First time was from Gregor Žavcer at MyData 2018 in Helsinki. I remember when he started saying if you have no control over your identity you are but a slave (power-phased of course). There was a bit of awe from the audience, including myself. Now to be fair he justified everything he said but I didn’t make note of the references he made, as he was moving quite quickly. I did note down something about no autonomy is data without self.
This looks incredible as we shift closer to the Dweb (I’m thinking there was web 1.0, then web 2.0 and now Dweb, as web 3.0/semantic web didn’t quite take root). There are many questions including service/application support and the difficulty of getting one. This certainly where I agree with Aral about the design of this all, the advantages could be so great but if it takes extremely good technical knowledge to get one, then its going to be stuck on the ground for a long time, regardless of the critical advantages.
Its over 14 years since the dataportability project was founded by a bunch of well meaning people including myself. It was a challenging time with vendor lock, walled gardens and social guilt trips; to be honest little changed till very recently with GDPR.
Data export was good but user controlled data transfer is something special and one of the dreams of the data portability project. Service to service; not because there was a special agreement setup between the services but because you choose to move of your own freewill; makes so much sense.
In 2007, a small group of engineers in our Chicago office formed the Data Liberation Front, a team that believed consumers should have better tools to put their data where they want, when they want, and even move it to a different service. This idea, called “data portability,” gives people greater control of their information, and pushes us to develop great products because we know they can pack up and leave at any time.
In 2011, we launched Takeout, a new way for Google users to download or transfer a copy of the data they store or create in a variety of industry-standard formats. Since then, we’ve continued to invest in Takeout—we now call it Download Your Data—and today, our users can download a machine-readable copy of the data they have stored in 50+ Google products, with more on the way.
Now, we’re taking our commitment to portability a step further. In tandem with Microsoft, Twitter, and Facebook we’re announcing the Data Transfer Project, an open source initiative dedicated to developing tools that will enable consumers to transfer their data directly from one service to another, without needing to download and re-upload it. Download Your Data users can already do this; they can transfer their information directly to their Dropbox, Box, MS OneDrive, and Google Drive accounts today. With this project, the development of which we mentioned in our blog post about preparations for the GDPR, we’re looking forward to working with companies across the industry to bring this type of functionality to individuals across the web.
However! The devil is in the data or rather the lack of it. As the EFF point out theres no tracking data exchange, the real crown jewels. The transfer tool is good but if the services don’t even share the data, then whats the point?
Before I headed on holiday, I got a message from POF then OKcupid a day later, saying they need the request from the email which is on the account. Fair enough, so I forwarded each email to that email address and replied all to myself and to them but from that email account address.
A few days later I got emails, first from POF and then OKCupid.
You have recently requested a copy of your PlentyofFish (“POF”) personal data, and we’re happy to report that we have now verified your identity.
We are attaching a copy of your personal data contained in or associated with your POF account. The password to access the personal data will be sent in a separate email.
By downloading this data, you consent to the extraction of your data from POF, and assume all risk and liability for such downloaded data. We encourage you to keep it secure and take precautions when storing or sharing it.
The information contained in this archive may vary depending on the way you have used POF. In general, this information includes content and photos you have provided us, whether directly or through your social media accounts, messages you have sent and other data you would expect to see from a social media service like POF.
Please note that there is some information we cannot release to you including information that would likely reveal personal information about other users. Those notably include messages you received on POF, which are not provided out of concern for the privacy of the senders.
You have recently requested a copy of your OkCupid personal data, and we’re happy to report that we have now verified your identity.
We are attaching a copy of your personal data contained in or associated with your OkCupid account. The password to access the personal data will be sent in a separate email.
By downloading this data, you consent to the extraction of your data from OkCupid, and assume all risk and liability for such downloaded data. We encourage you to keep it secure and take precautions when storing or sharing it.
The information contained in this archive may vary depending on the way you have used OkCupid. In general, this information includes content and photos you have provided us, whether directly or through your social media accounts, messages you have sent and other data you would expect to see from a social media service like OkCupid.
Please note that there is some information we cannot release to you including information that would likely reveal personal information about other users. Those notably include messages you received on OkCupid, which are not provided out of concern for the privacy of the senders.
