Daily Post, October 24, 2017
5 min read
It's been a busy few days, but here are some of the things I've been reading. Enjoy!
Open Source Code from ProPublica to Detect Political Ads
While the lawyers at major tech companies complain that it's too hard to find political ads, ProPublica released code showing how easy it is to identify political ads..
We're asking our readers to use this extension when they are browsing Facebook. While they are on Facebook a background script runs to collect ads they see. The extension shows those ads to users and asks them to decide whether or not a particular ad is political. Serverside, we use those ratings to train a naive bayes classifier that then automatically rates the other ads we've collected. The extension also asks the server for the most recent ads that the classifier thinks are political so that users can see political ads they haven't seen. We're careful to protect our user's privacy by not sending identifying information to our backend server.
Adtech won't fix this problem. They have a financial interest in not fixing this problem. Every day that passes without a fix for this problem is another day they make money from undermining our democracy. I also doubt the ability of our current crop of lawmakers to understand the problem, or understand a good solution.
BlockBear
Blockbear is an ad blocker for iOS, made by the same folks that make TunnelBear VPN.
A really simple, often adorable adblocker for your iPhone or iPad.
- Blocks ads and invasive online tracking
- Load many websites 3-5 times faster
- Whitelist your favorite websites
- Has bears
You could download another adblocker, but then you wouldn't have a bear!
While I haven't used this, it looks interesting.
Obfuscation Workshop Report
The report from the Inernational Workshop on Obfuscation is now released and available for download.
We have asked our panelists to each provide a brief essay summarizing their project, concept, application—with an emphasis on the questions, challenges, and discussions raised during the weekend. As with the workshop itself, this report is a starting point rather than an end point.
I haven't read this yet, so have little to say on the contents, but obfuscation is one of many tools we have to protect our privacy, and make the data collected about us less useful.
China's "Social Credit" System
China is rolling out a system that publicly measures every citizen. Thought experiment: how much more data would a country need besides what Facebook or Google already collect to create a similar system?
Imagine a world where many of your daily activities were constantly monitored and evaluated: what you buy at the shops and online; where you are at any given time; who your friends are and how you interact with them; how many hours you spend watching content or playing video games; and what bills and taxes you pay (or not). It's not hard to picture, because most of that already happens, thanks to all those data-collecting behemoths like Google, Facebook and Instagram or health-tracking apps such as Fitbit. But now imagine a system where all these behaviours are rated as either positive or negative and distilled into a single number, according to rules set by the government. That would create your Citizen Score and it would tell everyone whether or not you were trustworthy. Plus, your rating would be publicly ranked against that of the entire population and used to determine your eligibility for a mortgage or a job, where your children can go to school - or even just your chances of getting a date.
This is what data does, very well. Data supports systems that rate, rank, sort, all day long. This is not a neutral activity. Anyone who claims otherwise is not adequately informed.
Can We All Just Encrypt Our Stuff Already?
Troy Hunt lays out a clear roadmap for implementing encryption on a web site.
Well, it can be more difficult but it can also be fundamentally simple. In this post I want to detail the 6-step "Happy Path", that is the fastest, easiest way you can get HTTPS up and running right.
This change is coming, so please, just do this. Now. Please.
For $1000 You Can Track Someone Via Adtech
The research in this paper shows how the core features of an ad network can be used to track an individual.
There is a fundamental tension at work in the online advertising ecosystem: the precision targeting features we used for these attacks have been developed for legitimate business purposes. Advertisers are incentivized to provide more highly targeted ads, but each increase in targeting precision inherently increases ADINT capabilities.
This is how data tracking works. Data allows us to ask questions. The researchers in this study didn't exploit a bug. They used the advertising systems exactly as they were designed. This technicque would almost certainly work to target children.
Facebook Tests Gouging Publishers
Facebook can spin this effort to gouge publishers in a few ways, but their move to pull all non-sponsored posts from user's feeds would force publishers to pay Facebook in order to reach people.
A new system being trialled in six countries including Slovakia, Serbia and Sri Lanka sees almost all non-promoted posts shifted over to a secondary feed, leaving the main feed focused entirely on original content from friends, and adverts.
Facebook might even try and spin this as an effort to combat misinformation, but this move really demonstrates what the "meritocracy" looks like in Silicon Valley: if you want access, pay the people who control it. For any publishers who had any illusions about how Facebook views them, this move should dispel all doubts. It's also worth noting where Facebook rolled this test out: smaller countries with, presumably, a userbase with fewer connections.
