Tor, An Ethical Dilema

tor

Over the summer I have been following reporting surrounding the TOR project. I have learnt some interesting things. I must admit that I tried to download the browser but I couldn’t work out how to get it up and running, but that is probably more due to my own incompetence than anything else.

Tor has some serious issues as far as ethics goes, because it is designed to help people to remain anonymous as they use the net. This may to some seem perfectly justified given that Google and their friends are monitoring our every move and storing it all for resale later, but it is also great for criminal activity.

Recently reports emerged from Russia that the head of the Federal Security Service (FSB) has personally ordered preparations for laws that would block the Tor anonymity network from the entire Russian sector of the Internet. Obviously his aim is not to stop people from anonymously using the Internet, but to fight crime. The agency initiated the move as internet anonymizers were used by weapon traffickers, drug dealers and credit card fraudsters, giving the FSB an obvious interest in limiting the use of such software.

Other reports claim that not all of Russian law enforcement are in agreement, because criminals tend to overestimate the protection provided by the Undernet, act recklessly and allow themselves to get caught. Here the so-called Undernet is the key though, as anonymity is difficult to police.

Other reports state that “Security experts have accused US law enforcement of taking advantage of a flaw in the Firefox Internet browser then exploiting it to identify and potentially monitor subscribers to Tor”. It appears that the malware comes from the USA, but nobody is admitting to creating it, and as the Russians accuse the FBI and vice versa, any truth will be difficult to find.

One truth is however that Tor allows for the proliferation of various forms of criminality and exploitation that I would rather not go into here. The problem remains though, do we have the right to online anonymity? If not who has the right to stop us?

To return to following the news, I read that workers at the NSA and GCHQ in the UK have been accused of leaking information that they have regarding flaws in the workings of Tor. These two organizations are extremely interested in the browser for the obvious reasons above, but there is more that you might expect here. According to the BBC “The BBC understands, however, that GCHQ does attempt to monitor a range of anonymisation services in order to identify and track down suspects involved in…….crimes”.

But! Tor was originally designed by the US Naval Research Laboratory, and continues to receive funding from the US State Department. It is used by the military, activists, businesses and others to keep communications confidential and aid free speech.

And it turns out that the investigating agency rely on Tor for their own work, to keep themselves safe and anonymous, so they seem to be in a bit of a contradictory position to say the least.

So there appear to be many unanswered questions about the level of anonymity achieved, who has access, who works to destroy and who works to aid the project, and once more I find myself looking into a murky world.

Blind Date (More Unauthorized Online Experimenting)

blind-date

Following up from news a couple of weeks ago about Facebook manipulating its users, this week news abounds regarding a dating agency that has been conducting some experiments on its users.

The New York Times reports that the online dating agency OK Cupid has been manipulating the data it gives to its clients, to find out how compatibility and looks effect the dating process. The company conducted 3 different experiments, in one it hid profile pictures, in another, it hid profile text to see how it affected personality ratings, and in a third, it told some hopeful daters that they were a better or worse potential match with someone than the company’s software actually determined.

So as we might imagine they came up with a series of findings, that we could loosely interpret as the following:

1. If you are told that the person is more compatible you are more likely to contact them.

2. Users are likely to equate “looks” with “personality,” even in profiles that featured attractive photos and little if any substantive profile information

3. When the site obscured all profile photos one day, users engaged in more meaningful conversations, exchanged more contact details and responded to first messages more often. They got to know each other. But when pictures were reintroduced on the site, many of those conversations stopped cold.

Well as far as I can see number 1 is pretty self evident. If you send me a note saying that a person is not compatible then I probably won’t bother them with my personal issues., 2 is quite interesting, if I like the looks of someone I am more likely to think that they are an interesting person, may be fun and without doubt the perfect match for me. And also the third is quite obvious, if I don’t know what a person looks like I might imagine their looks and would be more likely to want to get to know them.

The OK Cupid blog will fill you in on the details.

One interesting line from the blog states that “guess what, everybody: if you use the Internet, you’re the subject of hundreds of experiments at any given time, on every site. That’s how websites work”. Wise words, but I wonder if everybody realizes that. And what power they wield!

Now I would like to raise the issue of how someone can design an algorithm to measure my compatibility with another person. What will make us more compatible? Height? Interests? Worldview (and if so how can you put that into numbers)?

There is an interesting book by Hubert Dreyfus called “What Computers Can’t Do”, and in it he argues that there are some areas and situations that cannot fully function. A computer program is based on expertise, on experience that can be categorized. If there are subject matters that are impossible to completely formalise, then they are impossible to formalize in computer programs (such as the one they use to find my perfect partner if they exist).

