One solution to wreck privacy-hating websites: Flood them with bogus info using browser tools Ad and JavaScript blocking is not enough to thwart privacy invasions by the likes of Facebook: more active countermeasures are needed. The internet ought to "route around" known privacy abusers, shifting from passive blocking of cookies, host names, and scripts to a more active deception model. Just like enterprises and other …
This is not a bad idea.
But if this was done all over the place adverbusers would either develop a counter measure which filters fake data based on patterns or they would turn to other tactics of collecting data which the bot would be unable to fake.
Eventually it'd turn into an endless battle where both sides are constantly trying to stop each other (think spam).
The better option would be to stop them trying to collect it all in the first place.
Eventually it'd turn into an endless battle where both sides are constantly trying to stop each other (think spam).
It already has, with ad-blocking and script blockers. The malvertisers deployed evercookies and abuse other system capabilities, the blockers evolve to catch those, and so it goes on. This latest turn of events is about the advertising intermediaries themselves and their data hoarding and exploitation, but in practice it's the old battle of users versus advertisers.
Unlike spam which is essentially the actively criminal or businesses on the fringes of criminality, this battle puts the whole on-line data grasping world in the firing line, and hitherto they've regarded themselves as law abiding. Regulation seems inevitable, but then we'll enter another arms race between the tech 'n' data sector trying to lobby to weaken regulation, users demanding more control and tighter regulation, the corporates using every weasly trick to legally circumvent the intentions of regulations and so forth.
It already has, with ad-blocking and script blockers.
Just an observation... not that many users use these tools. They simply don't care. Or when they do care, they end complaining that they missed a "good sale" or such similar stuff. Too many users I know don't even use the email spam bucket. They've been trained somewhere to just accept the abuse and other crap that comes onto their computer.
I have a friend that I installed an adblocker and modified her HOST file to block certain sites. Then she complained she was missing out on things. She is a FB user and started complaining she couldn't take quizzes or play certain games (all data slurpers). And then, I get a call...:"my computer is slowing down," or "my AV is telling me I have viruses". <sigh>
We in IT might be the biggest users of these blocking techs and the biggest complainers about the problems. The average user just doesn't give a crap. They want the shiney, the input, the feeling important enough to get this stuff.
Until we can change the mindset of the users, they'll continue clicking on click-bait, turning off or ignoring the protection settings, etc. and the malvertisers, advertisers, miscreants, etc. will keep doing what they do.
I'll stop ranting and go off to the corner to contemplate the human condition and why we got into this mess in the first place.
"And then, I get a call...:"my computer is slowing down," or "my AV is telling me I have viruses". <sigh>"
I got this from relatives.
It stopped when I let them take their systems to professionals for cleaning and they usually ended up with $400+ bills.
After that they started taking my advice.
"but in practice it's the old battle of users versus advertisers."
Believe it or not, there _are_ responsible advertisers. Possibly even a majority of them.
Of course, they're not the ones who get in our faces, or who regard a 0.000001% response rate on annoying adverts as a success.
It might be worth making your browser add a X-T&C header that said something like ''If you misuse my data then you pay me £1,000,000''. It might be hard to make it stick in the courts, but part of the problem is one way T&Cs, you either get to accept it down to the last comma or nothing at all**.
This is part of the Internet 'wild west' that is well overdue regulation; there should be standard T&Cs++ that have been prepared by even handed (consumer/business) lawyers - that people could thus trust.
IETF might even make an official T&C header.
** I admit to being one of the few who I know who does read T&Cs and frequently refuse to accept and thus not use some web site.
++ With schedules to specify things like delivery dates, etc.
In previous posts, I've argued that the do-not-track header should be granted the same protection as the DMCA. But, people aren't getting it. Corporations could put in the most trivial of protections for their content and then be able to take people to court for bypassing it, yet corporations can effectively ignore our protections, using things like super cookies and such. If corporations can have the DMCA, then we can have legal backing too. Otherwise, we've just proven that corporations have more rights than real citizens--which is clearly a constitutional violation--and therefor, Un-American.
