Everyone deserves some privacy

Recently I got charming hardware setup without any operating system pre-installed. As my wife likes to play videogames since she was a teenager, she has steam account with loads of games she bought over the years. Luckily for me, to enjoy the powerful graphics card, all I had to do was to purchase, install Windows 10 and to install games.

My last experience with Windows wasn’t actually too long ago – it was Windows 8 which was released in the middle of 2012. I really liked it and decided to further expand into the best of both worlds where you can run the required applications for software development and at the same time it is an environment to enjoy powerful videogames.

I dreamed of getting rid of Virtual Boxes running Linux environment that would take up all of my resources leaving me with 1 GB RAM free. That would allow me to work with git repositories on the same computer without connecting to my virtual environment using Samba, and then SSH to run the program and debug the software I was developing. I wanted to sync files right away and to be able to modify data without any delays which could cause trouble. And, at the same time, to be able to run some games.

Installing Windows 10

So I bought this new system fantasizing how I am going to play wife’s videogames, jumping from one portal to another one, solving difficult quests. Installing an operating system made me realize how far things have evolved when I was offered nicely to get my own advertisement id!

On Windows 10, every user account gets a unique identifier, known as the “advertising ID,” that tracks and collects their activities, which then advertisers and developers can use to show targeted ads in apps.

How to stop targeted ads in Windows 10 apps [1]

Screenshot 2019-03-23 at 11.40.55
Photo by Mat Reding on Unsplash

Which wasn’t something too bad you may say, and, indeed might improve things for people. For example, Google knows me better than any human being on the planet, except for my wife. And maybe even knows too much about my private life, selling me new McDonalds’ vegetarian menu. Which is funny, but spooky at the same time, especially due to the fact that I was in McDonald’s the same day. Mark my word, I am not the person that spends most of my time over there.

I have surrounded myself with Amazon Alexa, Garmin, iPhone, Gmail, Google Search, YouTube, Facebook and Twitter. Uh, I forgot Instagram. My grocery store gives me targeted discounts which is a good thing, but, at the same time feels creepy because of how much they know. My public transport pass tracks the history of my journeys. And this is towards what we’re heading. This is the future, folks! Imagine, how much data do we share. Do you really think it’s possible to stay private in this century?

If only it still matters

A few days ago I mistyped DuckDuckGo.com which sent me to the website that was beeping, alerting me of a threat like crazy with at least few redirects, that were showing me the text from the official website “microsoft.com” at first glance.

Even though, knowing that Microsoft wouldn’t make this terrible beeping sound that would be able to cause a heart attack, I still wasn’t 100% sure. I was convinced the DuckDuckGo sent me over there until, I checked the history of redirects and noticed that “microsoft” actually, was a subdomain of “com-windows-fix-systems.live” domain, which is indeed quite original.

First, I felt nostalgia remembering classic “anti-virus popup”. Then, I realized where we stand and at what direction we’re moving, thinking about Edward Snowden and Julian Assange era, hearing about Facebook stored passwords in plain text for hundreds of millions of users [2] and other sudden leaks making malware software look bleak in comparison.

You understand the fact that everyone can track you down. No matter if it’s an opened email, a read message or a visited website.

Learning the subject

Some time ago I implemented a simple web-application for one of my websites to learn the behavior of the user on the page. I was interested to know how long does the user spends time on the site and if they use their cursor as a guide to follow the line in the text. I wanted to know if it caught the user’s interest based on user’s clicks, his selection and tracked mouse activity.

I remember in 2013 I have recorded a video displaying how you can send the coordinates of your pointer using Socket.io.

I removed the website after some time. Because quietly watching if someone selects text, guessing their thoughts based on my own subjective thoughts on that matter – even if it was essential to learn what attracts the user – it didn’t feel right. It was wrong particularly because  the user had no idea that he is being observed; I deleted it.

“It’s a drop in the ocean.”

Compared to what actually companies may collect on you now. Especially knowing how little effort it takes to know you better, to study you, and how potentially it can grow and turn into something much more valuable with machine learning and acquired data the huge corporations have on you. And then, remembering how much of this data may leak online. Isn’t that something worth to mention?

But, I have no Facebook account

Yes-yes. Facebook and Google are not the only ones here! Even when you are planning to read the email, there are high chances that people who stand behind that message know when you have opened it. Even more, this tracking may be done in an unsafe way, exposing user data further.

