If you accept the defaults in Windows 10, Microsoft might be able to see everything you type

Windows 10 Start ButtonIf you install Windows 10 and accept its default settings (as you just try to get the job done in the shortest time possible), then you will be giving Microsoft permission to record every single keystroke you make on that computer. Windows 10 includes a keylogger – “a spy tool used to capture your keystrokes“.

When the keylogger was added to the Windows 10 “Technical Preview” there was justification. After all, the “technical preview” was meant to be just that. Microsoft advised against using the technical preview for purposes that included using “sensitive data”. In the meantime, the keylogger must have been a very useful tool to help Microsoft see exactly what the user was doing when problems occurred.

Spyware logoBut what possible justification could Microsoft have for spying on every keystroke of every “normal” user now that Windows 10 is being installed in its “consumer” version. With Windows 10 now installed on some 148 million computers (almost 10% of the entire market), that’s one massive amount of data Microsoft is sucking in (source).

The good news, however, is that you can turn off this keylogging. Well, let’s assume that the option to turn it off does do just that, and not dwell too much on just how far we trust them. Maybe I haven’t yet recovered my trust in the wake of Volkswagen and AVG (see last week’s blog: “AVG to sell browsing History“).

So, this is how we turn off keylogging in Windows 10:

  • Left-click or tap on the Start button (you know the Start button, it’s the one we all whinged about losing in Windows 8).
  • Left-click or tap on “Settings”.
  • Left-click on “Privacy, Location, Camera”.
  • Left-click on “Speech, inking and typing”.
  • Left-click on “Stop getting to know me”.
  • Left-click on “Turn off”
  • Close the “Settings” window and start to get a grip on your righteous indignation.
Turn Off Windows 10 Keylogger

The steps to take to turn off the Windows 10 keylogger

For any of my computer support clients that I helped to install Windows 10, I hope that I turned off this spying as part of the installation. Nevertheless, it will only take you a minute to check and I advise that you do so if you care at all about your privacy. If you have bought a machine with Windows 10 already installed, or installed it yourself but didn’t over-ride the “express settings”, then I most certainly advise checking it.

AVG has re-worded its privacy policy, confirming that it will sell your browsing and search history

AVG LogoLong-term computer support clients of mine may know that I used to recommend AVG’s free antivirus program, but that I eventually stopped doing that because I didn’t like their tactics in “persuading” (misleading?) users to install trial versions of their paid product when the user had been trying to install (or update) the free version. The sort of things they would do included displaying red buttons for actions they didn’t want you to take and green ones for actions that they did want you to take.

Now they’ve hit upon a new way of monetising their supposedly free product: they will sell the search and browsing history of their users. Some people may think “so what, it’s still a good deal?” but others, including Alexander Hanff, CEO of Think Privacy, think that this puts AVG “squarely into the category of spyware”. Hanff argues that antivirus software enjoys a trusted and privileged position in our computers in that it can get at parts of the system denied to most software and we trust it to combat virsues, malware, spyware, and the like. For its publishers to sell its users confidential data in this way constitutes a massive betrayal of that trust.

PirateAVG don’t seem to be too shy about this in their current privacy policy. They quite openly say:

“Why do you collect my data? We use data to improve our products and services; provide support; send notifications, offers, and promotions; and to make money from our free offerings with non-personal data.”

Surely it’s an oxymoron for them to say “…..to make money from our free offerings…..” It’s either free or it isn’t. If you’re selling my data then I’m paying a price: it isn’t free.

Some have said that AVG deserve praise for their honesty. PC World Magazine’s website says, for instance, “AVG at least deserves credit for helping users make informed decisions”. Maybe they do, but just because someone admits to doing something dubious, that doesn’t mean it’s OK for them to continue doing it.

I do realise that what I am going to say next probably displays a world-weary cynicism that not everyone will share, but I’m going to say it anyway:

Selling Out

Could this be AVG’s new motto?

