Archive for the ‘Technology’ Category
Really, Congress should take action—yeah, I know. In ProPublica Julia Angwin and Jeff Larsen describe what’s happening:
Twitter’s mobile advertising arm enables its clients to use a hidden, undeletable tracking number created by Verizon to track user behavior on smartphones and tablets.
Wired and Forbes reported earlier this week that the two largest cellphone carriers in the United States, Verizon and AT&T, are adding the tracking number to their subscribers’ Internet activity, even when users opt out.
The data can be used by any site – even those with no relationship to the telecoms — to build a dossier about a person’s behavior on mobile devices – including which apps they use, what sites they visit and for how long.
MoPub, acquired by Twitter in 2013, bills itself as the “world’s largest mobile ad exchange.” It uses Verizon’s tag to track and target cellphone users for ads, according toinstructions for software developers posted on its website.
Twitter declined to comment.
AT&T said that its actions are part of a test. Verizon says it doesn’t sell information about the demographics of people who have opted out.
This controversial type of tracking, known in industry jargon as header enrichment, is the latest step in the mobile industry’s quest to track users on their devices. Google has proposed a new standard for Internet services that, among other things, would prevent header enrichment.
People using apps on tablets and smartphones present a challenge for companies that want to track behavior so they can target ads. Unlike on desktop computers, where users tend to connect to sites using a single Web browser that can be easily tracked by “cookies,” users on smartphones and tablets use many different apps that do not share information with each other.
For a while, ad trackers solved this problem by using a number that was build into each smartphone by Apple and Google. But under pressure from privacy critics, both companies took steps to secure these Device IDs, and began allowing their users to delete them, in the same way they could delete cookies in their desktop Web browser.
So the search for a better way to track mobile users continued. In 2010, two European telecom engineers proposed an Internet standard for telecom companies to track their users with a new kind of unique identifier. The proposal was eventually adopted as astandard by an industry group called the Open Mobile Alliance.
Telecoms began racing to find ways to use the new identifier. . .
A sidebar in the article:
Does Your Phone Company Track You?
CHECK FOR TRACKING CODE Click from your smartphone or tablet (with Wi-Fi turned off) to see if your telecom provider is adding a tracking number. We don’t save any information.
I think she’s onto something, and I can see no reason on earth why the customer should not be able to delete apps from his or her own phone. Apple is sometimes way too controlling.
And, as an add-on to the previous post, some mobile ISP companies don’t allow encrypted emails to be sent or received—though as soon as it was pointed out publicly, the company changed its stance. They were just trying to see whether they could get away with it, I suppose. Nancy Scola and Ashkan Soltani report in the Washington Post:
Some customers of popular prepaid-mobile company Cricket were unable to send or receive encrypted e-mails for many months, according to security researchers, raising concerns that consumers may find that protecting their privacy is not always in their hands.
The inability to send some encrypted messages on Cricket’s network was discovered by software engineers from the Austin-based digital security firm Golden Frog. The company mentioned the issue in a July filing to the Federal Communications Commission, and the tech publication Techdirt published an article on it earlier this month. But neither Golden Frog’s filing nor Techdirt named the mobile Internet service provider.
Golden Frog told The Washington Post that Cricket customers were unable to send encrypted messages and said its testing found that the problem ended shortly after the TechDirt article was published. It is unclear how long or how many customers were affected.
Cricket did not address repeated questions about the issue and did not alert customers, many of whom rely on Cricket as their sole Internet service, that they would not be able to protect their e-mails from prying eyes. AT&T, which absorbed Cricket when it acquired Leap Wireless last spring, did not respond to a request for comment.
Cricket said in a statement to The Post that it “is continuing to investigate the issue but does not intentionally prevent customers from sending encrypted emails.” . . .
How many believe Cricket? … sound of crickets …
Fascinating article by Micah Lee at Motherboard:
Late on the evening of January 11, 2013, someone sent me an interesting email. It was encrypted, and sent from the sort of anonymous email service that smart people use when they want to hide their identity. Sitting at the kitchen table in the small cottage where I lived in Berkeley with my wife and two cats, I decrypted it.