Many senders, including the U.S. government, do email tracking clumsily. Bad email tracking is ubiquitous, secretive, pervasive, and leaky. It can expose sensitive information to third parties and sometimes even others on your network. According to a comprehensive study from 2017, 70% of mailing list emails contain tracking resources. To make matters worse, around 30% of mailing list emails also leak your email address to third party trackers when you open them. And although it wasn’t mentioned in the paper, a quick survey we did of the same email dataset they used reveals that around 80% of these links were over insecure, unencrypted HTTP.

(Don’t) Return to Sender: How to Protect Yourself From Email Tracking [3]

If you are still using Facebook Messenger you might be “pleased” to learn that your messages aren’t exclusively between you and another person. It can be read by non-humans at least. Because Facebook scans things you send on messenger [4]. And of course, blocks some of the innapropriate content (except dick pics) which is hundred percent good. But is it okay when you send the content meant to be seen only by the other half, or your mom and dad? To the question asked on Quora “Which employees at Facebook can read my messages?” [6] Richard Zhu has answered:

Any of them could, if they want to get fired. Facebook is very strict on this, messages especially. We can’t work on any users that we know, or even friends of friends. Facebook’s policy on this is zero tolerance, if you do it, for any reason, you’re fired.

This is terrific news, but, how do they track it? Did they invent a system to monitor the actions of the employees or do employees come and say that they have read it? What if it’s someone very high-ranking, is that person less likely to be fired? Think for a minute, about the imperfection of the human nature, the differences in moral values.

What’s next?

If you are concerned about what is going to happen to us in coming time, and you desire actually to keep your private life private, you may want to check what the alternatives are around you.

When I first installed the plugins to block advertisements and tracking, I didn’t think that those companies may sell the data just as same as trackers do. I didn’t want to bother thinking if providers or Ghostery track the places I visit. I mean as an engineer, of course, the part of me understood, but SSL and trustworthy in my opinion sources like Google convinced me to ignore all the reasoning.

I shall say, I couldn’t imagine why would you ever want to buy a VPN  when you rent movies on iTunes, watch TV Series on Netflix or Amazon and listen to music on Spotify (unless if you want to have a wider selection of shows)? Why would you want to choose something other than Gmail? I feel that the levels of their analytical and tracking capacities have crossed lines.

And to be fair, it’s not Google or Microsoft alone. It’s not the corporations only. The root issue I believe is inside us: people want to know more than they know right now. Why does it happen? Isn’t that a violation of freedom, even though it’s hidden by justifying phrases such as “for your own safety”, or “to help you make a right choice” (think of political campaigns [4]).

But the full scale of the data leak involving Americans has not been previously disclosed — and Facebook, until now, has not acknowledged it. Interviews with a half-dozen former employees and contractors, and a review of the firm’s emails and documents, have revealed that Cambridge not only relied on the private Facebook data but still possesses most or all of the trove.

Cambridge paid to acquire the personal information through an outside researcher who, Facebook says, claimed to be collecting it for academic purposes.

No matter what it is, I should note that this data can be stolen, taken for the research and later used against us. And also get exposed.

A family tracking app was leaking real-time location data

Respecting freedom is important. However, there could be valid reasons for using services mentioned above – the greater good and the safety of society is one of them. Unfortunately, the current legislation is being taken advantage of for, it seems, the exact opposite purposes than those of consequentialistic ideology.

Links:

References

  1. How to stop targeted ads in Windows 10 apps – windowscentral.com Mauro Huculak (6 Nov 2018)
  2. Facebook stored passwords in plain text for hundreds of millions of users – Mashable by Matt Binder (21 Mar 2019)
  3. (Don’t) Return to Sender: How to Protect Yourself From Email Tracking – EFF by Sydney Li and Bennett Cyphers (9 Jan 2019)
  4. How Trump Consultants Exploited the Facebook Data of Millions – By Matthew Rosenberg, Nicholas Confessore and Carole Cadwalladr (17 Mar 2018)
  5. A family tracking app was leaking real-time location dataZack Whittaker (23 Mar 2019)
  6. Which employees at Facebook can read my messages?

Published by

Aidan Rudkovskyi

Software Engineer @floorplanner