We live in a world where a huge global enterprise (Volkswagen) appear to have been cynically and intentionally cheating on the whole world. Before the recent scandal broke, who would have thought them capable of such breathtaking dishonesty for their own ends? Now consider that this very same world is also inhabited by an organisation (AVG) whose avowed purpose is to keep us safe from the digital scumbags, thieves and con-artists that inhabit cyberspace. If AVG now admit that they are going to make money from their “free” product by selling our data, are we really naive enough to believe that we can trust them in all the other things that they do, deep in the bowels of our computers?

Volkswagen and AVG are completely different computers, but in a world that includes Volkswagen, I’m certainly not going to continue to trust AVG to look after my digital privacy and security – not now that they have more-or-less admitted that they are gamekeepers turned poachers (while still claiming to be doing their gamekeeper’s job).

Mobile wifi has been around for a while, but has its time now come?

WiFi LogoDo you remember the days before laptops had in-built wifi adaptors? It used to be quite common to buy a mobile data plan, with its own SIM, that worked by connecting a “dongle” (containing the SIM card) into a USB port of a laptop. I seem to remember that this used to work reasonably well. Somewhere along the way, though, these seem to have lost favour. When I asked my mobile provider (EE) about it recently, they said that they no longer support such devices.

In large part, they probably went out of popular use as laptops began to be supplied with their own wifi adaptor. These could easily be connected to one’s own wifi router or to the wifi supplied in ever-increasing numbers of public locations. However, I have now found that some mobile providers do still offer “data dongles”. See the one illustrated from Vodafone.

EE Osprey Mobile WiFi

EE Osprey Mobile WiFi

So why do I mention this now? Well, when iPads first came out, I advised buying a version that included the ability to take a SIM card for a dedicated mobile data plan. This would give the same facility as plugging in a USB dongle with a SIM card (which can’t, of course, be done with an iPad as there’s no USB connectivity). My reasoning was that it is probably worth the ridculous £100 extra on the price of the iPad just to be able to connect to the internet wherever there is a 3G (or, now, 4G) signal. That’s what I bought for myself and it worked well. Move on a while, and I now have a Microsoft Surface that I carry with me for work. It is essential that I am self-sufficient with a wifi connection, so I asked EE if I could buy a USB dongle so as to put the SIM from my iPad into my Surface (the Surface can’t directly take a SIM).

EE said they don’t support the dongles any more but I could buy a “mobile wifi”. This takes a mobile data SIM and trasnsmits a wifi signal that can be connected to by up to 10 devices in the area. This is great because there are no physical connections (so it’s not taking up the only USB slot on a Microsoft Surface, for example) and it means that ANY device or computer that can connect to a wifi signal can access it without any software or setting up (other than knowing the name (SSID) of the mobile wifi and its password). I know that these devices have been around for quite a while but they’ve never been anything like widespread.

Vodafone Data Dongle

Vodafone Data Dongle

So I bought one and I’m well pleased with it. I’ve been getting speeds of up to 15mbit/sec on mine. This is twice as fast as at least half of the standard domestic ADSL broadband connections that I see among my computer support clients. The connection is usually stable and it produces a good enough signal that I don’t even take it out of my bag: I just turn it on and connect to it wirelessly in the normal way.

It also means that I’m not having to choose between my iPad and Surface for internet connectivity. In fact, up to 10 devices can typically connect to one mobile wifi at a time. I just need to make sure I’ve got the mobile wifi with me and that it’s charged. It is charged via a standard micro USB connection in about an hour or so.

