After Hours

Take back your privacy with disinformation

TR member dcolbert says that Google, Apple, and Facebook can only track you based on the information that you provide. He suggests that we provide disinformation and take back some of our privacy.

Remember a few years ago, when there was hype about how future advertising would be directly targeted to the individual consumer? Commercials would be able to identify you, learn your preferences and desires, and then custom tailor the ads you see - supposedly leading to a much more enjoyable advertising experience. It isn't that people don't like advertising, so the reasoning went, they just don't like advertising that isn't relevant to them.

Traditional models of advertising are a shotgun approach. Commercials are effectively spam. Broadcast the ad to everyone and hope you reach a couple of people who are interested in what you are promoting. There are ways to fine tune this (you don't see a lot of advertisements for feminine products during "Spongebob Squarepants" or ads for Budweiser beer during Oprah's talkshow) - but in general, you're still painting in pretty broad strokes with traditional advertising.

However, with targeted advertising, you actually know who is watching the show and their individual, personal preferences. The spooky retinal identification in shopping malls displayed in the Tom Cruise movie "Minority Approach" is one plausible application of targeted marketing, although the reality is far more common and a lot less high tech.

Toni Bowers recently wrote about how much power Google holds in setting their algorithms that return relevant web site results. But Google, Apple, and Facebook have all achieved something far more important than determining what web sites we are most likely to visit. They've convinced us to let them ride silently along and track our every move as we click through the information highway, building a customized database of just who we are (at least as potential consumers).

When we surf, Google, Apple, and Facebook generally know if we're male or female; young, middle-aged, or old; religious or secular; left- or right-leaning; gay or straight; and tons of other interesting tidbits that help them decide, "this ad should appear next to this article for this particular reader."

Along the way, this has caused a firestorm of controversy, especially among libertarian-minded nerds and organizations like the Electronic Freedom Foundation (EFF), who are increasingly alarmed at the erosion of our personal privacy. Phishers, scammers, and identity thieves are also very interested in these technologies and how they might exploit them to make their jobs easier and less risky. When looked at as a whole, it's understandable why a person should be concerned about what's involved in tracking an individual for the purpose of targeted advertising.

Toni pointed out how Google changed their algorithm to address people gaming the results to get higher rankings in the search engine. While this kind of manipulation of Google is unethical and leads to all kinds of problems, I believe I've stumbled onto a white hat, anarchist-friendly approach toward gaming how advertisers track you.

On Facebook, I finally changed my relationship status from "in a relationship" to "married." I've been married for 17 years, so this created quite a stir and a lot of conversation among my amused Facebook friends. We discussed how a good friend of mine, who is somewhat of a joker, sent me a "relationship request" on Facebook a few years ago. I'm also somewhat of a joker, so I accepted his "relationship request." Ever since then, I've been targeted for advertisements by Gay Cruises (and, oddly enough, divorce attorneys).

One of my friends commented, "This is why I do not release any personal information." Now, keep in mind, I've never disclosed my sexual orientation on Facebook. I'm actually pretty sure that Facebook doesn't have a profile field where you can reveal sexual orientation. I simply accepted that I was "in a relationship" with another Facebook user, who is also male, and the database jumped to the conclusion that it meant I was probably interested in gay cruises.

But this little adolescent joke reveals something important about the ability of Google, Facebook, Apple, and others to track you. They can only take your habits and the information you provide them at face value. Facebook is, to this day, convinced that I am a latent gay man in an unsatisfying heterosexual marriage - and they are targeting ads designed to help me come out, embrace myself, and find happiness.

We understand and warn our kids that the "13-year-old girl" they've met in a chat room may actually be a 40-year-old man in his mother's basement. But the extrapolation of that is, those firms that want to track us and collect our data are just as easily lied to about who we really are. This is a key takeaway from this conversation. Your personal information is only as compromised as you allow it to be, and throwing disinformation at the companies that are tracking your consumer habits can be outrageously effective in confusing the "consumer profile" they've built up on you in their data warehouses.

I recently searched information on Disney World in Florida, because we're considering a trip down there this summer. I'm very excited about the idea, and so are the advertisers. I can't go to a single site now without the Disney Princesses appearing in the side bar of the site I'm viewing. Perhaps it's time for me to mix things up a bit. I might take a couple of hours to do a lot of in-depth research about scrap booking, beading, or quilt making - something 180 degrees different from the gay cruises and family trips to Disney World that my consumer profile currently believes I'm interested in.

Ultimately, I envision my completely (and intentionally) irrational surfing habits causing some poor SQL database to have a complete nervous breakdown trying to figure out what ads it should display for me. The databases that track me will be convinced that I am an elderly, Christian, female, gay, married father of a healthy 2- to 45-year-old baby girl or boy (or two), who might be on anti-depressants and could be interested in a divorce - or at least a trip to Vegas.

Now just imagine if everyone joined me in this. Information is power. Sure, Google has turned you into their product, but you can fight back. Disinformation is also power. Now, go out into the world and create confusion - and in doing so, take back your privacy. You can thank me later.

About

Donovan Colbert has over 16 years of experience in the IT Industry. He's worked in help-desk, enterprise software support, systems administration and engineering, IT management, and is a regular contributor for TechRepublic. Currently, his profession...

