As if we didn't have enough privacy issues out there already...
Mar 13 - ISPs Are Selling Your Clickstreams!
Mar 13 - Compete CEO: ISPs Sell Clickstreams For $5 A Month
Mar 15 - Your ISP may be selling your web clicks
Mar 16 - ISPs apparently sell your clickstream data
Mar 16 - ISPs Selling Clickstream Data, Web Analyst Says
Wired blog 27B Stroke 6 has an ongoing investigation to try to get answers from each of the major ISPs:
Mar 19 - ISPs Questioned About Selling Your Surfing Habits
Mar 21 - ISP Data Retention: Early Results In
Mar 23 - ISP Data Collection Update: Follow-up Friday
Mar 28 - AT&T Doesn't Sell Clickstreams
(no, they just cc:NSA instead)
Mar 28 - Comcast Deflects User's Questions
Mar 29 - Why ISP Data Survey Matters: One Smart Lawyer's Take
Apr 6 - Some ISPs Still Dodging Data Retention Requests, Help 27B Get the 411 AGAIN
Wednesday, March 28, 2007
First the NSA, now the FBI, what about the CIA?
The "Best Of" the FBI saga...
2007 03 09 - FBI Misuses, Underreports Patriot Act Power: Audit
2007 03 09 - National Security Letter Violations by the FBI
2007 03 09 - Enforcing the Surveillance Laws
2007 03 12 - FBI Issued Illegal National Security Letters Under USA PATRIOT Act
2007 03 14 - FBI Slips Demand Patriot Act Cuts
2007 03 19 - FBI Broke Law
2007 03 19 - FBI Knew Spying Was Illegal in 2004, Did Nothing
2007 03 20 - FBI Confirms Contracts with AT&T, Verizon and MCI
2007 03 21 - ATT Verizon Obeyed 739 FBI Emergency Requests
2007 03 21 - FBI Response To Subpoena Rule Breaking? Remove Rules.
2007 03 21 - Veteran Reporter's Take on FBI Self-Subpoena Abuse
2007 03 23 - Living Under a National Security Letter Sucks
2007 03 09 - FBI Misuses, Underreports Patriot Act Power: Audit
2007 03 09 - National Security Letter Violations by the FBI
2007 03 09 - Enforcing the Surveillance Laws
2007 03 12 - FBI Issued Illegal National Security Letters Under USA PATRIOT Act
2007 03 14 - FBI Slips Demand Patriot Act Cuts
2007 03 19 - FBI Broke Law
2007 03 19 - FBI Knew Spying Was Illegal in 2004, Did Nothing
2007 03 20 - FBI Confirms Contracts with AT&T, Verizon and MCI
2007 03 21 - ATT Verizon Obeyed 739 FBI Emergency Requests
2007 03 21 - FBI Response To Subpoena Rule Breaking? Remove Rules.
2007 03 21 - Veteran Reporter's Take on FBI Self-Subpoena Abuse
2007 03 23 - Living Under a National Security Letter Sucks
Saturday, March 17, 2007
Google vs. The Desktop
Michael Calore, in the Wired Monkey Bites blog, has begun an interesting experiment ("The Google Life") to see if Google apps are mature enough to replace desktop apps. So far, he has reviewed Gmail and Google Reader.
I've long had side-by-side Gmail, Yahoo!, and desktop POP email clients, but remain undecided.
I'm on day 9 of my own switch from RSS in Safari to Google (Labs) Reader. I'm staying with Reader for now, but may evaluate some other options.
Advantages of Reader so far:
- it waits for me on a Google home page or in its own tab (less of a distraction)
- I can check it from anywhere
- easy to use, with some nice interface features
Disadvantages so far:
- the interface is laggy on older computers
- some quirks in how Reader determines when I've read a post
I'm still considering how I can differentiate between RSS feeds I always want to see (and track whether I've read), and those that are nice to see when I have extra time (without those pesky unread counts piling up). Maybe some aggregated feeds on a personalized Google home page tab? Some Yahoo! Pipes transmogrification?