There’s another use I put it to, and that is that I now routinely connect to the internet in cafes and other public places via my mobile wifi and not via the “free” wifi provided in those establishments. And there are two very good reasons why I think it’s a good idea to get away from unsecured public wifi connections:

  • With public wifi. you can’t be sure that the innocent-looking person on the next table to you isn’t stealing every bit and byte that’s passing between you and the internet.
  • With public wifi, you can’t be certain that the provider isn’t stealing information about you as well. A few weeks ago I connected to Costa Coffee’s wifi for some reason and was really hacked off when a message came up saying their terms and conditions have changed and that I now have to tell them my gender! No way. If they are giving me free wifi then it’s not free if they are gathering (and selling?) information about me and my use of their service. Having a distinctly childish and petulant streak in me, I told them I am female.

So, if you have several mobile devices and want more-or-less permanent access to a secure wifi connection, then mobile wifi is versatile in that it allows any device capable of a wifi connection to connect to it, and it also lets you get away from the security-challenged environment of public wifi.

But, oh yes, it’s one more thing to forget to put in your bag when you go out, and one more thing to forget to charge.

We can make a stab at reducing the information we give away in our web browsing

Private - Keep Out!When my computer support clients ask me which internet browser I prefer I say “Firefox“. The main reason is that there is a wide range of “add-ons” to tweak how it works. In particular, I am interested in add-ons that tend to help with online privacy. When someone then asks “what are the add-ons that you use”, I can’t remember. Hence, this blog post.

I can’t be certain how effective these add-ons are, or be certain that there aren’t better alternatives out there. It’s also quite possible that there’s an overlap between some of these add-ons. Be that as it may, this is the list of privacy and security add-ons that currently live in my own Firefox browser:

Adblock Plus v2.6.7

Adblock Plus removes online advertising so that you usually see blank space where the ads used to appear. There are some websites that won’t allow you to visit their site unless you disable this add-on. No doubt this is because they generate income from people clicking on the ads that this add-on hides.

Blur (formerly “DoNotTrackMe”) v4.5.1334

Protects passwords, payments and privacy online.

Flagfox v5.0.6

Displays a country flag in the address bar depicting the location of the current website’s server. It also provides a multitude of tools such as site safety checks, whois, translation, similar sites, validation, URL shortening,

The main use of this add-on is that it displays (in the address bar) a small flag of the country in which the current website resides. This can act as a warning when a website’s address is somewhere other than you might expect it to be. This is just one of those little indicators that help you build up some sort of a picture as to whether you think you can trust the site. If you think a website isn’t what it purports to be then it could be trying to exploit you – eg by trying to get malware onto your computer. A website calling itself “www.english-cheeses.co.uk” might seem a bit suspicious if you see that it is based in Russia!

Huffington Post Trackers

Ghostery found these trackers on the home page of Huffington Post and blocked them all.

Ghostery v5.4.3

Blocks tracking technology on websites. It can display all the tracking technology found on a web page and display a list of it so you can get some idea of just how much tracking technology websites use. I have sometimes seen up to 30 different tracking technologies being used on a single web page. See the illustration for Ghostery’s findings of the tracking technology on the home page of the UK version of Huffington Post. Note that the line through each item acts as confirmation that Ghostery has blocked that item from sucking data from my visit.

TrackMeNot v0.8.16

This is designed to foil search engines’ attempts to build a profile of your web surfing habits. I like the way this one works. Instead of disabling anything, TrackMeNot does just the opposite: it sends random requests to the search engine so that your real surfing habits are hidden amongst all the bogus searches generated by the add-on. This is quite invisible, of course. You don’t see your browser searching for seemingly random websites!

Firefox Privacy Settings

Firefox Privacy Settings

Online privacy is also helped, of course, if you configure Firefox options to help protect your privacy and security (see illustration).

You might ask why I don’t use “Private Browsing Mode”. The answer to that is simple – it is of no use at all in stopping websites from sucking information from your visit. Private Browsing mode is there purely to remove the evidence on your own computer of your browsing history. It does nothing whatever to protect your privacy and security online. Click this link for more information on Firefox Private Browsing.

