[Tfug] [Bulk] Re: Stallman vs Ubuntu

[Bexley Hall]

Hi Rich,

On 12/16/2012 12:00 AM, Rich Smit wrote:
> On Sat, Dec 15, 2012 at 4:50 PM, Bexley Hall<bexley401 at yahoo.com>  wrote:
>
>> No.  Ubuntu isn't *just* recording your PURCHASES.  It is recording
>> everything you are INTERESTED IN.  I can walk through Target and
>> examine 10,000 items -- spending various amounts of time (presumably
>> related to my relative interest in the item in question) -- and
>> the CC company will *only* know which item I *purchased*.
>>
>> [If I leave the store without purchasing ANYTHING, they won't
>> know what I examined or even that I visited the store and left,
>> emptyhanded!  All of this information is important to them -- but
>> they can't get it (currently), easily.]
>
>> OTOH, if I had to interact with a (automated!) "sales associate"
>> in order to browse the items that were available at Target, they
>> would *know* what I was interested in, the level of my interest
>> and what I ultimately purchased.  ("Hmmm... he spent a lot of
>> time examining the Foomatic3000 -- but ended up purchasing the
>> WizzBang88.  What can we learn from this to get someone *like*
>> him to buy the Foomatic3000 in the future?  Or, should we simply
>> stop offering the Foomatic3000??")
>>
>> Spyware follows this second example.
>
> See, you talk about putting data together, but when it comes to it, you're
> blinkered to it. Your credit card, which records your life now, put
> together with phone location data, which records your aspirations (not to
> mention the QR codes you scanned) … these sustained over a period of
> months, tell a far greater story than stuff you might have pondered
> ordering on Amazon. Aside from anything else, it tells exactly how much
> money you have to spend.

Did you fail to read my accounting of my involvement in my sister's
divorce?  Did you *think* about how I was able to compile the
information regarding my exB-in-L's activities?  You don't really
think I stumbled on a document that said:
    "December 16th:  departed for work at the usual time but drove,
    instead, to The No-Tell Motel on Outoftheway Road.  Rented room
    1313.  Rendezvoused with Betty Biguns, there, at 9:15A.  Watched
    a "porno" to get the juices going.  Then engaged in carnal
    relations for 3 hours before going out for a bite to eat.
    Returned to the room for a few more hours of hanky-panky.  Then,
    departed to return home at the customary time."
I had to coordinate the information from several "sources" to
get such an accounting.  And, see the pattern *repeat* to assure
myself that it wasn't just "meeting with a client, offsite".

Had I, instead, had access to the underlying data instead of
just the *summary* data *and* been endowed with more "processing
power" than my gray matter can muster, I could have come up with
a more detailed accounting *and* a higher degree of confidence
in the conclusions I reached (e.g., a *normal* credit card statement
only reports summary charges -- it doesn't tell you what portion
of a purchase was derived from "room charges" vs. "payTV charges"
vs. "room service" vs. "taxes", etc.  Nor does a cell phone
bill tell you which *tower(s)* handled a particular call -- nor
the GPS coordinates at the start/end of that call!)

Do you think "Amazon" is the only "beneficiary" of the search terms?
Do you think the data is simply *discarded* once it is sent to
Amazon?  Do you think Google won't be offered this information
sometime soon?  (think:   "Install the XYZ toolbar on your machine"
because it is *obviously* benevolent.... <sure>)

The referenced article states:
   "Canonical says it does not tell Amazon who searched for what."
yet, a sentence earlier:
   "Ubuntu uses the information about searches to show the user ads
   to buy various things from Amazon"
So, how does "Amazon" know to send specific ads (related to the
terms that *you* searched for) to *you* and not someone *else*
(who is probably NOT interested in things related to those terms)?

Do you think Canonical has military grade IT folks guarding their
servers against hackery?  What if I search *my* (personal and
PRIVATE) documents for 123-45-6789?  Will Ubuntu's software be
smart enough to realize this might be a highly personal datum
that it should *not* forward to Canonical's servers?  Will
Canonical's servers be able to distinguish this significance?
Or, will they assume it is a part/model number for some *specific*
product -- that would be highly prized by Amazon?  ("Wow, he's not
just looking for information on shoes, in general, but this
*specific* shoe!")

