • demonstrators
  • Missouri
  • Women’s March
  • female empowerment
  • just-inaugurated President
  • boulevards in cities
  • New York
  • Washington
  • London
  • Los Angeles
  • First Amendment
  • “the right of the people peaceably to assemble, and to petition the Government for a redress of grievances”
  • Stamp Act boycotts of the seventeen-sixties
  • 1913 suffrage parade and the March on Washington
  • 1963
  • Tom Lehrer
  • Arab Spring
  • Macau
  • the feminism-and-rationalism-flaunting event known as Boobquake.
  • strident
  • Boobquake
  • Brainquake.
  • smartphones
  • social media
  • made organizing easier
  • social theatre
  • folk politics
  • authenticity-mongering
  • reasoning through individual stories [is] also a journalistic tic
  • channelling the righteous sentiments of those involved over the mechanisms of real progress.
  • pastime—politics-as-drug-experience
  • [not] wing nuts of the right
  • [not] stodgy suits
  • [not] quailing centrists.
  • Marx-infused leftists
  • “post-work,” open-bordered world.
  • “postcapitalist”
  • shorten the work week
  • a generous and global basic income
  • when robots take our jobs.

Previously filled.

Corporate Surveillance in Everyday Life | Cracked Labs

Corporate Surveillance in Everyday Life. How Companies Collect, Combine, Analyze, Trade, and Use Personal Data on BillionsWolfie Christl,; Cracked Labs, Vienna; 2017-06; 93 pages.

Teaser: <shrill>How thousands of companies monitor, analyze, and influence the lives of billions. Who are the main players in today’s digital tracking? What can they infer from our purchases, phone calls, web searches, and Facebook likes? How do online platforms, tech companies, and data brokers collect, trade, and make use of personal data?</shrill>

Table of Contents

  1. Background and Scope
  2. Introduction
  3. Relevant players within the business of personal data
    1. Businesses in all industries
    2. Media organizations and digital publishers
    3. Telecom companies and Internet Service Providers
    4. Devices and Internet of Things
    5. Financial services and insurance
    6. Public sector and key societal domains
    7. Future developments?
  4. The Risk Data Industry
    1. Rating people in finance, insurance and employment
    2. Credit scoring based on digital behavioral data
    3. Identity verification and fraud prevention
    4. Online identity and fraud scoring in real-time
    5. Investigating consumers based on digital records
  5. The Marketing Data Industry
    1. Sorting and ranking consumers for marketing
    2. The rise of programmatic advertising technology
    3. Connecting offline and online data
    4. Recording and managing behaviors in real-time
    5. Collecting identities and identity resolution
    6. Managing consumers with CRM, CIAM and MDM
  6. Examples of Consumer Data Broker Ecosystems
    1. Acxiom, its services, data providers, and partners
    2. Oracle as a consumer data platform
    3. Examples of data collected by Acxiom and Oracle
  7. Key Developments in Recent Years
    1. Networks of digital tracking and profiling
    2. Large-scale aggregation and linking of identifiers
    3. “Anonymous” recognition
    4. Analyzing, categorizing, rating and ranking people
    5. Real-time monitoring of behavioral data streams
    6. Mass personalization
    7. Testing and experimenting on people
    8. Mission creep – everyday life, risk assessment and marketing
  8. Conclusion
  9. Figures
  10. References



  • Omer Tene
  • Jules Polonetsky


Yes.  A work this polished could be hid for long.


The web variant is summary material.

  1. Analyzing people
  2. Analyzing people in finance, insurance and healthcare
  3. Large-scale collection and use of consumer data
  4. Data brokers and the business of personal data
  5. Real-time monitoring of behaviors across everyday life
  6. Linking, matching and combining digital profiles
  7. Managing consumers and behaviors, personalization and testing
  8. Dragnet – everyday life, marketing data and risk analytics
  9. Mapping the commercial tracking and profiling landscape
  10. Towards a society of pervasive digital social control?


There are 601 footnotes, which are distinct from the references.
There are 102 of references

Previously filled.

Web Privacy Census | Altaweel, Good, Hoofnagle

Ibrahim Altaweel, Nathaniel Good, Chris Jay Hoofnagle; Web Privacy Census; In Technology Science; 2015-12-15.

tl;dr → there are lots of (HTML4) cookies; cookies are for tracking; cookies are bad. factoids are exhibited.


Most people may believe that online activities are tracked more pervasively now than they were in the past. In 2011, we started surveying the online mechanisms used to track people online (e.g., HTTP cookies, Flash cookies and HTML5 storage). We called this our Web Privacy Census. We repeated the study in 2012. In this paper, we update the study to 2015.