"** I admit to being one of the few who I know who does read T&Cs and frequently refuse to accept and thus not use some web site."
The problem is the site owners have no idea that you made that decision. There's no way to actively reject the T&Cs, just the passive method of not re-visiting the site. Rather similar to Facebooks "like" button and lack of "dis-like" button.
"but part of the problem is one way T&Cs, you either get to accept it down to the last comma or nothing at all"
Any lawyer worth his qualifications will tell you that a contract accepted under duress or which contains illegal conditions is normally invalid - severalbility caluases are needed to make the illgal parts not invalidate the entire contract and there's the entire "unfair terms in consumer contracts" laws in most countries worldwide (with analogues for business use too) to contend with when T&C are being dictated by shrinkwrap or click.
I doubt the businesses would care. They may be getting nothing but noise but they'd still package it as good data and sell it on to their customers who I seriously doubt would know any better. If the ultimate punters, advertisers, are happy to push stuff that you've just bought and aren't likely to buy again then they're not going to be put off by data pointing to something else - it might even be more useful to them!
Just keep blocking the ads. That's what makes data, real or fake, worthless.
"Sounds analogous to the parcelling of bad risk loans that led to the 2008 financial meltdown."
By and large the selling of "good" data is analogous to that. If you buy a washing machine and get sold on as someone likely to buy washing machines the buyer is getting a worthless product. Certainly I've dealt with a car dealer who believes that if I buy a brand new car I'm in the market to buy another a couple of months later.
Ironically junk data is likely to be better: If you get sold on as someone likely to buy a washing machine because you bought a pair of shoes at least there's zero correlation rather than a negative one.
"I doubt the businesses would care. They may be getting nothing but noise but they'd still package it as good data and sell it on to their customers who I seriously doubt would know any better."
The businesses would realize something is fishy after they run performance analytics on their illicit-data-driven ad campaigns, at which point their software informs them there is zero relationship between their ad-targeting and their customer conversion rates.
But even if THAT weren't true, which it is, you're still missing the main point, which is that your personal information has been poison-pilled like an exploding ink pack in a compromised ATM machine. Not only does this make your information useless to advertisers, it makes it useless to anyone who might commit fraud, extortion, intimidation, or any other act involving you and your data.
Usually spam that uses random junk to thwart Bayesian filters (beating the threshold).
Does it work? Dunno, but it seems like the wrong approach. It's still looks like a weak position of defence, rather than the frontal assault that's needed. At best it's a tit-for-tat escalation which those with the most money will always win, or at least always be out ahead.
The solution is pretty obvious: stop visiting abusive websites. That includes facilitators that also link to those abusive websites (affiliate spam). We already have DNSBLs like Spamhous and SORBS for email, why not have a similar system for websites? And I don't mean just blocking popups and ads, a la AdBlock, I mean block the whole damned site.
Once they see their traffic (and revenue) plummet, they'll soon get the message.
The problem is, as ever, is convincing Joe Public to care, certainly enough that he'd voluntarily block access to his beloved Fsckbook, for example.
Sadly, for that reason alone, any measure that requires voluntary participation is doomed to failure.
The easiest way to discourage visits to abusive sites is to force them into deploying abusive countermeasures. Even the terminally stupid or ridiculously uncaring about privacy will respond to sites becoming a pia to use. You have a modicum of proactive choice about visiting these sites, unlike spam and anything forcing visits is going to get stomped on hard.
Countermeasures from abusers are part of the solution!
"The easiest way to discourage visits to abusive sites is to force them into deploying abusive countermeasures. "
They already do. Some sites, newspaper sites in particular but media sites in general, call many 3rd party scripts, many of which call on scripts from even more domains so the page takes ages to load with many, many DNS queries. That's not only abusive in my book, but probably one of the reasons so many people complain about "slow" broadband.
"They already do. Some sites, newspaper sites in particular but media sites in general, call many 3rd party scripts"
Yup and they must be seeing their conversion rates plummet as a result. I've been chatting to a few journos and they're griping about readership rates. They look at me like I've grown a second head when I comment about how intrusive their websites are.