Does Ubuntu ensure that its connection to Canonical is secure?
You now have a *documented* choke point where a knowledgeable
attacker can hijack the communications with Canonical.  Or,
hijack the search mechanism, entirely!  (He doesn't even have
to reverse engineer the code -- just *look* at it and craft an
attack based on what he *sees*)

And, to anticipate your objection:  no, this isn't the same as
a user presenting search terms to Amazon, Google, etc.  I won't
search for my own SSN on Amazon's web site.  Nor Google's.  But, I
might if I was trying to search MY DOCUMENTS to find a correspondence
with my lawyer, the IRS, etc.

>> Opting out of a job that requests a background check? Haha! That's a good
>>> one.
>>>
>>
>> You've never done that?  I guess, perhaps, you're not as marketable
>> as you might hope...<frown>
>>
>> I've turned down job offers because they wanted me to wear a *tie*!
>
> Was that an intentional ad hominem, or a mere slip into condescension? See,
> I'm not a narcissus: I wasn't talking about myself.

In the English language, "you" is an overloaded personal pronoun.
Would you (i.e., "Rich") prefer I use the pronoun "one"?  Or, an
even more verbose description of a "hypothetical individual" faced
with the LACK OF CHOICE (recall my emphasis on *transactions* in
my description) that only allows him (her?) to get a job that
requires a background check?

I have friends in law enforcement who NO LONGER have this choice. But,
that is because they *elected* to CHOOSE a career in law enforcement
years earlier (presumably, they still enjoy that career choice or
would have switched careers -- I know of only one such person who
has done so).

>> Avoiding traffic revenue CCTV cameras? Yeah, when you see the sign, you
>>> just stop and turn around, right?
>>>
>>
>> If you are aware of the cameras locations (and, near as I can tell,
>> few of these are "secrets"), you can choose to avoid those locations.
>> Even if you "stumble across" one that you had no foreknowledge of,
>> you can *choose* not to travel that route in the future (having
>> "seen" you once doesn't give the camera knowledge of your *future*
>> actions/whereabouts)
>
> Yes, they're on the public record – including the mobile vans [
> http://cms3.tucsonaz.gov/police/radar-van].
> But as CCTV spreads (and I forgot to mention installations at larger stores
> and at airports, probably schools and colleges too?) the average person's
> privacy is eroded further.

Privacy is a bigger issue.  When you are "in public", you have no
EXPECTATION of privacy (let alone GUARANTEE!).  You can wear sunglasses
or other "decorations" to obfuscate your features (except in places
like banks).

Unlike England where video surveillance is commonplace, here most
cameras in public and semi-public places are owned by "private
firms", not the gummit.  And, they are isolated -- not coordinated
in their data gathering activities.

Even the traffic *monitoring* cameras (e.g., ADOT) are used mainly
to get a general idea as to conditions around town (significant
intersections) and not to monitor Joe Blow's travels.  Very few
of these cameras "around town" are "smart cameras".

>> People normally carry cellphones in order to be contacted. They don't
>>> imagine they're being tracked day in, day out, and that law enforcement
>>> doesn't even need to take special action to obtain the data any more.
>>
>> They have traded their *privacy* for *convenience*.  Ditto with
>> credit cards and personal checks.
>
> You argue one side that "they choose to do X", then you ignore when there's
> no upfront agreement that a user will be tracked. That's your "insidious
> spyware".

I'm not defending telephone's intentionally (or unintentionally!)
spying on their users without making it clear to the user that
they are doing this.  My exB-in-L *could* have thought about
what his phone was saying (to his billing statement) about his
location before he opted to use it.  The phone company wasn't
recording his location so that I could figure out where he was.
Nor were they reporting the phone number he called for that
reason.  Rather, they were performing ACCOUNTING functions...
that I just happened to be able to exploit to glean information
that he probably would not have wanted to explain!

Regardless, using that cell phone, credit card or personal check
(library card, email account, *computer*, etc.) represents a
sacrifice of some amount of privacy.  In the days of snail mail,
how often did you send a postcard instead of a *sealed* letter?
(for anything other than "Having a great time!  Wish you were here!")

