The Houseparty is over, time for the GDPR to kick in the front door?

houseparty gdpr request email

I requested my GDPR personal data from Houseparty/Epic games over a 2 months ago when I signed up under my spam email and slight social pressure from friends. I read the privacy policy and almost spat out my tea.

However I found I could use houseparty in a clean browser (chromium) – app.houseparty.com. as there was absolutely no way I was going to install the app on my pixel phone. After trying to play a game with friend I found the video worked but not the actual game.

As we moved on to using boardgamearena.com. I decided I wanted to delete my account and got interested to know how much data they had collected about me in my short time in houseparty.

Outcomes my GDPR request, I send it to data-requests@lifeonair.com and nothing. I resend it to support@houseparty.com and get my response. Back and forth then finally…

Houseparty Support

May 08, 2020, 20:46 +0100

Hello Ian,

Thank you for your response.

I’m glad that you’ve reached us regarding your request. We received your data request. Our team is working on pulling the data, and you will receive your data within 30 days.

Please feel free to contact us if you need any further assistance.

Regards,
Romeo Tango

As you see can see the date of May 8th was 34 days ago and yes I get Covid19 but I’m not expecting the much data back. Unless there is a ton coming my way?

Either way I’m annoyed at being messed around at the start and also them not taking it seriously. I’m still not convinced Romeo Tango is real to be honest.

ICO submission

So enough, I’ll let the ICO deal with it all.

 

I lost all trust for Zoom yesterday…

British PM on Zoom
Wonder how many people have tried to dial into that zoom id?

Yesterday I was on a zoom call which was hijacked or zoombombed with something not just horrible but totally illegal. Because of this I have pretty much lost all trust in zoom.

This is of course very difficult as its what we use at work and of course being in the middle of the covid19 lockdown, makes things tricky. Because of this, I’m going to still use it but with much more caution and I’m going to be a lot more forceful about the hosting side of it.

Its clear war-dialers for public Zoom meetings is so easy and well used by inscrutable groups of people. Zoom could make sharable links much more difficult to war dial, similar to the way Google docs uses combinations of characters and numbers to make a much longer url, a lot harder to war-dial.

The defaults of Zoom, is setup for a semi trusted corporate environment. I understand the covid-19 pandemic changed everything but there has been many updates and only now is the defaults only just safe. Their share prices have rocketed but they are only now focused on security ahead of more features?

Their idea of end to end encryption is a total dump on top of the security findings saying some calls are being routed via China.. Today they announce you can choose your routing but you need to pay for it. More governments and companies are blocking zoom because they just don’t trust it.

Likewise neither do I… but I will use it… with caution.

I have been thinking about an equivalent, and thought about two.

  1. I lost trust in Facebook a long while ago but still use it for volleyball events and the occasional post about something I feel could be important for friends, family and the public who don’t read my blog (as its posted on the internet already, I post publicly adopting the indieweb Posse approach, much to the surprise of some friends). For example I posted what happened on zoom yesterday there today.
    Facebook was hardly trustworthy to start with and over and over again they took the living daylights with our data.
  2. There was a point when Windows Vista pushed as the step/edition of Windows XP and I didn’t like what Microsoft had done to it. To be fair I didn’t trust them and saw shadows of where things were heading. So I switched to Ubuntu.I know the new Microsoft is quite different of course but the damage was done.

If you are hosting a Zoom call, please do lock it down theres a number of guides to help including this one.

Dropping Rescuetime for ActivityWatch

Activity Watch logo

I tend to weigh up different systems and applications I use every once in a while. Especially weighing up the benefits to me.

One such application is Rescue time.

I used it in the past and over the last few months reinstalled it again. However this time I tried to automate the reports out of the free account and pretty much failed. The only way I could really do it is if I paid for the pro account at the cost of (a discounted) $6.75 per month.

So enough I thought… A little look around alternative to and decided to give Activity Watch a try.

ActivityWatch is an app that automatically tracks how you spend time on your devices.

It is open sourceprivacy-firstcross-platform, and a great alternative to services like RescueTime, ManicTime, and WakaTime.

