Big Brother in your pocket: why your iPhone is leaking your personal details

September 3, 2012 | Leave a comment

Hacker group AntiSec:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.

Translation: the FBI is keeping trackable Apple device IDs, and enough other data to link each device to very personal information about its owners (beyond what app developers and ad networks typically have access to). And apparently, these are left lying around in a plain-text CSV file on someone’s laptop desktop. Troubling all round. Did these details come from Apple, from an app author, or somewhere else? In some ways, it doesn’t matter: the fact that it’s possible at all says a lot about the priorities of the tech industry. Creating products that serve users should mean creating products that have their interests in mind – and that make wide-scale tracking impossible. Even if you trust the FBI to be a force to good, this means other groups have this ability as well.

AntiSec just released a million rows of data, with the most personal details removed; more details, including their full statement, over here.

You need to be wearing Google goggles to think this is a good idea

April 4, 2012 | 1 comment

Today, Google released this video of Google Glass, an augmented reality project:

Beautiful, right? It’s a virtual assistant that sticks with you wherever you go.

Exciting features debuted in the video include:

  • Automatic geo-tracking of both you and your friends.
  • Seamless photo-taking and live video broadcasting from anywhere you can put your head.
  • A head-up display that occupies some of the visual channel.
  • Everything you see – your visual reality – is augmented through a single company.
  • You are continuously recording information about the people around you as well as yourself.

Okay, I confess: by beautiful, I meant scary. Leaving aside the implications of having our ambient information spoon-fed to us rather than discerned through inference and discovery, this project opens an ethical can of worms, and asks important questions about Silicon Valley’s attitude towards other peoples’ privacy.

Indeed, traditionally, this isn’t a can of worms that Silicon Valley has been very good at dealing with. Android phones encourage you to link your friends’ accounts together, joining their Facebook details to their Google details, for example. There hasn’t been a strong line between information that is yours, information about you that you’re happy to share, and information that you’re gathering about other people. It seems clear to me that people should know what they’re sharing about themselves, should have to opt in to do so, and should not be able to share personal information about other people without those people opting in. That doesn’t seem to be an opinion that Silicon Valley shares with me. Most free services are a Katamari-like information-gathering free-for-all.

I’m a fan of many, many things that Google does, and kudos to the product team that’s putting Google Glass together. It’s a very significant achievement. But from a social perspective, there’s a lot of work still to be done.

Profile: a serialized novel for email, web, Kindle and ePub

February 3, 2012 | Leave a comment

This is an excerpt from a new kind of project for me. Profile is a serial thriller about identity, the Internet and what happens when we trust companies to tell us what is and isn’t true. I’m going to treat the whole process – from writing through promotion – like a lean startup; more on that later.

Interested? Subscribe to receive news updates via email. It should go without saying that your email address is safe and won’t be shared with any third parties.


I huddled in the dark, under the wooden stairs leading out to the backyard, the metal of my unsheathed flash drive digging into my thigh. I could hear them in the house, opening drawers and moving furniture. They spoke to each other in a low murmur, an indistinguishable bassline while my Spotify playlists ran their course in the background, silently pushing unknown songs to my Facebook profile.

Through the clouds, an aircraft’s engines announced its descent.

I knew I would have to run. My backyard was surrounded by tall fencing on three sides, the result of neighbors jealously guarding their privacy. If I was going to make a break for it, I would need to climb over on one side, and I wasn’t sure if I could make it without drawing attention to myself.

Creaking floorboards. Inside, the men were moving from room to room. I wasn’t sure how many of them were, but it sounded like five at least: enough to keep guard while the others looked around.

From the glimpse I’d had of them when I looked through my bedroom window and seen them marching towards my house, they were police of some kind. They weren’t uniformed, as such, but each wore an identical suit, and each of them had been reaching for something as they approached my front door. It could have been phones, or documents, or anything, but I didn’t want to risk it. Particularly now as they’d forced their way into my home.

My breath caught the reflected light from the house in front of me, hot clouds of condensation reaching out into the cold of the night. I realized I was panicking.

“He’s still here,” one of them said, his voice urgent and raised enough for me to hear. “His phone’s on the network.”

The wifi! I whipped my handset out of my pocket and pushed down the power button to turn it off. Its screen lit up the yard, turning the grass and my weeds unnatural shades of blue and orange as the men ran through the house in an avalanche of heavy footsteps, down to the back door to find me.

Quickly, I set my phone on a ten second timer, and threw it over the fence to my left as hard as I could. Panting, my heart in my throat, I scrambled past the trashcans and garden debris to the alley beside my house, flung my back against the wall, and waited.


Coming soon.

Is it time to revive the Bill of Rights for Users of the Social Web?

September 25, 2011 | 2 comments

DataSharingSummit group photo

In some ways, the web industry seems to have lost its way. From empowering users and smashing incumbent gatekeepers, the emphasis is now on how to raise the next round of funding and convert active users into their maximum possible value..

My piece about Facebook, contextual identity and radical transparency continues to get a lot of attention, and the conversation continues. Dave Winer urged his readers to log out of Facebook, and Nik Cubrilovic countered that logging out doesn’t help. In short, when you log out, Facebook continues to remember who you are, and your account details are still sent whenever you access a Facebook resource (like a page or or a Like button anywhere). He goes on to say that:

Privacy today feels like what security did 10-15 years ago – there is an awareness of the issues steadily building and blog posts from prominent technologists is helping to steamroll public consciousness. The risks around privacy today are just as serious as security leaks were then – except that there is an order of magnitude more users online and a lot more private data being shared on the web.

It’s clear that privacy is becoming a business factor as well as something that some of us care about from an ethical standpoint, and that’s in large part due to Facebook bringing it to the public’s attention. I’m reminded of the Bill of Rights for Users of the Social Web, from 2007, which many of us signed as part of Marc Canter’s Data Sharing Summit. It was intended to address many of these issues before they became wider problems.

The meat of the Bill of Rights is:

We publicly assert that all users of the social web are entitled to certain fundamental rights, specifically:

Ownership of their own personal information, including: their own profile data; the list of people they are connected to; the activity stream of content they create;

Control of whether and how such personal information is shared with others; and

Freedom to grant persistent access to their personal information to trusted external sites.

At the meeting, a large and influential (at the time) web corporation suggested that the word “ownership” was a step too far, and that it should be enough for users to simply have control. Since then, I think it’s become acceptable to suggest that users own their data (as in the course of using a web service, a reasonable person would assume that he or she already does); instead, web services are granted an irrevocable license to use it.

Given this, and given the conversations we’ve been having as a community, perhaps the time is right to revive aspects of this document, and bring it up to date for 2011?

Photo: the Data Sharing Summit group, September 8, 2007. A prize for the first person to identify 90% of the people in the picture.

Next Page »