All Posts By

gml_admin

Permanent Impressions – how what you do online defines you forever

By | Information Security | No Comments

by Fred Kenowski

Imagine strolling through the mall, visiting several stores, trying on some clothes, and reading a magazine that you picked up at Barnes & Noble while you sip your coffee from Starbucks.  Each stop you made and each item you purchased left some impression.  Maybe you had a nice conversation with the sales associate that helped you in the fitting room or the barista that made your drink.  Likely, those encounters won’t leave lasting memories.  The most enduring impression may be the credit card or the Starbucks rewards app you used to make a purchase.  You might also be on a few security cameras.  Maybe also, you have some store apps with location tracking that notify you of a deal when you walk in.  All of these things could leave a lasting impression with a store.  Each of these impressions or encounters leaves a trail or fingerprint.

Now, think of the mall as the internet and each store as a website.  Each store is a business trying to sell you as much as they can.  They want to remember what items you look at and what you buy.  All of this is much easier to do through the internet than in a mall.  Some stores are owned by the same corporate conglomerates and some are independent.  Some data is easily shared between stores helping to create a better profile of your shopping behavior.  However, when you visit a website, you are anonymous unless you create an account and make a purchase, right?

Actually, you’re not as anonymous as you might think to that website you are visiting.  Your browser shares a wealth of information about the computer you are using.  It doesn’t share your name but, it does provide information about the resolution of your monitor(s) or handheld device, the operating system you are using, the specific browser version you are using, and even what fonts you have installed.  It also shares many more seemingly mundane details.  All these details add up to make your unique, digital fingerprint (See for yourself).  Unlike with a real fingerprint, nobody is scanning that last item you touched at the mall or running a DNA test on the coffee you drank to better identify you (hopefully).

So why do I care if my digital or real fingerprint is unique and people can see it?  My fingerprint isn’t known to anyone so how does it help a website to track it?  Well, chances are you visited quite a few stores on the internet looking for the best deal and your digital fingerprint is being collected by each of those sites.  Those sites that share information with affiliate sites can now combine that information to begin creating a partial profile of your viewing behavior.  Remember that stop to read a magazine at Barnes & Noble or instead on the web when you went to TMZ to find out what Kim Kardashian was wearing last week so you could buy that dress?  News sites rely on advertising and those advertisers are keen to track who you are and what you read to better target you with the items you want to buy.  The kicker here is that the advertising is typically fed in from a larger advertising network which is distributed across thousands of sites.  Much like the stores with shared owners, these ad networks are collating your profile across many independently owned news sites.  The stores in can turn can pay for this information to better target your profile.

Are we still anonymous at this point?  Let’s say for the sake of argument that we are but that this anonymous profile has grown quite substantially and can be confidently linked together via your unique fingerprint.   Now, you’ve done your homework and you’ve found a great knockoff of that Kardashian dress and you’re ready to buy.  So, you create an account (or you don’t) and you put in your payment method, name, and shipping address.  At this point you are no longer anonymous to the site you are making a purchase from.  Along the way though, you left quite a trail with your unique fingerprint.  Each place that fingerprint was shared via common owners or ad networks has now potentially left an indelible profile of your online behavior.   All of this is now linked to your name and home address.

This is just one very common scenario through which you expose yourself daily on the web.  There are much more complex methods for uniquely identifying users.  Some banks even track biometric factors such as mouse movement and keystrokes for fraud prevention but these same techniques have also been used for more malicious purposes such as gathering insider trading information or compromising information about prominent individuals.

 


 

Grey Market Labs is a Public Benefit Corporation founded with the social mission of protecting life online for people and organizations. Focused on building the most comprehensive and realistic counter-exploitation platform for the enterprise, our software and hardware products are creating a future with privacy-as-a-service. Our Opaque platform delivers proactive internet protection from the moment of access to countering exploitation of digital interactions, behavior and activity. Bottom line, we prevent digital exploitation and stop the targeting of corporations, agencies and their employees online.

Contact us to see how we can work together.

The Socially Conscious Network

By | Social Networking | No Comments

by Fred Kenowski

Ginny!” said Mr. Weasley, flabbergasted. “Haven’t I taught you anything? What have I always told you? Never trust anything that can think for itself if you can’t see where it keeps its brain?

-Arthur Weasley, Harry Potter

Any sufficiently advanced technology is indistinguishable from magic

-Isaac Asimov

Arthur Weasley from Harry Potter, being a wizard and having magic to rely on, didn’t need modern technologies like phones or cars. However, given his job in the department of Misuse of Muggle Artefacts Office at the Ministry of Magic he learned about how muggles (non-magic folks) created technologies to solve the issues which previously had only been solved by magic.

Today’s technologies, like cell phones, work almost like magic. They can provide us with the world’s knowledge in seconds or allow us to talk face to face with anyone in the world. They can get us almost anywhere in the world in less than a day. In a sense, without further investigation, they work like magic. If we think of magic as a basic law or force of nature then there is no intermediary step. It just works like gravity just works. But the reality is far more complicated when we think of something like a car where the basic forces of thermodynamics, friction, and combustion are harnessed to create a vehicle which can travel great distances through simple controls.

