Wednesday, September 7, 2022

Weaponized Delivery Packages for Misinformation


One day customers will only want to do business with those who harvest their data sustainably.

Twitter pays $150M fine for using two-factor login details to target ads
May 2022, Ars Technica

"As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads," Federal Trade Commission Chair Lina Khan said. "This practice affected more than 140 million Twitter users, while boosting Twitter's primary source of revenue."


Feds seize SSNDOB marketplace that listed personal data of 24 million people
Jun 2022, Ars Technica

Social Security Number Date of Birth (SSNDOB) like the walmart of personal data.

More fallout from the Chainalysis revelation, which is basically that every transaction you make on the blockchain is public knowledge, so with some good network software, you can track people and money like a first grade math problem. 

Further readings:
Inside the Bitcoin Bust That Took Down the Web’s Biggest Child Abuse Site
Apr 2022, Mike McQuade, WIRED [soft paywall]


Facebook is receiving sensitive medical information from hospital websites
Jun 2022, The Markup via Ars Technica

Experts say some hospitals’ use of an ad tracking tool may violate a federal law protecting health information. (You don't say)

A tracking tool installed on many hospitals’ websites has been collecting patients’ sensitive health information — including details about their medical conditions, prescriptions, and doctor’s appointments — and sending it to Facebook.

The Markup tested the websites of Newsweek’s top 100 hospitals in America. On 33 of them we found the tracker, called the Meta Pixel, sending Facebook a packet of data whenever a person clicked a button to schedule a doctor’s appointment. 

Clicking the “Schedule Online” button, filling in the booking form, or clicking the “Finish Booking” button on a doctor’s page sent the following information:
  • text of the button clicked
  • doctor’s name
  • doctor's field of medicine
  • search term used to find doctor: “pregnancy termination"
  • condition selected from dropdown menu: “Alzheimer’s”
  • first name
  • last name
  • email address
  • phone number
  • zip code
  • city of residence  entered into the booking form,
  • names of patients’ medications
  • descriptions of their allergic reactions
  • upcoming doctor’s appointments
  • name and dosage of a medication in our health record
  • notes we had entered about the prescription
  • response to a question about sexual orientation
The Markup also found the Meta Pixel installed inside the password-protected patient portals of seven health systems. 
You heard the man; this is a stick up. 

Technical sidenote:
“The evil genius of Facebook’s system is they create this little piece of code [the pixel] that does the snooping for them and then they just put it out into the universe and Facebook can try to claim plausible deniability,” said Alan Butler, executive director of the Electronic Privacy Information Center. “The fact that this is out there in the wild on the websites of hospitals is evidence of how broken the rules are.” (So the pixel is like a dematerialized AirPod?)

Further reading on body brokers and biodata:
Sapiens For Sale, Network Address, Aug 2022

Network structure of Agents in Tsuchiyu Onsen, Tohoku University, 2022


Kochava faces legal action over sale of location data
Aug 2022, BBC News

The company, founded in 2011, says on its website that it "complies with all user data privacy and consent regulations".

And they do, because there aren't any.


Data privacy bill would give you more control over info collected about you
Aug 2022, The Conversation via Ars Technica

"Excludes deidentified data"
-American Data and Privacy Protection Act (Frank Pallone, hello NJ)

How hard is it to 'de-anonymize' cellphone data? 

Not hard:

We study fifteen months of human mobility data for one and a half million individuals and find that human mobility traces are highly unique. In fact, in a dataset where the location of an individual is specified hourly and with a spatial resolution equal to that given by the carrier's antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals.
-Unique in the Crowd: The privacy bounds of human mobility. Yves-Alexandre de Montjoye et al. Sci Rep 3, 1376 (2013). https://doi.org/10.1038/srep01376

Four datapoints. That's 2013 by the way.

Post Script:
Here's the thing: we've all watched the promise of tech and the internet curdle into (at best) invasive, advertisement-saturated, rent-seeking bullshit and/or (at worst) weaponized delivery packages for misinformation, bigotry, and occasional incitements to genocide and violence. I think we're all reaching our saturation limit for being monetized, marketed to, invasively tracked, and charged a premium for devices and services that enable those things. I think we're looking for relief from all that, not variety of opportunities to experience it. -Snark128, "Meta sparks anger by charging for VR apps", Financial Times via Ars Technica, Jun 2022 https://www.ft.com/content/e8910bad-b873-407d-b1ca-46eb4ceb3db2 


No comments:

Post a Comment