I.e., you recognized that the content of your communication would
be "open" if sent via a postcard and opted to spend the extra pennies
to preserve that privacy.  But, did you ever consider the less
obvious aspects of that form of communication?  I.e., your letter
carrier knows who you are corresponding with -- and he/she probably
knows *you* (and your neighbors) well enough to be able to *discuss*
your "mailing habits" with others (your neighbors??).

[E.g., I keep a POBox for correspondence that I don't want *my*
letter carrier seeing.  Easier for me to deal with a faceless
entity stuffing POBoxes than someone I chat with by the side of
the road, a few times each week]

I request a lot of materials through interlibrary loan at the
local public library.  It's not surprising that these requests
go through the same hands, each time.  And are read by the same
*eyes*!  So, I've "leaked" information about the types of
research I am involved with -- to a person(s) that I will
frequently encounter *at* the library.  ("Gee, Don, why are
you so interested in....?")

[And, I'm sure *something* inorganic is also recording all of
those ILL requests!]

>>> Most people — including the Vice staffer who gave away McAfee's precise
>>> location — aren't aware their smartphone is writing latitude and longitude
>>> data in the Exif header's of photos.
>>
>> So, you're *defending* the fact that these issues are downplayed by
>> the device vendors?
>
> Huh? Come again? I don't see where I defended anything.

Your example suggests that since others (entities, devices) are doing
this, why is Ubuntu bad/worse?

>> That their RATIONALIZATION of them in order to
>> "provide a more useful experience" in lieu of drawing attention
>> to how they may be (or *are*) abused is acceptible?  "Hey, we
>> told you that using our medicine could result in death.  Why are
>> you now *suing* us??"
>
> English comprehension fail there, mate.

Sorry, what have you failed to comprehend?  The purveyors of these
"products" peddle them AS IF this feature/capability is A Good Thing.
But, their arguments are obviously an after-the-fact rationalization
of their *desired* activities.

"Targeted advertising" is supposed to make my "web experience"
more enjoyable?  Productive?  If I am looking for a *product*,
then let me search a "virtual store".  I don't go to a library
looking for information on ALS and *expecting* to find adverts
for augmentive communication devices.  Yet, one (interested in
SELLING THINGS) could *rationalize* that this would be helpful
to me -- after all, if I am interested in ALS then I might
also be interested in these devices!  (sure, and I might also
be interested in research that delays the onset/resolution of
the disease; or powered wheelchairs;  or recipes for meals
that prolong the nominal eating process;  or methods for
taking one's life; or...)

*Disclosing* that you are using this information to market
products doesn't make it any more palatable.  Can I opt out
of google's ads?  (yes, simply don't click on any of them...
though it sure would be nice if they just weren't *there*!
I'll go to "Google Store" if I want to buy something!)  Can
I opt out of their tracking of my search subjects?  (no)

Does google ever tell you any of the "less desirable" ways
that their data might be used?

Facebook hopes to be able to market the personal data that
its users VOLUNTARILY have disclosed to it.  Along with
the "connectivity data" (friends).  Among other things, this
can facilitate a "rating system" (like Moody's) for *individuals*!
I.e., Bob hangs with people who are high risks (based on the
activities they have disclosed -- or, based on information
available via a back channel) so he's probably *also* a
"bad risk".

Do you get yearly physicals?  If not, you're a higher risk
for a mortgage (no, not because you are more likely to drop
dead but, rather, because folks who stay on top of their own
physical health are more likely to stay on top of their
FINANCIAL health)

>>> It's personal choice whether or not to use Ubuntu too. Right? Insidious my
>>> arse.
>>
>> Do you understand the meaning of the term "insidious"?
>
> Do you understand the meaning of the term "pretentious"? Jesus mate, take
> it down a notch.

I think you are failing to see the import of this issue.  You're
downplaying Ubuntu's actions as "no worse than" (actually implying
somewhat *better*) than these other ways information leaks (or
is siphoned away) from people.

>>   Spyware happens continuously.  It doesn't just track the fact that
>>>> you spent $27.43 at Target -- it tracks the *items* that you purchased,
>>>> which cashier handled your purchase and what other departments you
>>>> visited while in the store (as well as any people you may have spoken
>>>> to while there, what you said and the clothes you were wearing!).
>>>
>>> Ahem. Using a credit card gives the retailer and their associates exactly
>>> what you describe.
>>
>> Really?
>
> Yeah yeah. Using a credit card—with a cellphone in your pocket and driving
> a car into their parking lot and wearing that brand of clothing tells…

*You* don't know *what* it "tells"!  But, someone with data of
hundreds of millions of people engaging (or not engaging) in that
particular set of activities can stumble on a statistically
significant relationship -- that they might not be able to
understand, but are highly confident of!

Doctors don't know *why* most diseases/conditions manifests.
Nor why many "cures"/treatments work!  But, they notice that
X *tends* to lead to Y.  And, they rely on that as largely
invariant when they "practice" medicine.

>> It ONLY tells them what I purchased and the register at which
>> the transaction was processed.  They have no idea where I wandered *in*
>> the store,
>
> Parking lot CCTV.

Show me a place anywhere in this country that *has* that data
available and tied to *my* transaction(s).  Having a CCTV camera
doesn't mean they have anything other than *imagery*.  It is
technologically possible (though not practical) that you could
exploit video feeds to track individuals through a store
AUTOMATICALLY, monitor which registers they use and the times
of those apparent transactions to correlate their physical
presences/locations with their purchases. But, aint gonna
happen any time soon!

CCTV in parking lots, stores, etc. are intended to generate a
visual record THAT CAN BE EXAMINED/REVIEWS BY HUMANS when
(after!) some event of significance.  E.g., theft from the
store, assault in parking lot, heart attack in dining area, etc.

>> what I looked at (but elected NOT to buy), who I talked to
> (including other customers, friends or neighbors I may have bumped into
>> while there),
>
> Cellphone location data.

Again, you're talking hypotheticals.  Show me someplace that *does*
this!  What happens if I don't carry a cell phone?  (or, have you
now decreed cell phones are mandatory accessories for all citizens?)

>> what I said to those people nor how I was attired.
>
> RFID-enabled clothing.

As above.

> Sorry, you're owned, several times over.

I'll politely wait for you to provide verifiable examples of these
items.  [Note, my automation can tell you where I am, what I'm wearing,
what I'm saying and what I'm doing.  How much of that information
would you like it to disclose to "others" if installed in your home?
What if your *employer* uses one?  Do you quit?  Not accept the job?
After all, it's *his* business, this information belongs to *him*!]

>>> This doesn't support your position that the user has
>>> choice in the matter, because credit cards are capable of the exact spying
>>> you decry in Ubuntu.
>>
>> No, you've clearly missed the point, entirely.
>
> Sorry to leave you behind there. We've moved on a bit since then.

Unfortunately, you're off in some alternate reality.

>> Credit cards are
>> far *less* intrusive than spyware.  Is there a button I can click
>> to turn off spyware while I "do whatever" for the next few minutes?
>> I can turn off the credit card simply by keeping it in my pocket.
>
> Unless it's RFID-enabled. Good luck finding a Faraday-shielded wallet that
> actually works…

Your credit card has to be "chipped" in order to be vulnerable
to RFID scanners.

>> And I don't carry *any* phone.
>
> Clearly not that marketable…

Is that supposed to be a personal snipe?  The fact that I don't
have to answer to others beckon call?  The fact that I can dictate
the terms at which I interact with my clients and vendors?  That
I can choose the hours and location where I work instead of having
someone dictate those to me?

>> (This is a bait-and-switch argument, not privacy.)
>>
>>
>> No, its not.
>
> The way you described it, it abso-bloody-lutely is, mate.

No. From Wikipedia:

    Bait-and-switch is a form of fraud, most commonly used in
    retail sales but also applicable to other contexts. First,
    customers are "baited" by advertising for a product or service
    at a low price; second, the customers discover that the
    advertised good is not available and are "switched" to a
    costlier product.

>> You are initially extended the *hope* for "good prices"
>
> Bait…

But, you are *given* those good prices!  *THAT DAY*  and for
sometime thereafter.  No promise has been broken.  Sign up for
this card, get 3c off on your bananas.  DON'T sign up for this
card and pay full price.  The customer isn't "switched" into
making a different, more expensive purchase.

A store says (with or without card) the price of apples is
35c/pound.  You pay 35c, you *get* a pound.  Next week,
price is 32c (or, 38c, just as easily).  Next week you
decide how much apples are worth to you at *that* time.

Christmas decorations *will* be on sale on Dec 26.  Chances are,
they *won't* be on Mar 18.  Is that "bait and switch"?

Stores that employ "store cards" make no promise about future
*prices*.  All they say is "cardholder will be entitled to
a discount off the REGULAR price (in effect at that time)
FOR SALE ITEMS".  And, the store *honors* this!

What you don't like (and aren't supposed to notice) is that
the "sales" WITH the card are no longer as enticing as they
were, initially.  But, sales, in general, at any particular
store are often not as good as Grand Opening sales.  Do you
consider each store that has a Grand Opening sale to be
engaging in B&S practices?  "Gee, two years ago you offered
really great deals -- so I started shopping here.  Now the
deals aren't as good!"   "Well, go shop somewhere else!"

>> in exchange for your personal data *and* the idea
>> that you will be "watched".
>
> …and…
>
>> The fact that those good prices
>> don't turn out to be any better than the non-card competitors
>> is just "bad luck" on your part.
>
> …switch.

No!  The store is *still* giving you a better price than Joe Blow
who walks in off the street!  They are HONORING their commitment
to you!  They never claimed that they would guarantee you the
lowest prices in town.  Nor did they guarantee that their sale
price would be any better than some other store's EVERYDAY
price!  All they said was their sale price would be available
to you as a cardholder.

Would you sue them if they made their sales available to everyone?
OK, what if they simply NEVER had another sale -- and simply
lowered their prices to the level they would be AS IF "on sale"
so that everyone could benefit from them?  (i.e., there is no
practical difference so even if a legal difference existed, they
would obviously pick the version that kept them out of legal
jeopardy)

Remember, you are still able to take YOUR business elsewhere.
Your commitment to *them* is still entirely in your own control.
Don't want to be tracked when you buy that box of condoms?
Then don't use your card when you pay!  Stores assume you
will blindly pull out your card for *all* transactions -- even
if most/all of the items you are purchasing are not on sale.

[A good deal of retail revolves around exploiting peoples'
laziness and ignorance.  Coupons/rebates that prompt you to
make a purchase -- though the store expects a great many
purchasers to forget to redeem those coupons/rebates.  Items
constantly being rearranged in the store to require you to
*hunt* -- which implies you are LOOKING at things that you
might otherwise ignore.  Locating items in places designed to
appeal to particular shoppers (milk in the back of the store;
cereal on shelves easily viewed by children).  etc.

> You're welcome.

I'll thank you when you offer me something of value.  :>

>> You didn't really *think* that...

> [more condescension]

No, simply pointing out your apparent naivite in this regard.
You can't imagine how many products are designed with surveillance
(of some form) in mind.  Not always to peddle things to you but
to watch what you are doing, how they are used, etc.

My automation system is *largely* spyware -- though it only
"talks" to itself.  It's goal is to watch what you do, when
you do it, where and how -- so that it can better anticipate
your needs, "tomorrow".  That;s the a priori stated goal -- not
an after-the-fact rationalization of *why* you should use it
("to improve the user experience -- while marketing stuff to
them!")

So, when you shave on a weekday morning, it knows to turn on
the "all news" radio broadcast while you are shaving (not
before; not at some *fixed* time; etc.).  Or, to turn out
the lights in the rest of the house when you decide to
retire for the evening.  Or, to prepare the grocery list
for you in time for your weekly shopping trip.  Or to know
to silence the telephone during dinner hours.  Or, ring
through *persistently* if a call comes in during the wee
hours of the morning from your child's cell phone (while
they are "out partying", etc.)

If I let others *augment* that system (FOSS), what safeguards
should I put in place to ensure other "apps" can't harvest
and disseminate the detailed and highly personal data that it
has amassed regarding your *personal*, *private* existence?

Repeating an earlier comment of yours:
    Do you understand the meaning of the term "pretentious"?
    Jesus mate, take it down a notch.
Sorry, but I consider this *highly* pertinent to my work and
my moral obligations to those who inherit and expand upon it.
Would you prefer I embed a large, publicly accessible *pipe*
into the knowledge base to make it REALLY EASY for folks to
mine this data from *your* ("one's") home?  Maybe a built-in
WiFi connection so folks driving by can peek inside and
see what you've been up to...?

> Yeah, we're done. See ya.

Have a nice trip!  :>