Transition from Privacy 1.0 to Privacy 2.0, and a few ways to protect ourselves… – by “Michael A”

As the world and human race have evolved, so has the means by which we communicate. At first, hand signals, cave drawings and the primitive languages of ‘caveman’ marked the earliest forms of communication. This transitioned into fully formed languages and writing. Along with writing, new sources of media such as photos, videos and songs became popular forms of communication. And with the invention of the silicon chip, all forms of communication became available and transferable through computers. This marked the beginning of our shift toward digital data.

Offline dossier to online dossier

Modern information technology trends suggest that we have an insatiable desire to aggregate all of our information through digital means. Companies such as Facebook, Flickr and Google provide useful services to users that participate in these communities. Other products, for whatever reason, seem only to be a nuisance that create no palpable value (See Blippy, Foursquare; and again later). The importances of these products reside in their ability to provide real-world effects, through Internet means. Friends can stay connected through Facebook with common sharing of information and can inform each other of given locations, so as to make the connection come full circle back into the real-world. In the process, small bits of information are left behind.

Important or not, this data is collected, stored and forever connected to our username, or IP address. Companies such as Facebook, Google and Amazon target ads and ‘recommended products’ based on proprietary algorithms coupled with all of their known information. If you look for a few programming books on Amazon, chances are you’re going to get a suggestion for some sort of Tim O’Rielly book next time you log on. Amazon has taken the place of a bookstore employee that suggests the next related book for whatever your interest may be. In this case, it does so instantly and with better-assembled data about a person’s interests. Whether you like it or not, these digital dossiers of personal information are formed based on everything digital. From places you’ve been, websites you’ve visited, products you’ve viewed or mouse movements you’ve made.

Some (myself included) choose to participate in the construction of our digital dossiers. Facebook has become a great way to transform the entire social portion of people’s lives into 1’s and 0’s that are stored on the Internet.  (Watch)  Users actively participate in the construction process by uploading pictures, maintaining conversations through posts, messages or chats or liking certain bands, movies, or books. Ever wondered what all the data might look like aggregated? (Try it out, seriously, download all of your FB data and see the substantiality).  Small tidbits of information observed in pieces may seem inconsequential. But, when aggregated, this information creates a much different situation and it becomes much more valuable. The individual wants to protect the dossier, while other services want to obtain and exploit the dossier.

What if privacy is breached?

With most personal information digitized, such as Facebook likes, bank statements, medical records, or relationship statuses, how can we be sure that it will always remain in a secure location? Sure, server warehouses seem safe (maybe not).  But what if the data is stolen/found/obtained over the Internet? (Firesheep) Imagine the outbreak if Facebook, Google or some other products were found to be emitting data about its users to others. Oh wait…whoops  (Here, Here, Here).  There’s sever backlash when an Internet service fails to make good on its social contract of maintaining tight security of users’ data. On the other hand, Foursquare and Facebook Locations are built on the premise that people want to share their much more with others. The iPhone OS 5 has this feature as well that allows GPS tracking of other phones (sometimes for incriminating purposes).

How can we be sure that this information with always be for the betterment of society? Up to the minute tracking abilities could possible pose security threats to anyone that may be interested exploiting them.

Whatever our obsession may be with sharing personal information, it could pose a substantial threat if used in ways that target the real-world individual from digital information. The interest in uploading, sharing and aggregating all information lies in the movement to digitize the real world. The comfort levels that some experience on the Internet suggests either misunderstanding of the dangers involved, or irrational behavior.

A few ways to protect yourself:

–       For those who maintain personal websites and seek protection, Robots.txt allows the creator to disallow most web-crawling bots to index such sites. While most major search engines support it, it is not perfect. A good start, nonetheless.

–       To create secure files, TrueCrypt provide a free, open-sourced product that will take any file, encrypt and mount it to a disk image with password protection.

–       For a secure email service, Hushmail is considered the best.

–       Good web practices such as disabling cookies or taking note when a certain website is secure (HTTPS or SSL encrypted) will help prevent any unnoticed breached or privacy

 

Should there even be more protection?