71 comments
fractalena
fractalena

Brilliant :))))))))))) I routinely change my date of birth, gender etc.

jck
jck

My name is George Clooney, and I need a new girlfriend. :^0

GSG
GSG

I'm picturing the episode of the original Star Trek, I, Mudd where the crew is stranded on the planet where Mudd was exiled and Mudd created a bunch of android servants. Kirk, Spock, and McCoy mess with the androids and essentially fry the central computer.

OpinionsCount
OpinionsCount

The suggestions to encrypt or change providers are sensible, but only diminish the symptoms without solving the problem. Here's the scenario: I'm a small business person, selling "widgets." I receive a phone call from a potential customer who wants a price on customized widgets. I promise to email the customer a quote. I do so, using Outlook Express, which came with the Windows operating system that was part of my computer purchase. My customer receives my quote for widgets on her gmail account, but my email is accompanied by three ads which undercut my prices considerably. I lose the sale because my customer goes with one of those advertisers. I could have encrypted the quote, but this assumes that my potential customer is savvy enough to decrypt it.....and complicates what should be a simple enough process. I can't change providers, because it isn't my provider that's causing the problem. It's the recipient's provider! Hope that clarifies things a bit.

OpinionsCount
OpinionsCount

Personally, I can live with the ads, because I've learned not to see them. I do feel it's a presumptuous intrusion, though, and if I am aware of an advertiser I'm more inclined to avoid the product than search it out. What does bother me is Google's sidebar advertising in GMail. GMail reads your email and suggests "relevant" advertisements in the sidebar. Pretty much the same, you say? Not at all if you are a business sending a price quote to a potential customer. I'm a printer in one of my lives, and I am often asked to email a price quote for a product. If I send a quote for business startup package that includes stationery and business cards, my customer's GMail account will pop up ads in the sidebar that compete with my proposal. In my opinion, this is an unwarranted invasion of my privacy, and GMail is reading my correspondence without my permission. Google seems to think it is OK because, I suppose, the customer has chosen to use their program and is willing to put up with the ads in exchange for using GMail. The problem with this perspective is that the sender doesn't have to be using GMail, and isn't necessarily aware that GMail will be parsing his email and competing with him. It seems to me that this is on a par with wiretapping, which is covered by federal law and the laws in individual states. Here's a relevant part of U.S. Code, Title 18 Part I, Chapter 119, Paragraph 2511: . . . a person or entity providing an electronic communication service to the public shall not intentionally divulge the contents of any communication (other than one to such person or entity, or an agent thereof) while in transmission on that service to any person or entity other than an addressee or intended recipient of such communication or an agent of such addressee or intended recipient. I guess you could even apply that to divulging the contents of one's internet search inquiries to a a pool of advertisers, but that's probably a stretch. But it appears that the GMail ads are peeking into what should be personal and/or private communications, and in many cases directly affect the profitability of businesses, and need to be curtailed.

apotheon
apotheon

They'll catch up in a hurry, and your patience will not outlast that of a server farm. Eventually, they'll simply identify you as someone with a very juvenile, easily amused sense of humor, and start showing things like whoopie cushions in that sidebar. That . . . or sensitivity training courses. addendum: Nice work on the photo edit, by the way.

Privacy man
Privacy man

Its Bogus Identity feature automatically and transparently browses the internet, feeding trackers Bogus data. The result is that the bogus data appears as the user???s significant and real data while the user???s real browsing data looks like random noise.

Softedge
Softedge

I am a person. Any requests from non persons or people I cannot see or determine have my best interests at heart, if they have a heart, get bullshit. Now is this the truth or is it also bullshit, your guess. Softedge

dcolbert
dcolbert

Someone talked about all the other places where we put up with advertising. To be honest, my wife time-shifts almost all of our TV these days. She is the kind of person who used to hop off the freeway in California when there was a traffic jam, and take surface streets home. It might take her longer, but she couldn't abide just sitting in traffic not moving for 2 hours. She would rather cross surface streets for 3 hours. Likewise, she skips commercials whenever she can, which are like traffic jams in her television entertainment scheduling to her. The problem is, we very rarely know what movies are coming out anymore. When water-cooler talk drifts toward the latest amusing commercial, I'm often left awkwardly in the lurch. "Did you see the new Mac commercial with..." "No... No, I didn't. Give me a minute, I'll go watch it on the Apple site, then we can talk about it". Frequently I'll see something flash by and I'll make her stop, rewind, and let me watch a commercial for the Xoom tablet, or for a Mercedes Benz, or for something else that catches my eyes in the 4 seconds it takes to flash by at 8x FFWD speeds. She'll groan, gasp, and roll her eyes at the skies. And the thing is, with commercial TV, the commercials are frequently far more entertaining than the shows themselves. "Will the couple buy house #1, #2, or #3?" or "Who will win in the cut-throat, down-to-the-wire cake baking competition".

