Autonomía digital y tecnológica

Código e ideas para una internet distribuida

Linkoteca. privacidad

“Sueño con un mundo en el que cada uno tenga sus datos encriptados antes de subirlos a la red. Ahora mismo, la situación es que todo el mundo da sus datos sin recibir nada a cambio. Y los damos para todo. Le preguntamos a Siri por la recomendación de un restaurante para comer, para cualquier cosa. Creo que debería haber, y Microsoft lo ha planteado en ocasiones, un mercado de datos que la gente pudiera decidir si quiere dar sus datos y a cambio pudiera recibir un tipo de compensación”, explica. “Ahora en la inteligencia artificial se utilizan muchos algoritmos con múltiples propósitos, como el reconocimiento de caras, recomendaciones de libros, imágenes médicas y tratamientos… Pero hay un problema de privacidad porque si subes todos tus datos biológicos a la nube no sabes quién y cómo puede utilizarlos”

Fue fundadora de Women in Numbers, un exitoso colectivo para trabajar en red que se ha extendido a otros campos como el de las biomatemáticas, Lauter sostiene que la sociedad debería apoyar más a las mujeres.

Do you hate your Internet Service Provider? Do you hate your Email Provider?

We’ll help you send them a GDPR Data Access Request designed to waste as much of their time as possible. They are legally required to respond to your request within 30 days!

It’s been a few years since this kind of argument has come up, but it’s one that we’ve had to swat down a few times in the past: it’s the argument that somehow if a company offers a service for free, it means that they’ll absolutely snarf up all your data, and that requiring services be paid for directly by users somehow would fix that.

Of course, it seems rather easy to point out why that’s wrong with two examples. First we pay for other services such as our broadband and mobile data providers and they are so much worse on the privacy front, it’s not even remotely comparable. It’s not as if magically paying for the service has stopped AT&T or Verizon from being horrific on the privacy front. The snarfing up of data doesn’t go away if you pay for services.

Second, there are businesses that have been built on giving away free tools without having to snarf up your data. Indeed, that’s actually how Google succeeded for much of its early history. It didn’t need to know everything about you. It just needed to know what you were searching for. And that was massively successful. It’s true that, over time, Google has moved away from that, but others (like DuckDuckGo) have stepped into that space as well.

está la aproximación íntima y personal a la gestión de las claves, en contraposición a la aproximación colectiva o comunal. He visto a varios colectivos compartir la contraseña de una cuenta de correo electrónico, Facebook, o Twitter, que son del colectivo y se gestionan de forma grupal. Obviamente no es la mejor forma de gestionar y resguardar la información de nuestro colectivo, pero es valioso recordar que en grupos militantes de gran parte del sur global seguramente lo «privado» se entiende de forma diferente que en el norte, y las más de las veces cruza lo personal y llega a lo colectivo.

Si hablamos de cuentas de correo electrónico es fácil decir: pues hay que usar una lista de correos en vez. Pero se complica si hablamos de plataformas como Twitter que no están diseñadas para las colectividades, al contrario, fomentan el individualismo y el «leadership» informativo.

Otro punto interesante es que tenemos que plantearnos radicalmente cómo es que hacemos las capacitaciones. No se trata de enseñar herramientas, asumiendo demasiado rápido dónde están los problemas. Varios procesos de aprendizaje tienden a fracasar porque son como la misa cristiana: todas hacemos reconocimiento de culpa y en la euforia del momento prometemos mejorar, y luego hacemos unas claves GPG larguísimas y super buenas pero que acaban inservibles porque a los tres meses de no usarlas nos las olvidamos

Es como lo de la mooncup: no porque nos digan que es lo mejor tiene necesariamente que resultarnos fácil, ni cómodo.

Por ahora, esa idea: afirmar nuestro derecho a la intimidad, también en la red. Y de poner una llave del tamaño que queramos, aunque luego, en casa, la pongamos bajo la alfombra porque así nos viene en gana.

