ookies and cross-site connections help track Internet users in ways far worse than most people realise. People assume that when they visit a particular site then it is this site alone which knows about them. Moreover, they assume that they are logged off and thus offer no identifying details. In reality, things are vastly different and it is much worse when public service sites act as “traps” that jeopardise privacy. A site that I recently looked at (as part of my job) does seem to comply with some of the basic rules, but new advisories are quite strict. To quote: “The UK government has revised the Privacy and Electronic Communications Regulations, which came into force in the UK on 26 May, to address new EU requirements. The Regulations make clear that UK businesses and organisations running websites in the UK need to get consent from visitors to their websites in order to store cookies on users’ computers.”

The BBC coverage of this indicates that “[t]he law says that sites must provide “clear and comprehensive” information about the use of cookies…”

Regulating cookies is not enough. ISPs too can store data about the Web surfer and, as Phorm taught us, they sometimes do. They sell information about people.

In more and more public sites, HTTPS/SSL is supported and cookies remain within the domain that is “root” in the sense that the visitors intended to visit only this one domain (despite some external bits like Twitter timelines in the sidebars/front page. Loading up Twitter.com, even via an API, might help a third party track identities). Shown in the following image is the large number of cookies used when one accesses pages from Google/GMail (even without having a GMail account).

Although SSL is now an integral part of this service (since the security breaches that Windows caused), privacy is not assured here. Although they don’t swap cookies across domain visitors, Google’s folks do track the user a great deal and they have many cookies in place (with distant expiry date) to work with.

Information on how Google will use cookies is hard to obtain, and the problem is of course not unique to Google cookies. Most web browsers automatically accept cookies, so it is safe to assume that about 99% of people (or more) will just accept this situation by default. If a site had provided visitors information about cookies, permitted secure connections (secure to a man in the middle) and not shared information about its visitors, contrary to the EU Commission which foolishly wanted to put spyware (Google Analytics) in pages, then there is at least indication of desire to adhere to best practices.

Cookies are not malicious by design as they are necessary for particular features, but to keep people in the dark about the impact of cookies on privacy is to merely assume that visitors don’t care and won’t care about the matter. And that would be arrogant.

To make some further recommendations, privacy should be preserved by limiting the number of direct connection to other sites. Recently, I have been checking the source of some pages to see if there’s any HotLinking that’s unnecessary in public sites, which would be a privacy offense in the sense that it leave visitors’ footprints on another site. Outbound links can help tracking, but only upon clicking. The bigger issues are things like embedded objects that invoke other sites like YouTube. HotLinking, unlike Adobe Trash, cannot result in quite the same degree of spying (Google knows about IP address and individual people). If all files can be copied locally, then the problem is resolved. Who operates linked sites anyway? If it’s a partner of a sister site, then storing files remotely might be fine, but with AWS growing in popularity, Amazon now tracks a lot of sites, e.g. through image hosting.

Sites like Google, Facebook (FB) and Twitter, if linked or embedded onto a Web page, can end up taking a look at who’s online at the site. All it takes from the visitor is the loading of a page, any page for that matter. FB is often criticised for the “like” button too (spyware). JavaScript (JS) has made the spying harder to keep track of; it would be best practice to perhaps offer JS-free pages by default, which limits viewing by a third party assuming those scripts invoke something external. Magpie RSS can help cache copies of remote data locally and then deliver that to the visitor without the visitor having to contact another server when loading up the primary target site. Some sites these days have you contact over 10 different domains per pageload. It’s the downside of mashup, and it extends to particular browser components too (those which “phone home”, but the user usually had more control over them than over known and unpredictable page source). Google and Microsoft uses their cookie to track people at both levels – browser and in-page (sometimes under the guise of “security”, babysitting and warning about “bad” sites you visit). Facebook and Twitter only do the latter and a lot of people don’t welcome that. Facebook, notoriously, profiles people (e.g. are they closeted gay? Is there fertility/erectile dysfunction? Any illnesses the person obsesses over?) and then sells this data to marketing firms and partners, reportedly Microsoft too.

Public sites have different regulations applied to them because many people are required to visit them (e.g. paying taxes), it is not a choice, not to mention the sovereignty principles (e.g. should Google know who and when and how European citizens access their government sites which they themselves paid for?).

In society there is a lot of ransom going on — a lot of ransom people do not regonise or will never be known or reported. This relies primarily in information, unless there is a physical hostage situation (where the prison is at danger of mortal harm). But the bottom line is, those who have the potential to embarrass others possess a lot of power, so there is a fundamental issue of civil liberties at stake. This is why, among several reasons, the TSA agents stripping off (literally or figuratively, or in scanner) is a way of dehumanising and thus weakening the population, normalising indecency and maybe returning us to memories of some human tragedies. The privacy people have is tied to their indignity, worth, and sense of self/mutual respect. Privacy is not a luxury; it is an important tenet of society. Society will suffer if privacy is altogether lost.