You might also ask why I’m only covering add-ons for Firefox. There are two simple reasons – (a) it’s the browser I use (partly because there are so many add-ons available) and (b) it would take the rest of my Saturday to check whether these add-ons are available for Internet Explorer, Chrome, Opera, etc. However, if you’d like to know more about any of these add-ons, just click on the link contained in the name for each add-on in the listing above. It won’t be difficult to track down whether any particular add-on is available for your own favourite browser.

Tired of seeing the “cookie policy” over and over again?

If, like me, you delete and block cookies wherever and whenever possible, you may have found that there is a downside to this – you have to keep telling websites that you have understood their cookie policy. Sometimes it is possible to ignore the “cookie policy” message and just carry on reading the page, but it seems to me that a lot of websites have recently started to display these warnings in such a way that they get in the way of other items on the page.

Now, the irony is that they only show this message every time you go to the site because you have deleted the cookie they placed on your computer that tells them you know about their cookies and don’t want to see the notice every time you log in! If you are happy to have cookies and never delete them then you don’t see the message on second and subsequent visits to that site because the cookie (that stays on your computer) tells them you’ve already acknowledged their cookie policy.

Chrome Settings ButtonSo, wouldn’t it be nice to have a way to delete most cookies but keep cookies that (apparently, at least) do nothing more than record your acceptance of a websites cookie policy? In other words, we need to be able to over-ride our normal deletion of the cookies.

Let’s look at the Chrome Browser:

Deleting all cookies when closing the browser is achieved as follows:

  • Click on the Chrome Settings “menu” button at the top righthand corner of the Chrome browser.
  • Left-click on the “Settings” option.
  • Scroll down to the link that says “Show advanced settings” and click on it.
  • Click on the “Content settings” button.
  • Click on the circle next to the second option (“keep local data only until you quit your browser”).
  • Put a tick in the box next to “Block third party cookies and site data”.
  • Remember to click on the “Finished” button at the bottom of the screen.
Chrome Settings Dialog Box

Tick the second and fourth options to delete cookies

What you have now done is instruct Chrome to delete all cookies when you close the browser. This improves your privacy but it means – as explained above – that every time you visit a website for the first time in a session it will show you the “cookie policy” (if it has one).

So, in order to stop the “cookie policy” from displaying, we need to over-ride the blanket deletion of cookies that we set above:

  • Instead of clicking on the “Finished” button after ticking the option that says “Block third party cookies and site data”, click instead on the button that says “Manage exceptions”.
  • Click in the rectangle with the greyed text that refers to sample.co.uk and type in the name of the website whose cookies you wish to keep.
  • Add as many of these as you wish and then click on the “Finished” button.
CCleaner Chrome Options

Leaving this ticked would delete the cookies you chose to keep in the browser settings

The first time that you visit the sites whose cookies you are now keeping, you may see the “cookie policy” window once.You shouldn’t see it again. Note that if you use “cleaning” programs such as CCleaner and tick the option that removes cookies, then this will over-ride the exceptions that you set in the browser. You can either accept the fact that you’ll see the cookie policy one more time when you next visit the site, or you can de-select the option in CCleaner that deletes cookies (since you are taking care of cookie deletion in your browser settings).

Other browsers have similar capabilities for handling cookies.

Note also that you can be more sophisticated in choosing which cookies are to be treated as exceptions. In the example above, you may think we are using a sledgehammer to crack a walnut as we are choosing to keep ALL of the cookies placed by a particular website just in order to keep the cookie that relates to the display of the cookie policy. Click on this link if you’d like to learn more about this in Chrome.

I’m having serious doubts about whether it’s a good idea to keep a LinkedIn account

Linked-In LogoRegular readers will know that I’m no great fan of social networking sites. I think they are devious, manipulative, insecure, and can not be trusted with a tenth of the personal data that people entrust to them.

