Are you tired of being under surveillance?

[digip]

In the US, the NSA stores and logs everything, without warrant or reason, and as such, can connect the dots to incriminate, use for probable cause to justify their outcome if they should need it, even when unlawfully collected or used, in most instances, people don't get off without some kind of charge to be made example of, even if they did nothing wrong, or did, but were otherwise not known without breaking the laws that protect us and granted to us by our Constitution and Bill of Rights. Every country engages in some form of this, but I think here in the US, media works for and against this at the same time, since it sells more shares of their product..from CNN, to FoxNEWS, etc.

You posted a video on why you should never talk to a cop, and use your 5th amendment here in the US, and I think in a way is what the post is getting at. We have no 5th amendment rights any more since effectively they've taken all privacy away, they can find you guilt without your own admission, or even evidence of total proof, it will always become your word against theirs, and we no longer live in am innocent until proven guilty society. If that were true, we wouldn't have seen instances where people like Aaron Swartz, who while he may have broken the law in a small instance of breaking and entering to gather data HE ALREADY HAD A SUBSCRIPTION TO, the charges he ended up with would have put him in jail for life, and for what? A kid who gave everything to the internet and got back nothing in return but pushed into a corner by a prosecution and judicial process that would not back off, because it couldn't admit it was wrong in what it was doing. JStor and MIT dropped everyhing against him, yet they still wanted to make an example of Aaron to scare others from fighting for their freedoms we all take for granted.

All our info is being stored and may at some point be used against us, even when unfounded charges are drawn to make us out to be worse than murderers or rapists, terrorists, etc. With big data we have no control over due process, since the expanse of technology is making it trivial to perform harvesting and using this metadata *much like Aaron often did to do studies on publicly available data sets to draw correlation between lobbyists and governments, law makers, etc. They didn't like that we could do it, so tried to silence him, but its ok for them to do it on a daily basis.

I don't see any of the mass surveillance data being gathered though making any of us safer in a post 9/11 world, nor do I feel safer today, than I did before the towers were hit. I think it's making us jaded and accustomed to having our data be public when it shouldn't be, and people become less and less concerned about it, until they themselves find it being used against them, whether warranted or not. Some might disagree. If anything, I feel less safe, and a bigger target for extremism and racial/worldly divide because of the way in which our lives are put under this big microscope. The license plate stuff is just one example of a commercial side that also is abused for sake of revenue not just for companies but local towns and governments. Like the do not call registry, which I have put my numbers in every year, I still get cold calls and scammers calling, telemarketers, etc, but when we report them, the government can fine them and make money, while the average person gets no restitution or means to stop the calls. Being powerless in that sense, is not a good feeling, but we don't have any control over this. We do have the right to discuss it and try to find solutions though, and maybe be doing the same to the perpetrators in an act of defiance to throw back at them what they are doing. I don't like the idea of anons doxing complete innocent people the way they do with their dumps and things like wikileaks is a double edged sword, that while we need to know when attocities happen, such as the helicopter incident in Iraq, we don't need to know the names of soldiers, their spouses, and families, and have witch hunts in that respect. The lines are blurred, and the zones not squarely defined whats fair and foul play, and all gloves are off today for anyone who wants to have at it, and that's not the kind of place I want to live in or leave to my kids years later when everything will become a metric for measuring your life data, statistical, or predictable but not yet committed crimes, it leads us down a slippery slope of what we've devolved to as a society, but that is just my opinion as I see it...

Lots of countries have street cameras for sending automatic tickets to people. Here in my state of NJ, they just now banned them, and are making them inadmissible in court to send traffic fines, since they don't define who was driving at time of running a red light, car owners get stuck with the fines while someone could have borrowed their car, so in your example of "they know my plate but not me" it's like that here, but they use your plate to fine the car owner, vs the person committing the crime of running the red light or not coming to a complete stop, and people have become outraged enough, that they protested and asked for a ban on them, and the courts AGREED with the, to start removing them and putting more control on how they were allowed to be used, vs automatic ticketing systems to generate revenue for the sellers of the equipment, and the towns purchasing them with OUR tax dollars to rake in the money. Since all it does is tie the license plate to the owner, and as such, was more a money racketing scam by townships to increase their budgets, this made people demand change, and it's happening. There wasn't a huge uproar of protests, but enough people who did go to legislators, and get laywers, and fight the tickets enough that the courts sided with the people. That won't always be the case though, if we don't keep the system in check and allow it to run itself.

The companies selling the tech to the townships also often never had oversight, and as such many people who did their research could find access to live cameras unsecured and open to the public as well, with tied info to drivers and their personal lives where they had a reasonable expectation of privacy, it now no longer exists.

