• Welcome to Phoenix Rising!

    Created in 2008, Phoenix Rising is the largest and oldest forum dedicated to furthering the understanding of and finding treatments for complex chronic illnesses such as chronic fatigue syndrome (ME/CFS), fibromyalgia (FM), long COVID, postural orthostatic tachycardia syndrome (POTS), mast cell activation syndrome (MCAS), and allied diseases.

    To become a member, simply click the Register button at the top right.

Looking up symptoms? You're being tracked.

sarah darwins

Senior Member
Messages
2,508
Location
Cornwall, UK
http://motherboard.vice.com/read/looking-up-symptoms-online-these-companies-are-collecting-your-data

Ghostly and Ad Block Plus help on computers. Not so much phones and tablets

5 years ago, while living Canada, I became convinced by personal experience that private health insurance companies in N America were tapping into this data and adjusting premiums and coverage accordingly. I can't prove it, but we had one heck of a coincidence while my partner was awaiting the results of a cancer biopsy and we were both Googling the condition like mad.

Good to see in the article that Canada did get on Google's case about this, although the end result was typically useless:

No fines were levied, however, as Canada was satisfied with Google’s insistence that it would adopt more stringent privacy policies.

Oh, they promised. That's alright, then. I'm off out to buy a VW diesel.

When will regulators learn? Corporations are entirely amoral and their word means nothing.
 

anciendaze

Senior Member
Messages
1,841
If you use Gmail, you will also discover that automated keyword searches will result in targeted spam. (Or, you and a team of attorneys can go through their terms of service to discover that they told you they were going to do this). Google is not nearly alone. Everyone has learned that customers for free services can also be products sold to other companies. Some of these companies do data mining that is positively frightening, as when Target realized a man's teenage daughter was pregnant before he knew.

I'm still going through Apple's legalese concerning iOS 9, to see how they handle information.

However, both these companies stop short of Microsoft which now uses "everything but the squeal" like Chicago stockyards. Here's the relevant section of their recent W10 EULA:

Mandatory Disclosures We may access, disclose and preserve your personal information, including your private content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to:

(1) comply with applicable law or respond to valid legal process from competent authorities, including from law enforcement or other government agencies;

(2) protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone;

(3) operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or

(4) protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.
Attorneys will notice that this is not based on any proof that your data is necessary for these purposes, only that they believe it is. The sections concerning how they sell data are slightly disguised to talk in terms of "sharing" data in ways that are alleged to benefit you. They are exceptionally coy about commercial benefits they gain.

What data are they talking about? Traffic analysis of W10 behavior indicates this is everything you type and everything you say when a microphone is enabled. They are also interested in everything you click on, or download.

One might also wonder what "applicable law" means in the People's Republic of China where many devices you use were made. Before you do anything on the Internet it might also be wise to familiarize yourself with applicable law for your ISP, the company hosting the site you are using, and all the companies supplying ads on that site which supply code your browser uses to display that web page. Technically inclined readers might explore such subjects as cross-site scripting, code injection attacks and man-in-the-middle attacks, but the thing most people don't realize is that many of these uses are covered in terms of service so that blocking them technically violates those terms.
 
Last edited:

Sushi

Moderation Resource Albuquerque
Messages
19,935
Location
Albuquerque
This is slightly different but when you look at "Members online now" on the forums page, you will see xx robots. These are mostly search engines. They don't index the Members Only section though.
 

PatJ

Forum Support Assistant
Messages
5,288
Location
Canada
Then there is the line in the user info popup here on PR (click on the user's avatar) that sometimes says "Last seen..." such as "PatJ was last seen: Viewing forum list, 4 minutes ago" I've wondered why this is viewable by default. Reloading the popup every few seconds would allow for tracking a user as they view forums, individual threads, and other areas of the site. It isn't fine-grained tracking but seems like an invasion of privacy that should be opt-in, not opt-out.

@Sushi
I've just checked my account->privacy settings->show your current activity. It doesn't have a check box but the current activity still shows up in my avatar. "Show online status" does have a checkbox because I don't mind someone seeing that I'm online.