  • Universe
    • Quantcast
    • “top 1 million”
  • Attack
    • Firefox 39
    • OpenWPM
  • Client
    • HTML4 Cookies
    • HTML5 Storage
    • Flash
  • Use Cases
    indistinguishable in the census method

    • Analytics
    • Tracking (Trak-N-Targ)
    • Conversion
    • Personalization
    • Security


Header Enrichment or ISP Enrichment? Emerging Privacy Threats in Mobile Networks | Vallina-Rodriguez, Sundaresan, Kreibich, Paxson

Narseo Vallina-Rodriguez, Srikanth Sundaresan, Christian Kreibich, Vern Paxson; Header Enrichment or ISP Enrichment? Emerging Privacy Threats in Mobile Networks; In Proceedings of the ACM SIGCOMM Workshop on Hot Topics in Middleboxes and Network Function Virtualization (HotMiddlebox 2015, huh? now you’re just being silly); 2015-08-17; 6 pages; landing.


HTTP header enrichment allows mobile operators to annotate HTTP connections via the use of a wide range of request headers. Operators employ proxies to introduce such headers for operational purposes, and—as recently widely publicized—also to assist advertising programs in identifying the subscriber responsible for the originating traffic, with significant consequences for the user’s privacy. In this paper, we use data collected by the Netalyzr network troubleshooting service over 16 months to identify and characterize HTTP header enrichment in modern mobile networks. We present a timeline of HTTP header usage for 299 mobile service providers from 112 countries, observing three main categories:

  1. unique user and device identifiers (e.g., IMEI and IMSI)
  2. headers related to advertising programs, and
  3. headers associated with network operations.


  • HTTP header enrichment
  • Netalyzr
    • Netalyzer-for-Android
  • Verizon Precision Marketingt Insights
  • The IETF’s Service Function Chaining (SFC) standards are vague about whether injected headers are good or bad (should be removed).
  • Data
    • Collected: 2013-11 → 2015-03.
    • 112 countries
    • 299 operators
  • Belief: no M?NO is yet cracking TLS to insert HTTP headers into the encrypted stream.
  • Suggested as an ID-less methods of identification: device-unique allocation of the (routable) IPv6 space to identify the device, in addition to routing to it.
  • RFC 7239Forwarded HTTP Extension; A. Peterson, M. Milsson (Opera); IETF; 2014-06.
  • Cessation Timeline
    • 2014-10 → Vodaphone (ZA) has ceased their practices in 2014-10, nothing to see there, now.
    • 2014-11 → AT&T has ceased their practices 2014-11.
    • 2015-03 → Verion was not respecting opt-out (as evidenced by not inserting the X-UIDH header) through 2015-03.
  • Continuation
    • Verion continues the X-UIDH header insertion.
  • The X-Forwarded-For header carries extra freight in T-Mobile (DE)
  • Carrier-Grade NAT (CGN) at per RFC 6598IANA-Reserved IPv4 Prefix for Shared Address Space (2012-04)


Table 1 & Table 2; Table 3 (not shown)

HTTP Header Operator Country Estimated Purpose
x-up-calling-line-id Vodacom ZA Phone Number
msisdn Orange JO MISDN
x-nokia-msisdn Smart PH
tm_user-id Movistar ES Subscriber ID
x-up-3gpp-imeisv Vodacom ZA IMEI
lbs-eventtime Smarttone HK Timestamp
lbs-zoneid Location
x-acr AT&T US unstated, an identifier
x-amobee-1 Airtel IN
x-amobee-2 Singtel SG
x-uidh Verizon US
x-vf-acr Vodacom ZA
Vodafone NL


  • Access Point Name (APN)
  • GPRS
  • HTTP
  • IMSI
  • IMEI
  • J2ME
  • Location-Based Services (LBS)
  • Mobile Country Code (MCC)
  • Mobile Network Code (MNC)
  • Mobile Network Operator (MNO)
  • Mobile Virtual Network Operator (MVNO)
  • Hong Kong Metro (subway) (MTR)
  • Service Function Chaining (SFC)
  • SIM
  • Transport-Layer Security (TLS)
  • Unique Identifier (UID); contra the specific UUID or GUID
  • Virtual Private Network (VPN)
  • WAP


A significant number of newpaper articles, vulgarizations & bloggist opinements.

The Mobile Web Sucks, because of advertising

The Series

The compendium, in archaeological order…


  • Ben Thompson; Why Web Pages Suck; In His Blog entitled Stratechery; 2015-07-15.
    riffing against: Gruber’s complaint.
  • John Gruber; Safari Content Blocker, Before and After; In His Blog entitled Daring Fireball; 2015-07-08; separately filled.

    • Apple news site iMore
    • Safari Content Blocker system would cause a “reckoning” for publishers b
    • <quote>With Safari Content Blockers, Apple is poised to allow users to fight back. Apple has zeroed in on what we need: not a way to block ads per se, but a way to block obnoxious JavaScript code. A reckoning is coming.</quote>
  • Whereas The Vergepublishes 40 linkbait packages per day
    • It is not possible to do this on multiple proprietary publishing systems.
    • ergo Web publishing in “standard” HTML and “standard” adtech to monetize.
  • The web is too slow & bloated so, therefore
    • Apple News (iMore)
    • Facebook Instant Articles
  • Mobile/Tablet Browser Market Share; At NetMarketShare.
  • There is some chain of reasoning in the middle that induces a causal relationship between performance and ecosystem health:
    • Chain of Reasoning
      • Bad PC software created the opening for The Web
      • Bad Mobile Web created the opening for Mobile Apps
      • Unvoiced: something about opening the way for Officework/Desktop/EXE/Apps (again).
    • Claim: Microsoft is giving away Windows 10 because Windows 10 exe files will “run anywhere” (ahem: write once, run anywhere).
    • <quote>Apps have become nearly irrelevant on desktops because the web experience is close to perfect, while apps are vitally important on phones because the web experience is dismal. Windows 10 looks like it’s going to be a big step forward for Microsoft, but it won’t be able to bridge that gap. I’m not sure anything can.</quote>