In America, we take privacy, as a right(as I beleive most countries do but may not be on their law books), not so much as its out there, so who cares if they see me driving my Audi and know my plate number. Thing is, someone does know what you're doing, where you are, and how to find you, if they want to. Like the other thread on the WebRTC stuff, I posted another bug in canvas, that allows for one of those unique hardware ID's, which if JS is off, canvas can't run in most browsers, but more to the point, you visit Site A, they check your unique hardware ID, you may be logged on as a visitor, not with an account, but on another site, they see your ID again, but logged in as User Smith. Then they can see some info about you. Then you visit a store, purchase rope and some duct tape. Maybe you needed it for something at home, but now they see User smith, at Store Acme, and he likes rope and duct tape. And the cycle continues. All this data is being constantly archived, not just by governments, but by companies looking to use it for marketing, etc, or, in case of the website browser leaks, researchers who like looking up ways to find what we're leaking without knowing and allowing us to know to turn it off. It's down to the point that they can determine by way your TCP stack replies in timing of windows and packets, that you are Windows 7, or OSX, with FF, or Chrome, or whatever, and they can continue to follow and find you, if people want to. At what point do not want to be followed, or do you not care, and that is up to everyone to decide, but having the info lets you decide how to use it. Nothing more, nothing less. Will it change anything? Thats a hypothetical and philosophical question no one can truly answer, but one can hope it does, as seen in NJ with the traffic cameras for instance.

Like this thread, the technology can save lives, but also be abused: https://twitter.com/mouselink/status/557592069423005696 so where do we keep checks and balances? Every state in the US interprets laws on a state by state issue too, so its not just Federal regulation that is needed but states get to decide often enough, whether they can override many Federal laws, while the FED has to come in and enforce their end if they choose to, which they often don't unless there is profit in it for them, ie: legalized marijuana in many states now, its still a crime at the Federal level, while state level its regulated in a legal zone found to be in contradiction with the laws of the government and the DEA. So those cameras that can see in homes, while they can save lives in say building collapses, can also be used to spy on us, without warrant, and without knowledge, and may courts find any evidence gathered by them without warrant, inadmissible in court, while other jurisdictions might override the SCOTUS and make case for appeals, changing aspects of how it can be used in different instances. It's a forever evolving thing, as tech gets larger, so does the surveillance state, and less our ability to stop it, let alone half the time, know its happening.

I often hear a lot of conservative, right wing republicans in the US, with no understanding of technology, refer to hackers as criminals, and also saying "if you are doing nothing wrong, you shouldn't care if the NSA is listening in on your phone and email conversations" when our government itself is on witch hunts to begin with. To that I say, bullshit. Where does my reasonable expectation of privacy begin and end, and in today's world, that line no longer has a definition because we have no distinction between the two any longer, as sad as that may seem, but it doesn't have to be. If enough people understand how it works, they can then have the tools to fight back, which if you look at Aaron Swartz, that's what he started to do with his life as he got older, going from getting his geek on, to taking a more active role in politics to help shape the way we use technology, and also so we have the tools to keep everything in check, while making it fair and open to others, without infringing on peoples right to make profits but still making it a process where all can move freely without fear of persecution for nothing more than access to what he already had subscription to, they tried to block him from accessing it because he was able to download the data quicker than they could keep up with and didn't want the information disseminated freely. They never found him guilty of sharing or selling any of the info he downloaded, but never dropped the charges for that against him and kept piling up more offenses against him until we cracked under the weight of bureaucracy which couldn't admit it was wrong, when no crime, other than the break in to the server closet was committed, that was the least of his charged offenses.

May seem like I went off on a tangent, but its all related, and if we turn a blind eye to it, at some point we won't have the power to take back control of our personal identities and we'll be worse off for it. Just my 2 cents, valid to you(or anyone) or not, it does concern people and have impact on how we move forward in today's highly computerized world where everyone is not just a serial number, but multiples of numbers used for different things at different times by people with different purposes, largely without our say in how it's used.

[cooper]

We have no 5th amendment rights any more since effectively they've taken all privacy away, they can find you guilt without your own admission, or even evidence of total proof, it will always become your word against theirs, and we no longer live in am innocent until proven guilty society.

That's the 4th amendement, the right to be secure against unreasonable searches. The 5th is the right to not incriminate yourself. If the police has access to factual data that proves you were somewhere, your 5th amendement right still allows you to not admit you were there in the first place (their records might be corrupted or otherwise invalid, your car may have been stolen, etc). If they question you and tell you "We have information that places your car at location X" you have every right to respond to that with "That's a very interesting point that I'm sure my lawyer will have an opinion on" which is what you should be doing. Don't admit they're right, don't claim they're wrong, ask for a lawyer - it really is that easy.