Nevertheless, for about five years I have had an account at LinkedIn. I thought that as long as I only give them the minimum amount of information (about my professional self) then it should be ok. To be honest, the real reason for joining was to increase my credibility as a self-employed person advertising via his website. If I have “x” number of connections on LinkedIn then at least “x” people are saying that they know I exist and that they are not ashamed to be associated with me (at least as far as LinkedIn is concerned).

But a number of things have started happening that I don’t like. These include;

LinkedIn - you may know

This person has suddenly appeared at the top of the list of “people you may know” in my LinkedIn account – just days after I started an email exchange with her.

People showing up on LinkedIn as being “people I may know” that LinkedIn could not possibly have deduced from my current connections. Indeed, LinkedIn don’t suggest they are first, second, or third degree “connections”. I have always scrupulously denied LinkedIn access to my contact lists. And yet, the only thing that a lot of these “people I may know” have in common is that they are, in fact, in my address book. If LinkedIn has obtained my contacts legally then I can only think that they must have bought another service – of which I am a member, and to which I have inadvertently revealed my address book. In any event, I don’t like it. Online services taking over other services and then pooling information about their users is one of the most insidious mis-uses of data online that I can think of.

More and more emails being received from people I don’t know, asking me to “connect with them” on LinkedIn. LinkedIn is not supposed to be like some stupid social networking sites where the aim is to get as many “followers” or “friends” as you can – irrespective of whether you actually know them. It’s supposed to be about business networking. There’s going to be no point in it at all if you can’t trust that the relationships are genuine.

There has been a lot of press about LinkedIn being hacked and about LinkedIn allegedly misusing information gleaned from users’ email accounts. If you suspect that people in your address book have been receiving invitations to join LinkedIn – apparently instigated by you – then do have a look at this link:

LinkedIn customers say Company hacked their email address books

And these pages don’t exactly inspire trust, either:

Your leaked LinkedIn password is now hanging in an art gallery
LinkedIn hack
LinkedIn passwords hacked

A Leaky BucketPerhaps It was one of these episodes that gave rise to a client phoning me last week with the news that her Gmail account had been hacked and her contacts were receiving some very strange email messages that were supposed to have come from her. She said that she had just been exploring LinkedIn (where she has an account) and that this hacking happened just afterwards. I realise that there is no proven connection with LinkedIn, but that doesn’t stop my uneasy feeling about them.

Luckily, the hackers used her Gmail account to send all these strange messages, but they didn’t change her password. The only reason I could think of for this was that they’d got access to so many accounts that they were content with a “one-time use” of her account. We were very, very, lucky. I have tried to recover Gmail accounts from Google before (see this blog on Gmail Passwords) and it can be very difficult. When trying to prove ownership of your hacked account, Google will ask some impossible questions – such as “on what date did you open the account”!

Anyway, in this instance we were able to access the account and change the Gmail password. I’d like to take this opportunity to remind you not to use the same password several times (or similar ones such as mydog1, mydog2, mydog99 etc), as any human being that has hacked one site containing your email address and a password may well try the same combination (or similar ones) on other sites – see this blog on re-using passwords.

Add all these things together and I’m now teetering on the edge of closing my LinkedIn account. Certainly, I changed my own LinkedIn password as soon as possible after the above incident. I would advise you to do the same.

Originally set for April 2014, the launch of a plan to suck all our private medical data into one central NHS database has been put back six months

NHS-LogoSee NHS database launch plans delayed.

In common with many, many people and organisations, I am not convinced that access to the data will be restricted to bona fide “researchers”, and I am not convinced that the data will be “anonymised” such that I can never be identified.

Furthermore, I am not convinced that the leaflets have been sent out informing us of this new development and telling us how we can opt out. Note, by the way, that the default position is that we are opted in until we take action to opt out. If you do nothing about it then the data that you thought was private between your GP and yourself will be sucked into cyberspace and made available to “researchers”. I have not yet met a single person who has received the leaflet that the NHS claim has been sent to every household in the country. Maybe the information on the leaflet is roughly the same as on this NHS Choices web page on sharing your medical information.