  • Apple News (iMore)
  • Facebook Instant Articles
  • Facebook
  • Twitter
  • Web Fonts


Automated Experiments in Ad Privacy Settings: A Tale of Opacity, Choice and Discrimination | Datta, Tschantz, Datta

Amit Datta, Michael Carl Tschantz, Anupam Datta; Automated Experiments in Ad Privacy Settings: A Tale of Opacity, Choice and Discrimination; In Proceedings of Privacy Enhancing Technologies Symposium (PETS);  2015-04-01; landing.


To partly address people’s concerns over web tracking, Google has created the Ad Settings webpage to provide information about and some choice over the profiles Google creates on users. We present AdFisher, an automated tool that explores how user behaviors, Google’s ads, and Ad Settings interact. AdFisher can run browser-based experiments and analyze data using machine learning and significance tests. Our tool uses a rigorous experimental design and statistical analysis to ensure the statistical soundness of our results. We use AdFisher to find that the Ad Settings was opaque about some features of a user’s profile, that it does provide some choice on ads, and that these choices can lead to seemingly discriminatory ads. In particular, we found that visiting webpages associated with substance abuse changed the ads shown but not the settings page. We also found that setting the gender to female resulted in getting fewer instances of an ad related to high paying jobs than setting it to male. We cannot determine who caused these findings due to our limited visibility into the ad ecosystem, which includes Google, advertisers, websites, and users. Nevertheless, these results can form the starting point for deeper investigations by either the companies themselves or by regulatory bodies.


  • Google
  • AdSettings
  • AdFisher
  • Experimental design: blocking (see appendix)