Anne Zelenka also looked this week at the issue of web (and hybrid) vs. desktop on Web Worker Daily ("Smackdown: Web vs. Desktop Apps") and asks what functions have moved to the web and what remains on the desktop. Information delivery and collaboration are clearly well suited to web delivery, but we don't seem to be there yet for rich feature requirements and heavy production tasks. With web apps from a major provider, there is location independence, little worry about data integrity, and a promise of better future integration. But desktop apps still rule in areas of performance, rich features, and consistency of interface. Google has an impressive array of tools (as does Yahoo!, though the focus is different), but tighter integration would make them more compelling. My privacy preferences also influence how much I am willing to give up to a third-party in the name of convenience. It will be interesting to see how these issues play out over the next couple of years, what standards evolve, and which services get mainstream attention.
Wednesday, March 7, 2007
Gmail vs. Yahoo! Mail
Gmail pros:
- Free secure POP & SMTP
- Can use "." and "+" to create semi-disposable variations
- Semi-disposable variations can be created on-the-fly when needed (no advance set-up)
- SMTP sent mail is stored and viewable in the web interface
Gmail Cons:
- Filtering doesn't recognize "+" variations
- Semi-disposable variations expose the base email address
- Can't send emails from semi-disposable variations
Yahoo! Mail Pros:
- ($) Address Guard: disposable email addresses
- SMTP can send from disposable addresses
- Extra email address
Yahoo! Mail Cons:
- Essential features (POP and Address Guard) are not free
- POP and SMTP are not encrypted
- Address Guard disposable email addresses must be created before using them
- SMTP sent mail is not stored and is not viewable in the web interface
UPDATE (8 Feb 2007): A more general comparison is at TechCrunch: A Comparison of Live Hotmail, Gmail and Yahoo Mail
UPDATE (12 Feb 2008): Premium Yahoo mail accounts now have encrypted POP and SMTP (may not be available to all customers).
- Free secure POP & SMTP
- Can use "." and "+" to create semi-disposable variations
- Semi-disposable variations can be created on-the-fly when needed (no advance set-up)
- SMTP sent mail is stored and viewable in the web interface
Gmail Cons:
- Filtering doesn't recognize "+" variations
- Semi-disposable variations expose the base email address
- Can't send emails from semi-disposable variations
Yahoo! Mail Pros:
- ($) Address Guard: disposable email addresses
- SMTP can send from disposable addresses
- Extra email address
Yahoo! Mail Cons:
- Essential features (POP and Address Guard) are not free
- POP and SMTP are not encrypted
- Address Guard disposable email addresses must be created before using them
- SMTP sent mail is not stored and is not viewable in the web interface
UPDATE (8 Feb 2007): A more general comparison is at TechCrunch: A Comparison of Live Hotmail, Gmail and Yahoo Mail
UPDATE (12 Feb 2008): Premium Yahoo mail accounts now have encrypted POP and SMTP (may not be available to all customers).
Tuesday, March 6, 2007
Office Supply Fetish
Web Worker Daily asked recently, "Do You Have an Office Supply Fetish?". Then today, I realized that Lifehacker has a tag for Office Supplies Fetish.
So I guess I'm not the only one. My interests actually spill over into art and archival supplies too. Big box office supply stores don't tend to carry very much selection of finer writing utensils and papers. I've never found anything to match the long-defunct local office supply store I grew up with.
A lot of people seem to favor gel and ball point pens, but I find them too scratchy and inconsistent. I much prefer very fine rolling balls (Uni-Ball micro) or markers (Sharpies and Flairs for everyday colors). My favorites for precision are the Pigma Micron 005 or the Zig Millenium 005, with .20mm line widths. These put Ultra Fine Point Sharpies to shame.
I keep a variety of pads of paper handy (graph paper, narrow-ruled lined paper, etc.) and different sizes of note papers and cards (3" x 5" preferred). I went as far as to design my own 10-squares-to-the-inch graph paper with a custom header block.
Related Posts:
Origin of Cubicles
More Cubicle Fun
Eccentric Cubicle
More Cubicle Decorating Guidelines
High IQ Decor
Cubicle Decorating Guidelines
Monday, March 5, 2007
Basic Browser Privacy
This is old hat to most, but it can be useful to know what web sites know about you (without even logging in to an existing account). For example, the number of items in the history of your current browser window or tab, and your main monitor resolution, are:
height="400" width="400" frameborder="0" scrolling="no">
Sorry, your browser doesn't understand IFrames.