EOPLE often fail to understand that a troll will strive to be inflammatory so as to push for censorship, then play the “victim” card. This is one of the most effective ways for the troll to discredit its target — to claim to be suppressed and then see how far it can be pushed. The solution to this is not easy; one is to let the troll do the trolling and another is to actually censor the troll. Does anyone have good advice on the matter?

NY book which does not get digitised (e.g. scanned or made available electronically) will most likely cease to be relevant some day in the near future. The way the young generation accesses information is changing, so libraries will provide no viable life line to printed literature. Moreover, what is not Open Access is likely to perish because the young generation gets accustomed to rapid access to a lot of information, free of charge. Any impediments to access will end up prioritising the competition. Those who still submit papers for publication ought to check that their papers are either made available free of charge (online) or can be legally made available online through one’s own homepage for example (some publishers use copyright to prevent the camera-ready copies from being made available anywhere outside the paywalls). For work to endure the test of time it will need to be readily available (and searchable) for all to not only access but also share with peers. Just tossing lots of papers into Lecture Notes in Computer Science (LNCS) won’t be enough to make research visible because there is lack of focus and PDFs do not get properly indexed. I quit writing papers in L^AT_EX when I realised the people just wanted the HTML versions and not the PDFs, based on access/usage.

The reading habits, access habits, and publications habits rapidly evolve and we need to cope with change. It’s not just Wikipedia that shows us the impact of coherent texts that do not get printed to be “primed” as peer-reviewed and thus “authenticated”/”validated”. Eventually, physical books might become just a last resort/vocation (or platform) for those who are clever but don’t have a Web site in which to share ideas. They will become the equivalent of flyers or billboard protests for those who do physically what they are unable to do digitally, with a potentially broader audience.

UMAN BEINGS are a special kind of animal because we, humans, are the only ones capable of writing about animals. The inclination to distinguish between human and animal is an artificial one, a bit like saying “pork” and not “pig” and “beef” instead of “cow” (not personifying something we eat). But as humans we do have special responsibilities for those of our kind — it’s an implicit contract we share because no-one wants to be seen as potential prey of one like oneself.

To drive humans into abuse of other humans (or even cannibalism) it takes great disturbance and a bad mind. Like most animals, as part of our survival instincts we choose to bond with our kind — sometimes bonding against other species (tribalism is the causes of many wars). But the general commonality is, people take some sort of bad fuse to happily mistreat fellow people. Steven Weinberg once said that “[r]eligion is an insult to human dignity. With or without it, you’d have good people doing good things and evil people doing bad things, but for good people to do bad things, it takes religion.”

Likewise, people typically choose to treat fellow humans well, but for someone to talk about peers as though they are animals it takes extreme capitalism and devaluation of life it can lead to. When will we start talking about the ills of this kind of globalisation?

LOT of people may not know this, but most of my blogging I actually do from a proprietary operating system, Palm OS. I find little reason to write from home, so taking the text out with jpilot and my Palm Tungsten is what inspires me to write long posts such as this one. Much of Techrights is also being composed in Palm OS.

Why Palm Tungsten?

Well, it’s simple really. In one word: keyboard. As devices get smaller and smaller they often neglect to accommodate for productivity, so they resort to gimmicks like touch (which Palm had over a decade ago) and not a good, affordable foldable keyboard.

Is someone else blogging from a PDA?

The difference presence and sound can make.

eyboards are a wonderful input device because they are accurate and they use the fingers, which we can use in unison in very clever ways. It’s nature’s gift to our species. But not all keyboards are created equal. One might have to look at the keys to map the letters in one’s mind, e.g. in case the keyboard is a numpad on a phone. These are designed to minimise space, but always at the expense of productivity. Some mobile form factors like tablets have the same problem. It’s a limitation. The change in keyboard technology has led to a shift in communication, mostly abbreviation; the very short messages are simply the result of limitation, not young people’s preference for illegible sentences. This is why I use a PDA with foldable keyboard, I am using it even to write this very post. But I generally get flak sometimes for being honest about the lack of appeal for SMS — taking like 10 times longer to express oneself there than verbally. With keyboard I am always on par with speech, bar the need to proofread (this is why audiocasts, for instance, have some clear advantages). I like typing and I type fast, but nothing ever beats speech and there are no typographical errors in speech. It also allows one to think clearly by not getting slowed down by the fingers (that in most cases cannot catch up with the speed of mind or the voice in one’s head). In order to communicate with people rather honestly, the time limitation is sometimes required. Without practice, there is less time to spin; some prefer to judge by using more facial expression as well, but that is another discussion altogether (direct, real-life interaction). Just because people cannot hear another person’s voice or tone of voice means that they are missing a lot of the message, assuming one is serious or whatever even when sarcasm is used. When face muscles can be observed, then untrained liars can be called out too. The bottom line is, depending on the medium used for communication there can be vast differences one needs to be aware of.