Clueless and then some.
"stop visiting abusive websites"
So I need a driver and the site wants me to register before I can download the driver.
I have opera for that, if I need to verify my email I have an address that deletes everything at 30 days. If I don't have to verify the email address I use marketing@your domain. I'm Elvis and the auto-fill is full of junk. The phone number is from that Pizza jungle that's on the radio 50 times a day.
I don't go to a lot of effort, but if they want to make me register to download a new driver they are getting garbage.
When you are looking for a needle in a haystack, the old-school real-world approach was top reduce the size of the haystack, not increase it exponentially. Which is exactly what this strategy is.
I have been suggesting for years now, that a good use of GCHQ resources would be to write bots to make phishing completely worthless by generating billions of useless login details.
"Let me know when all the spam is in your tar-pit rather than my inbox."
I'm achieving a 99.999% reject rate on my mailservers.
Unfortunately that still lets too much spam through and I have no idea if there's ham being refused _but_ when you team up the DNSBLs with fail2ban networks and friends you can prevent a lot of the bots even connecting.
That does nothing for abusive websites, though.
It's an appealing notion: who doesn't want to make life miserable for the greedy vermin who are constantly clawing private data and manuring the web with their pathetically awful adverts?
I suggest, though, that you need to think really hard before dipping a toe in this pond, because the Law of Unintended Consequences is always hanging around the next corner, aching to cause mischief. Even the amazingly evolved and effective human immune system is prone to going nuts, sometimes for no reason yet known to medicine, and attacking its healthy host. The analogy is only an analogy, but still something to give us pause while asking some pertinent questions.
Who decides what's bad and what's good? How are threats graded? Who approves the algorithms? Are responses proportionate? Who maintains a database of signatures for the immune system to respond to? How will that be kept secure? Which court arbitrates grievances, protests, unfair practices, loss of business, libel? Who determines what's a conventional option versus what's "nuclear"? How will false positives be managed?
I could fill a page with questions (as any fool could, indeed) but the answers better be given some serious practical attention before we go lighting the blue touch paper. (And don't forget the $64k question you always have to ask these days: How soon after starting this programme will politicians, corporates, governments, greedy opportunists and other fundamentally psychopathic entities get involved and completely corrupt its good intentions?) We could grow something in a petri dish, with the best intentions, only for it to turn into Mutant 59.
And there's that troubling term "arms race", which gets used with increasing frequency when talking about computer security. It is very apt, but one should remember where arms races usually lead: disaster for everyone, as all those weapons get used in a spasm of entirely predictable stupidity.
I don't have a magic wand as an alternative, but I will offer this: a key enabler of internet abuse—in which I include spam, malware, advertising, exploitation of user data etc—is that too much stuff is free.
Consider that spam wouldn't even be a thing if everyone had to pay even 0.1¢ per email (and the money could be used to fund all sorts of Good Things). Facebook wouldn't have to abuse its users (the ones Zuck calls "dumb fucks") if instead it made its money at $2/month or whatever. Don't Be Evil wouldn't have to epitomise rank hypocrisy if you paid $1 for every thousand searches. The 0.00573% of websites that are actually worth visiting because they have decent content would charge micropayments for use and not have to befoul our eyeballs with unspeakably shitty adverts. (And Twitter would cease to exist completely because grown adults would abruptly realise the pointlessness of paying to pump up their sad little egos by twatting out snippets of superficial trash.)
The internet is corrupted and ruined by "free". "Free", it turns out, makes people into victims.
The net would be a much better place if it charged a fair rate. Payment makes people into customers: with rights, dignity ... and the expectation of privacy.
> a key enabler of internet abuse [...] is that too much stuff is free
Your solution might work for email, since spam relies on sending spam not costing anything, but it won't prevent the profiling and data slurping. There is no reason to think that if people paid a monthly fee to use Facebook, Facebook wouldn't want to collect all that yummy information anymore. I just can't imagine some high ranking C-grade saying "no, that's way too much profit, our shareholders will complain", can you?