Sincerely,
OkCupid Privacy Team
So on my train journey from Stockholm to Copenhagen, I had a look inside the Zip files shared with me. Quite different, I’d be interesting to see what others will do.
Forrester, I – POF Records.zip
UserData.json | 6.2 kb
UserData.pdf | 40.5 kb
Profile_7.jpg | 30.1 kb
Profile_6.jpg | 25.0 kb
Profile_5.jpg | 17.4 kb
Profile_4.jpg | 18.8 kb
Profile_3.jpg | 26.6 kb
Profile_2.jpg | 11.7 kb
Profile_1.jpg | 30.7 kb
OkCupid_Records_-Forrester__I.zip
Ian Forrester_JSN.txt | 3.8 mb
Ian Forrester_html.html | 6.6mb
As you can see quite different, interestingly no photos in the OKCupid data dump, even the ones I shared as part of my profile. In POF the PDF is a copy of the Json file, which is silly really.
So the Json files are the most interesting parts…
Plenty of Fish
.POF don’t have much interesting data, basically a copy of my profile data in Json including Firstvisit, FirstvisitA, etc to FirstvisitE complete with my ip address. I also can confirm I started my profile on 2012-01-25.
Then there is my BasicSearchData and AdvancedSearchData which includes the usual stuff and when I LastSearch ‘ed and from which IP address.
Nothing else… no messages
OkCupid
OkCupid has a ton more useful information in its Json. Some interesting parts; I have logged into OKCupid a total of 24157 times! My status is Active? My job is Technology? The geolocation_history is pretty spot on and the login_history goes from July 2007 to current year, complete with IP and time.
The messages is really interesting! They decided to share one of the messages, so only the ones you send rather what you received. As the messages are not like emails, you don’t get the quoted reply, just the sent message. Each item includes who from (me) and time/date. There are some which are obviously a instant massager conversation which look odd reading them now. In those ones, theres also fields for peer, peer_joined, time and type. Its also clear where changes have happened for example when you use to be able to add some formatting to the message and you use to have subject lines.
Some which stick out include, Allergic to smoking?, insomnia, ENTP and where next, The Future somewhat answered, So lazy you’ve only done 40 something questions, Dyslexia is an advantage, But would you lie in return? No bad jokes, gotland and further a field, Ok obvious question, etc.
Next comes the photos (My photos, no one elses)
"caption": "OkCupid's removal of visitors is so transparent, I don't know why they bothered to lie to us all?",
"photo": "https://k1.okccdn.com/php/load_okc_image.php/images/6623162030294614734",
"status": "Album Picture Active",
"uploaded": "2017-08-08 19:16:20"
Of course the images are publicly available via the url, so I could pull them all down with a quick wget/curl. Not sure what to make about this idea of making them public. Security through obscurity anyone?
As long as you can see the picture above, OKCupid is making my profile pictures public
Now the images strings seems to be random but don’t think this is a good idea at all! Wondering how it sits with GDPR too, also wondering if they will remove them after a period of time. Hence if the image a above is broken, then you know what happened.
Then we are on to the purchases section. It details when I once tried A-list subscription and when I cancelled it. How I paid (paypal), how much, address, date, etc… Its funny reading about when I cancelled it…
"comments": "userid = 7367007913453081320 was downgraded to amateur",
"transaction": "lost subscription",
The big question I always had was the question data. Don’t worry they are all there! For example here’s just one of mine.
After all those questions, theres a bunch of stuff about user_devices I’ve used to log into OkCupid over the years going right back. Stuff about preferences for searches, etc.
Going to need some time to digest everything but the OKCupid data dump is full of interesting things. I might convert the lot to XML just to make it easier for me to over view.
OkCupid has received your recent request for a copy of the personal data we hold about you.
For your protection and the protection of all of our users, we cannot release any personal data without first obtaining proof of identity.
In order for us to verify your identity, we kindly ask you to:
1. Respond to this email from the email address associated with your OkCupid account and provide us the username of your OkCupid account.
2. In your response to this email, please include a copy of a government-issued ID document such as your passport or driving license. Also, we ask you to please cover up any personal information other than your name, photo and date of birth from the document as that is the only information we need.