They don't index the Members Only section though.
Have you ever checked the forum page access statistics to see if any robots are ignoring that restriction? (Is the restriction in a robots file, or meta-tag in a member's only page?)
 

Sushi

Moderation Resource Albuquerque
Messages
19,935
Location
Albuquerque
I've just checked my account->privacy settings->show your current activity. It doesn't have a check box but the current activity still shows up in my avatar. "Show online status" does have a checkbox because I don't mind someone seeing that I'm online.
Sorry, I can't answer that one but I'll tag someone who can @wdb. Perhaps it is visible only to you? I can't check for you because, as a moderator, my view of a profile is different from other users..
Have you ever checked the forum page access statistics to see if any robots are ignoring that restriction? (Is the restriction in a robots file, or meta-tag in a member's only page?)
I don't know the tech here but from what I understand robots can't access Member's Only sections. But, again, the person I tagged can respond to the tech aspect.
 

whodathunkit

Senior Member
Messages
1,160
Corporations are entirely amoral
PEOPLE are amoral. A corporation is an inanimate thing very similar to a car or a gun (neither of which drive themselves or pull their own triggers), and thus only has what life the people who work there give it.

At any rate, if you think the monkeys who work for our various governments aren't up to the same kinds of tricks as the monkeys in private enterprise, then I've got a bridge in Brooklyn I'd like to sell ya.

Bugger off to any of the aforementioned monkeys who might be reading this. :D

Seriously, I frequently wonder/worry about who or what might be reading PR and putting together who we are, but then I start really thinking about it and realize it will take more energy than I have to take the steps necessary to stop it, so I make myself not care. Or at least, care less. If you haven't taken steps to hide yourself already at this stage of the game, and hide yourself well, it's probably a moot point. Discussion boards aren't a very good place to hide, anyway.
 

wdb

Senior Member
Messages
1,392
Location
London
I've just checked my account->privacy settings->show your current activity. It doesn't have a check box but the current activity still shows up in my avatar. "Show online status" does have a checkbox because I don't mind someone seeing that I'm online.

Yes you can still see it but to other visitors only says 'last seen x minutes ago'


Have you ever checked the forum page access statistics to see if any robots are ignoring that restriction? (Is the restriction in a robots file, or meta-tag in a member's only page?)

You need to log in with a valid user account to see the members only areas, bots do not have user accounts. Bots that that do try to register for an account usually get caught and banned quite quickly.
 

ahimsa

ahimsa_pdx on twitter
Messages
1,921
I'm no expert but another add-on for browsers that folks might want to consider is Privacy Badger by the EFF. See https://www.eff.org/privacybadger (only supports Firefox and Chrome right now, other browsers planned). It's still an early version and has some bugs.

The EFF is a non-profit org. that has been around a long time. I first learned about them back in the early 1990s when email spam started being a real problem.

For those who want a search engine that does not collect data, try https://ixquick.com/

Edit: I posted before I read the article. I see that they listed Privacy Badger in their article.

Also, while Wikipedia is not the best medical information on the internet (most folks with ME/cfs will agree), it was nice to read this statement in the article:

"There is one bright light here—Wikipedia. It was one of the only sites that trafficked in health information that sent no third party requests to corporations."
 
Last edited:

anciendaze

Senior Member
Messages
1,841
On the subject of allegedly private communication being tracked, I've run experiments which might be called "feeding them a barium meal". (Anyone who has had a GI series will remember this part of the experience.) The technique is to restrict information on one subject to a single communications channel. You have to be careful to avoid basing this on searches which you know are being tracked. Having a long memory and a large library of printed material helps in doing this.

I recently did such an experiment by accident, when discussing very old memories with a new correspondent. One message contained an account of a drug abuser I knew in the 1970s. This promptly generated spam for drug rehab. I live a very unexciting life, and go to great lengths to avoid recreational drugs. I am cautious about things other people don't even consider drugs, like caffeine, and over-the-counter drugs like diphenylhydramine. This greatly narrows the number of communications which might trigger spam concerning drug rehab.