A January investigation by the site Top10VPN found that more than half of the top 20 free VPN apps on the iOS and Android app stores either have Chinese ownership or are based in China. That’s all the more suspicious given that China officially banned VPNs last year. The concern: If China is allowing them to continue operating, it could be because they’re sharing data on their users with the Chinese government. When you use a VPN, you’re trusting that VPN with the same deep level of access to your online activity that you’d normally give your ISP. In other words, now they can see what you’re up to whenever you’re using the internet. VPNs may be more privacy-focused than big, corporate ISPs, but they’re also smaller, more opaque, and less publicly accountable.

…la CNIL vient de sanctionner Google à hauteur de 50 millions d’euros, considérant que le ciblage publicitaire qu’il réalise sur son système d’exploitation Android n’est pas conforme au règlement général pour la protection des données (RGPD), la nouvelle loi européenne entrée en application le 25 mai 2018. Cependant, cette sanction n’est qu’une toute première partie de la réponse à notre plainte contre Google, qui dénonçait surtout le ciblage publicitaire imposé sur Youtube, Gmail et Google Search en violation de notre consentement.

Amazon has launched a new service that uses machine learning to extract key data from patient records and can potentially help healthcare providers and researchers save money, make treatment decisions, and manage clinical trials. The company announced the service, called Amazon Comprehend Medical

Amazon’s other recent forays into healthcare include paying almost $1 billion to acquire online prescription service PillPack

It joins other large tech companies that are increasingly focused on healthcare. For example, earlier this year Apple launched a feature that lets customers view their hospital medical records on their iPhones, while Google recently hired former Geisinger CEO David Feinberg to unify and lead the healthcare initiatives across its businesses, including search, Google Brain, Google Fit, and Nest.

Of course, the uploading of medical records to the cloud for machine-learning analysis might questions from patients about how Comprehend Medical will ensure their privacy. Amazon says patient data is encrypted and can only be unlocked by customers who have a key, and that no data processed will be stored or used for training its algorithms. Comprehend Medical complies with the Health Insurance Portability and Accountability Act (HIPAA).

La modificación más relevante es la que hace que se deje de dar visibilidad a los contenidos que están a punto de violar las condiciones de uso de Facebook. Es decir, las publicaciones que se acercan a las líneas rojas marcadas por la red sobre desinformación, violencia, incitación al odio, clickbait y amenazas; incluso aunque no hayan violado estas condiciones de forma estricta.

Google is reportedly working on an A.I.-based health and wellness coach.

Thanks to its spectrum of hardware products, Google would have a notable advantage over existing wellness coaching apps. While its coach, as reported, would primarily exist on smartwatches to start, Android Police noted that the company could include a smartphone counterpart as well. The company could also eventually spread it to Google Home or Android TV. The latter is unchartered territory for these kinds of apps, which are typically limited to smartphones and wearables. With availability in the home, lifestyle coaching recommendations could become increasingly contextual and less obtrusive. If you ask for a chicken parmesan dinner recipe, it could offer a healthier alternative instead; or if you’re streaming music at 10 p.m. and have set a goal to get more sleep, perhaps it could interrupt your music playback to remind you start getting ready for bed. A smartwatch or phone could do this too, of course, but by linking up its product ecosystem, Google could deliver helpful notifications in the context that makes the most sense.

Confidential Mode will push users further into Google’s own walled garden while giving them what we believe are misleading assurances of privacy and security.

It’s important to note at the outset that because Confidential Mode emails are not end-to-end encrypted, Google can see the contents of your messages and has the technical capability to store them indefinitely, regardless of any “expiration date” you set. In other words, Confidential Mode provides zero confidentiality with regard to Google.

But that’s only the beginning of the problems with Gmail’s new built-in IRM. Indeed, the security properties of the system depend not on the tech, but instead on a Clinton-era copyright statute. Under Section 1201 of the 1998 Digital Millennium Copyright Act (“DMCA 1201”), making a commercial product that bypasses IRM is a potential felony, carrying a five-year prison sentence and a $500,000 fine for a first offense. DMCA 1201 is so broad and sloppily drafted that just revealing defects in Google IRM could land you in court.