  • Selenium
  • Python
  • Firefox
  • scikit-learn
  • SciPy




A 72-hour press cycle; archaeological order…


  • R. Mayer, J. C. Mitchell, “Third-party web tracking: Policy and technology,” in Proceedings of the IEEE Symposium on Security and Privacy (SP), 2012, pp. 413–427.
  • B. Ur, P. G. Leon, L. F. Cranor, R. Shay, Y. Wang, “Smart, useful, scary, creepy: Perceptions of online behavioral advertising,” in Proceedings of the Eighth Symposium on Usable Privacy and Security. ACM, 2012, pp. 4:1–4:15.
  • Google, About ads settings, 2014-11-21.
  • Yahoo!, Ad interest manager, 2014-11-21.
  • Microsoft, Microsoft personalized ad preferences, 2014-11-21.
  • Executive Office of the President, Big data: Seizing opportunities, preserving values, 2014.
  • R. Zemel, Y. Wu, K. Swersky, T. Pitassi, C. Dwork, Learning fair representations, in Proceedings of the 30th International Conference on Machine Learning (ICML-13); S. Dasgupta and D. Mcallester (editors), vol. 28. JMLR Workshop and Conference Proceedings, 2013-05, pp. 325–333.
  • Google, Privacy policy, 2014-11-20.
  • F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, E. Duchesnay, “Scikit-learn: Machine learning in Python,” In Journal of Machine Learning Research, vol. 12, pp. 2825–2830, 2011.
  • E. Jones, T. Oliphant, P. Peterson et al., SciPy: Open source scientific tools for Python, 2001,
  • M. C. Tschantz, A. Datta, A. Datta, J. M. Wing, A methodology for information flow experiments, ArXiv, Tech. Rep. arXiv:1405.2376, 2014.
  • P. Good, Permutation, Parametric and Bootstrap Tests of Hypotheses. Springer, 2005.
  • C. E. Wills and C. Tatar, “Understanding what they do with what they know,” in Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society (WPES), 2012, pp. 13–18.
  • P. Barford, I. Canadi, D. Krushevskaja, Q. Ma, S. Muthukrishnan, “Adscape: Harvesting and analyzing online display ads,” in Proceedings of the 23rd International Conference on World Wide Web (WWW). 2014, pp. 597–608.
  • B. Liu, A. Sheth, U. Weinsberg, J. Chandrashekar, R. Govindan, “AdReveal: Improving transparency into online targeted advertising,” in Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks. ACM, 2013, pp. 12:1–12:7.
  • M. Lécuyer, G. Ducoffe, F. Lan, A. Papancea, T. Petsios, R. Spahn, A. Chaintreau, R. Geambasu, “XRay: Increasing the web’s transparency with differential correlation,” in Proceedings of the USENIX Security Symposium, 2014.
  • S. Englehardt, C. Eubank, P. Zimmerman, D. Reisman, A. Narayanan, Web privacy measurement: Scientific principles, engineering platform, and new results, 2014, 2014-11-22.
  • S. Guha, B. Cheng, P. Francis, “Challenges in measuring online advertising systems,” in Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (IM), 2010, pp. 81–87.
  • R. Balebako, P. Leon, R. Shay, B. Ur, Y. Wang, L. Cranor, “Measuring the effectiveness of privacy tools for limiting behavioral advertising,” in Proceedings of the Web 2.0 Security and Privacy Workshop, 2012.
  • L. Sweeney, “Discrimination in online ad delivery,” In Communications of the ACM, vol. 56, no. 5, pp. 44–54, 2013.
  • R. A. Fisher, The Design of Experiments. Oliver & Boyd, 1935.
  • S. Greenland and J. M. Robins, “Identifiability, exchangeability, and epidemiological confounding,” In International Journal of Epidemiology, vol. 15, no. 3, pp. 413–419, 1986.
  • T. M. Mitchell, Machine Learning. McGraw-Hill, 1997.
  • D. D. Jensen, Induction with randomization testing: Decision-oriented analysis of large data sets, Ph.D. dissertation, Sever Institute of Washington University, 1992.
  • Is popularity in the top sites by category directory based on traffic rank?, Alexa, 2014-11-21.
  • C. M. Bishop, Pattern Recognition and Machine Learning. Springer, 2006.
  • S. Holm, “A simple sequentially rejective multiple test procedure,” In Scandinavian Journal of Statistics, vol. 6, no. 2, pp. 65–70, 1979.
  • Google privacy and terms, Google, 2014-11-22.
  • H. Abdi, “Bonferroni and Šidák corrections for multiple comparisons,” in Encyclopedia of Measurement and Statistics, N. J. Salkind, editor. Sage, 2007.
  • D. Hume, A Treatise of Human Nature: Being an Attempt to Introduce the Experimental Method of Reasoning into Moral Subjects, 1738, book III, part I, section I.
  • “On pay gap, millennial women near parity — for now: Despite gains, many see roadblocks ahead,” Pew Research Center’s Social and Demographic Trends Project, 2013.
  • T. Z. Zarsky, “Understanding discrimination in the scored society,” In Washington Law Review, vol. 89, pp. 1375–1412, 2014.
  • R. S. Zemel, Y. Wu, K. Swersky, T. Pitassi, C. Dwork, “Learning fair representations,” in Proceedings of the 30th International Conference on Machine Learning, JMLR: W&CP, vol. 28., 2013, pp. 325–333.
  • Editor, Adwords cost per click rises 26% between 2012 and 2014, Adgooroo, DATE?
  • L. Olejnik, T. Minh-Dung, C. Castelluccia, “Selling off privacy at auction,” in Proceedings of the Network and Distributed System Security Symposium (NDSS). The Internet Society, 2013.
  • C. J. Clopper, E. S. Pearson, “The use of confidence or fiducial limits illustrated in the case of the binomial,” In Biometrika, vol. 26, no. 4, pp. 404–413, 1934.

Via: backfill.

Do Not Track (Documentary), Episodes 1-7

Do Not Track

Episodes contains links to the episodes & popularization pieces on other venues

  • S01E01 : Morning rituals, 2015-04-14.
  • S01E02 : Breaking Ad, 2015-04-14.
  • S01E03 : Like Mining (in German, with English subtitles), 2015-04-26.
  • S01E04 : The spy in my pocket, 2015-05-12.
  • S01E05 : Big Data Inside the Algorithm, 2015-05-26.
  • S01E06 : The Daily Me, 2015-06-09.
  • S01E07 : To change the future, click here, 2015-06-15.

tl;dr → facile, shrill, handwringy.  Very media-arts-y. Ominous music to set the mood. No new information. Very, very slow-paced.


  • Depicts that Yahoo only has two trackers on it
    • Yahoo
    • comScore
  • DoubleClick
    Something about a legal precedent in the early oughties that established that tracking was not wiretapping; it was (something about) being with your friends.  No citation.  Julia Angwin voices the statement.
  • Illuminatus
    Something about eCommerce preferences via your social media account (your Facebook account).
  • UDID
    Still spoken of in Episode 4 as if it were current & available.
  • Big Data
    • is very big.
    • is very bad.
  • There be dragons.
  • Collaborative Filtering
    • is bad
    • causes polarlization (polarization is bad)
    • Facebook uses Collaborative Filtering
      ∴ Facebook is bad
    • Twitter uses Collaborative Filtering
      ∴Twitter is bad
  • Depicted, but not discussed.
    • Content farms in general
    • Demand Media
    • Associated Content (Yahoo)
    • Buzzfeed


  • … that if consumers all, each, paid some … it would all be wonderful & ad-free.
  • ARPU
    • Facebook → $9/year
    • Google →$55/year
  • Ethan Zuckerman, MIT Media Lab
    Claims he invented the popup ad to ensure Ford Motor Company did not get car ads on anal sex sites (or a story substantially similar to this line of causality).  He claims he invented the popup ad. And: Ethan Zuckerman, Who Invented Pop-Up Ads Says ‘I’m Sorry’; In Forbes; 2014-08-15.



