Round-up for March 11-12

Machine Bias: ProPublica's ongoing investigation into machine/data-driven usage for criminal risk assessments and crime predictions.

What should you think about when using Facebook?: Facebook logs drafts of posts/keystrokes before you post, or even if you don't post.

Apple says it’s already patched ‘many’ iOS vulnerabilities identified in WikiLeaks’ CIA dump Title says it all, but it’s a hopeful reassurance that Apple has detected and patched many of the alleged CIA exploits brought forth in the Wikileaks unraveling.

Your Own Facts: A great essay/book review on the “filter bubbles” we continue to create ourselves or sign up for with external apps and services. Essentially, author Eli Pariser argues that “this is not to deny that Silicon Valley engineers […] have responsibilities that extend far beyond their job descriptions. But their modest quests to improve relevance, alleviate information overload and suggest books that may interest us — rather than to engage in algorithmic paternalism and assume a more critical social role — may be the lesser of two evils”.

Internet Censorship and What We’re Doing About It: A leading encryption-based email service provides a rundown of why we should care about internet censorship, and what some of its plans are in terms of helping the wider world. Of course, this is leading up to a release later this summer of their ProtonVPN service, set to compete against other VPNs (virtual private networks) that can assist in black boxing your internet traffic and behaviors.

This happened just a short while ago, but an important development nonetheless. According to the New York Times:

The initial release, which WikiLeaks said was only the first part of the document collection, included 7,818 web pages with 943 attachments, the group said. The entire archive of C.I.A. material consists of several hundred million lines of computer code, it said.

Among other disclosures that, if confirmed, would rock the technology world, the WikiLeaks release said that the C.I.A. and allied intelligence services had managed to bypass encryption on popular phone and messaging services such as Signal, WhatsApp and Telegram. According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect “audio and message traffic before encryption is applied.”

And here's the link to the vault of documents on WikiLeaks. Haven't had a chance to read through anything yet, but will update as needed over the next week.

Update | March 07, 2017 11:42AM CT

Edward Snowden posted an update on Twitter regarding one of the big call-outs, thus far, from the leak: "first public evidence USG secretly paying to keep US software unsafe."

<div
    class="
      image-block-outer-wrapper
      layout-caption-below
      design-layout-inline
      
      
      
    "
    data-test="image-block-inline-outer-wrapper"
>

  

  
    <figure
        class="
          sqs-block-image-figure
          intrinsic
        "
        style="max-width:840px;"
    >
      
    
    

    
      
        
      <div
          
          
          class="image-block-wrapper"
          data-animation-role="image"

data-animation-override

      >
        <div class="sqs-image-shape-container-element
          
      
    
          has-aspect-ratio
        " style="
            position: relative;
            
              padding-bottom:59.404762268066406%;
            
            overflow: hidden;-webkit-mask-image: -webkit-radial-gradient(white, black);
          "
          >
            
              <noscript><img src="https://cdn.uploads.micro.blog/25423/2023/529a26eee7.jpg" alt="From Edward Snowden's tweet" /></noscript><img class="thumb-image" src="https://cdn.uploads.micro.blog/25423/2023/529a26eee7.jpg" data-image="https://cdn.uploads.micro.blog/25423/2023/529a26eee7.jpg" data-image-dimensions="840x499" data-image-focal-point="0.5,0.5" alt="From Edward Snowden's tweet" data-load="false" data-image-id="58bef0caff7c50a1c83ce2bb" data-type="image" />
            
        </div>
      </div>
    
      
    

    
      
      <figcaption class="image-caption-wrapper">
        <div class="image-caption"><p><em>From Edward Snowden's tweet</em></p></div>
      </figcaption>
    
  
    </figure>
  

</div>

Round-up for March 4-5

New Bill Would Force NYPD to Disclose Surveillance Tech Playbook: Though not as pressing as other privacy disclosures, this is a timely local-level one that could predicate other states/cities following a similar line. What's notable here is that we are all essentially under a watchful eye from city security cameras, other citizen's cameras, and a myriad of tactics alluded to in the bill (including facial recognization). The New York Civil Liberties Union's statement on this being "critical to democracy" is rather obvious.

How to Keep Messages Secure: Friendly rundown of why teens (ahem, anyone) should avoid using popular chatting apps like Snapchat, et al, for serious communication or for chatting at all. Surprising editorial source, too.

Is There a Business Model For Serious Journalism in the Age of Trump?: Comprehensive analysis on the state of serious journalism.

Smart Condom to Track Your Sex: Here we go with another invasive Internet of Things product. At this point we're just turning ourselves into constantly-monitored subject matter for government, medicinal, and corporate overlords.

Government's Privacy Watchdog is Basically Dead, Emails Reveal: Should we have seen this one coming? "[T]he agency, known as the Privacy and Civil Liberties Oversight Board, is down to just a single voting member — which means it has been stripped of nearly all its powers, according to emails obtained by The Intercept." Important to note: it appears that this didn't start with Trump, and it's been "been withering away for almost a year."

That Free Health Tracker Could Cost You: Handing out Fitbits is something my agency recently did, and I've seen a number of health insurance providers do the same thing -- not sure if all circumstances are leading to more risk pooling bullshit, but this is certainly where it starts.

Want to Improve Data Quality, Reduce Liability, and Gain Consumer Trust? Try Deleting: In its latest white paper, CDT "explores th[e] disconnect and the reasons why commercial data stores have grown. We make the case that it is neither in a company’s nor a customer’s best interest to hold onto large amounts of data." Deleting old, unusable, or irrelevant data is absolutely a consideration to make, especially if you don't plan to use it anymore.

Great piece from The Guardian on how no one reads terms of service for apps/services/hardware they sign up for, and points to solutions in the way of redesigning them.

[T]here’s a lot in click-to-agree contracts that would give many people pause if they knew about them. For example, users give web-based services – and third parties the services contract with, about which users know nothing – the right to keep, analyze and sell their data. Increasingly often, too, people click away their right to go to court if anything goes wrong. “There’s a real concern that consumer protection law is basically being swallowed by click-by-agree clauses,” said David Hoffman, a professor at the University of Pennsylvania Law School, who researches the law and psychology of contracts.

Hoffman is among the legal scholars who believe the no-reading problem isn’t new. After all, he points out, few people read the fine print even when it was literally in print.

However, it’s possible that the design of click-to-accept pages makes the problem worse. A few years ago Rainer Böhme of UC Berkeley and Stefan Köpsell of Dresden’s Technische Universität tested alternative wordings of a simple consent form on more than 80,000 internet users. Some were told their consent was required and presented with highlighted “I agree” button. They went along 26% more often than did other users, who had been politely asked to participate (with phrases like “we would appreciate very much your assistance” and both “yes” and “no” options represented by lookalike buttons).

In other words, when design invites people to consider their options, at least some do. If the design nudges them instead to follow a habit that years of click-to-agree has instilled, then they’ll do that instead. “Ubiquitous EULAs [end user license agreements] have trained even privacy-concerned users to click on ‘accept’ whenever they face an interception that reminds them of a EULA,” Böhme and Köpsell wrote.

This kind of thing has been pointed out ad nauseum, but it is a vital struggle to acknowledge and consider. There is a great site out there called Terms of Service; Didn't Read that operates as a user rights initiative rating and scoring websites' terms of services/privacy policies from Class A (good) to Class E (miserable). A wise read for anyone who has clicked or tapped away on agreeing to walls of unreadable text before engaging with software.