Regarding the Do Not Call registry, you only had to reregister once every 5 years before 2007 and since then legislation was passed to make a single registration last indefinately. You should only have to reregister when you change numbers. It's true that you don't get any money for your efforts, but you get that warm, fuzzy feeling that you did your part and these companies can and do get fined by the FTC every so often, for whatever that's worth.

[...] my state of NJ [...] banned [street cameras], and are making them inadmissible in court [...] since they don't define who was driving at time [...]

Which is why in Germany they're required to take a picture of the front of your car, showing the driver, and send you the fine with the option to tell them who was driving the car if it wasn't you, on the assumption that if it wasn't you driving your car you damn sure know who was or are in a position to find out. Here in The Netherlands the owner of the car can send in a form to indicate someone else was driving, but they'd have to then identify the other person and lying on this form is itself a punishable offense. As the owner of the vehicle you're responsible for what happens to it and unless you can reassign the blame, whatever happens lands on you.

It's also worth noting that here in The Netherlands we have het "College Bescherming Persoonsgegevens" which roughly translates to "Person data protection commission". They're a publicly funded thinktank that advises the government on privacy issues, sues the government and companies for transgressions and generally try to keep your privacy safe. One of the big things they're combatting is companies combining their datasets. As an example, last december they sanctioned Google for combining the personal data of users across its services, so if they collect X on you via service A and Y on you via service B they can't attribute both X and Y to you in a complete system without your explicit approval and explicit approval does not mean change to the existing ToS document which you already agreed to. Google has until february make the required changes, or they get fined.

I've seen the first of the 2 videos you posted. Here you have a high-profile individual talking about the problem with the NSA's monitoring. After he did that talk, did you notice the whirlwind of change that blew through the various agencies to both solve the issue and prevent future reoccurrence? Given that, what do people expect this book to contribute?

[digip]

With respect to the 5th I was referring to remaining silent when we live in a world where the technology we use does the speaking for us and in many ways self incriminates us with evidence used by collected data sets. Like the canvas hardware id from your browser you also pointed out data set info from google being combined for other uses, the mass blanket of connecting dots isn't always contextual facts of something you did but in many cases can be used to speak for you. In the us we have border control that overrides our 4th as well that they often will have judges at tolls to issue warrants on tbe spot if you resist a search of your vehicle. Especially in states like texas, arizona and new mexico, most of the ones doing the road stop inspections are hired contractors vs law encorcement or govt employees. Point is, without good reason we're already collecting the data and storing it for future use. I don't see it stopping or changes after mikkos talks as much as it's surely proof we need and manybwant change though

[tripelix]

In the United States just about everything data is for sale. You do not need to post it on the Internet yourself to be exposed. Often companies steal your data or harvest your information without asking permission. As others here have pointed out government provides protection though the Bill of Rights and Constitution . But what happens in the United States more often than not is private violation. The easiest way to explain this to people that do not live in the United States or fully understand the law it that the Constitution and the Bill of Rights are between the people and the government. When the people gather to create corporations or names of other groups there is no protection because they are not acting as the government. There are not really rights expressed between people just criminal acts against one another.

A couple of you have brought up some great points. Someone from the outside may think that the Credit system as a violation of the fourth and fifth amendments. But since the credit companies are not part of the government only regulated by them there is no such protection. When you purchase something you are incriminated by what you purchased and increasingly your geo location or where you go. This goes into your credit report and encompass more and include your views and actions on social networks.



An interesting thing happens within the credit card process, when you use a terminal at a store the merchant that collects the information called a credit provider is not a bank or fall under regular banking rules. They steal the information from the transaction and sell it too. Now there is not law against this activity and it is used by the industry to “protect you” from fraudulent charges. That is what you are told actually the system is about getting information from you.

The chart displays the annual loss by the use for credit cards each year.


You might notice that merchants are well above banks and consumers. A interesting thing about this chart the banks don't really lose. Most of the money is paid bank within the Untied States though the FDIC insurance fund. No one knows what the real loss is but I would guess that it is in the millions.

if you dont know what a data broker is watch this you tube video

As it stands today legislation is dead and no hope of it comming back soon. It really is a good thing because most of it, is stolen information. Personally I call stolen information any item that is meta or actual and not agreed upon by the consumer. Any type of of regulation only legitmizes the stolen information.