The anonymous emailer wanted to know if I could help him communicate securely with Laura Poitras, the documentary filmmaker who had repeatedly cast a critical eye on American foreign policy.
To: Micah Lee
Date: Fri, 11 Jan 2013
I’m a friend. I need to get information securely to Laura Poitras and her alone, but I can’t find an email/gpg key for her.
Can you help?
I didn’t know it at the time, but I had just been contacted by Edward Snowden, the National Security Agency contractor who was then preparing a momentous leak of government data.
A month earlier, Snowden had anonymously emailed Glenn Greenwald, aGuardian journalist and chronicler of war-on-terror excesses, but Greenwald didn’t use encryption and didn’t have the time to get up to speed, so Snowden moved on. As is now well known, Snowden decided to contact Poitras because she used encryption. But he didn’t have her encryption key, as is necessary to send someone encrypted email, and the key wasn’t posted on the web. Snowden, extraordinarily knowledgeable about how internet traffic is monitored, didn’t want to send her an unencrypted email, even if just to ask for her key. So he needed to find someone he thought he could trust who both had her key and used encrypted email.
That was me.
And as it turned out, several months later I was drawn more deeply into the whole thing, when Snowden got back in touch and asked me to work with him to launch an online anti-surveillance petition.
Until now, I haven’t written about my modest role in the Snowden leak, but with the release of Poitras’s documentary on him, “Citizenfour,” I feel comfortable connecting the dots. I think it’s helpful to show how privacy technologists can work with sources and journalists to make it possible for leaks to happen in a secure way. Securing those types of interactions is part of my job now that I work with Greenwald and Poitras at The Intercept, but there are common techniques and general principles from my interactions with Snowden that could serve as lessons to people outside this organization. . .
Continue reading. It’s a fascinating account.
AT&T throttles their “unlimited” customers routinely. (A few years back, a blog reader commented that “We can trust corporations.” I was stunned by the statement, but I realize that he probably meant that we can trust corporations to try to cheat us at every turn and lie repeatedly.”) Chris Welch reports at The Verge:
The Federal Trade Commission is suing AT&T because the second-largest US carrier throttles speeds of its unlimited data customers, a policy that the FTC describes as “deceptive” and “unfair.” In a press release, the FTC said AT&T has “misled millions of its smartphone customers” by slowing down their data speeds after they’ve used up a certain amount of data in a single month. AT&T has failed to make its throttling policies clear enough, according to the complaint. “The issue here is simple: ‘unlimited’ means unlimited,” said FTC Chairwoman Edith Ramirez. The Commission’s filing blasts AT&T for slowing customers down to the point where common tasks — watching video, streaming music, etc. — become “difficult or nearly impossible.”
Lesson to mobile companies from FTC’s 1st data throttling case: If u promise unlimited data, ur on hook to deliver: http://t.co/Q29FL8Am2V
— FTC (@FTC) October 28, 2014
AT&T no longer offers unlimited data plans; the carrier began slowing down speeds for heavy data users in 2011 — and it’s throttled a whole lot of people since then. 3.5 million unique customers have had speeds slowed more than 25 million times, per the FTC’s numbers. AT&T has drawn thousands of complaints over the policy from consumers who feel unlimited data should continue to be free of restrictions. Those complaints have been sent to the FTC, FCC, Better Business Bureau, and AT&T itself. AT&T is by no means alone in slowing down those on unlimited plans, but clearly the FTC isn’t happy with how the carrier has handled things in recent years. Today’s press release says the FTC worked closely with the FCC in piecing together the complaint. In response, AT&T offered the following, strongly-worded statement: . . .
In the meantime, of course, AT&T is one of the telecoms pressuring states to pass laws that make it illegal for municipalities to create gigabit networks for public use: worse than a dog in the manger, a pig in the manger.
Brian Fung also reports on this in the Washington Post:
AT&T broke the law when it slowed down mobile Internet speeds among customers who’ve paid for unlimited data, federal regulators said in a complaint unveiled Tuesday.
As many as 3.5 million individual AT&T customers were hit by the throttling more than 25 million times over the course of several years, the Federal Trade Commission alleges in its suit. In some cases, users’ speeds were cut by more than 90 percent. . .