There are actually a lot of examples of companies who collect user profiles despite their product already costing money. I think you vastly underestimate human greed.
"Just look at all the commercials we now pay to watch at the movie theater."
These sound horrible, until you realise WHY all those ads are running.
Of the $15 you paid for your seat at the latest blockbuster screening, around $14 went to the movie distributor. The theater operator has to pay for everything else with $1/seat
It might sound harsh, but if you really want to support your local movie house DON'T go see the blockbusters when they're released, see the second run and less popular stuff - and buy the fucking overpriced popcorn.
Just don't put up with shitty sound where some twat has fucked the equalisation up by pushing all the knobs to 11 (theater managers are notorious for this) or sound levels to 130dB or where an ass is on his phone loudly the entire movie.
@That One
you're missing a major point. Which is not unreasonable, given that Mutant 59 didn't make the point in the first place, or perhaps I should say "didn't make the point strongly enough".
These micro-payments alone would net the likes of google and facebook billions per year. That kind of money will attract AND FUND genuinely honest alternatives who regard their obligation to their users (who will probably also own the service) as fiduciary rather than predatory.
Frankly I strongly approve both strategies: Chaff to reduce the value of data to the parasites, and micro-payments to encourage the development of honest services.
Of course, nobody will read this as I'm posting a day too late and the tide's gone out but I want to put it on record anyway.
"There is no reason to think that if people paid a monthly fee to use Facebook, Facebook wouldn't want to collect all that yummy information anymore."
Exactly THIS.
Google's single biggest mistake in the last 20 years was to buy Doubleclick. Doubleclick destroyed what made Google great.
That might sound silly, until you realise that if Google hadn't bought up Doubleclick, the most hated company on the Internet at the time would have gone out of business within weeks. Instead its execs are now the senior execs at Google and their tactics/policies are now Google's tactics and policies.
That was when "Don't be Evil" died.
Or...
We could return the Web to its roots by outlawing the commercial exploitation of human beings: yes, <site owner>, you may show adverts but, no, you may not harvest visitor details or enable another to do so - and if something like that slips through, well, it's like handling stolen goods and you're nicked, son/son-ess.
Paying the site owner removes your last shred of anonymity (unless you pay by anonymous digital currency, if they allow you to use it, if it ever exists for practical purposes.)
IIRC Zuckerberg has already proposed shifting Facebook to a subscription model for just this reason - to weed out "Russian trolls" and other "undesirables". And....the real criminals will pay with stolen accounts as usual.
I'm also worried that making a lot of sites nonfree might deny access to some people. For example, children don't often get credit cards until they are quite old, but they are capable of reading and understanding news stories well before that. I found the free ad-supported news to be a good way to become knowledgeable when I was young, but asking my parents for permission for each article or site I visited, especially when some were junk, would have been annoying enough that I just wouldn't have read as much. Reading all that news and related information in my adolescence has, I hope, made me a more knowledgeable adult and I always recommend that interested children do so as well. Similarly with email, as I'm from a generation where we had that but we didn't have cell phones while we were young. Sometimes I need to send an email that says "No, but I'll be there tomorrow." Charging that one sentence at the same level as any other message, especially to a child or someone whose main mode of communication is email, is pretty ridiculous.
I'm also worried about the evolution of nonfree micropayments. If the system is to pay for each article consumed (I'm sticking with the newspaper example here), the paper might choose to have tiny articles that you get through very fast, or articles that don't explain anything "The CLOUD Act was [passed by congress], and [does all the stuff we said it would] and has been used as a solution for [this court case that caused it to be passed]. Here's the new component, but if you want any background, you'll just have to read those articles we just linked to. If you would like to see senatorial responses to the CLOUD act's passage, consider these articles: [Wyden (D OR) on CLOUD act], [Paul (R KY) on spending bill], [McConnell (R KY) on spending bill], [Schumer (D NY) on spending bill], ..."