The web page that referred you to a given page is also easily obtainable. Web sites also routinely detect browser plugins, usually so that they can make decisions about how to present content:
height="200" width="400" frameborder="0" scrolling="no">
Sorry, your browser doesn't understand IFrames.
That's the most basic information that very simple HTML and JavaScript can produce. Additional server-side code can expose your IP address, your User Agent (essentially your platform and browser version), and your (not very useful) outgoing port. The combination of just my typical User Agent and monitor resolution, for example, probably puts me in a narrow grouping of something on the order of 1/10 of a percent of surfers on a given site.
These simple features of the HTTP protocol just scratch the surface of what happens daily, and what is ultimately possible. On top of those there are cookies, with a whole spectrum of opinions about whether they are evil or not. Most sites rely on cookies to store login information, session information, etc. Cookies can be a convenience, but do allow silent and uninformed collection of your browsing history at a site, potentially over a long period of time. I suspect that, if informed, most people would presumably choose to at least disable 3rd-party cookies (such as those from ad servers), though surprisingly this is not a standard option in Firefox.
I was also a bit annoyed recently to discover that some sites use your IP address to track a session. I recently tried to re-enter a particular site with a clean slate by clearing my cookies, but the site still reflected earlier choices I had made. It took me a bit to realize that I had to change my IP address to get around it. This is a very bad practice if only because an IP address may often be shared by a number of computers.
Beyond those basics, sharing data across sites has the potential to fingerprint users and computers and track broad behavior, despite good basic practices such as:
• regularly clearing cookies and caches
• regularly changing IP addresses
• blocking images in emails from untrusted sources
• turning off ActiveX (Windows)
• making cautious use of Java and JavaScript
There's usually a trade-off between security and convenience, but the sad bottom line is, as Wired blog 27B Stroke 6 reports today: Internet Doomed. Close Your Browser Now.
Related Posts:
Geolocation
height="400" width="400" frameborder="0" scrolling="no">
Sorry, your browser doesn't understand IFrames.
The web page that referred you to a given page is also easily obtainable. Web sites also routinely detect browser plugins, usually so that they can make decisions about how to present content:
height="200" width="400" frameborder="0" scrolling="no">
Sorry, your browser doesn't understand IFrames.
That's the most basic information that very simple HTML and JavaScript can produce. Additional server-side code can expose your IP address, your User Agent (essentially your platform and browser version), and your (not very useful) outgoing port. The combination of just my typical User Agent and monitor resolution, for example, probably puts me in a narrow grouping of something on the order of 1/10 of a percent of surfers on a given site.
These simple features of the HTTP protocol just scratch the surface of what happens daily, and what is ultimately possible. On top of those there are cookies, with a whole spectrum of opinions about whether they are evil or not. Most sites rely on cookies to store login information, session information, etc. Cookies can be a convenience, but do allow silent and uninformed collection of your browsing history at a site, potentially over a long period of time. I suspect that, if informed, most people would presumably choose to at least disable 3rd-party cookies (such as those from ad servers), though surprisingly this is not a standard option in Firefox.
I was also a bit annoyed recently to discover that some sites use your IP address to track a session. I recently tried to re-enter a particular site with a clean slate by clearing my cookies, but the site still reflected earlier choices I had made. It took me a bit to realize that I had to change my IP address to get around it. This is a very bad practice if only because an IP address may often be shared by a number of computers.
Beyond those basics, sharing data across sites has the potential to fingerprint users and computers and track broad behavior, despite good basic practices such as:
• regularly clearing cookies and caches
• regularly changing IP addresses
• blocking images in emails from untrusted sources
• turning off ActiveX (Windows)
• making cautious use of Java and JavaScript
There's usually a trade-off between security and convenience, but the sad bottom line is, as Wired blog 27B Stroke 6 reports today: Internet Doomed. Close Your Browser Now.
Related Posts:
Geolocation
Subscribe to:
Posts (Atom)