We believe that using the term “Confidential Mode” for a feature that doesn’t provide confidentiality as that term is understood in infosec is misleading.

Un cliente de mensajería que no depende de servidores centralizados, usa la red Tor para ofrecer comunicaciones cifradas de extremo a extremo y es de código abierto.

A diferencia de las aplicaciones de mensajería tradicionales, Briar no depende de un servidor central – los mensajes se sincronizan directamente entre los dispositivos de los usuarios. Los mensajes se envían a través de la red Tor, protegiendo a los usuarios y en caso de que Internet no funcione, puede sincronizarse vía Bluetooth o Wi-Fi.

Su sistema para añadir contactos tampoco es convencional ya que, se genera un código que la persona a añadir debe escanear con su dispositivo móvil. De esta forma se busca que haya un encuentro físico entre el usuario y el futuro contacto. La lista de contacto se cifra y se almacena localmente en cada dispositivo.

Logo Fuck off Google

Search results without being spyed on.

Results are obtained -via proxy- from Google, Yahoo, Bing, etc. to ensure you will not disclose any personal or behavioural data to these companies. These results are «neutral» ie. not influenced by your profile (you are out of the «filter bubble» designed to serve you ads you are more likely to click…).

Sidewalk Labs says the sensor information would also support long-term planning. The data would fuel a virtual model of Quayside, which urban planners could use to test infrastructure changes quickly, at low cost, and without bothering residents. It could also be stored in a shared repository that entrepreneurs and companies could draw on to make their own products and services for Quayside.

Unsurprisingly for a company spawned, in part, by technologists, Sidewalk thinks of smart cities as being rather like smartphones. It sees itself as a platform provider responsible for offering basic tools (from software that identifies available parking spots to location-based services monitoring the exact position of delivery robots), much as Google does with its smartphone operating system, Android. Details are still under discussion, but Sidewalk plans to let third parties access the data and technologies, just as developers can use Google’s and Apple’s software tools to craft apps.

Though Sidewalk Labs says the data would be used for a community purpose, such as giving transit discounts to low-income residents, regulating building temperatures, and keeping trash cans from overflowing, not everyone is convinced. “There are definitely questions about whether Sidewalk Labs will try to make money by tracking people’s daily interactions,” says David Roberts, who studies cities at the University of Toronto. “What data will be collected, how personal will it be, how will it be used, and who will have access to it?”

…vos signets, vos courriels, vos contacts, vos fichiers sur Google Drive, toutes les informations citées ci-dessus, vos vidéos YouTube, les photos que vous avez prises sur votre téléphone, les produits que vous avez achetés en passant par Google et les sociétés qui vous les ont vendus…

La société détient également les informations de votre calendrier, vos hangouts Google, l’historique de vos déplacements, la musique que vous écoutez, les Google books que vous avez achetés, les groupes Google dont vous faites partie, les sites Internet que vous avez créés, les téléphones que vous avez eus, les pages que vous avez partagées, combien de pas vous faites par jour…

I understand this reaction, but it’s also an unfair one: Deleting Facebook is privilege. The company has become so good at the many things it does that for lots of people, leaving the service would be a self-harming act. And they deserve better from it, too. Which is why the initial answer to Facebook’s failings shouldn’t be to flee Facebook. We need to demand a better Facebook.

Unlike broadcast television and radio, which are also free for the price of having to endure ads, on Facebook you can’t change the channel. If you leave Facebook—which is where your friends, scene, and community already is—you’re alone, because for many people, Facebook is becoming the internet and the internet is becoming Facebook.

Facebook, for all its problems, has become a necessary part of life for people, one that they can’t afford to shed, personally or professionally.

And in countries with lower internet adoption, Facebook is often people’s foray onto the whole internet. Facebook’s Free Basics program is operating in 63 countries and municipalities across Africa, Asia, and Latin America—and with that, people get free access to Facebook and a small handful of websites that partner with Facebook, though they can’t access other sites or email. For those users, Facebook is, in a sense, the whole internet.

Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers—even when location services are disabled—and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals’ locations and their movements that go far beyond a reasonable consumer expectation of privacy.

The section of Google’s privacy policy that covers location sharing says the company will collect location information from devices that use its services, but does not indicate whether it will collect data from Android devices when location services are disabled

« Si c’est gratuit, c’est vous le produit ! » En lançant le premier forfait de téléphonie mobile entièrement financé par la publicité, l’opérateur français Prixtel adapte un modèle économique bien installé et sans cesse en progression dans le paysage du Web : un modèle qui, au premier abord, semble gratuit.

« Si vous êtes le produit, alors ce n’est pas gratuit car l’utilisation du service n’est pas sans contrepartie : vous acceptez l’utilisation de vos données personnelles, vous acceptez des contrats d’utilisation léonins qui font de vous une main-d’oeuvre sans droit ni titre, vous acceptez d’être pisté, tracé, traqué pour que le client final, généralement une régie publicitaire, sache tout de vous pour mieux vous cibler…

Le réseau social est à nouveau montré du doigt après la découverte de l’utilisation de données personnelles de plusieurs millions d’utilisateurs, par une entreprise d’analyse liée à la campagne présidentielle de Donald Trump.

L’affaire Cambridge Analytica tourne autour d’une application, nommée «thisisyourdigitallife» (littéralement «cestvotrevienumérique») et accessible via le réseau social, jusqu’à sa suppression en 2015.

Derrière cette façade, présentée comme «une application de recherche utilisée par les psychologues», un système bien plus complexe. Non seulement les 270 000 personnes ayant utilisé l’application ont fourni des informations volontairement sur eux-mêmes, mais ils en ont aussi fourni d’autres de manière bien moins consciente (l’application avait accès aux contenus qu’ils avaient «aimé» sur le réseau social ou à leur ville actuelle).

Pire, ils ont aussi permis à l’application d’accéder aux données des contacts de ces personnes sur Facebook. Un effet boule de neige qui rend difficile d’évaluer l’ampleur de cette collecte : entre 30 millions (pour le New York Times) et 50 millions (selon le Guardian) de personnes. Des données récupérées par une première société (SCL) puis une seconde (Cambridge Analytica).

Amazon Go, the «human-free» grocery store from, watches your every move with hundreds of cameras and sensors. And ties everything to an account with your smart phone and credit card. This is absolutely terrifying on multiple levels. Let me walk you through why and the related services that make this abomination possible.

Created Route from the hotspot map

Here are some things Strava may reveal

Whether you run, swim, ski or cycle.
If you tell it, what bicycles you have.
Who you go out on a run or ride with
When you are away from your house
Where you commute to, and when
Your fitness, and whether it is getting better or worse.
When you travel, what TZ, etc.

The fact that you can infer nation-state secrets is an interesting escalation. Currently it’s the heatmap which is getting the bad press, which is part of the dataset that Strava offer commercially to councils. FWIW, the selection bias on Strava data (male roadies or mountain bikers) means that its not that good. If someone bought our local data, they’d infer that muddy wood trails with trees and rocks are what the city needs. Which is true, but it doesn’t address the lack of any safe way to cross the city.

What is interesting about the heat map, and not picked up on yet, is that you can potentially deanonymize people from it.

The sleeping habits derived from Facebook activity

Like most of my friends, I use Facebook on a daily level. I use the website, the Facebook app, and the Messenger app. It should come as no surprise, that Facebook keeps track of every time you visit them through any of those means. The creepy thing is, that your friends can keep track of this too.

In the web-based Messenger, it is possible to see when a user was last active.

By creating a simple service that checks Facebook every 10 minutes, I’m able to get an accurate picture of my friends’ Facebook usage. Many people visit Facebook as the first thing in the morning, and the last thing before going to bed. It is therefore possible to get a good impression of their sleeping habits (or lack thereof).