There are more examples of this activity you can use the Internet and just about any web browser and get tagged back by Google, Facebook, twitter and around 400 other companies that track our web surfing habits. This action has no agreement either and the data or meta is stolen material. Google has no right nor do any of the other companies to track what we do. The agreement we may have with them leaves when we are not on their site.

What you can do is let yourself be known lets work together. Go to my site help me get the word out. When there are enough contacts I will be asking for a donation for legal action with a few thousand people the individual cost should be it the 50 cents to two dollar each range.

my book will be out sometime in the next 90 days, there is more information there.

The point is you don't have to be a sheep and take this crap especially with this crowd. That is if you are a United States citizen.

[digip]

The agreement we may have with them leaves when we are not on their site.

In theory, but we all agree to it without paying attention say for a few who put us on notice. By logging into Facebook, you essentially agree to all new privacy TOS and updates, while they make the changes, they don't have to tell you before logging in, since you're expected to read them yourself. Like Mikko did in the UK test, where the EULA asked for your first born, everyone clicked ok and used their free wifi experiment, which we know no one would really give their first born, nor a company come to collect, but it goes to show, most people don't bother to read these things, and in most cases think them all the same, when they aren't.

Today the EFF posted the following: https://twitter.com/EFF/status/563071137039781888

for which someone came back with a reply of what FaceBook is doing, which is more or less what Cooper stated about google with data sets:

https://twitter.com/SteveNixonIP/status/563074192829321217

[cooper]

That's what you get with that now ubiquitous batch of "social" (hahaha!) media buttons you find all over the various news outlets. By clicking those buttons you tell the world at large your opinion. By just viewing the button you've already told the media company what you're looking at which is of value in and of itself. Once you've registered with any one of these, they can track you.

The conclusion remains the same. Wargames said it best: "The only winning move is not to play."

For a HUGE amount of people that conclusion is just not acceptable. They need their daily dose of cat videos. They need to tell the world what they ate yesterday and how much they (didn't) like it. They need to voice their opinion to have a sense of identity. Given that, what can you possibly do?

Yes, I've given up trying to change opinion. I give them mine, I try to make them understand why what they're doing might not be in their best interest, but when all your friends are talking to each other using Facebook it becomes rather hard for them to not start doing the same. Then those same peers pressure them into spouting their opinion on everything that's going on in their heads out into the world via postings and while everybody looks at that and considers it harmless fun the media is having a field day.

And we all use this to our advantage too. I don't think I'm the only one who would Google the new co-worker or that girl you met in the bar yesterday. How often do you Google yourself? Just to see what comes up? Your employer is doing this, make no mistake about it. It's best to know what they might find out before it comes to bite you in the ass. The amount of people that lose their job because of online opinion spouting is on the rise. People shrug and say "That'll never happen to me". Time will tell I guess.

[digip]

By clicking those buttons you tell the world at large your opinion. By just viewing the button you've already told the media company what you're looking at which is of value in and of itself. Once you've registered with any one of these, they can track you.

The like buttons in themselves, are an analytics tracker, signed up or not though. They are essentially ad bugs like 1x1 pixel trackers used on sites, like buttons gather the same data, whether you're using Facebook or not, which is one of the reasons I keep JS and plugins off by default in my browser, which will only give the site owners my basic info for loading the image, vs any JS capable metadata they can combine with the general basic info you can't block other than using hosts files to stop loading their data completely, for which you need to know all sites you want to block. My hosts file is pretty out dated, but that's another reason people use ad block in a sense, although I don't know if it works like a hosts file, or just blocks loading the ads on the fly, for which your IP and browser basic data may still be gathered. Never looked into it fully for how it worked since as I mentioned, I leave everything off by default for new sites I visit and only enabled sites I need to use, one of the reasons I love the other Opera. Right click, change site's settings, per site, without loading third part scripts and plug-ins.

"The only winning move is not to play."

I think in some ways, this is true, but by putting out the data for future use, someone might come along with the sense to try something new we haven't thought of. Thinkers like Aaron Swartz who actively took jobs working for politicians to learn how that end of the law worked, did research to match correlations between money backers and laws that changed to benefit people directly tied to the backers, he was making a difference, no matter how small that may have seemed to some, he's inspiring in may ways for his look at the internet and what he was doing. Like him though, and as you said in your country you have a body that sues on behalf of the people, we have the EFF although not sure they only fight for US law changes, they are trying to make change, but our court systems are so ass backwards, that often common sense is overridden by corporate greed, bureaucracy, or down right ignorance to keeping constitutional laws of our physical world applied to the digital age, which there is a huge gap there in and many out dated laws to begin with, with bills on the floor to bring back things like SOPA and CISPA under different names, for me, I see it all one and the same that its tied together, from the privacy side, to the archaic penalties against "crimes" committed by people using computers.

