Yellow dots

I learned something creepy about printers today.  It turns out, most major printers add pale yellow dots to every page, which encode the date and time of the printout, as well as a serial number tying the paper to a specific printer.

It's called "Printer steganography."  According to Wikipedia, Steganography is "[T]he art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message[.]"

Now that I'm aware of this, I'm having trouble thinking of anywhere I could print out a document without making it obvious where I am.  I can't do it at home, because duh; I can't do it in the newsroom at school because I'm one of like 10 people who can get in, and they[1. "They" being any powerful or well-connected person or group that either has something against me or makes any kind of mistake that leads them to believe they have something against me.  Or someone less well-connected, but with a serious vendetta against me and access to, for example, the above-linked EFF site where the Xerox printer dots are decoded.] could compare the time on the stamp to the times that computers were in use;  I can't use the computer lab at school because they make everyone sign in... I can't remember how the computers work in the library, but I do know I have to pay for copies.  Maybe they don't log people's names.

Not saying I have anything particularly sensitive to print out, and as far as I know nobody hates me enough to track me down by stealing pieces of paper I might have printed, but the whole idea totally creeps me out, anyway.

TechCrunch explains how Facebook is getting even worse

Yesterday on Boing Boing, Cory Doctorow posted a link to an article on TechCrunch, breaking down the ways that Facebook's new app interface is more manipulative and dishonest than their previous ones.  I haven't actually seen the new interface, because I've logged into Facebook about three times this month, and that was only to check for messages after someone told me they'd sent one. The article, 5 Design Tricks Facebook Uses To Affect Your Privacy Decisions, is an easy read, and has accompanying pictures to illustrate the problems.  The writer, Avi Charkham, points out:

Facebook keeps “improving” their design so that more of us will add apps on Facebook without realizing we’re granting those apps (and their creators) access to our personal information. After all, this access to our information and identity is the currency Facebook is trading in and what is driving its stock up or down.

Facebook's stock has not been doing well since the company went public.  It seems like the company's approach to solving this problem is going to be to try and extract even more personal information from its users.

For the record, Tumblr, Reddit and Twitter all have a very good track record for not exploiting their users.  If you're not ready to quit Facebook, a good first step is picking some of these other sites and getting active on them, as well.  Get your friends to do it, too.  Diversify your social presence online.  That way, no one service can hold hostage relationships that are important to you.

Anderson Cooper's coming out letter is awesome

Here's the short version of the story:  Recently, Anderson Cooper, celebrated journalist, came out of the closet as gay.  He'd previously been in the closet because he didn't want his personal life to interfere with his professional life, and he came out by giving a friend of his permission to publish an email in which he explained his reasoning, both for why he was in the closet and why he came out. The best part of the letter, in the middle, is this:

Recently, however, I’ve begun to consider whether the unintended outcomes of maintaining my privacy outweigh personal and professional principle. It’s become clear to me that by remaining silent on certain aspects of my personal life for so long, I have given some the mistaken impression that I am trying to hide something - something that makes me uncomfortable, ashamed or even afraid. This is distressing because it is simply not true.

I’ve also been reminded recently that while as a society we are moving toward greater inclusion and equality for all people, the tide of history only advances when people make themselves fully visible. There continue to be far too many incidences of bullying of young people, as well as discrimination and violence against people of all ages, based on their sexual orientation, and I believe there is value in making clear where I stand.

The fact is, I'm gay, always have been, always will be, and I couldn’t be any more happy, comfortable with myself, and proud.

(emphasis mine)

My favorite part of that section is the bold quote, "The tide of history only advances when people make themselves fully visible."  That part, that issue, is a big deal to me, because we talk a lot about peoples' right to privacy, their right to conceal.  But in some troublingly mainstream venues, we don't talk at all about peoples' right to disclose -- to be honest about who they are, without fear of persecution or attack.  I wrote a post about that issue last year, which led to a few arguments with my friends.  People seem very committed to framing privacy as either good or bad.