Dr_Zinj
Dr_Zinj

My "main" e-mail address is mostly a spam bucket and filter. And I only use it if the site in question requires a valid e-mail address to send connection information to. All other sites get mrpresident@whitehouse.gov. That way, maybe someday the government will actually become concerned enough about spam to help the rest of us out - preferably without censoring everything. Yes, if you use a fictional profile you're not going to get relevant advertising or links. But consider this, what has greater value, those ads, or your freedom? If you don't have your real information posted, then thieves in real life are less likely to come break into your home while you're on vacation.

htmapes
htmapes

Perhaps there is an opportunity here. Create a browser add-on that goes to random (whitelisted?) sites in the background. The resulting information stream would make your profile useless to ISPs and browser snoops. A similar utility for FB could target your "characteristics," like marital status, and change them regularly to make that source of info meaningless.

jrhalli89
jrhalli89

I kind of get it, but not really. When driving, we're inundated with irrelevant billboards, if the radio is on you will hear advertising, look at the bumper in front of you and somebody is 'advertising' their kid is smarter than your kid, or they support xyz politician, and so on. Watch television much? I don't know the statistic, but I would guess roughly 33% of viewing time is used by advertising. Take the Super Bowl for example...those spots have morphed into an "event" in and of itself! Thumb through a magazine or newspaper...ads on practically every page...and your snail-mailbox is proof the direct marketing industry is alive and well. Any direction we turn it's advertising...advertising...advertising... So, why do folks seem to get more irritated by online advertising? Is it that online advertising appears to be more intrusive and "knows" more about you? If that's why, then fear not..."offline" marketers come pretty close to knowing just as much about you as their "online: contemporaries. Years of data collection, along with statistical and predictive analysis ensures it. For me, online advertising gets about as much of my attention as do all other forms of advertising...and that isn't much! If you don't want to be bothered with online advertising, do as @Who Am I Really suggested.

nv1z
nv1z

The Tom Cruise movie in question is "Minority Report" and not "Minority Approach." The retinal scans in that movie has a sometimes-humorous result; "John Anderton, you could use a Guinness right about now" as he was on the run for his life. And in the interest of fooling the system with disinformation, as you might know in that movie one could have their eyeballs swapped out for a couple grand. "Mr. Yakamoto, how are those assorted tank tops working for you?"

random2010
random2010

Actually they got their basic premise totally wrong: "It isn???t that people don???t like advertising, so the reasoning went, they just don???t like advertising that isn???t relevant to them" This is way off in my case, and I suspect I am not alone. It would be more accurate to say that I don't like advertising which is intrusive, unavoidable, and more importantly, BORING! I don't mind watching a funny advert for any product or service as long as it is unintrusive, avoidable, and entertaining. But that involves making the adverts better, rather than businesses intruding into our private lives and trampling over our privacy.

misceng
misceng

Flickering adverts are in some respects an asset as they inform me of the companies who are so bad mannered that I will never buy from them.

Who Am I Really
Who Am I Really

or popup ads or other junk etc. Ain't Firefox great ! configure it for No History, and then add: - NoScript - AdBlock Plus - Flash Block - Better Privacy (DOM Storage and Flash Cookie killer) and this stuff just never appears while surfing on any site ever again and never ever use yer real name for anything that doesn't require you to do so eg. signing up here for the free account doesn't require yer real name or address gmail, yahoo mail, hotmal, etc. doesn't need your real info even farcebook doesn't need yer real name and address however, purchasing from online shops will require your real name and address.

steve
steve

When someone insists that I register at their site for "free" access I always give them incorrect information for every question. I use post codes for the wrong state, and even use the wrong country. You can make me answer your BS questions but you can't make me answer truthfully.

cwrcnn
cwrcnn

Like you and many others, when we give out important information on the internet, we are sharing with more people than we mean to. What we write to others is probably read by someone else, what pictures we send are probably seen by others, and too much information on Face Book can come back to bite you on the butt! It's best to stay informed, give less information or information that is false, and to keep reading your articles about our safety! Thanks for your warning!

customersevice
customersevice

After changing my profile info on FB from "Single" to "In a relationship", to my joy I stopped getting ads about "singles in my area". Marketing works if you are persistent and definite about the subject matter. Marketing ads which are assumptive can have a negative impact on the company producing them. Know your audience!

dcolbert
dcolbert

You've got to find a way to lead people with G-mail accounts to your price quotes *without* having them go through G-mail. Here is what I'd do. Generate links that take customers to a web-page where their custom quote is published. Send those LINKS to your customers, with no other details about the specific transaction taking place. "The quote you requested has been completed and can be accessed by clicking on the following link... http://shrtlnk.ly/widget"e.htm" The fact is that Google isn't your partner, isn't your friend, and is in business with your competitors. You're going to have to find creative ways to outcompete Google - or if you can't beat 'em - you're going to have to join 'em. If you don't have the savvy to come up with these solutions yourself, I'm sure there are consultants and developers who would be willing to help you out for a fee. You need a site and an app that will generate apps for your widgets and publish them to a page (preferably one that expires after say, 48 or 72 hours?)... It would be even better if the app would then automatically generate and send an e-mail with the link, but no quote information, to the customer's email address. The other thing you might want to resort to is the old spammer's trick. Make your quote an image, not text - so there isn't any text to scan, recognize and match against competitor's advertisements.