Yes, I've given up trying to change opinion. I give them mine, I try to make them understand why what they're doing might not be in their best interest,

^This. This is more or less what we can do though, even if that is all, by giving the people the data to use, its in their hands. If we let the blind lead the blind without putting up some sort of screaming buzzer when the reach the edge of a cliff, may will fall off till they hear others screaming on the way down. We don't have a right to tell people they can't get their grumpy cat fix or people of walmart likes on their FB pages, but people should have access to info from all sides so they can make that choice with some idea as to what is happening, like the data brokers selling our info. We're human beings, not products or commodities traded on wallstreet, but the internet in a sense and even offline, marketing companies, treat us that way.

In the US, there are clauses in your CC and Insurance apps, that if you apply for a CC, you can opt out of offers for insurance and CC's since by default, once you sign up, you have given consent to be sent snail mail spam. Most people get a shit ton of paper waste spam esssentially, which they can stop to some extent, but most just toss it in their trash can, not realizing, they got that because someone sold their info when they filled out an app for a new car purchase, had their credit run, or applied for a store CC, same works with the internet. By opening a browser, you've opened Pandora's box in a sense, and its very hard to have control of how you do things without having to worry about how your data is uses, from data brokers to cyber stalkers.

All I'd like to add is that, nothing wrong with providing people with the info so they can decide how to use it, and if nothing changes, no worse off for it, but if one person finds it useful or at some point more useful for changing laws on the books like the EFF is trying to do, then its in the hands of the people and they can figure out what they want to do with that info. Not knowing and ignorance is fine, but once you know, its up to you what you do in the end. I myself take privacy and security very serious in this sense and take an active role in what I do, but also towards those around me, in my home, etc, and try to let them know why doing XYZ or using app ABC is not a good idea, and they decide for themselves the risks. Can't tell you how many times I've had my sister or neice come to me because someone was bullying them online, only to have all their info thrown on some page they never even visited, where another person with malicious intent posted it. My sister ha had to change her phone number multiple times, and my neice even had her phone stolen by a kid in school which she couldn't prove, but they managed to get into her social sites and changed her emails and passwords for them which some of we got back, others, just let go, but then the person could go around impersonating her to her friends, which was a mess in itself having to go and tell everyone "hey, that's not me sending those messages from WhatsApp or SnapChat" and as such, learned the hard way.

[tripelix]

@digip thank you for the linkks intersting stuff

[digip]

@digip thank you for the linkks intersting stuff

You're welcome.

[tripelix]

As a programmer I will probably be asked to run queries on your data, as well as design queries for deriving useful info from your data, so hi there!

On that note did you hear that target some years ago managed to come up with a query that could determine which of their customers were pregnant at any given time? Basically pregnant chicks buy specific products like unscented lotion etc. Was a little bit creepy, but would so love to see what the query looks like.

Long live the technocracy!

contact me if you are interested in working on the project

[cooper]

[...]a query that could determine which of their customers were pregnant at any given time? Basically pregnant chicks buy specific products like unscented lotion[...]

SELECT CUSTOMER.NAME FROM CUSTOMER, SHOP_CARD, PURCHASE, PRODUCT

WHERE CUSTOMER.GENDER = 'F'

AND PRODUCT.NAME like '%lotion%'

AND PRODUCT.NAME like '%unscented%'

AND PRODUCT.ID in PURCHASE.PRODUCT_ID

AND PURCHASE.TIMESTAMP > now() - INTERVAL '1 month'

AND SHOP_CARD.ID in PURCHASE.SHOP_CARD_ID

AND CUSTOMER.SHOP_CARD_ID = SHOP_CARD.ID;

[overwraith]

SELECT CUSTOMER.NAME FROM CUSTOMER, SHOP_CARD, PURCHASE, PRODUCT

WHERE CUSTOMER.GENDER = 'F'

AND PRODUCT.NAME like '%lotion%'

AND PRODUCT.NAME like '%unscented%'

AND PRODUCT.ID in PURCHASE.PRODUCT_ID

AND PURCHASE.TIMESTAMP > now() - INTERVAL '1 month'

AND SHOP_CARD.ID in PURCHASE.SHOP_CARD_ID

AND CUSTOMER.SHOP_CARD_ID = SHOP_CARD.ID;

Awesome cooper, SQL is not my strong suite yet. Am mending the situation with a LINQ book, and an SQL book.

contact me if you are interested in working on the project

Actually the data I was referring to was your corporate data, collected by these companies. Was making a joke. Am just kidding I would never look for information on a specific user.