As a human I think we make decisions based upon generalizations of a situation. Characteristics are judged based upon experiences, I once knew someone with those characteristics and they were great, or stubborn, or nasty, etc. Research suggests that we play games such as chess in this way. We do not think about a long series of possible moves in the way a computer plays, but we see a situation, it reminds us of another situation that we have confronted in the past, and we act according to our experience of action in similar situations.

I am sure some readers have experience in this field, and I would be very happy to get some comments and expand my understanding.

Mobile Phones and the Right to Search (and Privacy)

cnn.police

Earlier this year I wrote an article about whether the police had the right to search your laptop when you are passing immigration into the USA. The discussion has moved on however, and this week there is a Supreme Court case about whether the police have to right to search an individual’s mobile phone when they are stopped upon suspicion of having committed a crime.

Given the UK governments discussion about the stop and search powers currently in use, there are some serious questions to address here. We now carry our lives with us on our mobile devices. To call them phones is to do them an injustice, they are computers with the possibility of making phone calls. They have our medical, personal, business, banking and emotional data, and the question is whether this is public or private information if the police stop you.

Here in the USA the law has allowed police to search these devices without a warrant, although they could not search your computer in your house without a judge’s permission, and this seems to be an anomaly given changes in how we carry our lives with us.

The case before the court involves David Riley, who was pulled over for driving with expired license plates in 2009. When his car was impounded and inventoried, police found guns in the boot and decided to investigate further.

They looked into his phone and found evidence that he might be in a gang, they downloaded videos, contacts etc and some of this information was used to convict him.

Here in the US the case has been followed by journalist Nina Totenberg, and she has a fantastic account on her blog. You can either listen to her radio report or read a transcript of it. I have taken some of it below to give you an idea of how the debate is unfolding. The question is of whether a warrant should be required, but the following snippets give an idea of how wide the implications for the debate really are:

“It’s not just what can be looked at,” it’s the fact that information from cellphones can be downloaded and kept in “ever-growing databases.”

A person can be arrested “for anything,” including driving without a seat belt, and the police could search that person’s cellphone and “look at every single email” — including “very intimate communications” — as well as medical data, calendar and GPS information to learn everyplace the person has recently been.

People “choose” when they carry their cellphones with them — and thus they should have “no expectation of privacy” if they are arrested.

So some of the questions could be, when the police stop and search you, what do they have the right to look at? If you are then arrested should they need a warrant to search your mobile devices? Do you have the right to privately carry digital information?

Why not try Lightbeam?

I have just downloaded and taken a quick look at the new Mozilla add-on called Lightbeam.

I am an UBUNTU user myself, so I don’t know if this will work for other systems, but I would like you to help me decide if it’s an interesting tool either way.

I have always heard that companies share your information. So you go on one site and they share your habits with other organizations. Well Lightbeam shows you who they are sharing your information with.

One thing that I should say is that I do not know what the information they are sharing actually is. If anyone does know I would love to hear. So that is job number one for you down in the comments below.

The actual view that you are presented with when you open this program is very nice. A series of connected triangles that drift around the screen, all tied together like one of those kinnect toys that my kids play with. Some of the triangles have website logos on them, others are blank. It’s almost a snowdrop kind of effect.

Mozilla Lightbeam

Mozilla Lightbeam screenshot

The lines are either white or blue, the blue depicting that the sites use cookies. Probably half of them do.

And it makes a nice little educational game. As you visit another site it joins the page with its connections, the entity wobbles and bounces before coming static. Many of these connections are the same, creating a central mass, but some sites do not share with anyone that the others do, and live in their own little detached bubble.

I was surprised to find that ebay UK is not connected to any of the other sites. It has 3 satellite sites but they are all ebay subsections. I would have to draw the conclusion that ebay do not share your information. Job number 2, correct me in the comments below please.

The Weather channel divulge to another weather channel and 3 or 4 others, CNN and the BBC are about the same. TECHNOLOGY BLOGGERS DOES NOT SHARE WITH ANYONE! Read it and weep and respect where it is due Christopher. My employer the Bassetti Foundation are linked to Twitter, and nobody else.

Oh and guess who is in the middle of the blob, tentacles everywhere, yes of course, Facebook. I have not visited the site but they appear through the mist to take centre stage. No wonder profits are up!

Without understanding more this add on is just a toy to me, but I am sure if I was a bit more savvy it could give me a lot of insight into the dark and murky workings of the web. I think it might also present an opportunity, as we can now see who is prostituting our information and who is not, and maybe we should put more trust in those that keep our data in their own hands, and some others a little less.

Definitely worth a look I would say.

Oh on a final note, I went to Microsoft, Ubuntu and Mozilla. Microsoft share with 10 satellites, 5 of which use cookies. Ubuntu and Mozilla do not share with anyone. I visited 15 sites in total during my research, and that meant that I unwittingly connected to 76 third party sites.