Why don’t I believe that my data will remain anonymous? Two main reasons:

1) The combination of specific items in my medical record could be linked together with other specific items known about me (such as records of purchasing specific drugs/medications from a particular source) so that the possessor of the second set of data items would know the details of my medical record. This is a very real possibility: it’s known as a “jigsaw attack”. The data that the NHS is collecting will be made available to “researchers” including private companies. I think it’s safe to assume that we can take “researchers” to include the global pharmaceutical companies and, possibly, insurance companies.

2) Unless I’m being really dim about this, the “anonymising” of my medical history before it gets uploaded to the NHS database can not possibly be foolproof. The idea is that certain unique pieces of information (such as date of birth, NHS medical number, gender) are used to link together the known details about a specific person’s medical history and this history is then uploaded with a newly generated code instead of the identifiable information (date of birth etc). This is supposed to make the uploaded data “anonymous”. But – and it’s a big “but” – if they are going to maintain an ongoing history of that person then they need to update the information. To do this, they need to know – now and forever – how to link the identifiable pieces of information with the “anonymous” code. That ability to link the person with the “anonymous” data must always exist. If it exists, then it can be exploited and abused.

Filed-RecordsThe idea of creating a huge database of the medical history of the entire nation is great when kept in the abstract. Over time it will yield no end of data that will be incredibly useful for healthcare planning, research on disease development and prevalence, monitoring of health outcomes, and goodness knows what else besides. The problem is that I have no confidence in the NHS being able to keep my data secure. This is further undermined by the way they are going about introducing this :

  • Requiring us to opt out instead of opting in
  • Failing to inform us properly of the plans
  • Failing to inform us properly of the way to opt out

.. and I haven’t even mentioned the NHS record in the past for losing or mishandling our data. This is from The Daily Telegraph (but they have now removed the page that was my source – 09/11/2017):

…NHS statistics, revealed over the weekend, showed that health services were losing or breaching the safety of 2,000 patient records every day. More than 2 million serious data breaches by the NHS have been logged since the start of 2011, the figures reveal, with records dumped in landfill sites, left in shops and even sold on eBay.

NHS-Choices-LogoAm I going to trust these people to take all of the private information about me that has been recorded by my GP, and put it in a central database available to “researchers” (including pharmaceutical companies, insurance companies and hackers, of course)? No way, Pedro. I am not.

As soon as I had written the above, I hied off to my GP surgery to ask them how I can opt out. The nice lady there gave me a copy of a letter attached to a very simple form, that recorded my instruction not to have my data included in the database. I filled it in and gave it back to her. I don’t know who wrote the letter attached to the form, but it states the case so well that I have scanned and uploaded it. You can download it here – NHS-database-Opt-Out

All of this makes me feel very small and almost – but not quite – powerless. Who knows: maybe they will cave in completely and abandon the idea before we reach the postponed start date. The Daily Telegraph (not one of my usual haunts in cyberspace) seems to have got their teeth well into this story. If you are of a mind to investigate further, try this item, in which they summarise the risks v benefits of the NHS patient database.

Just for the record, I am not an NHS basher. I think it’s a wonderful service that we should be proud of, and I am very grateful that it is there for me and for everyone else. I just don’t trust the NHS – or anyone else – to be able to safeguard my medical data if it goes into one huge database floating around in cyberspace and available to private organisations with a financial interest, and all the other cyber rogues who wouldn’t be able to resist a goldmine when they see one.

Oh, and here’s a parting thought: would the American NSA be interested in its contents? I wouldn’t bet against it.

Are our expectations regarding online privacy changing?

I may be wrong about this, but in the last few weeks I seem to have noticed a weary acceptance from many of my clients that online privacy is now known to be a myth, so “why bother trying to keep private information private?”