We may require further verification of your identity, for example, if the materials you provide us do not establish your identity as being linked to the account in question.
Please note that if you previously closed your account, your data may be unavailable for extraction as we proceed to its deletion or anonymization in accordance with our privacy policy. Even if data is still available for extraction, there is some information we cannot release to you including information that would likely reveal personal information about other users. Those notably include messages you received on OkCupid, which are not provided out of concern for the privacy of the senders.
PlentyofFish (“POF”) has received your recent request for a copy of the personal data we hold about you.
For your protection and the protection of all of our users, we cannot release any personal data without first obtaining proof of identity.
In order for us to verify your identity, we kindly ask you to:
1. Respond to this email from the email address associated with your POF account and provide us the username of your POF account.
2. In your response to this email, please include a copy of a government-issued ID document such as your passport or driving license. Also, we ask you to please cover up any personal information other than your name, photo and date of birth from the document as that is the only information we need.
We may require further verification of your identity, for example, if the materials you provide us do not establish your identity as being linked to the account in question.
Please note that if you previously closed your account, your data may be unavailable for extraction as we proceed to its deletion or anonymization in accordance with our privacy policy. Even if data is still available for extraction, there is some information we cannot release to you including information that would likely reveal personal information about other users. Those notably include messages you received on POF, which are not provided out of concern for the privacy of the senders.
Best,
POF Privacy Team
Well I guess they are being careful at least but will be interested to see what other questions they ask me.
…Duportail eventually got some of the rest of her data, but only on a voluntary basis, and only after she identified herself as a journalist. Her non-journalist friends who followed suit never got responses to similar requests.
Finally armed with the 800 pages she had clawed back from Tinder, Duportail wrote a story reflecting on her own relationship with her data, and the myopic view Tinder had of her love life. I feel her story helps bridge the chasm between those with information stored in the database and the architects behind it, providing much needed neutral common ground to democratically discuss power distributions in the digital economy.
Given the popularity of her story, and my overflowing inbox, I would say many agree. And indeed, you should expect more similar stories to be unearthed in the future because of the upcoming General Data Protection Regulation (GDPR). From May 2018, the new European-level regulation will come into force, claiming wider applicability – including on US-based companies, such as Tinder, processing the personal data of Europeans – and harmonising data protection and enforcement by “levelling up” protections for all European residents.
…beyond the much older right of access, the true revolution of GDPR will come in the form of a new right for all European citizens: the right to portability.
It seems like such a small thing but actually it has the potential to be extremely disruptive. Heck its one of the things I wanted back in early 2011. Imagine all those new services which could act like brokers and enable choice! It could be standard to have the ability to export and import rich data sets like Attention profile markup language (APML).
I’m back at the Quantified self conference and it’s been a few years since due to scheduling and other conflicts. It’s actually been a while since I talked about the Quantified self mainly because I feel it’s so mainstream now, few people even know what it is, although they use things like Strava, fitbits, etc.
The line up for the Quantified self confidence is looking very good and there’s plenty of good sessions for almost every palette and I’ll be heading up this session while at the conference.
Using Your Data To Influence Your Environment
With home automation tools, it is now possible for your personal data to influence your environment. Soon, your personal data could be used to influence how a movie is shown to you! Let’s talk about the implications and ethics of data being used this way.
Its basically centered around the notion our presence effects the world around us. Directly linking Perceptive media and the Quantified self together. Of course I’m hoping to tease out some of the complexity of data ethics with people who full understand this and have skin in the game as such.
Storj is an open-source, decentralized, cloud storage platform. It is based on the cryptocurrency Bitcoin’s (BTC) blockchain technology and peer-to-peer protocols. The Storj network uses its own cryptocurrency, Storjcoin X (SJCX), while its front-end software supports the use of other digital currencies such as Bitcoin and more traditional forms of payment like the dollar. Unlike traditional cloud storage providers, Storj keeps data spread across a decentralized network eliminating the problem of having a single point of failure. It also encrypts all data making it impossible for anyone, including Storj, to snoop on users’ files without having a user’s private encryption key. In return for offering storage space to the network, users are paid cryptocurrency.