Edited February 6, 2015 by overwraith

[cooper]

I actually messed up a bit because for that query to work the PURCHASE table would have a record for every item purchased and each of those records would have its own TIMESTAMP.

More likely you'd have PURCHASE and PURCHASE_ITEM. PURCHASE contains SHOP_CARD_ID and TIMESTAMP, PURCHASE_ITEM would contain a PRODUCT_ID and PURCHASE_ID.

But generally speaking it's really just that simple.

The strength of Big Data lies in combining quite a bit more than 4 tables and, from what I've seen so far, there aren't a lot of people out there who know how to do Big Data well. The language is somewhat restricted SQL with a very small set of added bits.

[tripelix]

Awesome cooper, SQL is not my strong suite yet.

Actually the data I was referring to was your corporate data, collected by these companies. Was making a joke. Am just kidding I would never look for information on a specific user.

cooper you forgot the from statement where

I actually messed up a bit because for that query to work the PURCHASE table would have a record for every item purchased and each of those records would have its own TIMESTAMP.

More likely you'd have PURCHASE and PURCHASE_ITEM. PURCHASE contains SHOP_CARD_ID and TIMESTAMP, PURCHASE_ITEM would contain a PRODUCT_ID and PURCHASE_ID.

But generally speaking it's really just that simple.

The strength of Big Data lies in combining quite a bit more than 4 tables and, from what I've seen so far, there aren't a lot of people out there who know how to do Big Data well. The language is somewhat restricted SQL with a very small set of added bits.

do you have access to a dataset or are you guessing as it is a flat table layout? I know sql myself how about the abstract data i have been asking about at http://lists.nextmark.com?

[overwraith]

SELECT CUSTOMER.NAME FROM CUSTOMER, SHOP_CARD, PURCHASE, PRODUCT

WHERE CUSTOMER.GENDER = 'F'

AND PRODUCT.NAME like '%lotion%'

AND PRODUCT.NAME like '%unscented%'

AND PRODUCT.ID in PURCHASE.PRODUCT_ID

AND PURCHASE.TIMESTAMP > now() - INTERVAL '1 month'

AND SHOP_CARD.ID in PURCHASE.SHOP_CARD_ID

AND CUSTOMER.SHOP_CARD_ID = SHOP_CARD.ID;

Come to think of it, the NSA and CIA probably search for terrorists the same way, only substituting the tools of the trade, like pressure cookers, and large numbers of cell phones and chemical components of various products.

[digip]

Come to think of it, the NSA and CIA probably search for terrorists the same way, only substituting the tools of the trade, like pressure cookers, and large numbers of cell phones and chemical components of various products.

hence the need for stopping the mass blanket of data collection, since its not illegal to buy those things, and none of anyones business in the first place. Someone commits a crime, you investigate. You shouldn't monitor everyone for no reason without warrant, which we actually do today, not just in the US, but in all countries. Governments are more and more doing mass data storage on everything we do in our lives, physical and digital. Doesn't make us safer, only makes us suspect for probable cause, which is unjustified until we've committed a crime yet many laws allow them to detain us per chance we had intention or motive, and leave you in prison under observation(or until you just give up and admit guilt when you probably didn't do anything wrong in the first place).

We shouldn't be living in a pre-crime society, even if science fiction often becomes reality, Philip K. Dick was way ahead of his years with The Minority Report. Profiling is real though, and the patriot act in many ways is the US version of this, while other countries already have laws on the books to keep people detained, while using words like "therapy" as a reason, even if a crime wasn't committed.

[cooper]

cooper you forgot the from statement where

First line, after the second space. Especially for someone who's writing a book both your grammar and your reading skills are truly disappointing.

do you have access to a dataset or are you guessing as it is a flat table layout? I know sql myself how about the abstract data i have been asking about at http://lists.nextmark.com?

Guessing, obviously. The point I'm making is basically if you have the data together in a single database and you can follow the links from A to B you can work this out. When you combine multiple databases things get trickier.

And maybe I'm missing something, but what makes you call that statement one that assumes a "flat table layout" and what other variants would you've expected here? Phrased differently, when is something a "flat table layout" and what other layouts are there? Or were you expecting various JOIN statements as part of this? I believe they're faster, but my statement makes no assumptions about the presence or absence of relations between the various tables, and neither does a JOIN statement.