While taking certain precautionary measures is important, such as described above, there is no guarantee that all digital information amassed will be completely protected. The only sure-fire way to make sure is to not participate in the creation of a digital dossier in the first place. But, for most it’s too late. In this case, what else can be done to bring about more protection from potential leaks of data? Government intervention or control won’t work; as they’re most likely those that could best use such information for incriminating purposes. Legislation could only seek retribution after data is already ‘misplaced’ and would not create any new incentives to further protect it. Is there anything that can legitimately protect someone like me?

What about the idea of ‘Mutually Assured Destruction’ in this context? If we all have incriminating, embarrassing, or private information online, then we all at the mercy of those who control such data. Surely there’s someone else out there with worse or more incriminating or more embarrassing information than I have. As such, any exposure will look relatively much worse for them; and as long as I’m not the worst, I’m not a target…Yeah, that’s probably the best way to think about it.

Apple: The End of the WebKit Philosophy – A Move Towards Integration – by “Ian F”

When Apple emerged from near bankruptcy in the late nineties to target a niche market, it made open source a high priority. Now, we see Apple veering from that path. With mobile computing becoming more popular and the tablet market growing, we find ourselves witnesses to an all out war between Google and Apple. The result is Google portraying Apple as closed and guarded, preventing the public from contributing to and improving it. In a way, Google’s right. Over the last few years Apple has slowly been closing certain doors to developers and consumers. However, Apple argues that it has found a middle ground between open and closed source. It fights back at Google with the concept that fewer devices and software, and more  control is better.

 

The History of WebKit: When Apple Was Open Source

WebKit was Apple's original open source project

In 2003, Apple announced the release of its new web browser Safari. The company said it was built on KHTML, the rendering engine used by KDE Linux. Apple made improvements and added content to KHTML and then released its version of the code as WebKit.

Why would Apple allow public access to the source code of a valuable product like Safari? Because it had to by law. KHTML was partially developed by bedroom programmers and they licensed it under the Lesser GNU Public License (LGPL). The main idea behind the LGPL is: If you distribute a copy or modification of a code licensed under the LGPL, you have to give away the source code too (if they ask for it).

There were two real reasons Apple decided to build on open source software. The first and simplest answer is that creating a rendering engine from scratch would be a massive undertaking and Apple didn’t want to spend the time or money. The second is that Apple was worried about Microsoft. In the early nineties, Microsoft pushed Apple into an extremely small corner of the market using Internet Explorer (IE). The well-known browser became the standard for Internet interactivity and only came bundled with Microsoft Windows. Apple knew that a lot of websites required IE to work correctly so they pushed the adoption of an open standard: WebKit.

At the time, Apple was promoting open source and had no problem posting the code. But, they didn’t realize what WebKit would become and how their outlook would change. During the years following Safari’s release, Apple made continuous updates to WebKit. They also used it to create other applications like the Apple email client Mail and it soon served as a base for the wildly successful iOS mobile operating system. Eventually, other companies made the same choice Apple made in 2003; they wanted to use WebKit as a base for their own products. So we saw other WebKit projects emerge (especially in the mobile genre): Windows’ game distribution software Steam, parts of Adobe CS5, Google Chrome, the Palm Pre interface, BlackBerry Browser, and the Android web browser (to name the most popular)

Kindle Fire
The Kindle Fire runs on Android, a WebKit based OS, and is direct competition for Apple's iPad

So, some WebKit based software is in direct competition with certain Apple Max OSX and iOS software. To take it a step further though, some companies have started porting these softwares to hardware devices that conflict with the Macbook, iPhone, and iPad Tablet. For example Google’s Chromebook, any Android equipped smart phone, and now Amazon’s new tablet the Kindle Fire.

 

 

 

Apple Slowly Closes the Doors

Apple became a great open source alternative to Microsoft, promoting innovation and growth in the industry. But soon, Apple started withdrawing some of its open source efforts, it started limiting privileges and how its devices could be used.

Apple was forced to sacrifice it’s open source roots to sell the iPod. Apple had to include DRM on iPods and had to advocate the DMCA if they wanted to convince the music industry to sell on iTunes. Then, Apple restrictions continued. In September 2007, Apple started adding a checksum hash to iTunesDB files (the files needed to sync libraries to iPods). This encrypted the files and made it impossible to use third party software like Winamp and Songbird. The open source community was angry with apple and the hash was hacked. A constant progession of updates and new workarounds eventually ended when Apple issuing a DMCA takedown against iPodHash, a BlueWiki group.