It can help you keep track of time spent on different projects, kick bad screen habits, or just understand how you spend your time.

Its pretty good and doesn’t drain my laptop while watching my laptop. Of course being local and under my control only, I don’t really need to worry so much about whats collected. You can of course limit things as you go, turn off tracking or just delete the data any time.

I have it on my Dell XPS laptop and on my work phone and its good except one thing. Currently there is no sync server, so each device has its own server. But they are working on this… Once they do, I’ll likely install it on my server and put the client on more of my devices.

The other thing I’m hoping for is to see more use of the stopwatch activity watch bucket (buckets are the pools of data collected). Since Project hamster is currently being rethought and I like to track my work progress alongside my activity.

As a whole the project has a lot of potential and worth the wait I hope for the features expressed above.

Public Service Internet monthly newsletter (Oct 2019)

Carole Cadwalladr & Paul-Olivier Dehaye's deep dive into the great hackCarole Cadwalladr & Paul-Olivier Dehaye's deep dive into the great hack

We live in incredible times with such possibilities that is clear. Although its easily dismissed by looking down at our feet or at the endless twitter fighting.

To quote Buckminster Fuller “You never change things by fighting the existing reality. To change something, build a new model that makes the existing model obsolete.

You are seeing aspects of this happening with Matt Mullenweg’s comments about a open and diverse web after buying tumblr.

Don’t forget if you find this useful, you will find “Public Spaces, Private Data: can we build a better internet?” at the RSA London on 21st October  2019, right up your street.

 

Watching the labrats scurrying away

Ian thinks: Recently read Labrats book after seeing Dan Lyons at Thinking Digital. Its quite a raw insider view on silicon valley culture, the laughable and the horrific sides in equal lashings.

The Great Hack Workshop from Mydata 2019

Ian thinks: This was one of the highlights of Mydata 2019. Carole Cadwalladr & Paul-Olivier Dehaye’s deep dive into the build up to the great hack was fascinating. Lots of useful resources were revealed.

Are Boris Johnson’s PR People Manipulating Google Search?

Ian thinks: True or not, our dependence on a single search engine/service makes any potential manipulating even more impactful.

Ted Nelson on Hypertext, Douglas Englebart and Xanadu

Ian thinks: Its always amazing to see pioneers who narrowly missed out pushing concepts which were too early, but could come back.

Look out here comes the hyperledgers

Ian thinks: More ledger/blockchain projects to power your projects than you can shake a stick at. Very happy at least some are open-source.

ReasonTV’s look at the Decentralised web

Ian thinks: I was expecting something light touch but having Cory Doctorow mainly interviewed means its got some depth.

Etiquette and privacy in the age of IoT

Ian thinks: Etiquette tends to be forgotten in the advancement of  technology. I don’t consider it rude to shut off a Alexa, I’m sure others will disagree.

Tipping etiquette set by user interface

Ian thinks: Talking about etiquette, very interesting to see norms set by user interface design decisions. Obviously set to benefit the company but its stuck now.

Exploiting technology or exploited by technology?

Ian thinks: Curious tale, but it does raise a question about digital access and backups. Least we forget about power and when things go technically wrong.

Public Service Internet monthly newsletter (Sept 2019)

johnny mnemonic

We live in incredible times with such possibilities that is clear. Although its easily dismissed by looking down at our feet or watch how democracy is being gamed and broken. To quote Buckminster Fuller “You never change things by fighting the existing reality. To change something, build a new model that makes the existing model obsolete.

With a focus on new models in business, technology, society, policy, processes, etc. I present my public service internet newsletter.

You are seeing aspects of this happening as people rethink public transport.

Don’t forget if you find this useful, you will find “Public Spaces, Private Data: can we build a better internet?” at the RSA London on 21st October  2019, right up your street.

Reflections on capitalism gone wild system

Ian thinks: Rushkoff’s monologue at Betaworks Studio is breathless, funny, tragic and worth every minute of your time.

Ghosts in the smart home

Ian thinks: Lancaster University’s short about smart homes, is a design fiction which is fun, informative and enjoyable to watch. Sure some the living room of the future and petras workstream had a influence?