Edited February 6, 2015 by Cooper

[overwraith]

I suppose I understand the point on the government not having probable cause, but do you really think that it is a good idea to eliminate these corporations livelihoods just because they are researching things that could be privacy infringing? Some people may actually have use for this type of material, for instance polls, research, and statistics. Some of this actually sounds like the data used to derive statistics for peoples research. How else should we be recording rape statistics for our college level papers? Affirmative Action people and women's suffrage activists use rape statistics all the time, but are they accurate? I have been learning a lot about programming, and programming at some point accesses a database. This could severely limit my ability to do my job in the future. I can also see the government trying to dip into my database, but that's when you pull an apple stunt on them. I think that perhaps some output should be sanitized. What solutions would you propose for this?

Edited February 6, 2015 by overwraith

[cooper]

There is no solution.

Certain sets of data needs to be retained, simply because you need management info. Some data should be removed after an X period of time and there should both be rules governing this and it should be policed and from what I gather both of those are currently rather lacking. The work I do is for healthcare institutions. It's outright illegal for them to remove your records but since the data is effectively yours you can ask for a copy and they're required by law to give it to you.

For supermarkets, they want to know what sort of stuff you're buying and how much how often so they get a sense of the products they should keep in stock at what time. For such a supermarket to then use this data to make an educated guess about pregnancy, I can only guess that they want to market specific products to you specifically which if done right would benefit both parties although the customer might find the supermarket potentially intrusive/stalky.

The big supermarket here is Albert Heijn. They have a customer loyalty card which you can personalise. When you do, you get a weekly email with a personalised offer supposedly specifically tailored to the things you tend to purchase. Up until now I'm not at all worried by being in this program. All the shit they're peddling me has not once enticed me to take them up on the offer. If you choose not to personalise the card you don't get the additional offers, just the standard ones which, for most, would be good enough. I did notice, comparing my email with that of my parents, that people do invariably get different offers in the mail and they are indeed unique to that person's card...

The thing I don't get is when people make these lists and sell them on, one has to assume the recipient of that list expects to make more than that amount of money from it in additional sales. If you pay 8c per person for a list of rape victims, what the hell are you trying to sell? Guns and other personal safety items? Wouldn't you say it just might be in those peoples' interest to be shown what's available to them? The only worrying bit is that the marketing slime that works the list knows what being on that list means, and might look for people (s)he knows to see if there's something to gossip over. That, I feel, is where the danger really lies.

[digip]

Statistics are fine and census data as well so long as its anonymous or voluntary. When you get a copy of your lifes profile and see what's in it you may think differntly. I dont think it impedes your ability to learn, program or use databses just because the data is anonymous or private data removed. other hen when its needed such as medical or banking records, in those cases it should be stored securely ans encrypted with no reason to be in the public domain.

[StoneyBBS]

Never in the time of human existence has each detail of our daily lives been under such constant scrutiny.

Tripelix (@) outlook.com

I agree with you (on the corporate part), but nothing has really changed. 50 years ago, the local barber shop kept track of his customers, just as the local doctor kept track of your patient records in folders behind the front counter. The only difference now, is that the internet allows this personal data to transfer over a medium that can no longer rely solely on physical security.

So what's changed from then, to today? "Corporations" as you say, track your information... 50 years ago, most people paid for things with cash? What's changed...? Credit cards aren't required... we just choose to use them because they are more convenient and we get "points."

Although I agree with your frustration, are you basically asking the same government you just criticized, to now pass regulation on your behalf?

I agree with Cooper.

[tripelix]

I agree with you (on the corporate part), but nothing has really changed. 50 years ago, the local barber shop kept track of his customers, just as the local doctor kept track of your patient records in folders behind the front counter. The only difference now, is that the internet allows this personal data to transfer over a medium that can no longer rely solely on physical security.

So what's changed from then, to today? "Corporations" as you say, track your information... 50 years ago, most people paid for things with cash? What's changed...? Credit cards aren't required... we just choose to use them because they are more convenient and we get "points."

Although I agree with your frustration, are you basically asking the same government you just criticized, to now pass regulation on your behalf?

I agree with Cooper.

Cooper had some great points however I believe that he misses a few things since he is not from the United States nor does he live in its society. His expectation of privacy is different.

Your barber may take cash and you are right that we are not obligated in using credit.

Where the expectation of society leaves America on its own is that in the US you have an expectation to be let alone. legally it was defined , Judge Thomas McIntyre Cooley wrote in ‘A Treatise on the Law of Torts: Or the Wrongs which Arise Independent of Contract’, 2nd edition 1888, page 29 under the classification of legal rights “Personal Immunity the right of one’s person is said to be a right of complete immunity: to be let alone.”