dhays
dhays

I have rarely used gmail, but I assume it is similar to any other provider. I suppose you could put your quotes in an encrypted Word or other such file and give the key to your intended reader, either by separate email or by phone. There are several free encryption programs, one we use here is AxCrypt, also a secure zip file should bypass their reading of your emails. It seems to me if they get around those types of protections, they are really viloating the law and your privacy.

dcolbert
dcolbert

Catching up would (probably) involve two approaches: Identifying the reason why so many people were trying to game the system (privacy concerns) and correcting those issues so that consumers felt confident that they didn't need to game the system in the first place. and/or Improving the targeting so that consumers felt that they were getting better, more appropiate targeted advertising that added value to the experience of targeted web-based advertising. (Which might just include more frequent Whoopie Cushion ads...) Both seem like wins for the consumers and the advertisers, to me. (Thanks... it was just a quick job. Made me realize that even with an anonymous mask, my forehead is going to give me away every time). ;) By the way, I'm glad to see you show up in this thread - I was very curious what your opinion on this subject, and this approach would be. Thanks for the post.

dcolbert
dcolbert

I just checked my original document, and I have Minority Approach there, too, so this is my error, and not Sonja's. I knew the correct title, and even know that it is based on a Philip K. Dick novel (but not the BEST Philip K. Dick movie adaptation). I did enjoy how Minority Report approached the idea of gaming technology based identification systems.

dhays
dhays

More of a nuisance is the automatic video that starts playng when you hit the website, whether it be a an informational or advertisement video. Back in the old days, it was just music, but now it is annoying videos that are sometimes impossible to stop. You have to wait for the ad to run, before the video can be stopped, especially news videos from the major TV networks. I sometimes just mute the sounds and go on.

Privacy man
Privacy man

Check out Breadcrumbs privacy software it is like Ad-block,Ghostery, No-Script combined. It works on all major browsers

dcolbert
dcolbert

Gives information about you, none-the-less. Do not confuse supressing information with disinformation. They're two outrageously different things with far different results. The person who uses Firefox and employs the built in and plug-in security solutions available to that browser platform reveals a lot about exactly what kind of person they are. Are you interested in thumbdrives with strong encryption solutions? Are you interested in RFID blocking wallets? How about keyhole cams and other spy gear? Every explore lockpicking? Etc. etc. etc... I may start with some real broad ideas, but I can probably start narrowing it down - who you are, how you think, what you're doing... by the information revealed by the information you do NOT reveal. Disinformation, on the other hand, misleads intentionally. It becomes hard to determine what is real and what isn't - when you're seeing a real glimpse of what this person is, and when you're intentionally being fed bullpucky. Your solutions are passive - they're built on avoidance, on hiding. What I'm suggesting is far more aggressive and confrontational. It is like mobsters who *know* they're under surveillance talking about a job that isn't real - so that while the cops are staking out *that* job, they're clear to hit a completely different job that was their real target all along. No information at all may still be useful to people who are interested in how you profile. Disinformation on the other hand, may be incredibly harmful to anyone trying to build a profile.

NickNielsen
NickNielsen

I select the username "bullcrap".For those sites that choke on the former, I use "fnlogin" as the username. The password is usually random keystrokes, cut and pasted between the enter and verify boxes.

unconditionalliving
unconditionalliving

I give such "required" registration features only the information I want them to have, which frequently requires nothing more than an email address with no personal data behind it. I have many online presences with different names and no real profile data behind them. It started for me long ago when I went to claim a soda cap prize on a website that "required" my full personal information (address, phone, etc.). Why does a soda cap prize site need my full personal dossier? All they needed was an email address, so the rest I made up and frankly it's not their business to "require". If we're fools enough to give the information out, then we can expect a flood of unwanted advertiser attention.

dhays
dhays

How do you get rid of targeted emails supposedly from singles in your area or "hot females" wanting sex? If they talked to my wife they would go away quickly, if they were anything like the subject of the emails. I don't read them or give them the satisfaction of reply either, they just get deleted ,and in many cases the domain is blocked, only to have them use a different one next time. I rarely use Google, however I suppose Ms and Yahoo are similar in nature, and am not on FB, don't ever plan on being a member, that is for young folk. My children (twenty-somethings) are and that is their business. To my knowledge, none of my acquaitances/friends are, so have no need. I and my wife are "Social Network" free, and plan to stay that way. Don't use the services, don't get the ads. I am surprised at how many little ads that talk of local people having such a great product or secret to lower insurance or some other great product (such as no need for shampoo, etc.). I figure that might be from IP address locators.

OpinionsCount
OpinionsCount

Not only will it solve the eavesdropping problem, but it will also give me a chance to lead the customer to my web site. While I still think someone needs to slap the hand that pilfers info from my email, it ain't gonna happen so your creative method will take care of it! Thanks!

apotheon
apotheon

Optical character recognition technology can circumvent the image trick, unfortunately. The out-of-band communication -- a (password-protected, naturally) Webpage with its URI in the email -- is more along the lines of what one should do. I think I wrote an article a couple years ago that mentioned something like that as a solution to the problem of securely communicating with clients who refuse to use email encryption, in cases such as sending invoices, but I'm not sure how easy it would be to find that again.

