Panopticon Creep: UK Edition

Once upon a time, London was the world’s most-surveilled city. This position has since been usurped by Chongqing, a city in the Sichuan province which boasts one hundred sixty-eight cameras per one thousand people. Perhaps upset over the loss of their title, Boris Johnson has decided it’s high time that the UK began compiling records of its citizens’ web traffic.

tl;dr: Here’s an executive summary based on my reading of the linked article.

  • Currently, the various parts of the government collect analytics on how people use their websites.
  • BoJo would like to combine all of this data, creating profiles of how each individual uses the whole government’s online offerings.
  • This is to be done ASAP and in secret. The rationale for this is mumble mumble Brexit.
  • This data will be “anonymized”, which is not particularly meaningful at this level of specificity. While an analyst armed with this database would not be able to find a person’s usage by searching for their name, the same analyst could easily derive a person’s name from their usage.

Drilling into some detail now:

Boris Johnson has secretly ordered the Cabinet Office to turn the government’s public internet service into a platform for “targeted and personalised information” to be gathered in the run-up to Brexit, BuzzFeed News has learned.

In a move that has alarmed Whitehall officials, the prime minister has instructed departments to share data they collect about usage of the GOV.UK portal so that it can feed into preparations for leaving the European Union at the end of next month.
Read more

Online Privacy and You

tl;dr: scroll down to the part in bold if you just want a pro-privacy action item.

Digital privacy has been in the news a lot, though you’ll be forgiven for missing it. About a year ago, the European General Data Protection Regulation (GDPR) became active. You may have noticed that you received an email about updated privacy policies from every single website you’ve ever had an account with. The California version of those regulations (CCPA) was passed a few months later. What do these laws do? Well, a lot; Wikipedia has a good summary of the CCPA:

The intentions of the Act are to provide California residents* with the right to:

  1. Know what personal data is being collected about them.
  2. Know whether their personal data is sold or disclosed and to whom.
  3. Say no to the sale of personal data.
  4. Access their personal data.
  5. Equal service and price, even if they exercise their privacy rights.

Writ large, these sound like good ideas. I will note that this is in conflict with how many of us experience the Internet today**.

Right now, companies are announcing very small changes to privacy settings, largely for PR purposes (Vox: Google’s Privacy Changes Are Mostly Marketing). They’re basically hoping that enough people won’t opt out of data collection to affect their business model. I recommend opting out! Here’s how to change your browser settings to limit your exposure to the tracking ecosystem:

  • Safari: Safari -> Preferences -> Privacy; check “Prevent cross-site tracking” (checked by default after a recent update)
  • Firefox: Follow the instructions to disable third-party cookies
  • Chrome: Don’t use Chrome if you care about this issue. Would you use a browser developed by Facebook? However, if you must: Settings -> Advanced -> Privacy and security -> Content settings -> Cookies; turn on “Block third-party cookies.” Like I said, Google is not particularly interested in you checking this buried option.

You can also do this on mobile devices, though the instructions vary by device, so I’d recommend looking that up yourself. Note that some sites use these in non-nefarious ways; they will probably tell you if you’re causing a disruption in your service. Notes below the fold.

Read more

Open Thread: Social Media Privacy Update, Maybe?

I don’t actually have a twitter account, because I’m fortunate enough not to need one, and I’m barely tech-competent enough to lurk there. But I’m seeing messages about the company’s latest “improvements”. Per Marketing Land:

When you visit a site that features a tweet button or an embedded tweet, Twitter is able to recognize that you’re on that site and use that information to target you with ads. And now it’s going to hang on to that information for a bit longer but give you more control over it.

Twitter updated its privacy policy on Wednesday so that it can use the information it collects about people’s off-Twitter web browsing for up to 30 days, as opposed to the previous 10-day maximum, according to the updated document that takes effect on June 18. The extension could help Twitter when it comes to making sure its ads are aimed at enough of the right people, which could aid its struggle to attract direct-response advertisers and reverse its advertising revenue declines…

While Twitter will no longer support Do Not Track once its new privacy policy takes effect on June 18, the company still offers options for people to disable ads targeted based information collected off Twitter. People can pull up Twitter’s settings menu, select “Privacy and Safety,” then “Personalization and data” and then toggle off “Personalize ads.” That menu also includes an option to disable Twitter from being able to see when a person visits a site that features a tweet button or an embedded tweet as well as a nuclear option that also prevents Twitter from sharing a person’s data with other companies, using location-based data to personalize content on Twitter and connecting data across the different devices a person may use to log in to Twitter…

More at the link. By all means, feel free to explain what I’ve gotten wrong in the comments.

Privacy, ISPs, and What You Can Do

I’m sure you’ve heard that the Senate, then House, voted to allow Internet Service Providers (ISPs) to sell your browsing and Internet usage data. This is astounding, and has huge implications for each and every one of us that has any Internet usage that might be looked at askance by whomever decides to license your usage data.

So let’s cover some basics on technology, the potential uses for your usage data, and some ideas of what you can do to protect yourself.

I’m sure you’re aware of basic Internet tracking tech, but I’ll begin there and grow in complexity. I expect I’ll cover many of thee issues in Part 2 of my post on tech and protecting yourself, but Adam and Major Major Major Major brought up the idea, and I agreed to write this post today as it’s timely.


The Technology

When you connect to the Internet from your home or on your mobile device, you are using an ISP. When you use someone else’s Internet connection, you’re using their ISP. For the most part, your usage from your home or mobile ISP is the ISP of concern for this post.

When you connect to the Internet, you get an Internet Protocol (IP) address. It’s 4 block of numbers (XXX.XXX.XXX.XXX), and for remote computers/servers, it’s usually expressed as a name to make it easier on us humans.  So, for example, the IP address  for is

When you use a web browser, websites put cookies on your machine. They are used to track your site visits, page visits, etc. Although cookies come from different sources, many are actually parts of syndicates or networks and so all members of a syndicate can see what people did not just on their sites, but on others’ too. And so should you enter your name on one site that’s a member of the syndicate, then all members can link your behavior to your name (or any other info you enter online).

Don’t get me started on Facebook or Google – they track everybody everywhere possible and link all kinds of data they license or buy so that one of them most likely has the biggest db (and the other, the second-biggest) of people and their online AND offline behavior and characteristics in the world. That’s a different post.

There are other ways to track behavior – “blank pixel” technology”, browser fingerprinting, mobile device supercookies, and so many more things. Did you know that when you open an email and you see a picture, that’s often used to inform the email sender that you’ve opened the email?

And of course there’s lots of folks combining disparate data to develop even more thorough profiles of people and their online and offline behavior to drive psychographic analysis and predictions on behavior.

There are truly a myriad examples I could list, but let’s focus on the focus of today’s post: your ISP. I’ll use home usage as the scenario for the rest of this post.

Read more