Large eye through a magnifying glassThis often crops up when I am installing, upgrading, or registering something online on behalf of one of my computer support clients. When it comes to the impertinent questions asked on web forms, I get vaguely embarrassed. I don’t want to ask the client for the information and I don’t want them to give it up to cyberspace. In the past, the client would often ask things such as “what do they want it for?” or “do I have to complete it?”. This has never been universal, of course. There are lots of people whose attitude has always been “I’ve got nothing to hide, so why shouldn’t I give them the information?”

Nevertheless, I do have a feeling that things are changing from two directions:

  • The client now seems to be more likely to say something along the lines of “Why not give it to them. We now know we’re being spied on by our own and other governments, so why try and keep information private now”. And even if they are not overtly aware of it, I think most people have some vague idea that behemoths like Google are pooling together the data they have on us from several sources and using it for ever more sophisticated marketing purposes. It feels as if we’re losing the battle to keep private information private, so why bother trying?
  • The organisations seeking the data seem to be getting cheekier in what they ask. It’s now becoming common for information such as “date of birth” to be compulsory when filling in forms. Why? What possible justification is there for this? It may be very useful for the marketing departments of these organisations to know exactly what “market segments” to place us in, but that’s just for THEIR benefit. It’s not for the user’s benefit. Unless there’s some obvious reason (such as relevance for medical or insurance reasons), I really don’t see why they should be so presumptuous as to INSIST that this information be provided. As I’ve said before, in these situations I just lie.

I was gobsmacked by the sting in the tail of an offer by Dropbox that I came across recently. Regular readers will know that I am a great fan of Dropbox. I have it on all my computers and devices. It means that a huge percentage of my most important data is always available to me wherever I am and whatever computers and devices I happen to have with me. And being just a tad nerdy (?!), I have been happy to go along with Dropbox’s clever marketing strategy whereby they give extra free online storage space for introducing new users (use this link, for example, to gain extra free space when joining Dropbox. If you do, I will also get some more free space.) and for taking part in other promotions. That’s fine. The nerd in me is quite chuffed that my free 2gb Dropbox account has now swelled to 13.8gb.

So, I followed the link when I recently discovered that if I installed an email program called Mailbox on my iPad and then “joined” it to my Dropbox account, I could instantly earn another gigabyte of free online storage. I just couldn’t believe my eyes, though, when I saw the terms and conditions attached to this offer (see figure 1).

Mailbox Permissions Dialog Box

Figure 1. Give Mailbox (owned by Dropbox) access to all my Dropbox data? I think not.

Are they really saying what it seems they are saying? Are they really asking me to give them access to all of the data in my Dropbox account? All the private, business, medical, professional, and random data that is in my supposedly safe, secure account? I’m staggered at the thought of the implications of giving all this personal information away. I’m staggered at the cheek of Dropbox in asking me to do it. I’m yet more staggered at the thought that they wouldn’t have put this cunning plan together unless they thought that at least some of their users would go along with it.

I think I probably need some kind of reality check, because I’m about as staggered as it’s possible to be while still capable of standing. Is it just me? In the article in which I first learned about this wheeze, there was mention of the condition of opening up one’s data, but no expression of surprise, disapproval or anything else.

By the way, I should just add that I know that all of the above behaviour only applies to computer users over the age of forty. Anyone younger than that seems only too happy to spew all their private and personal stuff out online. That will no doubt end, eventually, when it finally sinks in that this is a very bad idea. It will be too late for an entire generation but, hopefully, the following generation will have learned that something said on Facebook at 12 years old may rule them out from a job interview ten years later.

Or have Dropbox got it right? Are we all – young and old – just going to give up on our privacy?

Not me. I can live without another gigabyte of online storage.

Why is our media getting upset by the NSA and not by our own Snoopers Charter?