Black lives matter’s alternative systems

Ian thinks: Theres a question later about the media, Alicia talks about creating their own systems not just relying on what already exists.

Surveillance systems head to head 

Ian thinks: Cambridge Analytica’s whistle blower and Russian investigative journalist, go head to head discussing surveillance capitalism and government surveillance.

Suicide Is an epidemic and therapy apps are not helping

Ian thinks: As we turn to apps for everything a thoughtful look at therapy apps market good and bad. Theres not an app for everything.

The real johnny mnemonic (contains surgery pictures)

Ian thinks: Ever since Quantified Self people started embedding NFC under the skin, I wondered how far it would go. Perfect name for the software

We are not ready, privacy in 2019

Ian thinks: Really good list of the leaks, abuses, dumps and thoughts if we are ready for even more? Question is how many more before the end of year?

Emotional and erotic intelligence for an enlighten future (NSFW)

Ian thinks: Although a talk about sextech is uncomfortable for people, the subject of intimacy, human connection and self reflection are so much more important than our personal discomfort.

Danilo Milovanović public space interventions

Ian thinks: Excellent to see more thoughtful playful artistic interventions in the public realm.

Facebook cafe with free drinks and privacy check-ups?

https://twitter.com/wearesorryfor/status/1162346869017763853

When I saw Jasmine’s reply to Claires tweet. I thought exactly the same thing. Its the ethical dilemma cafe, only 5 years out too late.

Facebook is looking to take the initiative in the social media privacy debate by opening a network of pop-up cafes around the UK. Each will offer patrons free drinks and a privacy checkup, to help assuage consumer concerns about their privacy online.

Facebook Café will run from 28 August to 5 September in a bid to encourage Britons to get on top of their digital footprint, helped along by free-flowing caffeine.

One of these will be located within The Attendant on Great Eastern Street, London, in response to surveys indicating that 27% of Londoners have no idea how to personalise their social media privacy parameters.

Free coffee (what kind) and teas in exchange for? Privacy advice from Facebook, Wifi snooping like most, a honeypot, or maybe a bit of social engineering from FB staff (Scientology style)?

Is it worth it? I very much doubt it but it would be fun to mess with the FB cafe staff and systems. Don’t you think?

What is Web 3.0 and Why Do We Need It?

Web 3, Parity, Polkadot, Substrate, ipfs, blockchain? Wtf?

While visiting Republica 2019 and writing my presentation about it, I was trying to make sense of the deeper decentralised web stack. Jutta Steiner gave a talk at Republica but I was a little lost in what she was talking about. It was clear it was important but I was lost in the terms.

Watching her talk from tech open air (TOA19) was a lot clearer.

She also reminded me about the web3 summit, which I wish I could attend but always felt like I might not be quite the right person for it. I look forward to hearing what comes out of it however because its clear as Jutta says

…The first time I interacted with the web like everything was open and somehow that was the the perception like we now have this great tool and sort of thought like it’s not this these closed intranets. But it’s the information superhighway we can do whatever we want but what happened really over the 30 or so years afterwards was we replicated or built a ton of intermediaries that basically sit between us and anybody we want to interact on the with on the web online, be that through what’s that when we text to someone through Facebook, venmo, whatever you use you buy anything there’s always an intermediary for something that really should be a general p2p interaction. So the problem with this really is what’s underneath this and what led to this mass these mass centralization and of power and data in the hands of very few people is the fact that we had to do this in a very centralized way because this is just how the Internet technologies of where to work so we have an underlying architecture with centralized servers where all the data is gathered because of network effect the power accumulates and accumulates, and this is a very fraught way of doing things because you have a central point of failure and that was massively exposed by the Snowden revelations I mean partly because also backdoors are built into it but partly because it’s it’s centralized architecture…

Clear reason why web 3, I think…

#web30: The world wide web at 30 years old

We owe a lot to Sir Tim Berners-Lee on the 30th Anniversary of the web.

Tim Berners-Lee helped invent the world wide web 30 years ago. And he has consistently pointed out that the original dream that gave rise to it is under threat.