the activists…

  • Danah Boyd, Data & Society Institute.
  • Nathan Frietas, The Guardian Project.
  • Harlo Holmes, The Guardian Project
  • Ethan Zuckerman, MIT Media Lab
  • Julia Angwin, self; ex-Wall Street Journal (WSJ)
  • Michal Kosinski, Stanford University
  • Jeffrey Stewart, CEO, Leddo
  • Natalie Blanchard, IBM, exemplar of a depressant
  • Marcus Behdahl?  Some news organism, in EU.
  • Mathieu Desjardins, WHERE?
  • Cory Doctorow, self.
  • Kate Crawford, Microsoft.
  • Tyler Virgen, Spurrious Correlations
  • Alicia Garza, #BlackLivesMatter.
  • Emily Bell, Tow Center, School of Journalism, Columbia University; ex-Guardian
  • Gilad Lotan, Chief Data Scientist, Betaworks.
  • Someone, Episode 7.

Taming the Android AppStore: Lightweight Characterization of Android Applications | Vigneri, Chandrashekar, Pefkianakis, Heen

Luigi Vigneri, Jaideep Chandrashekar, Ioannis Pefkianakis, Olivier Heen; Taming the Android AppStore: Lightweight Characterization of Android Applications; Research Report RR-15-305; EURECOM, Sophia-Antipolis FR; 2015-04-27; 20 pages; arXiv:1504.06093.

tl;dr => apps run gobs of beacons; 20-33% is ad-related.   Yet nothing to see here.

reminder => the consent event of the consumer pertaining to this treatment occurred when the app was purchased (requested for download). Contractually & regulatory framing: the consumer was notified, they consented, and the experience was delivered as was transparently indicated in the terms of service. The consumer asked for it.


There are over 1.2 million applications on the Google Play store today with a large number of competing applications for any given use or function. This creates challenges for users in selecting the right application. Moreover, some of the applications being of dubious origin, there are no mechanisms for users to understand who the applications are talking to, and to what extent. In our work, we first develop a lightweight characterization methodology that can automatically extract descriptions of application network behavior, and apply this to a large selection of applications from the Google App Store. We find several instances of overly aggressive communication with tracking websites, of excessive communication with ad related sites, and of communication with sites previously associated with malware activity. Our results underscore the need for a tool to provide users more visibility into the communication of apps installed on their mobile devices. To this end, we develop an Android application to do just this; our application monitors outgoing traffic, associates it with particular applications, and then identifies destinations in particular categories that we believe suspicious or else important to reveal to the end-user.

Table of Contents

  • Introduction
  • Background
  • Related Work
  • Dataset
    • Application Selection
    • Application Execution
    • URL Analysis
  • Application Destination Characterization
    • Detailed Apps Characterization
    • Advertising Intensity
    • Tracking Intensity
    • App Suspiciousness
    • App Category Behavior
    • Application Description
  • Conclusion


  • No Such App (NSA)
    • Their app is called NSA, ’cause that’s cool.
    • Not available in Google PlayStore
    • Direct link (who knows what that is)
    • SandroProxy for MITM of the SSL
  • Traffic Analysis
    • HTTP only
    • HTTPS is not analyzed
  • Endpoint Characterization
    • It’s an Ad Related Endpoint if it has come to the attention of Ad Block Plus’ EasyList.
    • It’s a Malevolent Endpoint if it has come to the attention of Webutation, VirusTotal or Google Safe Browsing.
  • Data usage
    • 20-33% of data usage is categorized as “ad related”; Table 11.


The percentage of apps in from the Google Play Store which contact these domains.  Recall though that the act of downloading the app onto your box was the consent event that makes this all copacetic (i.e. formally, you asked to have this happen to you)..

Domain Contacts 41.50% 35.80% 35.40% 26.60% 23.80% 17.20% 17.00% 13.90% 12.80% 8.80% 5.80% 5.60% 5.10% 4.80% 4.80% 4.10% 4.10% 3.70% 3.40% 3.30%

The percentage of data use in apps. Table 11 (reordered & re-presented to highlight the most-common categories.  The “IT” category is a default “other” type of category meant to include any bookkeeping traffic that wasn’t otherwise categorizable.