Other examples of this have been messages containing jokes which no machine is likely to understand. It is far easier to find examples of communications which are being scanned by machines than those which are secure.

Besides the certainty that Windows 10 is effectively spyware capturing everything you do, and traffic analysis showing that turning off controls on a dozen screens to opt out of this does not reduce the volume of network traffic from your machine, we have problems with what goes on before your data even leaves your home.

More of us use WiFi than not, simply because of the difficulty of running cables to every place we want to use a computer. Google logs the location of WiFi networks for Google maps unless these use a SSID which opts out by adding the suffix "_nomap". The catch here is that you may opt out, but unless all your neighbors opt out any WiFi device nearby will identify your location, even if you do not allow use of GPS data, as many mobile phones do. Google does not collect WiFI passphrases, so they say. (This could open them to damages in cases where there are security breaches, like the one at Target or Home Depot.)

Fortunately for attackers, Microsoft has stepped in to fill the gap with "WiFi sense". By default, it collects WiFi passphrases, encrypts them, and squirts them to centralized servers. These servers then dispense them as needed to other Windows systems of your friends. How do they know who you trust? They look for Facebook or Skype friends, or contacts on Outlook.com. Bet you didn't know you agreed to sharing your WiFi with all of these.

The defense against these charges is that Microsoft does not allow your friends to know the passphrase, only their operating system has the unencrypted form. (I mean has anyone ever heard of a Microsoft operating system being compromised?)

Weeks ago I started a mental clock to see how long it would take for this practice to generate a newsworthy data breach. I haven't checked today's technical news.

This bypasses the need to compromise particular brands of wireless routers, like Cisco, which have built-in "backdoors", or home routers which are still set to allow remote administration with the default administrator password. (I'm talking about administration accounts on the router, not the computer connected to it, and not the WiFi password. People get confused. Other people exploit confusion.) Of course, if your router depends on Internet access or a program on your machine for set up, it is pretty easy for the people who do the set up to compromise it. It is also possible for router firmware to be hacked. I typically replace firmware with known good firmware before I use one, except in cases where there is something interesting about the hacked router.

I have a router in my collection which was diverting search engine queries to a different search engine. I haven't had time to see if it contained code to divert Internet banking to fake sites.

It's a jungle out there.

Added: as another example of how monumentally stupid and arrogant default use of "WiFi sense" is, consider the problem with people you have already given your WiFi passphrase to when they visit your home. You can turn off the sharing on your machine, but the passphrase they have will be shared if they don't change the default settings. Your security is at the mercy of the most clueless person on your list of people who visit your house.

Microsoft also claims that W10 will not allow these "friends" to access the private files of yours which remain an open book for those in Redmond. This sounds similar to a WiFi guest account. The problem is that the restriction is only enforced by W10 software. Anyone who extracts the unencrypted passphrase can have full access, just as you have.

Perhaps this is a clever plan to sell a new generation of wireless networking devices which will be incompatible with existing hardware and software.
 
Last edited:

Ecoclimber

Senior Member
Messages
1,011
Being somewhat knowledgeable in the field of cybersecuity, most people will not have the technical expertise to create total anonymity, privacy, security or tracking while on the internet. You are being tracked. Unfortunately the majority of the general population will sacrifice their privacy and security for convenience sake to the dismay of security and privacy experts. The hackers know this, the malware creators know this, advertisers know this, data brokers know this, etc. The bottom line is that your information is being gathered by websites to be sold to third parties which will sell that information to data brokers who in turn will sell your info. to govt. agencies, human resource org., health, medical, life & disability insurance companies and so on..

They know everything and I mean everything about you. They know where you're going every moment of the day. They know if you are sleeping, sitting, walking through motion sensors on various devices, etc. Sophisticated behavioral mathematical algorithyms can predict where you're going, the person you're meeting, the location, the direction you're taking, the stores you plan to shop in, the products you buy, all gathered from social media sites as well as from other input devices.

This is an article I was not going to post but here it is:
WE OWN YOU!