dcolbert
dcolbert

I've been involved with running publicly faced information systems since 1987. Back at that point, it was dial-up bulletin board services. Here is the deal with that: I bought those systems, bought the software, invested in the time to set everything up, bought the telephone line and modem to connect the PC to the line, and made the number available to the public. My users accessed that system voluntarily - and for free, and in return, they abided by my rules - which were arbitrary, unfair, and limited the rights of my users in fundamental ways. Now, if you didn't want to consent to those terms, you didn't need to call my system. I can't help but think that G-mail, or any other free online cloud based service - really exists under the same framework of expectations. You're on someone else's private property that they've made available to you. They get to dictate terms and you abide by them or try to break them - and if you get caught the most likely result should be being deprived of the advantage of using that service.

apotheon
apotheon

> Identifying the reason why so many people were trying to game the system (privacy concerns) and correcting those issues so that consumers felt confident that they didn't need to game the system in the first place. Not necessarily. What they do is target patterns -- not actual motives. As patterns change, their targeting criteria will as well. It's that simple. Algorithms are developed to recognize, and adjust to, patterns. Hell, based on a combination of Google's behavior and the statements of its incoming CEO (one of the founders), I'm convinced that one of the primary goals of the Google founders for the company is the development of strong AI. Developing means of making decisions more accurately regardless of attempts to mislead is definitely moving in that direction -- and it's the holy grail of targeted advertising. It's like malware development and spam/phishing automation, that way. > By the way, I'm glad to see you show up in this thread - I was very curious what your opinion on this subject, and this approach would be. I think that, if you want to stymie the targeted advertising algorithms, your best bet is to use privacy technologies to defend yourself against their ability to pry, rather than try to fool them by way of conscious (but unautomated) deviousness. If you take the unautomated approach, you'll lose, because automation is a force multiplier: those who use it to improve their effectiveness will win through what amounts to overwhelming force, and simply preventing the algorithms from gaining access to information about you will be more effective than trying to figure out what misleading information would be most impenetrable to the pattern recognition capabilities of the opposing software -- not just the capabilities of today's software, but of tomorrow's as well. . . . and, of course, those who cannot or will not support the people trying to develop those technologies that can help them will just have to hope the technology comes along without their help. On the other hand, if you are just having fun making funny things happen, keep having fun. The fact it is not likely to be very effective in the long run does not mean what you're doing has no merit if it's fun for you. In fact, it'll help Google achieve apotheosis, because efforts to overcome your playful deceits will produce more sophisticated pattern recognition and machine learning capabilities.

Who Am I Really
Who Am I Really

I'm not interesting, nor am I interested in anything "you" may have to sell the "you" being any corporate monkey out there attempting to leverage my info / false info against me in an attempt to convince me I need to buy some product if I'm interested in the things you mention, I'll go looking myself I don't need a popup trying to get my money the method I employ is to never use my real info and never store the tracks, google etc. still stores the tracks When I do search for things it's always in the midst of searching for stupid junk as well but I enjoy the benefit of not having their tailored ads ever appear no matter where I am I don't even see the TR Ads while here Cheers .

dcolbert
dcolbert

If you are over 35 and have no recent tickets, you are probably paying too much for auto insurance! How to whiten teeth with this odd and little known trick! Those kind of ads? They don't CARE who you are. There is nothing targeted about them. They're carpet-bombing the entire Internet. That is why there are GIF animations of people dancing & then acting surprised when they get "caught", or of attractive women in skimpy outfits, or otherwise weird or strange looking people doing odd things in an attempt to attract your eye to the ad. They're obviously, transparently completely disreputable. But you can't block them without blocking legitimate ads, and disinformation isn't going to do you any good, because they don't *care* about legitimate information. If you're breathing and have income, you're a potential mark for these ads. Just realized you were talking about e-mails like these. I don't know... I don't get a lot of e-mail that seems targeted specifically to my local region. Do you do a lot of craigslisting, or any at all? That tends to bring out local scam and spam artists. But what you describe sounds like geographic-aimed web ads and pop-ups that claim to be local. Anyone who travels knows you'll see the same exact ads with the exact same stock-photos of people claiming to be "local" in multiple different geographic areas.

NickNielsen
NickNielsen

I found two radically different offers in my junk mail one morning: "Enlarge your member" and "Guys like big boobs." As I hadn't had my coffee yet, I couldn't decide which to respond to... ;)

apotheon
apotheon

Email spammers acquire lists of email addresses through a variety of different means. Those lists end up being used for sending out spam -- and the spam is not targeted by anything more than where the spammers get the email lists. The reason you get the emails from multiple domains is that the emails are not being sent from the spammers' email addresses. They're being sent by spambots that add MS Windows computers to what people have come to call "botnets". A piece of software is placed on these infected MS Windows systems that uses the hapless infected computer owner's email address. The guys running the botnets ensure that these "bots" get regular updates to the lists of email addresses they use -- and those bots generally add addresses from the host computers' contact lists, too (more fun), then send those meail addresses back to the people running the botnets so they can be added to the central lists. As recipients of such emails, there isn't much we can do to stop them. The people who are in a position to do something are those whose computers are being used to send emails, and those who are in a position to influence the people whose computers are being used that way -- to convince them to adopt safer computing practices.

apotheon
apotheon

OCR keeps improving, though. If you want your images to get past OCR, the way you camouflage the text in the image needs to keep changing to stay ahead in the arms race with OCR ad scraping in contexts like gmail. That's far too much work for something more easily solved with a password protected Webpage.

dcolbert
dcolbert

This is where heuristic based algorithms become the thing you're trying to beat. Generally they don't employ OCR when pre-scanning images on incoming e-mail - but spam filters will look at all the content... so... Is the incoming mail MOSTLY an image file of a certain size, with little or no subject, or keywords in the subject? Is there no text at all? If there is text, is it rational or does it follow patterns of nonsense, broken english or other flags that indicate it is spam? The Spam filter will review all of these criteria, and assign a value to the message. If it exceeds a thresh hold, it doesn't get through. Google might employ OCR on their spam filters, though - if anyone would. It would be easy to send your own invoice images to yourself and check in the web client and see if Google was doing targeted advertising based on the documents (images, or PDFs even) that you were sending. The problem with OCRing images for spam detection is that you can make an image have a LOT of noise with readable text and it'll give OCR trouble, but a human can read it fine. That is what that technique resorted to in response to OCR spam filters. It was heuristic spam filters that really killed the viability of this technique. I'd say the problem is, that the heuristics have become so good that if you tried to borrow the methods of the spammers, your mail is likely to become indistinguishable from their actual spam, and you'll generate more false positives than you would like to for a legitimate business model. I was just giving it as a 2nd best alternative, though. But I agree, sending an e-mail with a link back to the web-page seems like the best way to go with security appropriate with the value of the information contained at the link.

apotheon
apotheon

> I often wonder if any business relationship between the consumer and corporation is transparent and free of coercive influence. When Verizon and AT&T are the best options you have for services - well, it is a lot like your voting choices in a presidential election. Not if it's a publicly traded corporation. Those things behave like sociopaths. If it's privately owned, though, you're at the mercy of the owners' ethics.

OpinionsCount
OpinionsCount

The sender can be using any program whatsoever; it is the recipient's G-mail that is reading the private email and inserting the adverts in the sidebar. If G-mail wanted to make the ads a condition of use, and insert the ads on the sending side of the email, that would be fine and an appropriate condition of use. But since they are doing it on the receiving end, without knowledge of the sender, it is a problem.

dcolbert
dcolbert

Absolutely. If the TOS for Hotmail says, "any information that travels through the Hotmail servers and network may and can be intecepted by the company for the purpose of analyzing the contents of that information, regardless of user actions implemented in order to prevent, protect or secure that content from such observation and analysis", and you send the file encrypted and Microsoft cracks the encryption - it is going to be your lawyers against Microsoft's with a lot hinging on how sympathetic or not the judge and/or jury is to your position. The thing is, in a legal climate that seems to favor corporate rights over consumer rights - especially when you're consuming a "free" service - and in light of how the Federal Government has supported other industries in their ability to monitor, analyze and observe customer data travelling over private segments of public networks (The AT&T CO in SF, for example - http://www.flickr.com/photos/dkirker/4297214452/) - I wouldn't look to *legal* protections of consumer rights in matters like these. I'd say you need strong encryption with strong passphrases and faith that there aren't unknown federal backdoors in the encryption solutions you are using. Again, in today's pro-corporate legal climate, I often wonder if any business relationship between the consumer and corporation is transparent and free of coercive influence. When Verizon and AT&T are the best options you have for services - well, it is a lot like your voting choices in a presidential election. You're not looking for the BEST solution, you're looking for the LEAST bad solution.

apotheon
apotheon

> If you encrypt your communications and send them via a free commercial service - I don't see anything preventing that communications company from trying to break that encryption to see the contents, anyhow. Well, sure -- but that's the point of strong encryption: hindering attempts to read what it conceals. You encrypt because you want to keep those who can get the (encrypted) data from reading what it protects. You don't use encryption to stop people from getting a copy of the (encrypted) data altogether. . . . unless you mean you don't see anything legal preventing the company from trying to crack your encrypted file. Depending on circumstances, encryption in many cases may serve as an implied refusal to agree to having one's data read by a party who does not have authorization from the sender to read it. This could lead to some pretty hairy legal issues for someone who tries to crack it anyway, I think. > Better yet, if they decide to reject your attachment, "Our AV scanners cannot scan password protected and encrypted attachments, so your attachment has been rejected, please include your attachment in an unecrypted zip file that is not password protected, and try again"... what are your options? Change providers. I like that option. In short, you answered that yourself when you said "find another e-mail service provider that will accomodate your security sensibilities." > In either case, YOU'RE being forced through extra hoops to use their service - and that is kind of the way it should work, in my opinion. It is private... you basically have the rights they're willing to grant you, as long as they don't run afoul of some sort of legal regulation or limitation. Yeah, I actually have no problem with that in concept, as long as the nature of the relationship is transparent and free of coercive influence.

dcolbert
dcolbert

Although I suppose the extrapolation is this: If you encrypt your communications and send them via a free commercial service - I don't see anything preventing that communications company from trying to break that encryption to see the contents, anyhow. So, for example - if you've enclosed your invoice in a password protected, encrypted ZIP file and the password is "mycompanyname" and the account is "mycompanyname@gmail.com" - and they break your encryption... I don't see a problem with that, or a breach of privacy, trust or legal jurisprudence. Do you? Better yet, if they decide to reject your attachment, "Our AV scanners cannot scan password protected and encrypted attachments, so your attachment has been rejected, please include your attachment in an unecrypted zip file that is not password protected, and try again"... what are your options? Either abide by their rules or find another e-mail service provider that will accomodate your security sensibilities. In either case, YOU'RE being forced through extra hoops to use their service - and that is kind of the way it should work, in my opinion. It is private... you basically have the rights they're willing to grant you, as long as they don't run afoul of some sort of legal regulation or limitation.

apotheon
apotheon

A lot of the time, the corporate service provider subtly misrepresents circumstances in a manner that gives people the fraudulently manufactured impression that their information is private and under their control. While the behavior of these corporations may fall short of illegality, it tends to get as close to illegal as they think they can without stepping over that line, resulting in violation of the spirit of the law if not its letter. In a free market, giving information to someone who makes no explicit promises should, of course, mean that person gets to use the information however he or she likes. Markets are far from free when they are controlled by the complexity of regulations produced via governmentally facilitated corporate entities' lobbying efforts, however. Anyway . . . I'm not entirely sure how your commentary relates to the notion that one could protect private communications by wrapping them in encrypted files as email attachments.

JamesRL
JamesRL

In the mid to late 80s, I was laid off from an IT company, and ended up at a brokerage. I wanted to get into the game, so I landed a position at a small firm, who would sponsor me for my license. In the interim, my job was to find people who would accept an investment newsletter, and get a call from a broker in 3 months time. What I discovered a month later was the nature of the stocks my firm was selling. Gold mining OTC stocks, with very very long odds. Kinda like expensive lottery tickets. I stayed only long enough to find something else, but it was a few months. The people that were being prospected, and buying, were generally professionals. We used business directories to find people to call. Rarely did we use the phone book. You'd think that professionals would be more wary, but apparently not. I don't feel happy about that experience, I sometimes think about the people who bought stocks because I found them and put them on the list, and hope they didn't invest too much. Because 9 out of 10 of those stocks lost money and ended up as worthless paper.

apotheon
apotheon

> Seems like the smart money is creating automated AI agents that help end users game the system by automatically generating tons of customer disinformation. Keep in mind that it needs to be able to do so in a way that blends well with what you normally do online anyway -- because otherwise some opposing software may simply note the variations between the disinformation and the "real" information you generate, and you lose again. Of course, that kind of difficulty separating fact from fiction is likely to make your online activities so thoroughly obscured by garbage that even you cannot get any value from those activities, let alone the targeted advertisers and their ilk. > What tracking algorithm is going to overcome a brute force attack of disinformation by bulk-volume like that? Probably something that is designed to differentiate between user-generated activity and software-generated activity, perhaps by analyzing frequency of activity, recognizing activity that returns to the patterns of previous activity, and so on. Heuristic analysis can achieve a heck of a lot more than most people realize. > The COST alone of tracking through the noise and sorting it from the valuable real data would quickly become unsustainable. Maybe not, if it doesn't have to analyze the data itself, and only analyzes the patterns by which it is generated before throwing away the bulk of it as being inconsistent with the behavior of living human beings. > I think you're right... a manual process can't succeed - but I think an automated process probably can't fail, done well enough. Sure -- but part of that will probably involve a requirement of simplicity to the execution so that easily recognizable patterns divergent from user behavior are not accidentally produced in the process. I think randomly generated disinformation is in fact too complex a solution in terms of what it does, even as it is too simplistic in principle to take into account the likely failings, though. The simplest approach is usually the best. To protect your privacy, deny any data to the would-be privacy invader.

dcolbert
dcolbert

Among couples that have moved the center of their social activities to Facebook, it is probably likely that they can see patterns that apply in more cases than not. Interactions not just with the couple, but with their circle of friends, e-mail... gender relationships in correspondence. It is possible that Facebook is acting as a catalyst agent in creating the breakup, too, and that would mean they are interpreting this data incorrectly. It isn't that Facebook is detecting patterns that illustrate impending breakups - Facebook is CAUSING patterns that LEAD to breakups.

dcolbert
dcolbert

That's probably defining investment scams in a way that excludes a lot of Nigerian scams and the like. It probably focuses on investment scams that rely on the reader knowing something about complex finance issues. I guess. I'm talking about boiler-room pump-and-dump penny-stock scams. I mean, I'm not a wall street wizard, but that is exactly the point. The people who fall for these scams are driven, motivated, confident and highly intelligent people. And the reason they fall for it is because of confirmational bias. They reason, "There is no way that I could get suckered by this guy, because I'm better than he is". A guy like myself says, "I have a broker I do all my business through - you should call him with these opportunities and let him review them". Because, I've had these guys try to hit me, and that is *exactly* how I respond. And of course, they *never* follow up with my own broker. "I only deal directly with clients - not through their brokers", or they say they'll follow up, and my broker never hears from them. But it is the day-trader and successful professional who thinks they know enough NOT to be scammed that gets taken by this scam, every time. That is the mark that falls for this con. As for the rest - I'm chewing on what you've said. Seems like the smart money is creating automated AI agents that help end users game the system by automatically generating tons of customer disinformation. That sounds like an *awesome* program. Forget proxies and anonymoizers. I want to set up a cross platform disinformation app that seeks, searches and clicks through randomly on my behalf from multiple machines in multiple geographic locations 24x7x365... filling the marketing trackers databases with terabyte upon terabyte of useless information about my personal habits and experiences. Seriously. What tracking algorithm is going to overcome a brute force attack of disinformation by bulk-volume like that? How is it going to pick out when I am actually surfing from the noise created by such an agent application? Especially if such an agent app became popular and adopted by countless users. The COST alone of tracking through the noise and sorting it from the valuable real data would quickly become unsustainable. I think you're right... a manual process can't succeed - but I think an automated process probably can't fail, done well enough.

