Notes about a presentation about privacy

Basic outline: First academic, then the meat and examples - all interleaved with rl stories

  • Why you should care about privacy - academic part
  • Show an ad targeting screen screenshot
  • Why you should care about privacy - start by showing google’s saved history
  • Use Facebook’s screens and suggestions as guideline to show how/when can it go wrong
    • Mention that the screenshots I show are the companies operating within a legal framework that show all this
  • List of remaining potentially surprising things about supercookies etc
  • Basic ways to protect yourself
  • At the end, using happy music, leave running the list of permissions facebook asks for

Why care about privacy - academic

  • First philosophical/academic discussion, “Nothing to hide”
  • Mention jews filling out religion forms back when it was just statistics
  • Changing laws and changing social atmosphere - the internet never forgets
  • Dark patterns that show how much companies care about the data
  • Trust - how much do you trust? How long? Conversation partners, server admins, workers of companies, now, in the future? 1

Examples where it goes badly:

  • Target(?) knowing you are pregnant before you do
  • (And being unable to tell the internet when you stop)
  • Getting letters about illnesses you don’t have
  • The story about catholic priest and triangulation
  • Cambridge analytica and hypertargeted advertising
  • Insta/FB targeting teens who feel worthless

Surprising examples:

  • Cross-device tracking via audio
    • Mention bad sdk
    • Mention apps from google play that ask for microphone permissions
    • Menion web browser extensions changing hands and how updating them is intransparent
  • Various supercookies
  • Getting list of sites visited via pixel color, using cache hits
  • Google using wifi to triangulate
  • Standard browser fingerprinting
  • You don’t turn location on, but upload geotagged pictures to FB - it cleans the pics, but retains the geotags
  • Unmasking bitcoin transactions

Basic ways to protect yourself - possibly using the Iceberg meme, or using captchas as measure

  • Cookies
    • And chrome not deleting their own
    • And supercookies
  • Ad blocking, browser, especially third-party scripts
  • Network level / router
  • Mention TrackerControl for android and how it’s blocked by google play
  • Turn off all privacy settings in Android, Google, Linkedin, Facebook, …
    • Mention how Google intentionally made it hard with unclear settings
  • Mention how VPNs won’t help you much, but worse than expected if they are free
  • Mention captchas appearing when you start doing the above
  • Mention that clicking okay and then still removing all cookies doesn’t get rid of other tracking technologies

General thoughts:

  • More about sharing potentially surprising information than having an agenda or convincing people or something
  • “Why you should care” as main thing.
  • Ask people to unlock their phones
  • Lawyers/medics have rules, but currently a lot of IT people deal with a lot of data without being bound by anything
  • Mention threat models
  • Once it’s gone a lot of things get harder - journalists can’t safely talk to their sources, becomes hard to write stuff the gov’t doesn’t like

Random quotes:

  • “The best minds of my generation are thinking about how to make people click ads.” –Jeff Hammerbacher (one of the earlier Facebook employees)
  • “Privacy protects us from abuses by those in power, even if we’re doing nothing wrong at the time of surveillance.” (Schnneier) 2

  • The Why and How of Privacy and Security — This Too Shall Grow
    • My message is: the Internet never forgets, cultures change, and retroactive laws exist.

  • The Eternal Value of Privacy | WIRED
    • A lot of parallels of RL stuff when we seek privacy - bathroom, diaries, etc. “Ask them to unlock their phone”