The trend of limiting third-party developers continued with the App Store. One reason the iPhone was so successful is the plethora of useful (and pointless) apps. There was something for everyone, made clear in Apple’s advertising campaign “There’s an App for that”

But, developing apps for Apple devices is becoming a more demanding process. There are constant updates to the rules that determine whether an app is allowed into the store. In fact, it’s possible for a developer to spend months of time working on a project, only to have it rejected by Apple’s rigorous review process. This means third-party companies and individuals are taking their products to platforms where they know they’ll published. The same is the case for the new Mac OSX App Store. We could see in the near future, an operating system supported only by apps bought through the store.

The most extreme and conclusive evidence that Apple is moving away from open source was a failure to release WebKit code in a timely manner. Both iOS and Android have roots in WebKit so both Apple and Google have to update the source code when they release updates or new versions of their operating system. Apple has been taking longer and longer to do so. Apple has waited as long as six months after an update to release source code. That was only after an outraged blog onslaught by the open source community.

 

Apple: Integrated, Not Closed

Google is promoting itself as open source and by doing so, casting a shadow on Apple. The competition between iOS and Android is important and Google is trying to portray Apple as closed and hoping to do so in a negative light. However, Apple makes a good argument and tries to reword the dilemma:

We think the open versus closed argument is just a smokescreen to try and hide the real issue, which is, “What’s best for the customer – fragmented versus integrated?” We think Android is very, very fragmented, and becoming more fragmented by the day. And as you know, Apple strives for the integrated model so that the user isn’t forced to be the systems integrator. We see tremendous value at having Apple, rather than our users, be the systems integrator. We think this a huge strength of our approach compared to Google’s: when selling the users who want their devices to just work, we believe that integrated will trump fragmented every time.

…So we are very committed to the integrated approach, no matter how many times Google tries to characterize it as “closed.” And we are confident that it will triumph over Google’s fragmented approach, no matter how many times Google tries to characterize it as “open.”

—Steve Jobs

Here, Apple tries to turn the tables and portray Google in the negative light. Apple’s version of vertical integration  is smart business. It means using Apple software and hardware in sync to create a seamless user experience. Apple claims that Android has already been ported to too many devices to allow integration.

 

Wait And See

It will be interesting to see where this battle of two tech giants goes. Will Apple be too restrictive in the future? Will they eliminate the very characteristics that made Safari and iOS so successful? Or will it be the case that the user experience is so simple and entertaining that everyone owns four Apple devices?

 

 

 

 

Thaler’s Right: Data Ownership – by “Max C.”

This week’s iPhone controversy is a big deal, but it also could be a win for consumers. Normally, to find out the information about you that your carrier has already taken and is now selling to law enforcement agencies, you have to sue them in court— but with the iPhone, at least, you yourself also own a copy!

Was the iPhone location tracking file an egregious error, especially since they didn’t notify users? Probably. Will it be patched, never to be seen again in the next version of iOS? Probably. But that’s a bummer for people that like owning their own data.

Writes Richard Thaler in today’s NY Times:

If a business collects data on consumers electronically, it should provide them with a version of that data that is easy to download and export to another Web site. Think of it this way: you have lent the company your data, and you’d like a copy for your own use.

That sounds a lot like what you iPhone location file is. One of the stink bombs thrown up over this iPhone debacle is, “this information isn’t behind a firewall.” True— which means that YOU own it, instead of your phone company. Besides, lots of private information up behind a firewall just creates another juicy target for a hacker (a la Epsilon’s data breach). Are we really getting to the point where we don’t want users owning their own data because they’re so incompetent they might get hacked? Even Thaler’s semi-paternalistic book Nudge doesn’t go that far! Besides, as David Pogue points out,

The one legitimate concern, therefore, is that someone else with access to your computer could retrieve the information about your travels and see where you’ve been. Your spouse, for example. The researchers also mention “a private investigator,” but that’s a little silly. A PI is going to break into your house to inspect your iTunes backup? If your computer is that accessible, you’ve got much bigger problems.

Most likely, the only person that is really that fascinated about you is… well, you. Pogue again:

Meanwhile, accept it: Yes, Big Brother is watching you. But he’s been watching you for years, well before the iPhone log came to light, and in many more ways than you suspect.