The recent storm over data privacy – The Guardian 06/06/13 – has not been caused by the US government accessing private data (it does) but by the fact that it has been receiving wholesale, comprehensive data of Verizon customers, sanctioned by a court order that is not specific to suspected wrongdoers. The customers whose privacy has been breached are US customers. Wholesale access to private data is probably illegal in the US just as it is here.

Verizon Logo

Verizon appear to be complying with a secret Court Order demanding that data on all users be continually handed over to the NSA

So why the massive interest over here? Because this has fuelled speculation that the large, global, companies such as Facebook, Google, Microsoft, and Twitter, have also routinely made all their data available to the US Government. If that is the case then UK citizens are, of course, caught up in this illegal data gathering. All of these companies have denied that they have given access to their servers (computers) to the US government, but they acknowledge that they hand over data in accordance with court orders. See this CNet article of 12/06/13.

The twist that this was then given in the UK media is the speculation that the UK Government (in the form of GCHQ) has been the beneficiary of information about UK citizens that may have been illegally obtained by the US government in this way.

It appears that all the pundits and commentators and politicians are wringing their hands and saying how dreadful it is that the US government may be accessing all this data indiscriminately (instead of requesting specific data relating to specific circumstances relevant to national security, terrorism and so on). And yet, in the very same week, we now find that ex Home Secretaries and other political grandees of all stripes and vintages appear to be banding together to back the “Snoopers Charter” here in the UK whereby internet providers will be legally obliged to keep historic records of all our internet activities so that retrospective trawls of all our private data will be possible by our own government. See The Guardian, 13/06/2013.

St Stephen's Tower - not Big Ben!

Will Labour now support the Tories in revivifying the Snoopers Charter?

So, why should we in the UK be condemning the US government for doing what we are not condemning our own government for contemplating? OK, so the US government is probably acting illegally whereas our own government is planning to give themselves permission first. But that doesn’t make any real difference. The result is still the same: both governments are giving themselves permission one way or another to snoop on ALL of us – every single one of us – who uses the internet or (in the case of Verizon) telephone services.

By the way, time and time again in the last couple of weeks I have heard politicians and commentators refer to the likes of Google, Facebook, Twitter, and Microsoft as “internet providers”. They are not internet providers. It gives me a queasy feeling to hear the most politically powerful people make such fundamental errors. Have they any grasp at all of what they are talking about?

“Internet providers” are the companies responsible for providing the service that gives us access to the internet – eg British Telecom, Talk Talk, PlusNet, Zen. All of the data that makes up our online activity passes through these providers’ servers (computers). It is this data that our government is seeking to make the internet providers keep and store (at their own expense) so that our government can retrospectively spy on us. This is the essence of the Data Communications Bill (commonly known as the “Snoopers’ Charter”).

In contrast to internet providers, Google, Facebook, et al are providers of specific programs and services. As a necessary part of providing those services they collect, and sometimes store, the data that we give them. They do this legally and in accordance with the EULA (End User Licence Agreement) that we all fail to read when we sign up to a new online service. It is this sort of data that governments both here and in the US can request by a legal process in specific circumstances, but which the US government is now suspected of gobbling up indiscriminately.

Nick Clegg

Nick Clegg – opposes the Snoopers Charter

In the long run, the outcome is the same in that the government can cause data to be stored and made available for analysis by the authorities at any time in the future. OK, this week they may be looking for ramifications to the murder in Woolwich a few weeks ago, but who is to say that next month or year they may not start searching for, say, protestors against Boris Island (assuming that Boris will continue his crusade when he becomes PM), or trades unionists, or people with ginger hair, or anyone else that the government of the day deems to be “a threat”.

If you agree with this increased surveillance by the state, then that is your right. On the other hand, if you are worried about the recent revelations in the US then you should also be worried about the Snoopers Charter. My own opinion is that giving a hostage to fortune by blurting it all out on Facebook or Twitter is just a tiny part of the trouble that we are, literally, storing up for the future if the Snoopers Charter becomes law.

© 2011-2019 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha