Turning on Do Not Track in Google Chrome

The promise of Do Not Track was supposed to be that with a simple push of the button, ad networks will no longer be able to track your online behavior.

Not only is Do Not Track the opposite of simple, it also does absolutely nothing.

To illustrate, here’s how Do Not Track was implemented in Google Chrome — the world’s most-used browser, according to some studies.

Step 1: Click on “Settings”


So far so good.

Step 2: Click on “Show advanced settings”


Obviously, any user would be able to figure this out.

Step 3: Click on “Send a ‘Do Not Track’ request with your browsing traffic


Oh, right, I see it. The last privacy option. Alright, check…

Step 4: Read the disclaimer


Oh, that’s not it? Wait, what the hell does this mean? This seems to be saying that Do Not Track doesn’t guarantee that I won’t be tracked. I should probably learn more.

Step 5: Click on “Learn more”


Oh, I see. Does Do Not Track do anything? “At this time,” no.

Step 6: Close that window, and click “OK.”

Got all that? Six steps, to achieve nothing. Hooray for Do Not Track! -David

Gov’t believes in location privacy (except when it wants to know where you are)

My current location screenshot by CNNMoney

Wired has a great feature on the FBI using GPS tracking devices to keep track of people’s whereabouts without a warrant. In fact, the Obama administration is attempting to overturn a lower court’s ruling that law enforcement must obtain a warrant before using a tracker.

Tomorrow representatives from Apple and Google will appear before a Senate subcommittee to discuss (and defend) the way cell phones track and store the location data of users. - Matt

Pandora boots its outside ad platforms

Remember when Pandora got served a subpoena as part of a federal grand-jury investigation into the data mobile apps collect and pass around to their partners?

The company is taking action: Pandora said Wednesday that it will remove all embeddable third-party advertising platforms from its application.

That means goodbye for Medialets, AdMeld and Google.

Pandora emphasizes that it has no evidence that these partners were violating users’ privacy — but it’s taking the “better safe than sorry” route. It will keep serving ads in its mobile apps, but it will handle all the infrastructure itself. 

And although many apps track your location, Pandora says it’s not one of them.

Here’s the statement Pandora released to CNNMoney:

Recently, certain third party advertising software development kits
(SDKs) from Medialets, AdMeld and Google have been the subject of scrutiny and speculation in the media. While we have no reason to believe that any of these mobile advertising companies acted outside the scope of our privacy policy, we have decided to remove the advertising SDK’s entirely to ensure that our listeners have complete confidence in our commitment to their privacy. The revised versions of the Pandora application with these SDK’s removed will be available soon in Android Market and in the Apple App Store.

Furthermore, Veracode, a third party mobile security firm that recently highlighted the presence of these SDK’s in our Android app, has publicly retracted their assertion that our app was transmitting GPS location data and has confirmed that their original report was in error. The Pandora app does not transmit GPS location data.

We take privacy very seriously at Pandora. The trust that our listeners place in us at Pandora is something we value tremendously and we want to leave no room for doubt that we honor and respect their privacy.

And here’s our own investigation into Pandora’s app. -Laurie

Sony is currently learning a valuable lesson about user data and privacy

Sony CEO Howard Stringer, courtesy Sony

Remember the story of George Hotz, who was accused of violating the Digital Millennium Copyright Act and a couple of other laws after posting instructions on how to gain root access to Sony’s gaming system? And how Sony was able to gain all sorts of information (including phone numbers!) about anyone who watched the video, visited the website, or followed Hotz on Twitter?

Well it turns out the many people were upset by this. Including the notorious hacking collective Anonymous. Playstation Lifestyle reports the group is now attacking all sorts of Sony websites while also gathering information about Sony employees - including home addresses, spouse names, how many kids they have, etc. - and posting that information on the Internet. And they’re not just going after Sony - the members of the law firm representing Sony and the judge in the case are all considered valid targets. - Matt

Sony is going beyond Orwell over PS3 jailbreaking

Last Friday, Wired’s Threat Level blog posted something far scarier than the standard “Facebook & privacy” stories/arguments that seem to dominate the privacy discussion.

A federal judge has ordered the hosting company of George Hotz’s PS3 jailbreaking site to release to Sony the IP addresses of anyone who visited the site from January of 2009…until now. Fair warning: If you click that link, the list now includes you.

Hotz was accused of violating the Digital Millennium Copyright Act and a couple of other laws after posting instructions on how to gain root access to Sony’s gaming system.

The scary part is all of the subpoenas that were approved: the logs of Hotz’s Blogger.com account, the IP logs of whoever watched the instructional video on YouTube and “documents sufficient to identify all names, addresses, and telephone numbers associated with the Twitter account.” Take it to the extreme and this could be just about anyone who has ever read any of Hotz’s tweets. Even if someone else re-tweeted them and it showed up in your feed.

While Sony has threatened to sue anybody else who posts the hacking information, it’s amazing the government would invade the privacy of readers. While the act of jailbreaking the PS3 may be illegal, reading about it on the Internet should not be reason enough for the government to give up citizens’ information so easily. - Matt

Reporting from a war zone: Facebook’s privacy settings edition


Screenshot: me

At CNN, many of our bravest reporters put themselves in harm’s way to tell a story. Some travel to Iraq, other do live reports from the scene of a riot, and others get tasered.

Trying our hand at this, Stacy and I reported a story on Facebook’s privacy settings tonight. I’m sure our scars will heal in time.

We found that it’s surprising what Facebook automatically makes public, amazingly unclear exactly what Facebook always makes public, and difficult as all hell to navigate through the jungle of settings.

Default: Logging onto Facebook, I clicked on “privacy” and chose all of the default settings. I then went to my profile page, copied the link, logged off, then pasted in that link. Even though I was logged off, I could still view my name, profile photo, my photo albums, my friends list, my home town, my current city, my wife’s name, my interests, my activities and my “likes.” Wow.

"Friends only": I logged back in and chose what appear to be the most stringent settings: “Friends only.” I then logged off, and accessed my profile page. But I could still see my profile photo, my name and my friends list. Hmm…  

Most stringent: Logging back in, I realized there was still more to be done. I clicked on “view settings” under “connecting on Facebook.” I changed all seven of those to the most stringent settings, then clicked on “customize settings” under “sharing on Facebook,” and changed all 21 of those settings to the strictest settings. Logging off again, I saw that Facebook still showed my name and profile picture.

Through all of that (including using two computers and three Facebook log-ins, because Facebook didn’t like us accessing my profile offline too many times), we came to a pretty startling conclusion: By default, there’s a whole lot that everyone can see about you. And you’ve got to do a lot of work to whittle your way down to just your name and profile photo — and even that’s too much for some users. -David

What I’m thankful for

The world of technology has given me a lot to be thankful for this year. Here’s a sample.

  • Cable competition. I have never hated a company like I hated my cable company (before I bought a dish). So I’m overjoyed that cable companies are finally getting the message. After years of a customer relations policy that basically amounted to “eff you,” customers are switching to Fios, satellite or cutting the cord. Finally, cable is starting to catch the drift and adding features like remote DVR control and the ability to watch content online. 
  • Android. It’s far from perfect, but holy schmoley has Google given Apple a run for its money. What a fun story. Also, my Droid is still my favorite toy ever, even after Froyo nearly destroyed it.
  • Mark Hurd. Tech writers rarely get to write about sex scandals. Thank you, Mark Hurd. Thank you!
  • The iPad. I still don’t get why anyone would want one, but it’s been a great source of debate. 50 million next year, Gartner? Seriously? Well, Flipboard is extremely cool. And all the magazine apps are beautiful. Having a multi-function e-reader and the full Web on the go is pretty sweet. …okay, maybe I do kinda want one.
  • Angry Birds. What did you say? Oh, sorry, I’ve been trying to get 3 stars on level 11 for the last 17 hours, and I think I almost have it.

And some turkeys:

  • 3Par. Most boring bidding war ever. I was close to buying an HP laptop last week, but ultimately decided to hold off. I think their involvement in the bidding process subconsciously factored into the decision.
  • Rapleaf and Facebook. If you’re going to track / sell information about me, that makes me nervous enough, okay? You don’t also have to lie about it.
  • 4G. It’s a big lie and confuses consumers. Let’s stop this nonsense and get a government-regulated third-party to test network speeds and give consumers real, meaningful data about their choice in wireless carriers.
  • Antennagate. I get that Apple’s secretiveness is part of its success, but a lack of transparency made antennagate into one of the most overblown stories ever.
  • Stock investors. Seriously? Microsoft needs to be down 15% this year? Netflix is really worth $200? Cisco had to get crushed the other day? Like Stacy, I don’t get the stock market.

Happy Thanksgiving everyone! -David

This is a philosophical battle. Zuckerberg thinks the world would be a better place—and more honest, you’ll hear that word over and over again—if people were more open and transparent. My feeling is, it’s not worth the cost for a lot of individuals.
Microsoft social media researcher Danah Boyd on Facebook’s privacy stance, which Zuckerberg calls the  “third-rail issue” in this week’s New Yorker profile.