It is exactly 30 years since Sir Tim submitted a paper to his colleagues at CERN, suggesting a way of sharing data across networks, under the title “Information Management: A Proposal”. The humble title belies the importance of what was contained inside, which included a complete sketch for the networked information system that would on to become the internet we know today.

But its really important to think about the next 30 years.

Surveillance capitalism and governmental/state control are hot topics which very much threaten the fabric of the web. But so does our use of the web and the way we treat each other.

I had a really good 10min talk with Sir Tim Berners-Lee during the last Mozilla Festival, while talking about Solid, Databox and data trust. What got me as we talked, was ultimately we were talking about power and where it lies. Power in the hands of governments (Chinese model) , corporations (American model) or people? (could be the European model?)

I think remembering their are humans, not eyeballs, not lefties/rightwingers, etc is so important. Lets celebrate the people of the web!

https://twitter.com/whynotadoc/status/1105400124447039489

Airbnb illegal audio monitoring?

Airbnb monitoring warning

Me and my partner decided on Airbnb for our trip to Barcelona. We found one  and booked it. Generally the flat was ok,

However there was a warning on the kitchen door, stating they are listening for noise 24 hours a day and will cancel bookings if there is loud noise. Looking around I think the device is this thing…?

Airbnb monitoring warning

It certainly put a terrible taste in our mouth and made us feel uncomfortable. Although we didn’t complain straight away and by the time we thought about it, the internet connection was down and if its really connected and not a poor joke; it was no longer going to work. Didn’t cause the host(s) to come and find out what was wrong, even with us complaining about the lack of internet (I debugged it as much as I could, but ultimately we had European roaming data and wasn’t in the flat that much)

This has to be a breach of privacy and I’ve finally complained to Airbnb. Especially after rethinking and re-reading things like this.

Update – Thursday 13th Sept

Since my tweets/toots and this blog post. I had quite a lot of people and journalists get in touch… But I still have seen nothing from Airbnb or the host. So I decided to take one of the journalists up on their offer in a form of social justice. No idea how what I wrote will come across or be edited but as I was seeking out the legal ramifications of what the host had done, I saw this on the Airbnb help site…

Rules for hosts
If you’re a host and you have any type of surveillance device in or around a listing, even if it’s not turned on or hooked up, we require that you indicate its presence in your House Rules. We also require you to disclose if an active recording is taking place. If a host discloses the device after booking, Airbnb will allow the guest to cancel the reservation and receive a refund. Host cancellation penalties may apply.

With that I rewrote to Airbnb and Airbnbhelp to demand a refund on top of everything else I previously complained about.

Sure to update everyone once I hear something….

Update – Friday 15th Sept

I was contacted by Airbnb by phone, the woman ran through a few questions and we talked about what happened again. She agreed this was clearly a breach of the Airbnb terms and could see the listening device and the warning in a few of the photos (as like me, knew what to look for). She said they would block/ban that listing which they have done. They also issued a refund to me and my partner, which is great news as our un-comfortableness certainly had a slight affect on the holiday in Barcelona.

Personally I’m glad I found the Airbnb term above, as that drove things along much quicker. Previous to that, it seemed not a lot was being done?

In our conversation, it was worth noting an Alexa, Google Home, Baby monitors, etc would count as listening devices which must be declared upfront before the guest books.

From Airbnb…

To summarize, we will follow up and investigate the host’s account following your report of a surveillance device in the listing. We take these reports very seriously, once again, thank you for bringing this issue to our attention. Your participation helps keep Airbnb a safe and trusted community.

The realm of third-party trackers on Android

Luman android root cert

I was excited to learn about Lumen Privacy Monitor, as I’ve always wondered about the apps I have installed even when I have restricted the permissions wanted from the installed app.

New research co-authored by Mozilla Fellow Rishab Nithyanand explores just this: The opaque realm of third-party trackers and what they know about us. The research is titled “Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem,” and is authored by researchers at Stony Brook University, Data & Society, IMDEA Networks, ICSI, Princeton University, Corelight, and the University of Massachusetts Amherst.

“This is the start of a long project to uncover all the hidden data collection and data dissemination practices on the internet,” Nithyanand explains.