Ads “IT” News Search Social Dynamic
LIBRARIES/DEMO 26.20% 31.20% 6.60% 19.50% 0.00% 0.90%
LIFESTYLE 23.20% 24.30% 4.10% 15.10% 4.60% 7.10%
BUSINESS 17.00% 31.50% 0.60% 13.90% 9.10% 7.90%
ENTERTAINMENT 20.10% 26.20% 3.70% 10.70% 2.90% 7.80%
MEDIA/VIDEO 26.00% 25.10% 5.20% 10.30% 5.10% 6.00%
MEDICAL 29.60% 27.40% 5.90% 9.10% 3.20% 8.10%
GAMES 30.10% 29.10% 2.80% 9.80% 0.30% 6.40%
BOOKS/REFERENCE 29.80% 24.20% 5.80% 13.20% 2.50% 6.30%
MUSIC/AUDIO 21.50% 24.00% 3.20% 9.70% 5.20% 8.80%
TRANSPORTATION 24.30% 27.20% 3.80% 17.00% 0.40% 5.10%
SHOPPING 10.90% 25.80% 2.20% 8.20% 9.50% 8.70%
FINANCE 21.20% 31.40% 2.20% 8.80% 5.40% 6.60%
COMICS 31.90% 20.10% 5.40% 13.20% 3.90% 4.40%
PHOTOGRAPHY 30.50% 20.10% 4.90% 15.20% 0.90% 4.90%
WEATHER 26.80% 25.00% 9.10% 14.40% 3.00% 4.80%
PERSONALIZATION 21.00% 28.40% 6.10% 17.30% 0.40% 8.20%
HEALTH/FITNESS 27.80% 25.80% 3.60% 15.20% 4.90% 5.70%
PRODUCTIVITY 27.00% 27.80% 5.70% 13.00% 3.00% 9.60%
COMMUNICATION 28.00% 25.30% 6.10% 17.00% 2.60% 3.50%
TRAVEL/LOCAL 20.30% 21.30% 4.00% 19.50% 3.50% 2.90%
SPORTS 18.30% 24.30% 3.00% 11.40% 9.90% 5.40%
SOCIAL 16.70% 30.10% 3.70% 14.50% 5.20% 4.80%
EDUCATION 32.60% 23.10% 4.10% 17.10% 3.50% 3.80%
TOOLS 33.60% 27.60% 7.00% 14.50% 1.90% 1.90%
NEWS/MAGAZINES 19.50% 30.60% 8.40% 10.30% 11.20% 3.00%

Via: backfill

Compendium on Verizon’s Precision Marketing Insights, Precision ID, X-UIDH Header


  • Unique IDentifier Header (UIDH)
  • The (silently-added) HTTP header X-UIDH
  • X-UIDH: OTgxNTk2NDk0ADJVquRu5NS5+rSbBANlrp+13QL7CXLGsFHpMi4LsUHw
  • Behaviors (based on information & belief)
    • X-UIDH changes weekly
    • The UIDH identifier indexes demographic, persona and browing history-type records of the subscriber (of the handset or PSTN or paying account).
  • Demonstrators
  • Trade Names
    • Verizon Selects
    • Relevant Mobile Advertising
    • Verizon’s Precision Market Insights
  • Precision Market Insights, a partner
  • Availability
    • No 1st party program
    • Something vague about making data available via partnerships.
  • Capabilities
    • Demographic segments on mobile
    • loyalty
    • retargeting
  • Partners
    • BlueKai
    • BrightRoll
    • RUN
  • Pilot
    • PrecisionID
    • Kraft with Starcom MediaVest group
    • 1-800-Flowers
  • Separately
    • Precision has an in-stadium identification scheme
  • Who
    • Colson Hillier, VP, Precision Market Insights
    • Debra Lewis, press relations, Verizon.
    • Adria Tomaszewski, press relations, Verizon.
    • Kathy Zanowic, senior privacy officer, Verizon.


In archaeological order; derivative works on top, original reportage lower down.


  • Open RTB v2.1 Specification, as implemented by MoPub; on DropBox; updated 2015-02-13; landing.
    <quote>2015-02-15: Removed passing of UIDH parameter and removed all references in the specification</quote>
  • HTTP  Header Enrichment Overview; Documentation; Juniper; 2013-02-14.
    • HTTP Header insertion X-MSISDN
    • MobileNext Broadband Gateway for an Access Point Name (APN)
    • <quote>installing one or more Multiservices Dense Port Concentrators (MS-DPCs) in the broadband gateway chassis</quote>


AT&T’s plan to watch your Web browsing—and what you can do about it | Ars Technica

AT&T’s plan to watch your Web browsing—and what you can do about it; ; In Ars Technica; 2015-03-27.
Teaser: Want to opt out? It could cost up to $744 extra per year.

tl;dr => You have to pay to opt out. Get a VPN.


  • the article
    • is discursive
    • lots of backfill from the pseudonymous commentariat at Ars Forums.
    • tl;dr => the fee is there, either pay it or get a VPN.
  • GigaPower, a product name

    • startup fee
    • + $99/month for DSL-type service
    • + $29/month for tracking-limitation.
    • ⨉ $30% various taxes & user fees
    • = ~$175-$200/month
  • Relevant Advertising, a product name
  • Alternates
  • Precedents
    • Charter, ad insertion, tracking&targeting; abandoned 2008
    • CMA Communication, ad insertion; reported circa 2013-04.
  • Regulatory
    • Something vague about U.S. wiretap law; but opt-in consent trumps this.
    • Something vague about EU data law; but …



