Tag: privacy

Posted on

Online privacy protection only works when we all participate

In a group chat I’m in, the following was said (details modified/removed to protect anonymity):

I haven’t searched for topic in Google. I searched on a privacy-protecting search engine. I talked about it with a coworker on an internal chat tool. And now, on my personal device, YouTube is showing me a video explaining topic.

Android devices in particular do listen to you1 and send data to various companies. While Google claims to only listen when directed and with permission, they are often caught listening without explicit permission. They have a strong incentive to collect as much data as they can, but I don’t think this is the cause.

Shadow profiles are like accounts, but created without permission for tracking purposes. They do not always uniquely identify a person, but they usually do. I am confident YouTube builds these and tracks connections between users (signed in or not), and tests their presumptions about identity by showing videos recently watched by someone related to you. It confirms these relationships by your interactions.2

That may also not be the cause, because ultimately, YouTube’s algorithms are a pattern-matching machine sifting through a hoard of data. Relatedness can be found in unknowable ways. It’s spooky to us because we cannot imagine how these connections are made, but they are nonetheless real – or made real by the machine.

They are definitely doing shady tracking because suggestions are too precise to only be accounted for by spurious connectivity.

Have you ever looked into browser fingerprinting?

It’s shockingly easy to identify users3 from standard data available to anyone. You as an individual can’t fight it because when you genericize your data using privacy protection features, you are put in a group of similar users so small that the remaining traces (like loading times) become enough to uniquely identify you anyhow.

As an individual4, use privacy protecting features whenever you can, because they only work when we all use them, but know that we must also fight back as a culture. We need systematic change to regain privacy, and that only happens with laws and social movements.

Lobbying is evil, but necessary in the world we live in. There are many organizations that call themselves privacy advocates, but most of these are actually fronts for business interests. Startpage’s Privacy Organizations You Should Follow is a list of organizations actually interested in preserving privacy instead of controlling access to privacy.

you keep saying “privacy protection features” like I know what that is

The easiest first step is to use a browser that protects you by default, like Vivaldi or LibreWolf5. Conversely, Chrome is the worst browser to use – it’s the most popular because of a concerted data collection effort by Google. Brave has a number of issues6, but is likewise strongly marketed as privacy-focused. All warfare marketing is based on deception.

Another easy step is to install a VPN. Use Private Internet Access, as they are the only VPN to consistently be proven by legal actions to not collect user data. (They’re also the cheapest!) Despite popular VPNs claiming to offer full privacy just by being installed, VPNs only hide one small part of how you are tracked online. They are a good tool, but do not offer that much protection, and they do slow your connection somewhat.

If you want to go all-in, I’ve stumbled across A Comprehensive Guide To Protecting Your Digital Privacy by Thessy Emmanuel. Even by a glance, I can tell it’s a pretty good resource, and it even covers things you may not expect like how cities track you.

footnotes
Posted on

Facebook: Violating You Is Profitable

Facebook might owe you money. You should find out. June 26, 2023 is the deadline.

Facebook was recently ordered to pay $725 million to USA’s Facebook users active between 2007 and 2022 for privacy violations1. This most likely applies to at least 200 million2 people, but will not be divided equally, and doesn’t account for attorneys and courts taking up to 25% of the settlement as fees, nor the up to $15,000 to be awarded to each of 8 named plaintiffs (probably because they helped get the lawsuit going).

This is an indicator that the USA federal government values its citizens privacy between $2.41 and $3.62. Whether or not this represents 15 years of privacy violations or is closer to a lifetime value, it is woefully below an accurate value. Ironically, you don’t even have to go that far to see that at least one judge in Illinois understands this. In 2021, 1.6 million users were awarded a minimum of $345 each (with a total of $650 million, alarmingly close to the federal judgement).1

How much money did Facebook make off of these privacy violations?

Let’s start with the most generous estimate possible: Over those 15 years, Facebook reported $168.3 billion net income3. As of 2023, they have 2.96 billion users4. If these numbers went together, that’s $56.85 per user. Ignoring that Facebook makes at least 2x more per North American user than any other user5, and estimating that only 10% of their profit comes from these privacy violations, this settlement is 64% of what it should be.

But we can do better than that. In 2017 Q1, Facebook made $17.10 per user in revenue. This is the lowest value I could find over the range, and it went much higher – so it seems fair to use as an estimate. Assuming this is average for the entire period and using 200 million users in the USA, Facebook brought in $1,026 per user. They only kept 29.7% of their revenue in profit, so that turns into $305.30 per user. This time, let’s pretend privacy violation only gives them 5% of their profits. In that case, this settlement is 23.7% of the profit they made.

(Because of how close this calculated value is to the Illinois settlement, I’d argue it’s at least much closer to an accurate value. The Illinois settlement seems unusually correct in the amount of harm done compared to most large settlements.)

This is complicated, and most of the data isn’t easy to find. Even so, you can see the disconnect between corporate fines and corporate profits. Most companies don’t care about the law, because they know they can make more money than they will be fined for violations.

Will Facebook actually pay $725 million?

It may sound like a silly question, but out of 200 million people entitled to a cut of this settlement, how many of us will actually sign up and receive our pay? Not many. The FTC released a study6 a few years back that shows only around 9% of those entitled to large settlements claim their share.

When people don’t sign up, the excess award is sometimes divided amongst those who did sign up – boosting their payment. Other times a designated charity receives the difference (which can be good or bad). The third option? The defendant gets to keep it.7 While the rate of claims is not directly proportional to how much a company has to pay, Facebook could get away with paying $65 million or less depending on how the court ordered this settlement.

(If they get away with that, they are paying at most 2.1% of what they should be paying.)

Sources

(Note: All resources are archived using the services linked to on Archives & Sources.)

  1. Have you used Facebook in the past 16 years? You may qualify for payment. (Because Washington Post has blocked Internet Archive from archiving this article when I tried to archive it, I have made a copy of it here.)
  2. Number of Facebook users in the United States from 2018 to 2027. Obviously this is based on estimates beyond a certain point, but it’s close enough to use for calculations.
  3. Annual revenue and net income generated by Meta Platforms from 2007 to 2022.
  4. Essential Facebook statistics and trends for 2023.
  5. Facebook’s Average Revenue per User by Geography (Q1 2017 – Q1 2022).
  6. FTC’s comprehensive study finds median consumer class action claims rate is 9%. (Reuters’ web design prevented Internet Archive from archiving this page correctly, so I made a copy here.)
  7. What Happens to Unclaimed Class Action Settlement Money?

(And if you’re still here, I find it amusing that Facebook’s net margin is a little below the tech sector average.)

All links on this post have been archived on web.archive.org and archive.is.

Posted on

Google Chrome’s DNS Fucked Up, What Do?

Google Chrome's domain does not exist error page.

Google Chrome on my laptop randomly decided my blog’s domain doesn’t exist. Except, it clearly does. Searching for a solution tells me to do everything from restarting the computer to deleting all browser history – which should be obviously wrong, not to mention annoying. Here’s the laziest quickest way I solved it:

Google Chrome's net-internals' DNS page.
Step 1: Clear host cache.
  1. Go to chrome://net-internals/#dns and click “Clear host cache”
  2. That didn’t work.
  3. Go to chrome://settings/security and use a different secure DNS provider from the default
Google Chrome's security settings page.
Step 3: Use an actually secure DNS provideer.

Considering Google decided to be evil (notice those are 3 separate links) and does the same mass data hervesting and privacy violations as every other big tech company, we shouldn’t be using anything they touch. However, the least we can do and still have a compatible browser is to stop using their “secure” DNS provider anyhow..