“There’s a huge lack of transparency around how mobile applications behave,” adds Narseo Vallina-Rodriguez, a co-author and researcher at ICSI. “People install software, but don’t know what that software is doing.”

The paper’s introduction lays out a troubling scenario: “Third-party services inherit the set of application permissions requested by the host app, allowing them access to a wealth of valuable user data, often beyond what they need to provide the expected service.”

To study this scenario, the researchers used Lumen Privacy Monitor, an Android app they built themselves over a two-year period.

So I installed it just to see what was going on with my Android devices. But there is a problem… Best summed up in this comment from Wcat.

Not open source? TLS interception? Before you install this stop and think about TLS interception. “Those who would trade privacy for security deserve neither.”

Luman asks for permissions to install its own root certificate, and this deeply worries me. TLS inception isn’t a trivial thing to be honest, I know its needed but it had me questioning how I really want to monitor the apps? Also if I remove the app, will the certificate be removed too/how would I know?

Right now, I’m keeping an eye on the app but haven’t installed the root cert yet.

Do you trust grammarly?

grammarly - better writing made easy

Been looking at Grammarly for a while and to be fair they have been massively advertising too. Obviously Google & Facebook know I’m dyslexic and I imagine Grammarly are targeting people like me.

But I’m not keen on the process of sending the text to their centralised server. I understand but I think there is another way to do this, however that way conflicts with their business model. Maybe its a another case for something which should be a public service not left to the private sector?

I’m not the only one asking questions; I have been browsing the terms and conditions too and not keen on what I’ve read so far, the privacy policy alone speaks volumes.

I’ve been using Language tool as their privacy policy seems more reasonable to me and it can work offline and in a more decentralised manner.

Be interested to hear how others get on with it, maybe the benefits greatly outweigh the data ethical concerns?

 

Why VPNs are essential regardless what others say

I tweeted during a ride on the Manchester Metrolink tram but things didn’t seem to come across as I was hoping.

My main point is the image from the mainstream media is VPNs is for pirates and the darkweb. But in actual fact its part of modern day web usage.

I was trying to tweet something but needed to look for a slide presentation which I thought I had on slideshare.net. When looking at slideshare on the metrolink wifi I got a Cisco page about content filtering.

I thought this was just because some of my slides might trigger something but nope its the whole of slideshare.net.

I was pretty annoyed about the whole thing and fired up my home VPN.

Done…

Only took my journey from MediaCityUK to St Peters Square to do all this, hence the confused tweeting. Plus I couldn’t work out where the new Google assistant saves the screenshots.

Didn’t find what I thought I had on my slideshare but I did find it elsewhere, I’ll go into details in my next blog post.

 

Dark data experiments?

Untitled - man in the dark
I have a lot of curiosity and one of the things which has consistently got me curious, is the challenges of the hidden. Hidden being the trick, the data, the technique, the place or the knowledge. This is why I’m very interested in Hacker House (it was almost added to my new years resolutions for 2017 even).

Currently data is the hidden which intrugued me the moment, hence my massive interest in data ethics. There’s been 3 experiments which have really got me jumping up and down about this all… thought I’d share while I eat cheese and drink wine on Christmas day

  • Click Click Click
    A perfect and fun demonstration of mouse tracking on websites using just JavaScript. This is the data the likes of Facebook, Google, Amazon, etc use to track users dwell time and implicit actions on the website. Found via some folks on our BBC R&D internal slack.
  • I know what you downloaded (…last summer or even last Christmas)
    This site collects IPs from public torrent swarms by parsing torrent sites and listening to the DHT network. They have more than 500.000 torrents which where classified and have data on peers sharing habits. The slightly twisted feature is the ability to share a link and see what people have been sharing. I promise not to do this but highlights the problem with shortern urls and long query strings you can’t be bother to read or don’t understand how they work (knowledge). Found via Torrentfreak
  • Find my phone
    Man’s smartphone is stolen in Amsterdam, so the same man decides to root another phone and deliberately track the phone. Along with the person who stole it! The results are turned into a video which you can watch on youtube.
    Found via Schneier

Why I stopped caring about what most people think about privacy

PUBLIC DOMAIN DEDICATION - Pixabay-Pexels digionbew 14. 01-08-16 Feet up LOW RES DSC07732

Simon Davis’ post about “Why I’ve stopped caring about what the public thinks about privacy” is such a great piece. I’m sorry to Simon but I had to copy a lot to give the full context.