As one can probably imagine, without people hearing each other, let alone having visual communication, people are simply using just a small portion of human interaction^*. There are some numbers, percent-wise, from about 15 years ago and less. They try to quantify the extent to which each element of communication counts. These talk about how much body language and voice amount to when it comes to signals we humans interpret to detect love, fear, anger, etc. Like staring at someone. It’s animal instinct to find that unnerving — something about feeling like prey. Try that with a dog or a cat and see what they do. That would be a good example of communication without words or even any facial muscles, just eyesight directed without motion at an animal. Truly a good case study in interaction with very low entropy, eh? The longer it does not change, the less comfortable the person/animal will get. It is something in he reptilian (older inherited) parts of our brains

An animal that cannot detect being watched will be left behind in the pact and caught by lions or whatever. But those who are too careful are also not too well off. By extension, this generalises to other things. For instance, a girl too afraid of guys might not meet some people or miss an opportunity, whereas one who over-trusts people might become a victim. So striking the balance is an evolutionary process wherein one adapts one’s compass to know what’s a threat and what’s not. Messages in general are ambiguous and the less communication elements are available, the greater the number of possible interpretations. One cannot tell for sure how it’s viewed in the context of non-vocal communication, unless some expressions of emotion (like emoticons) get used spuriously to compensate somewhat.

If the screen has no smiley signs, then it might, in one’s mind, evoke the feeling that that the other side is angry, upset,apathetic, or simply overly serious. Just 3 symbolic characters can make a lot of difference by clarifying intent or feelings. To substitute something like an image on the screen we still depend on visual cues. They appears as mere characters, but to the observer at the other side they are not. But overusing them would make a computer geek look a little awkward. Formality is another thing and the frequency of typos under different circumstances is also a missing variable. In certain places one might proofread, whereas in others one might just be typing as the mind goes along, and even reading while one goes along typing. It feels a little write-only otherwise, almost akin to those typists who sit next to the judge in a high-profile case, where basically rather than listen and type someone else’s utterance one might try to express what goes through another’s mind, letter by letter. If I don’t have to ghostread and proofread, then it’s a joy as that basically means one can write sort of like one speaks, maybe more formally, maybe less. This post too won’t be reread as it is intended to show what happens when one types down some thoughts without planning in advance.

___
^* We evolved to use full interaction, not telegraphs or remote audio such as telephones.

ccording to the news today (the theme one comes across by listening to any radio station in the UK), continental Europe comes to the rescue again. Here in Manchester, getting a cancer-causing scan is mandatory for boarding any plane in Manchester Airport. This is very profitable for some companies and their cronies who devised these ludicrous measured due to one guy with explosives in his underwear (an old incident whose casualties count is 0). As I have been stressing for almost a year, those machines that scan people as though they were suitcases are assured to kill (in the long run) more people than they would save by preventing explosives from going on planes through one’s breast area, crotch, etc. The whole thing is a sham and a cancer-generating pipeline that makes some industrialists rich. So anyway, the news here is that removal of all such machines has just been demanded by the authorities in the EU (probably Belgium and the surrounding aristocracy). This is good. No more will I need to confront airport staff over their stubbornness; why should they impose X-ray scans as a sort of blackmail prior to travel? What have we as a civilisation sunk to? And that’s not even delving into other issues such as the acquisition (with alleged retention) of naked pictures of every citizen who travels on a plane (via an increasing number of airports). Civil liberties — not just our health — are being jeopardised without taking simple risk calculations into account. Several months ago I did some maths related to this and came to the conclusion that unless those scanners can prevent 200 large planes from going down by detecting a passenger with explosives that cannot be detected in other means, the deaths due to the cancer will be greater. In order words, by placing those machines in the airport (lethal X-ray rebranded) they sign the death knell/sentence of many people and hardly save any lives. On numerous occasions I had discussions about this with staff who works around those machines and never could they provide a compelling explanation for why they participate in it (big brother cooperation). Perhaps the “I’ve got a mortgage to pay” is the best they can do. One persuasive method is to clarify to these people that their health too is at great risk and information about it withheld. Hopefully those machines will all get canned just lime the ID cards. Liberty and security don’t sit well together.