The letter ends,

I still consider myself a reserved person and I hope this doesn’t mean an end to a small amount of personal space. But I do think visibility is important, more important than preserving my reporter’s shield of privacy.

I like Anderson's coming out letter because it's a step forward in LGBT acceptance, and love it because it's a step forward in establishing a more complex, progressive and optimistic narrative of privacy.

A case study in Facebook privacy

I'm planning on quitting Facebook soon, and am currently going through the preparations necessary.  One of the major reasons is the way Facebook uses the default privacy settings to fudge people towards giving up more information than they really intended to. There's a great example of this fact in action at We know what you're doing..., a website that posts public statuses of Facebook users in four categories: Who wants to get fired?, Who's hungover?, Who's taking drugs?, and Who's got a new phone number?

In their about page, they point out:

These people probably wouldn't want this info publishing, would they? Probably not to be fair, but it was their choice, or lack of, with regards to their account privacy settings. People have lost their jobs in the past due to some of the posts they put on Facebook, so maybe this demonstrates why. Efforts have been made to remove any personal data from the results, such as the actual phone numbers, surnames, etc. The data is still easily accessible from the API, the filters have been put in place to protect the site from legal issues.

The idea comes from a great performance by Tom Scott, which I'm embedding below:

A lot of the people on these sites don't know that they've left their Facebook pages this open.  And that's the problem -- it's not enough to protect people's privacy to say, "You need to look at the privacy settings."  Facebook buries them, and they set all the defaults to "Share everything."    As a result, people who are on Facebook not because they want to stay in touch with the cutting edge of social technology but because they want to talk to their friends (read: damn near all of them) are unlikely to protect themselves.

My thoughts on CISPA

Here's another article on the problems with CISPA (Uproxx):

It’s called the Cyber Intelligence Sharing and Protection Act, although it’s not actually a law, but rather something tacked onto a security law passed in the ’40s. It’s designed to deal with what amounts to the new Cold War: American, Chinese, and Russian security agencies are currently busy hacking the crap out of each other, so this law is designed to make it easier to track and penalize, say, somebody stealing the plans of a new widget.

The big problem is, the way the bill is written, it supersedes all other wiretapping and intelligence laws, although a corporation does not have to comply with any request under the current language.

And another (Huffington Post):

CISPA demolishes existing barriers between the government and the private sector -- and between government agencies, including the military -- that restrict casual data sharing. It would effectively allow information about Americans' use of the Internet to slosh back and forth uninhibited.

So, I'm officially worried.*

I wrote a while ago that privacy is an important and complicated ethical issue, and in that article I tried to stress that there are a variety of considerations in the issue of privacy that pull my conclusion from both directions, and that you can't simplify the debate down to a few slogans without fatally oversimplifying it.

And I do think that, eventually, we're going to need some smart, complicated legislation that deals with the issue of gathering information on the internet in a rational, considered way that obligates companies to protect the privacy of their customers while still allowing the government to guard against the real and serious risks of cyber terrorism**.

The thing I don't like about CISPA is the point that the Huffington Post article makes -- it would allow a lot of inter-organization information sharing.  And I'm against that, especially when it comes to the government.

I think branches of the government, and organizations that deal with the care or wellbeing of human beings (which I think the internet does) should be intrinsically separate, and only overlap in extreme circumstances.

For example, I don't want people to do heroin.  But I also don't want people overdosing on heroin to refuse to go to the hospital, because they know there'll be handcuffs waiting for them on the other side.  And I don't want people who use heroin to refuse to go to the hospital for other illnesses (which, I cannot stress this enough, they might be spreading†) because if a blood test comes back with heroin in it they'll go to jail.

People sometimes need to talk about things that are illegal.  The world is messy and unpleasant, and it doesn't get better by pretending it isn't.  It gets better by embracing those complexities and offering compassion.

We need legislation to protect us from the dangers of the internet.  But CISPA doesn't sound like that.  It sounds like another reactionary, SOPA-like bill designed to make old people feel better about the monster behind their monitor.  It seems like it has less teeth than SOPA did, but it's not good enough.