This isn’t an article about the evils of free to play manipulation to get you to spend money. This is about how we can target you, because we (and our partners) know everything about you. We know where you live, we know your income level, we know your relationships, your favorite sports teams, your political preferences. We know when you go to work, and where you work. We can target an event to start for you when we know you have a long weekend coming up. We own you. More:

The bottom line for patients is don't be concern so much about this issue. You have a more important issue to focus on and that's your health! Focus on getting better and leave the privacy and security issues to the experts who are working on a solution to counter these issues.

If you conduct searches use https://duckduckgo.com/ or https://encrypted.google You have to incorporate a whole group of technical tools and a new persona to avoid detection. For those who want more information concerning privacy and security, I recommend these three sites as starters: WildersSecurityForums Privacy Related Topics
KrebsonSecurity and SecurityNow .

.
 
Last edited:

anciendaze

Senior Member
Messages
1,841
By the way, did anyone else notice that relations between the People's Republic of China and Microsoft remain cordial, even while cyberwarfare is a touchy subject at the White House? Notice where Xi Jinping went first?

Meanwhile, Apple is still cleaning up the mess from a very sophisticated attack via compromised development tools which were posted in China, where the "Great Firewall" ("Golden Shield") slows the transfer of this 3 GB package from Apple. Effects were not limited to China. We don't know exactly who was behind this, and probably never will. (Google pulled out of China over demands for customer data; its replacement, called Baidu, is at the center of the controversy. There is no "smoking gun", and anyone who revealed such would face the wrath of the PRC government.)

Embarrassing disclosures about the Office of Personnel Management hack continue to appear.

Security companies are another problem. You might check on the start-up funding for FireEye, which I believe now owns Mandiant, (investigators of the Sony and Anthem hacks,) or the number of former intelligence officers at Kaspersky.

What you search on the web is effectively public, but what you tell your doctor should not be. What happens in a case like this? We are already deep in a crisis concerning privacy and individual rights, while corporations and governments lay claim to intellectual property as soon as we create it for them. This sounds a lot like Hobbes' "state of nature" or bellum omnium contra omnes.
 

PatJ

Forum Support Assistant
Messages
5,288
Location
Canada
This is an article I was not going to post but here it is:
WE OWN YOU!

From that article:
And if you are a whale, we take Facebook stalking to a whole new level. You spend enough money, we will friend you. Not officially, but with a fake account. Maybe it’s a hot girl who shows too much cleavage? That’s us. We learned as much before friending you, but once you let us in, we have the keys to the kingdom. We will use everything to figure out how to sell to you.

Some people behave in ways that undermine basic values in society, such as trust. They can make a buck and don't think or care about the ripple effects from their actions. In this example they go straight for the desire many people have to be wanted and to connect with someone. Eventually the deception is revealed and trust is eroded. They encourage elements of distrust and manipulation in society that will eventually come back to burn them just as they have burned others. Some people build good societies by working for the benefit of others and thereby helping themselves as a side effect, while other people tear down good societies by focusing only on themselves and hurting everyone. Short term gain that leads to long term pain.
 

jimells

Senior Member
Messages
2,009
Location
northern Maine
Maybe there are some benefits to using a dialup connection and a laptop with no camera, mic, or wireless.

I don't believe we know the full story behind the rise of Google and especially Facebook and Twitter. Out of all the thousands of internet startups in the past 20 years, how did these three claw their way to the top so quickly? How did Facebook and Twitter convince every media outlet on the planet to mention these companies on every web page, every broadcast, every newspaper and magazine? I think it's more than coincidental that NSA, FBI, etc. finds these platforms so useful...

The most dangerous aspect of all the spying is that people are intimidated into silence to avoid government scrutiny, which becomes de facto acceptance of current policies. Personally, I would be disappointed to learn that I don't have an FBI file, but I made the decision to be a political troublemaker a long time ago. Most folks are not in a position to do that, and many people have very good reasons to keep a low profile.

Here's the Reader's Digest version of the user agreements:

1. We own everything
2. You have no rights