And you know what? I’ll bet he’s bored to tears.

There’s an App for THAT? – by “Stephanie R”

Android Market, retrieved from android.com

Watch out there, folks.  Though to some the open App Marketplace may seem like the best thing ever, to others it’s a lawsuit waiting to happen (or at least it allows for a significant level of creepiness).  For example, the SMS Secret Replicator Andriod App, created by DLP Mobile, forwards all text messages from the cell phone on which the app is installed to another phone of the downloader’s choosing.  If that’s not creepy enough, once the app is installed, it leaves no trace of its existence on the phone, so there is no way of knowing it is present on the device.

One aspect that clearly differentiates the Android Market from the Apple App Store is the idea of an open market to which any developer is welcome and encouraged to upload a custom-made application.  However, in late October of this year, Google initially approved the SMS Secret Replicator app, and then removed the application from the Andriod market just 18 hours later claiming it “violate[d] the Android Market Content Policy.”

iPhone Apps, retrieved from apple.com

Being a Palm Pre user myself, I am not extremely familiar with the unlimited world of mobile applications.  However, while I have explored the facilities of an iPhone on multiple occasions, my knowledge of Android phones is quite limited, so I decided to speak to a close friend about her Droid experience.

Though my friend initially desired an iPhone, her current wireless carrier was Verizon, so she settled on an Android device as her first smartphone.  After her first month as an Android owner, she loves her “sleek and user friendly” phone with great apps and she doesn’t “feel like [she’s] missing out on anything the iPhone has to offer.”  Though she was unaware of the ability of any developer “to easily publish and distribute their applications directly to users of Andriod-compatible phones” after paying a $25 registration fee (as stated on the log in screen of the Android Market), she likes that it allows for more selection and choice, but does not think that anyone should have access to personal information such as “your location, biographical information and other private information” through certain applications.

Upon hearing of the SMS Secret Replicator for the first time, her reaction was, “Umm…does that exist? Cause that is really creepy. …I don’t think an app like that should exist.”

SMS Secret Replicator Application, retrieved from hothardware.com

Exactly, this Application should not exist, and thanks to two specific aspects of the Android Market Developer Distribution Agreement, it has been suspended.  Section 4.3 begins “You agree that if you use the Market to distribute Products, you will protect the privacy and legal rights of users….If your Product stores personal or sensitive information provided by users, it must do so securely and only for as long as it is needed.”  While personal or sensitive information usually refers to items more like passwords or medical information, I believe it is safe to say that individuals tend to send personal or sensitive information in text messages when they are under the impression that they are aware of exactly who will be receiving that information.

Section 7.2 Addresses Google Takedowns – “While Google does not intend, and does not undertake, to monitor the Products or their content, if Google is notified by you or otherwise becomes aware and determines in its sole discretion that a Product or any portion thereof or your Brand Features…(e) may create liability for Google or Authorized Carriers…(g) violates the terms of this Agreement or the Market Content Policy for Developers…Goodle may remove the Product from the Market or reclassify the Product at its sole discretion.  Google reserves the right to suspend and/or bar any Developer from the Market at its sole discretion.”  Essentially, the SMS Secret Replicator Application had the potential to create liability for Google and violated the privacy of users, which, in turn, is a violation of the terms of the Agreement.

Though this specific application has been banned, the thought that if I buy an Android phone, someone can potentially pick up my phone if I leave it unattended and quickly download an application that will forward all of my text messages to their phone is terrifying.  So don’t leave your Android on a table by your “friend” while you run to the restroom.  With an ever-expanding app market, the next thing you know, every photo you take with your cell phone camera will wind up on your mom’s computer screen in the middle of the family kitchen.

It appears that within the past few weeks the two previously mentioned app purchasing locations (the Android Market and the Apple App Store) are moving closer to one another in terms of rules and regulations.  While Google has advertised its Android Market as a place where anyone can contribute their original idea for an app, it has had to start cracking down on developers who have taken this liberty one step too far.  On the flip side, previously known for it’s rather strict censorship rules when it came to allowing developers to use certain development tools when creating an app for an Apple device, Apple received a great deal of ridicule for rejecting apps on ridiculous platforms.  The company has recently decided to relax its restrictions on the use of these development tools, giving developers more flexibility, and to publish the App Store Review Guidelines to improve transparency.  Unfortunately, many issues with these guidelines have been recognized – especially by developers.