We know a car doesn’t think, at least not yet, but they are getting smarter and simply pressing on the gas pedal is no longer “driving by wire” where the input clearly leads to an expected output. Modern cars have antilock brakes which modify the pressure applied to slow down a car despite how hard the brake is pressed. This is handled by algorithms and calculations being computed by a processor within the car. In effect, a simple brain within the car. Still, such behavior is relatively easy enough to understand. There is still a defined cause and effect. Pressing the brake still slows you down but now it is done more effectively to reduce the risk of the brakes locking and the tires skidding.

Now, let’s move on from our car metaphor and look at something much more amorphous like a website such as Facebook. I think to many of the billions of users Facebook seems like a much simpler concept than a car. I’m sure some people have more confidence that they could build Facebook before they could ever build a car. Facebook was a simple website to connect people and share information that was originally invented by a college student. Since then, Facebook has grown and evolved into something much, much bigger than one college student could ever have imagined. In a sense, it has taken on a life of its own.

For the average user, you click a few buttons, download an app or go to a website and enter your personal information. From there, you can “privately” share your thoughts and communicate with your “friends”. Almost like magic, you can connect to any of the billions of users who would also like to connect with you.  But Facebook is not magic; It is technology. A far more advanced technology than the basic car that Henry Ford first mass produced. Unlike a physical car where the user had full and exclusive access to see all the internal workings should he or she choose, a user of an information technology like Facebook does not.

Why is this? Because we cannot see where Facebook keeps its brain. With vast processing power sitting on secured, proprietary servers, Facebook is more like a free taxi from a “friend” whom we don’t know very well. Imagine, this friend keeps a video camera in his car and records your every move. He assures you that it is just to serve you better and for your safety but you have to trust him that this is true. Since this is your “friend”, someone you’ve established a trusted relationship with, you agree to these recordings which you are assured are only to better help you. Or maybe he doesn’t even tell you if he is recording. You notice a camera but you trust that if he is recording then he is recording for his own benefit or protection and would never use it for any nefarious purpose.  Extend this scenario to Facebook or Uber and you might see where this is going. They are no longer just recording your every move, they are making decisions to “better serve you”. Your lips look chapped as you dryly swallow?  How about a bottle of water for $1. Thanks! I was parched. This is great that you are keeping such a close eye on me to better meet my needs.

Unlike an attentive, close friend, corporations like Facebook are not your friends.  Your friends are hopefully focused on your well-being. Also, unlike your friends, they will remember every time you ever “poked” someone. A good friend will forgive and forget.   You know your friend. You know her brain is in her head. You trust her. You don’t know Facebook. You don’t know where it keeps its brain or what it thinks or who it shares its brain with. In minutes an analytics company can pay a hefty sum to find out your most intimate details you shared with Facebook. A true friend would never do this and say it was for your best interests.

Sites like Facebook and LinkedIn offer at their core a simple service but benefit greatly from something called the network effect. But why did we ever invite them in to listen to our every conversation? Was it trust, ignorance, or just convenience? There was a user agreement when we signed up and probably never read but we had to accept it to use the service. Just standard legal stuff right?  Most services clearly state that they have the right to use your data in any way they want? If you’re not worried then you haven’t imagined the possibilities. Remember, if a service is free and the company doesn’t sell anything to you then you are the product and the company is selling you. There is no free lunch in this world unless your bubby takes you to Denny’s for the senior special.

So, it’s hopeless and this is just the cost of doing business, right?  Wrong, there is a solution. A new social contract must be created. A socially conscious terms of service that’s puts the user’s interests first. One that balances the user’s privacy with the needs for advanced technological services. One that respects our humanity and remembers what is most important. A contract that gives you the same level of trust as that of a friend.  And with that contract the technological know-how to actually back it up.  A contract is step one.  This is a fair and balanced terms of service that protects the user’s interests.  Competence is step two.  We all have friends we trust to keep our secrets but not necessarily to deliver an important letter on time.  You need a company that can protect your data, maintain good records and securely use that information to assist you.  Transparency is step three. You need to see where the brains are kept and how decision are made. The process should be clear and auditable.

Grey Market Labs is focused on these goals. We realize this social contract is a paradigm shift the world needs now. The technological age does not mean the end of privacy. As lofty as it may sound democracy depends on privacy, privacy with accountability. We cannot rely on government regulation alone to drive these changes forward.   We also cannot rely on other corporations whose business it is to sell your data.

 


 

Grey Market Labs is a Public Benefit Corporation founded with the social mission of protecting life online for people and organizations. Our software and hardware products are creating a future with privacy-as-a-service, delivering proactive internet protection from the moment of access to countering exploitation of behavior and activity online.

Contact us to see how we can work together.