It is the legal description of privacy within the United States that can be applied to civil law.We also have a strong history with property and its ownership. The barber can keep a list for his use, but if he sells it he is violating not only your privacy but he has sold your property. The credit card industry also is selling your information without your permission. You own your name it belongs to you. The industry selling it to advertising also violates your privacy and property. Now there are many people are under the brief that just because its out there makes it public domain, that isn't true either. There are lots of cases around software and a lot of the same companies have rulings that can be used ageist them. Popular belief and what is the spirit of the law rarely coincide.

The first step is claiming your own property and then following it up. That is what part of itsmyinfo.org is all about. The other is putting light on who is selling information list of those that list us. Verbally I want to screw with the mail list data set. if you hear me on radio, pod cast or in person ill explain how that is done. The data on the interest is vulnerable to what is never posted. I don't know if Cooper is on beenverified or any of the other 200+ brokerage vendors. If you are an american citizen you can opt-out. You can find the links on my site or on http://www.worldprivacyforum.org/2013/12/data-brokers-opt-out/%C2'> can opt out of the credit selling crap too. But why should we opt out of any it? It is not their property, it is collectively our information. The process is backwards. The industry knows that what they are doing has problems.

I am not looking for regulation it never works anyway. What I came to this site for was looking for a coder that could help me with part of the project. I will reach out to someone when I attend bsides or one of the other gatherings, apparently the people from here don't read their own forums. The girl was cute though, that they sent to Defcon.

[overwraith]

Tripelix has a point, in the US we can't really buy anything important without a credit card. Everything is online via amazon etc. Is the e-commerce pattern, requires some form of credit card. Paying in cash is impossible. You try finding a book on steganography, shellcode, reversing, metasploit, or penetration testing books without a credit card. The majority of local book stores will not have these things. By not using a credit card you are really hamstringing yourself. There should probably be some more thought into some kind of alternative e-commerce setup, but honestly who will take the initiative to do so? The government and businesses don't have any incentive to do so.

Edited February 15, 2015 by overwraith

[digip]

As he said better than I can, its backwards. We shouldn't need to "opt-out" since we never "opted in". You're in by nature of the systems in place everywhere and unless you explicitly request to opt-out(which is on the honor system more or less other than creditors who are required to send you privacy notices in the mail), you don't get the option to agree or disagree.

Imagine if every site you visited, was required to make sure you read an EULA every time you visited. It would essentially make the web unusable, because one site, may have 20 metric and analytic tools, trackers, ads, etc, embedded in the site, and for viewing each of those, you would have to agree or opt-out of each of them. Business on the internet isn't done this way. You're in their system as soon as you visit the site, and from there, up to you to try and get off their list(s), which in itself, is next to impossible. @tripelix is trying to compile a list so people who want to be proactive for them self, have access to the other side of the coin and can act on it if they want, which I applaud.

It's very hard to try and implement something, say, encryption for everyone that protects your data, when by design, it was never built in from inception. It's an after thought, but doesn't mean we shouldn't strive for something better than what we have in place today, or learn how to work around it to protect ourselves. It's still up to us in the end, but having the info I think puts us in a better position on how we make decisions in use of our devices, the internet, or even in the physical world around us where everything we do is being recorded, filmed, listened to, etc.

[tripelix]

If are in the US and you would like to send a letter, I have a form on itsmyinfo.org it is a declaration of personal privacy. The site requires an email address so i can get back in touch with you there is a valid reason i would want to contact you,

Each local business you do business with should receive a certified snail mail copy. Especially if it is a big conglomerate with a loyalty card program. The idea is that you give them a cover letter and a permission slip for every company in which they do business They in turn will disclose who they do business with and you send a copy of the form to them, until you contact everyone in the chain. Always make a copy of the letters you send and staple or tape the return paperwork from the post office to the copy. I do not expect at first any company will contact you. keep all of your copies in a folder. Don't worry the companies will throw the letter away, they wont contact you back.What you are after is the copy of the certified letter and the receipt from the post office. These will be the basis for a civil case ageist the company. Before you ask no i do not want to create some class action case either, we need a change in precedent in our legal system. These letters, all of them will be admissible to any court in the US. You are never to send originals copies to me only copies or scans to the legal firms when needed.

I will be sending emails asking who has contacted company X. I do not want to keep track of who has contacted who for a wide variety or reasons. You can also contact the group via my website or on twitter #MYRTP MY Right to property.

There are more things in my book still going back and forth with the editor. There are things for your senators and representatives at the federal level and things for your local state legislators. I have a plan that spans personal action, the courts and federal and state governments.

It is going to take a while to turn the boulders using toothpicks..