Google Voice for Mobile

As part of this new, relaxed Apple restrictions, as of today, the Google Voice app has been approved for the iPhone.  This is a pretty big deal because between when Google submitted the application to Apple over 16 months ago and today, the FCC had to step in to ask whether Apple and AT&T were trying to prevent Google’s services from competing with their already built-in features (including making voice calls from the cellular device, sending text messages, checking voicemail, etc.). Shall we jump back in class a few months to the topic of Net Neutrality?

As of today, the Google Voice app can be downloaded for free on the iPhone. The Google Voice mobile app has already been available on Android phones and Blackberry phones for a few months.

Google Voice for iPhone, retrieved from blogsdna.com

As Spotify takes off, is a service-based model the future of music? – by “Samuel D”

iTunes has been leading the charge in legal online music sales since 2003 (selling over six billion tracks in that time) by selling individual songs and albums (DRM-free since January) through its iTunes Store software. Some interesting (ostensibly) legal alternatives have popped up over the years (Rhapsody, Pandora, imeem, Lala, MySpace Music), but none pose as great a threat as 2006 start-up Spotify. Spotify takes an entirely legal, service-based, streaming model to a new level, and the results overseas have been astounding.

Spotify has reached deals with major music labels for use of their collections. Users can stream the music with no buffer delay using a free version (with advertisements every half hour) or an ad-free premium version (for the equivalent of $16US per month). Users can also buy a one-day pass to go ad-free for 24 hours (for the equivalent of $1.62US).

Sharing: One of the most popular features of Spotify is sharing. Since the entire streaming library is available to all users at all times, users can share songs and elaborate playlists with users instantaneously. One user could make a 100-song playlist for a party, send it to a friend, and the recipient could play it instantaneously without downloading any files or buying any songs.

Offline: Users can cache up to 3,333 songs for offline use. This, clearly, would be larger than most people’s iTunes library and makes Spotify a direct (and potent) iTunes competitor. It’s also a huge competitive advantage over several of its streaming counterparts.

Geolocation: Spotify is the inverse Hulu, in a way, as it is currently only available overseas in Norway, Sweden, Finland, the U.K., France, and Spain. They are working hard to bring the service to the U.S. The Stockholm-based company is opening a U.S. office this year. The U.S. launch is imminent (as they reach deals with U.S. record labels), but apparently will rely on a mysteriously “slightly different” business model.

spotifyiphone

Portability/Mobile: The basic Spotify experience works through downloadable software (synced across multiple machines), but Apple recently shocked the tech community by approving the Spotify iPhone/iPod Touch app for the App Store. The app lets premium users stream the entire Spotify library over 3G or Wi-Fi AND sync offline. Given the offline sync, the Spotify app would instantaneously eradicate the need to buy music through the iTunes Store for your iPod. An Android app is available, as well. Playlists and settings are wirelessly synced between your phone and computers.

MP3: Spotify (for obvious reasons) does not allow users to download files of songs, but does link to legal music partners (Amazon, etc.) so users could buy MP3s on their own.

The Future: Spotify clearly takes the service-based music model to a new level. Valleywag calls it “everything iTunes should be.” As Spotify adds more and more music to its library and even Mark Zuckerberg sings its praises, how will Apple respond? Spotify is now reportedly making more money for Universal in Sweden than iTunes is. Many believe a service-based model is the future of music now that mobile platforms have caught up, but do people really want to rent music?

Spotify is currently valued around $250 million and with the U.S. launch imminent, that should only grow. Expectations and buzz are certainly high. The service has six million users presently, but is setting its sights high, aiming to take the service-based model to the next level:

“If we can transcend it so that, maybe you don’t actually have to pay for the music, it’s included in your data plan with your carrier or ISP or cable operator; it might be when you buy a new product, a TV screen, that you get one year of music included … devices like new Samsung TV screens, where they’ve got Linux built in, which allows you to do software on it – they’ve got YouTube built in, they might have Spotify built in.”

Spotify Website: http://www.spotify.com/en/
Spotify on Twitter: http://twitter.com/spotify
Spotify on Wikipedia: http://en.wikipedia.org/wiki/Spotify