Alternatively, if the price is subscription based, then the paper has no reason to have good articles most of the time, as long as they have a good enough article once in a while. Leaving the newspaper example, google might have an incentive to make sure that your searches aren't great, just so long as they can be better than bing and duckduckgo. If it takes you three times as many searches, then they get three times the money. If they changed the policy so that they only get paid when you find something and click on it, then they will have an incentive to make sure you find a lot of things that all look pretty good, so they might make a system to make those results that you see now and immediately realize won't be useful more enticing. Also, they would not want to show you any more preview than they need, so my recent search to confirm that "Wyden" was the correct spelling of the senator's name would not have put that up on top like it was.
At least with free things you have the option to determine what is good and stop using what is not. With everything being paid, not only is a lot of stuff harder to set up and manage but there are lots of ways it can go wrong. Those who charge less or nothing will be abnormal, and can use that to attract attention ("New York Times charges $0.02 per article; imagine how that builds up if you read it every day. Look at this! Russia Today is free. We could just read that.").
>so they might make a system to make those results that you see now and immediately realize won't be useful more enticing
All good points and I'm inclined to agree, but that one remark made me think "Isn't that what they do already anyway?" After all, Google is the ultimate clickbait engine - it's up to me to get my site//page listed at the top their rankings by whatever means necessary because very few people search beyond the first page of results and mine had, therefore, be pretty damn eye-catching.
Because it's not Google's problem where you are ranked, it's yours. Google's problem is to ensure people pay to be at the top - and they've got that bit of it sewn up just by being Google, haven't they? To google - they're a verb!
>>so they might make a system to make those results that you see now and immediately realize won't be useful more enticing
>All good points and I'm inclined to agree, but that one remark made me think "Isn't that what they do already anyway?" After all, Google is the ultimate clickbait engine - it's up to me to get my site//page listed at the top their rankings by whatever means necessary because very few people search beyond the first page of results and mine had, therefore, be pretty damn eye-catching.
My point was more that, if you paid google every time you clicked on a result (in order to avoid paying them for lots of useless searches), they would make all the results that showed up look good. Right now, it is the responsibility of the person doing SEO to make their search relevant. Google messes up a lot, but usually you can scan through things that aren't relevant and find the one most likely to be useful. This applies even if you just look at the first ten results from the search; I can tell that the page from the Department of Agriculture that will let me eventually download the 2014 crop report for North Dakota is not what I need if I just want the statistics on economic performance of resource extraction industries with a focus on the oil market, even if the report contains the phrase "increasing wages in the oil sector" which convinced google that it was relevant.
In a world where google makes money on my clicks, they have an incentive to make that search result useful. It will start with the helpful cause of defeating SEO and actually having more relevant searches, but it will extend to making things look better than they are. They could have a system to look at my query and only have things that they know are connected in the previews. In my previous example, the phrases "Department of Agriculture" and "Crop Report" are going to alert me that I don't need to click. Google could identify that those phrases aren't very connected to my query, so they just don't put them in the preview. Now I just have a page that looks technical and comes from a government website with "increasing wages in the oil sector" in my preview, so it will look like what I want. Then I click on it and find out what it is, so I immediately leave the page. Google doesn't care; at that point, they got my click.
Well, yes, but the problem is that there's more incentive for Google if you click a lot of stuff before finding what you're looking for than there is for it delivering your results in the top ten every time, isn't there?
The problem is that they've a de facto monopoly on mindshare - we 'google' stuff even when we use a different search engine!
So, the process would first require the whole world to undergo some sore of debriefing, like people get when they're rescued from cults - otherwise all that will happen is that we'll complain about having to pay for crappy results but we still won't switch to another search engine.
Take a look at Portugal: any extraterritorial web content costs extra over and above the cost of the service/dataplan - it's unfathomable to you or me, given the nature of the Internet, never mind the Web, itself but people accept it as "just the way things are" and tailor their browsing habits accordingly.
I like the idea, don't get me wrong,. I just don't imagine that paying for what we think it's worth is a model that Google would go with, so how would we enforce it on them?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