apotheon
apotheon

What makes that really interesting is the fact that they probably aren't assuming that Facebook is the primary communications vehicle for the relationship. Rather, the predictions probably come from observation of communications activity on Facebook in general, as a side-effect of how a deteriorating relationship affects a person's behavior in other areas of his or her life.

apotheon
apotheon

The development of ever-stronger AI (leading ultimately, one expects, to "strong AI", aka "general AI") does not necessarily imply AI that "thinks" like a human. A hustler is going to have to learn some new tricks to fool general AI that's actually *useful* (as opposed to being merely a heuristic human behavior impersonator), because general AI is unlikely to be susceptible to the same tricks as a traditional human intelligence. > I was just reading a report that claimed that people with higher IQs and salaries are far more likely to be taken in by investment scams. That's probably defining investment scams in a way that excludes a lot of Nigerian scams and the like. It probably focuses on investment scams that rely on the reader knowing something about complex finance issues. The fact someone is more likely to be taken in by a given scam than another person who doesn't even understand what the scammer is saying says nothing about how likely these people are to be taken in by scams in general, after all. Ultimately, this boils down to the fact that a scammer is more likely to be effective if he or see selects targets to whom the scam is best targeted. > Will the machines advance to a point where they become just as susceptible to disinformation as the most intelligent and most readily socially engineered members of society? That's like asking whether a martial artist will become so skilled that it's easier to catch him off-guard by use of a simple feint. The answer is "no". > You're probably right in the long run - the average person won't be able to beat the system, only the kind of person who beats these kind of systems currently will be able to beat *this* system once it is refined enough. More to the point, to beat the system as it evolves will increasingly require the use of an automated system-deceiving system. In time, humans will end up either completely owned by the automated systems or having only peripheral roles in these arms races on the Internet -- acting as high-level directors for the automated systems that do all the grunt work. To a significant degree, that is already the case, with antivirus fighting viruses, phishing detection fighting phishing sites, and even quantum key exchange fighting man in the middle attacks. To quote William Gibson (from memory; excuse errors, please), the future is already here; it just isn't widely distributed yet. > But in the meantime, we can certainly help the economy by keeping the people at Google and Facebook busy scrambling to improve their algorithms to produce more accurate results. In the short run, that doesn't help the economy. Thinking it does (I'm not sure you do -- you're probably being sarcastic here) is a case of falling victim to the broken window fallacy of economics; making more work by "breaking" things keeps people employed, but in reality it only diverts employment via limited resources from one pursuit to another, and fixing something broken is a pursuit that gains far less ground than inventing something wholly new. In the long run, though, diverting effort from other activities to the development of AI might prove the biggest help to the economy we can provide at this time. Inventing a better two-ply toilet paper is probably not as productive as advancing the state of the art of artificial intelligence systems.

JamesRL
JamesRL

I heard an interview with a technology writer who claimed that Facebook founders have suggested that they can tell when a couple is about to break up, based on their posting patterns. A) Not sure if the third party quote would be accurate and B) Do they assume that Facebook is the primary communications vehicle for relationship communications? Really? If its true it would be very sad.

dcolbert
dcolbert

I like the idea of targeted demographic database algorithims being designed to deliver robust AI. I think you're on to something there. Military grade weapons AI out of Israel? Medical Tech AI? Advanced video-game AI? Nope... AI will arise to make marketing more effective for global corporations. *Beautiful* - and it makes absolute sense. But the stronger AI gets, conversely, the more I am inclined to believe that it will be *easier* for a hustler or con to fool the AI. I was just reading a report that claimed that people with higher IQs and salaries are far more likely to be taken in by investment scams. I have been exposed to enough anecdotal evidence in my lifetime to think that this is probably true. It is an enteresting prospect, in either case. Will the machines become so good at calculating around human behavior that they'll be able to see through deception and thereby deliver BETTER results? Or... Will the machines advance to a point where they become just as susceptible to disinformation as the most intelligent and most readily socially engineered members of society? It *is* fun... - there are instant rewards when you get instant confirmation that you've thrown your consumer profile in the data warehouse for a loop. You're probably right in the long run - the average person won't be able to beat the system, only the kind of person who beats these kind of systems currently will be able to beat *this* system once it is refined enough. But in the meantime, we can certainly help the economy by keeping the people at Google and Facebook busy scrambling to improve their algorithms to produce more accurate results. If they want to track our every move to compile consumer profiles on us, we might as well make it interesting and make them work for it every step of the way. :)

Editor's Picks