Imagine storing all your private data across other peoples drives in encrypted form? Imagine getting paid to store this encrypted data?
Well this is Storj and its frankly quite an amazing concept whoses time as come.
This is a very attractve setup for someone like me with many terabytes of storage and hyperfast broadband. Unlike the risks of running an Tor exit node, everything is strongly encrypted and the host has zero knowledge of whats being stored or transfered.
I was listening to the Steal this show podcast season 2 episode 8 with Balázs Bodó and Jamie King. They were talking about how we have kind of gotten use to the way the net is and they are wondering where the innovation is coming from or going to.
It tweaked my interest as I have always got a interest in technology uses for legal and illegal purposes. Its that classic cat/cops and mouse/robbers scenario, I’m not saying technology is neutral, but the same technology can be used to liberate and enslave. I thought it might be nice to share some of the stuff I’ve got in my tabs/task list to look at…
Most of the good stuff I’ve recently been looking at is all about privacy and security, which has required me to get a lot more serious about my digital keys.
Ok I think I'm starting to get Public/Private key thing.
Asemica
I have always been interested in Steganography, especially in clear view where you wouldn’t normally expect it. Securebook always interested me and I’m slightly responsible for inspiring the developer of that. But its not been update in a while and I always thought why can’t I use something else to generate the text required in a way which is clearly still readable?
Because of this I’ve been looking for something like Asemica.
Zeronet
I was originally looking at Zeronet for my decentralised dating idea but have always been interested in things like freenet from a long long way back. Its pretty neat and certainly ticks all the buzz words but has a solid idea built on open tech.
Keybase
I can’t quite work this one out but I signed up to the alpha and have been trying it out for the last few months at least. I haven’t sent any GPG messages yet but getting my head around it all. The keybase file system is much more like a distributed dropbox and it doesn’t take a lot of thinking to imagine the possibilities.
ZeroTier
This is what I’m using as a VPN for all my devices and its quite simple but effective. Its quite neat as it works like Hamachi and I have configured my server at home to bridge networks, allowing me to access my 1gig connection in the UK from anywhere. I haven’t played with accessing other networks yet but its in my tasklist to bounce around the world if needed.
TOR (the onion router)
Does this one really need any explaining? So many people instantly think of the dark web and buying drugs, porn or worst. Well theres a lot more to the dark web than this and I’m seeing some seriously credible technology solutions built on top of TOR. Of course TOR project really lend its self to huge amounts of data bandwidth, but have you recently looked at the TOR Stem or TOR messenger?
Theres other things I’ve seen which I’d rather not talk about which does the connection over TOR then switches to IPv6 afterwards for the bulk bandwidth.
Signal
Remember that instant messenger system Snowdon used? Well its end to end encrypted messaging by open whisper systems and theres apps for most platforms including Linux and Android. Its pretty neat but if used in a careless way can’t really help you much. Some would say whats the point now Facebook/Whatsapp are doing the same? Well actually they are using Open whisper’s library, so clearly superior.
Signal is starting to get a lot of people now and although it won’t be as popular as whatsapp, facebook messenger or even google allo; its pretty neat and bots are coming.
I’d like to see shared identities, so both my mobile phone numbers (work & personal) combined. I could choose to message from either of them but also see both. A master identity of some kind?
Bitmask
Encrypted VPN and Email, looking at it I thought it was a bit too good to be true. So I checked out and found its actually an implementation of the LEAP Encryption Access Project, which had a number of interesting projects including TorBirdy (TOR+Mozilla Thunderbird).
Less about privacy and security but still on my task list
Plex and Emby
Streaming your own media anywhere and everywhere is very attractive especially when you have a fast home connection. I have Plex installed but I’m certainly looking at Emby which seems to be the new kid on the block. Looking at it, Emby might play nicer with things like Kodi & VPNs maybe?
You could write tools and editors to make the recipes have everything needed to fit with the cooks skill level, ingredients, time, allergies, preferences, party size, etc… I mean who wouldn’t want to describe every aspect of their special dish? (I’m avoiding the copyright/licensing questions for now)