  • <quote>AT&T’s best pricing may not be available in cities where it doesn’t compete against Google Fiber. In Dallas, where Google Fiber hasn’t arrived, AT&T was charging $120 a month for gigabit service and still requiring the customer to opt in to Internet Preferences.</quote>
  • <quote>AT&T describes Internet Preferences as “opt-in,” but its website advertises the lower price without mentioning the traffic scanning unless you click “See offer details.”</quote> An actuality of the AT&T consumer acquisition screens is exhibited.
  • <quote>AT&T Internet Preferences works independently of your browser’s privacy settings regarding cookies, do-not-track, and private browsing, If you opt-in to AT&T Internet Preferences, AT&T will still be able to collect and use your Web browsing information independent of those settings. Using the IP address assigned to each GigaPower account, AT&T scans for your AT&T Internet Preferences election, AT&T will treat your Internet browsing activity in accordance with your election. If you chose to participate in the AT&T Internet Preferences program, your Internet traffic is routed to AT&T’s Internet Preferences Web browsing and analytics platform.</quote> attributed to AT&T, either to a document or a speaker (unclear).


  • Privacy Is Becoming a Premium Service; David Auerbach; In Slate; 2015-03-31.
    Teaser: AT&T wants customers to pay the company not to spy on them. And it’s not an outlier.
    Teaser: AT&T Gigapower: The company wants you to pay it not to sell your data

    • wholly derivative of the Ars Technica piece; somewhat more cogent.


Original reporting, a month earlier, in archaeological order (derivatives on top, original work below).

  • AT&T’s Offer: Share Your Data for Personalized Ads, or Pay More; Natasha Singer; In The New York Times (NYT); 2015-02-18.

    • Original reporting the WSJ piece, nearby
    • Quoted
      • Gretchen Schultz, press relations, AT&T
      • Jonathan Mayer, activist, Stanford University (still a graduate student?)
  • AT&T Offers Data Privacy – for a Price; Elizabeth Dwoskin, Thomas Gryta; In The Wall Street Journal (WSJ); 2015-02-10.

    • <quote>AT&T’s new service uses searches terms entered, Web pages visited, and links clicked. The tracking remains in effect even if you clear cookies, use an ad block program, or switch on a browser’s do-not-track settings. The company uses the data it collects to help advertisers target ads on Web pages, email messages or direct mail.</quote>
    • Pricing
      • + $70/month for service
      • + $29/month for “opt out”
      • ✕ 30% user fees & taxes
    • Framing (by AT&T press relations)
      <quote>not as a charge to people who opted out of tracking but as a discount to those who didn’t. “We can offer a lower price to customers participating in AT&T Internet Preferences because advertisers will pay us for the opportunity to deliver relevant advertising and offers tailored to our customer’s interests,”</quote>
    • Quoted
      • Jonathan Mayer, activist, Stanford University
      • Marc Rotenberg, President & Executive Director, Electronic Privacy Information Center (EPIC).
    • Similar
      • AT&T
      • Verizon
    • Concept
      • <quote>The companies stored hidden, undeletable tracking codes on customers’ phones. </quote>
      • <quote>there was no way to opt out of these so-called super-cookies, which let the service providers track them across all devices and monitor device location at all times.</quote>


What you don’t know about Internet algorithms is hurting you | Washington Post

What you don’t know about Internet algorithms is hurting you. (And you probably don’t know very much!); Caitlin Dewey; In The Washington Post; 2015-03-23.

tl;dr => entertainment uses algorithms, algorithms are bad



In archaeological order, newer more derivative works on top, older original matieral down below


The branded concepts of the activism


Pantheon of the activists, cited
  • Eli Pariser
    attributed as an activist
  • Christian Sandvik
    attributed as a communications researcher
  • Zeynep Tufekci
    attributed as a sociologist



This is just a silly & transparent ploy to make a connection to a non-technical audience.  Everyone can relate to Important Art.

Progression: Triptych

OkCupid Compatibility CalculationHello WorldVia: backfill

Online Ads Roll the Dice declares the Federal Trade Commission (FTC)

Latanya Sweeney (FTC); Online Ads Roll the Dice; In Their Blog; 2014-09-25.
Latanya Sweeney is Chief Technologist at the Federal Trade Commission (FTC)
Teaser: Online ads, exclusive online communities, and the potential for adverse impacts from big data analytics

tl;dr => content targeting is bad, audience targeting is insidious.

Original Sources

Big Data: A Tool for Inclusion or Exclusion?; workshop; Federal Trade Commission (FTC); 2014-09-15;