And if we keep pushing, maybe three or four bills down the road, we'll get some legislation that doesn't suck.

*Yes, there's an 'official' and 'non-official' worrying category set.  Formal worrying requires that the concern pass an advisory board, that I've slept on it, used the bathroom before considering it and properly hydrated.  I can't become formally worried if I've had a headache for the entire space of time I've been considering it, and I can't become formally worried if my data set contains only secondhand reports from people I personally know.

**Cyber Terrorism (n.) The scary internet monsters coming to take away your children and replace them with sophisticated Furbies. Seriously, though.  I accept that cyber terrorists are a real thing, and I would also like to stress that they are, apart from that, used as a scare tactic to push irresponsible, reactionary legislation -- just like real terrorists.

†One of my firmest opinions about drug policy is that it's not okay to reject individuals' health on the basis that they deserve it for doing drugs.  Healthcare doesn't happen in a bubble, and the less institutional help addicts have access to, the more the consequences of their decline spill over into the lives of everyone else.  As it happens, I have a lot of sympathy for addicts.  But even if you don't, it's counterproductive not to try to help them -- not out of concern for the addicts themselves, but for the benefit of everyone else who has to live in a society where addiction is a thing that sometimes happens.

 

Some thoughts on the morality of privacy

Privacy is a complicated issue, and  increasingly, an important one.  Technologies like Facebook and Google have, over the last ten years or so, changed the nature of privacy issues faster than they might ever have changed before. And, like many issues in pop politics, subtlety in the discussion seems to have never emerged.  The slogans -- "Right to privacy,"  "Information wants to be free."  Facebook founder Mark Zuckerberg has been quoted as saying, “Having two identities for yourself is an example of a lack of integrity.”*

It seems there's a polarity of views:  Either privacy is good, or privacy is bad.  Either concealing anything is a sign of dishonesty, worthy of moral scorn, or being forced to reveal anything about yourself without the right to decline is irredeemably invasive.

One of the major reasons this issue is so heated is that the key examples of privacy tend to share something in common:  They represent a high degree of personal risk, but only if the people you expose the information to behave unethically.**

I think it would be fair to characterize these sorts of identity facts as closet-issues -- that is, being public about them constitutes coming out of a closet.  The archetypal example, the trope namer, is homosexuality.  Coming out as gay can have serious implications about an individual's wellbeing.

But the more people come out as gay, the harder it is for homophobia to stick.

Whether to come out is a hard decision, and the answer isn't universal.  And the abstract reasons for which it's difficult can be applied to pretty much any identity fact that it might be convenient to leave out of your public identity.

It might be convenient not to mention that you're Muslim/Jewish/atheist/other religious-identification minority, that you're going to therapy, that you got a GED, that you're transgendered, that you have bipolar disorder, that you've attempted suicide.  Those labels can hurt your social standing or your career.  Some of them are a risk to your physical wellbeing.

But coming out helps break the stereotypes, and the sacrifices you make in coming out are sacrifices you make for everyone else who can't, yet.

Altogether, the more information is out there, available and open, the harder it is for people to get away with being wrong.  In that way, if everyone is more transparent, it could make the world a nicer, safer, more understanding and caring place.

Then again, pitfalls along that road include police states, filter bubbles, corporate takeovers of information flow, targeted attacks against minorities, and, I'm sure, plenty of problems I haven't thought of.

Like I said, it's complicated.  But overall, I'd like to propose a slightly more complicated view of privacy -- that it's a necessary evil which we can't afford to do without, but which should be diminished wherever it's safe to do so.  Especially among the people in power.†

*That quote also opens to a number of other philosophical discussions I won't be addressing in this post. **I'm taking it as read that morality has to do with harm avoidance and the wellbeing of feeling entities, rather than the taboo based morality of religion, purity-based morality, or financial success as equivalent to moral success. †I realize I didn't get into the issue of power dynamics much here, but I promise to do so soon.