To put it bluntly, I’ve stopped worrying about whether the public cares about privacy – and I believe privacy advocates should stop worrying about it too.

Unless human rights activists and their philanthropic backers abandon their focus on public opinion, the prospects for reform of mass surveillance will disintegrate.

I’ll go even further. Unless human rights activists and their philanthropic backers abandon their focus on public opinion, the prospects for reform of mass surveillance will disintegrate.

I’m aware that these thoughts might sound wildly contradictory – if not insane. Over the past three years I’ve tested them out on audiences across the world and experienced waves of disbelief. That’s one reason why I’m certain those ideas are on the right track.

In summary, my belief is that too many of us are obsessing about whether X percent of people change their default privacy settings, or whether Y+4 percent “care very much” about privacy – or indeed whether those figures went up or down in the last few months or were influenced by loaded questions, etc etc.

As advocates, we should never buy into that formula; it’s a trap. And for funding organisations to think that way is a betrayal of fundamental rights. A program director for a medium sized philanthropic foundation told me earlier this month that her board had “given up” on privacy because “we can’t measure any change in people’s habits”. I don’t see that equation being used as a measure of the importance of other rights.

In the failed rationale of opinion and user behaviour statistics, the relative importance of privacy depends on the level of active popular interest in the topic. According to some commentators, privacy is a non-issue if only a minority of people actually adopt privacy protection in their social networking or mobile use.

Imagine if that logic extended to other fundamental rights. It would mean that the right to a fair trial would be destabilized every time there was a shift in public sentiment. And it would mean that Unfair Contract protections in consumer law would never have been adopted – replaced instead with a “Buyer Beware” ideology.

Just to be clear, I’m not saying public opinion isn’t relevant. Nor am I saying that public support isn’t a laudable goal. We should always strive to positively influence thoughts and beliefs. It’s certainly true that for some specific campaigns, changing the hearts and minds of the majority is critically important.

The struggle for human rights – or indeed the struggle for progress generally – rarely depended on the involvement of the majority (or even the support of the majority).

However, on the broader level, there’s a risk that we will end up cementing both our belief system and our program objectives to the latest bar talk or some dubiously constructed stats about online user behaviour. Or, at least, the funding organisations will do so.

It seems to me we’ve been collectively sucked into the mindset that privacy protection somehow depends on scale of adoption. That populist formula is killing any hope that this fragile right will survive the overwhelming public lust for greater safety and more useful data.

I’ve noticed an enduring (and possibly growing) argument that public support for privacy is largely theoretical because relatively few people put their beliefs into practice. Conversations on that topic tend to dwell depressingly on public hypocrisy, with detractors pointing out that the general population fails to use the privacy tools that are on offer. Even worse, whole populations avidly feed off the very data streams that they claim to be wary of. Apparently this alleged public disinterest and hypocrisy invalidates arguments for stronger privacy.

(As a side point, I don’t believe that the situation is so black and white. People have become far more privacy aware in recent years, and their expectations of good practice by organisations have increased. People change their behaviour slowly over time, and yet there has been real progress in recent years.)

I also (generally) am less caring of what the general public think about these issues. In recent times, people have convinced me to join different services and tactfully decline. I do sometimes forget my world isn’t the mainstream, and wonder why are we still having these discussions.

Don’t get me wrong, its always interesting good to have the discussion, especially because most people still see privacy in a binary way but when pressed are much less binary about their decisions. A while ago I started calling it data ethics as privacy alone leaves the door open to worries about security for example.

Context and experience has a lot to do with it and in the discussion this becomes much clearer. Just ask anyone who has had their idenity stolen, hacked or abused. Most of the public will never (luckily) experience this.

I’d chalk this one up as listen to the experts