  • Proceedings & Media
  • Commentariat
  • Speakers
    • Kristin Amerling, Chief Investigative Counsel and Director of Oversight, U.S. Senate Committee on Commerce, Science and Transportation
    • Alessandro Acquisti, Associate Professor of Information Systems and Public Policy, Heinz College, Carnegie Mellon University and Co-director of the CMU Center for Behavioral Decision Research
    • Katherine Armstrong, Senior Attorney, Division of Privacy and Identity Protection, FTC
    • Solon Barocas, Postdoctoral Research Associate, Princeton University Center for Information Technology Policy
    • danah boyd, Principal Researcher, Microsoft Research, Research Assistant Professor, New York University
    • Julie Brill, Commissioner, Federal Trade Commission
    • Christopher Calabrese, Legislative Counsel, American Civil Liberties Union
    • Leonard Chanin, Partner, Morrison Foerster
    • Daniel Castro, Senior Analyst, Information Technology and Innovation Foundation
    • Pamela Dixon, Founder and Executive Director, World Privacy Forum,
    • Cynthia Dwork, Distinguished Scientist, Microsoft Research
    • Mallory Duncan, Senior Vice President and General Counsel, National Retail Federation
    • Patrick Eagan-Van Meter, Program Specialist, Division of Financial Practices, FTC
    • Jeanette Fitzgerald, General Counsel and Chief Privacy Officer, Epsilon
    • Tiffany George, Senior Attorney, Division of Privacy & Identity Protection, FTC
    • Jeremy Gillula, Staff Technologist, Electronic Frontier Foundation
    • Gene Gsell, Senior Vice President, U.S. Retail & CPG, SAS
    • Mark MacCarthy, Vice President for Public Policy, Software Information Industry Association
    • Carol Miaskoff, Assistant Legal Counsel, Office of Legal Counsel, Equal Employment Opportunity Commission
    • Montserrat Miller, Partner, Arnall Golden Gregory LLP,
    • Christopher Olsen, Assistant Director, Division of Privacy and Identity Protection, FTC
    • C. Lee Peeler, President and CEO of the Advertising Self-Regulatory Council and, Executive Vice President, National Advertising Self-Regulation, Council of Better Business Bureaus
    • Stuart Pratt, President and CEO, Consumer Data Industry Association
    • Edith Ramirez, Chairwoman, Federal Trade Commission
    • Jessica Rich, Director, Bureau of Consumer Protection, Federal Trade Commission
    • David Robinson, Principal, Robinson + Yu
    • Michael Spadea, Director, Promontory Financial Group
    • Latanya Sweeney, Chief Technologist, Federal Trade Commission
    • Peter Swire, Professor of Law and Ethics, Scheller College of Business, Georgia Institute of Technology
    • Nicol Turner-Lee, Vice President and Chief Research & Policy Officer, Minority Media and Telecommunications Council
    • Joseph Turow, Professor, Annenberg School for Communication, University of Pennsylvania
    • Christopher Wolf, Senior Partner, Hogan Lovells, Founder and Chair, Future of Privacy Forum, Chair, National Civil Rights Committee, Anti-Defamation League
    • Katherine Worthman, Senior Attorney, Division of Financial Practices, FTC
    • Jinyan Zang, Research Fellow in Technology and Data Governance, Federal Trade Commission

Big Data, a Tool for Inclusion or Exclusion?; Edith Ramirez (FTC), Solon Baracas (Princeton); Workshop Slides; 36 slides.

  • A tutorial on “data mining,” i.e. what is it?
  • Claims:
    • Data mining is always & by definition a form of discrimination, by conferring upon individuals the traits of those similar to them [it is rational, statistically-based stereotyping] (slide 9)
    • Data mining can be wrong; can be skewed, can overcount, can undercount, can mis-label, can mis-classify; there be dragons here. (middle)
    • Data mining unintentionally exacerbates existing inequality; there is no ready answer (slide 25)

Latanya Sweeney, Jinyan Zang (FTC); Digging into the Data; presentation; 30 slides.

  • Subtitles (huge subtitles)
    • If the appropriateness of an advertisement for a publication depends on the nature and character of the publication, then
      how “appropriate” might big data analytics decisions be when placing ads?
    • If the appropriateness of an advertisement for a publication depends on the nature and character of the publication, then how “appropriate” might big data analytics decisions be when placing ads?
  • Contributors
    • Krysta Dummit, undergraduate, Princeton 2015.
    • Jim Graves, graduate student, Carnegie Mellon University (CMU)
    • Paul Lisker,  undergraduate, Harvard University 2016.
    • Jinyan Zang, Oliver Wyman (a consulting boutique), Harvard University 2013.
  • Mentions
  • Promise:
    • A forthcoming paper: contact Latanya Sweeny for a copy upon release




alt text for 3
alt text for 4
alt text for 5
alt text for 6
alt text for 7

Via: backfill

Data Doppelgängers and the Uncanny Valley of Personalization | Sara M. Watson

Data Doppelgängers and the Uncanny Valley of Personalization; ; In The Atlantic; 2014-06-16.
Teaser: Why customized ads are so creepy, even when they miss their target


  • Masahiro Mori
  • Acxiom
  • Facebook

<quote>Personalization appeals to a Western, egocentric belief in individualism. Yet it is based on the generalizing statistical distributions and normalized curves methods used to classify and categorize large populations. Personalization purports to be uniquely meaningful, yet it alienates us in its mass application. Data tracking and personalized advertising is often described as “creepy.” Personalized ads and experiences are supposed to reflect individuals, so when these systems miss their mark, they can interfere with a person’s sense of self. It’s hard to tell whether the algorithm doesn’t know us at all, or if it actually knows us better than we know ourselves. And it’s disconcerting to think that there might be a glimmer of truth in what otherwise seems unfamiliar. This goes beyond creepy, and even beyond the sense of being watched. </quote>




Attributed To: jimi Wales Wiki

Via: backfill