Archive for the 'Privacy' Category

*Smile Or The Billboard Next To You Will Advertise Anti-Wrinkle-Cream To You: Camera In Billboard Analyses Your Face As You Walk By

Two years ago a Japanese company started to attach a little camera onto its billboards to be able to measure who much attention they attracted, or to be more precise, to measure how many people looked at their billboards. There is also a second camera below the billboard which counts the total number of people who are near the billboard, allowing to tell how many of the people passing by actively looked at the billboard (eg 50 out of 200 people walking by).

Continue reading ‘*Smile Or The Billboard Next To You Will Advertise Anti-Wrinkle-Cream To You: Camera In Billboard Analyses Your Face As You Walk By’

*You Are What You Querying For: The AOL ‘Data Valdez’ Case of Thelma Arnold

A Short History Lesson: In July 2006 AOL offered a data-bank, containing the data of 20 million search queries by 680.000 AOL-users, for download on its website. Although the data was removed again shortly after, the data had found its way into the net and since then stayed there. This did not only prove as a PR-disaster (the ‘Data Valdez‘ case) but also triggered an interesting legal dispute (Does v. AOL LLC, Case No. C06-5866 SBA (N.D. Cal.; June 22, 2010).

Hendrick Speck already mentioned this case 3 years ago on the Suma e.v. conference but it took me until today (Thank You Links&Law) to get hold of the exactly facts of the case.

Although the AOL-users had been assigned random numbers to protect their identity it took reporters of the New York Times less than a month to identify at least one user (only) on the basis of the search queries of this user:

Continue reading ‘*You Are What You Querying For: The AOL ‘Data Valdez’ Case of Thelma Arnold’

*Recap: Deep Search II Conference, Vienna, 28.05.2010

Unfortunately I could only attend the afternoon sessions of the Deep Search II Conference, which turned out to be a real shame as most of the presentations were outstanding.

As I am sure that he organizers will provide a transcript etc. I will just try to communicate the look&feel of this conference. Thus the content below doesn’t really have a structure but mostly resembles the ideas I scribbled into my notepad while listening. As the statements  just express my personal opinion and I do not intend to offend or to make anybody feel depressed.


Elizabeth von Couvering held a brilliant presentation about Search Engine Bias and the Public Interest in which she explained that the ranking of search engines is usually driven by the expectation of the users and thus search engine results are always somewhat biased. She then went on to the issue of an informed citizenship as a kind of pre-requirement for democracy and later in the discussion stressed that maybe also the market itself should establish (self binding) rules and ethic standards  to guarantee neutrality (or less bias, depends…). After an extremely well done (looks like I will have to rewrite the respective chapter in my dissertation) historical overview (please see the draft chapter of her thesis) on search engines and their business models she closed with the remarks that the the issue of search engines is not about information retrieval, but it’s about sales (of advertisement) and urged a discussion on the role of the public in this respect.

One aspect I’d also like to highlight is that von Couvering also indicated (and later confirmed upon my request) that the quality of search engines (or the size of the index) correlated with the expected advertising revenues. Thus if courts restrict their abilities to create advertising revenues (“not worth while“) this would (taking into account all the costs SE have to run their business) effectively have a negative effect on the quality of search results.

All in all I’d like to agree with von Couvering but as I am convinced that people just ain’t no good I wonder if self-binding ethical standards are able to improve the whole situation. Unfortunately at the same time I don’t think laws will do either… (I know this is a depressing thought, but what about this ‘Code‘ that is supposed to solve all the problems of the web?)


Matteo Pasquinelli spoke about the Surplus and the Immaterial: Political Notes on the ‘Industrial Revolution of Data’ and referred for most of his presentation to an article from the Economist. I think I didn’t really get the point of his presentation. I agree with the assumption that the mass of data created is steadily increasing and that it eventually might exceed the storage and computing capabilities. Pasquinelli however ended up kind of referring to the big service providers (Google, Facebook, etc. ) as “capitalists” (or “the new landlords“) who allow indigent users to use (live inside) their services. In return for the right to use these services the users generate data/information/content which the landlord later owns for his own good.

Although I have to admit that the idea is very interesting I think Pasquinelli effectively failed to explain his theory in a bit more detail or to consider the fact that users are not (yet) dependent on these services but use them to creates extra joy in their lives and that thus the comparison with the poor worker (who is forced to live in the landlord’s house as a shelter) is a bit far-fetched and thus not fully convincing.


dr mc schraefel gave a stunning talk about Building Knowledge: What’s Beyond Keyword Search? and even being aware of the arrogant tone of this statement, I have to admit that her presentation was the first in quite some time that left me speechless as not only the content of her presentation was anything but brilliant but at the same time her slides were clear, appealing and I’d almost go as far as saying that they had an artistic touch… (I reckon pretty much everything done on a Mac looks great, right? If you’re curious by now, you can find most of the ideas of her presentation also on her blog.)

Her (jumpy, active and highly enthusiastic) presenting style pretty much reminded me of Burkard Schafer who used this style to teach (or at least tried to teach) his sleep deprived master students some basic principles of AI.

Trying to sum up all the aspects Schraefel mentioned (apart from the geek health tips, see the picture above) one point was that data wants and should be free as only free data will enable serendipity (unexpected) discoveries. Another point that caught my attention was the remark that in the future everything will be visible an that it makes no sense drafting laws to prevent this inevitably things from happening but instead the relevant institutions should focus on modifying existing or creating new norms that will penalize the abuse of data.


Dr. Karl H. Müller in his remarkable talk (From a Tiny Island of Survey Data to the Ocean of Transactional Data) critically questioned the quality of survey data and graphical representations thereof.

Although everybody in the room, already before his talk, would have agreed with the statement that none should believe any study he/she hasn’t falsified him/herself, Müller provided the audience with alerting examples on how questionable the quality of survey data can be. E.g. he provided an example where a question about the personal general life-happiness of the survey participant accidentally got used twice in a questionnaire and surprisingly led to the result that the person’s perception of her/his general happiness significantly changed within twenty minutes.

Finally there are three remarks I’d like to make:

1: Great location. I had already passed the Hotel Imperial Riding School Vienna in Vienna a couple of time but I’ve never found my way in. So everybody expecting geeky IT-researchers conspiring in nerdy computer lab facilities would be baffled finding the conference to take place in the luxurious halls of the hotel. Not to mention the buffet…

2: As Austria is still a dreadfully conservative country the usual ration of men v women is usually 3 men for one woman when it comes to IT (law). Thus I was pleasantly surprised to see that the majority of the audience were actually females. 🙂

3: IT-jurists, as all jurists I suppose, are kind of walking one-man-companies thus jurists are usually extremely reluctant to clearly state in the course of an academic discussion that the are of a different opinion as this at them same time would mean criticism in their colleague’s skills and far worse their business. Thus the average excitement level of an IT-law discussion in Austria is usually doomed to be as high and breathtaking as speeches at UN-conferences. Not so however at the Deep Search 2 conference.

Once the discussion had gained some speed it actually got quite exciting and it was great to see that the people sitting there were not sitting there just to make the name of their law firm appear on the agenda but because they had very profound knowledge about their subject and maybe even more important, they were truly passionate about it. (Yes, I know…)

One aspect that might have even increased this impression was the fact that during the discussion some of the panelists were  still wearing their head microphones which boosted their “quiet silent sighs” clearly audible into the room.  😉

*Selling Your Privacy For… ‘Whatever, As Long As It’s For Free’

Jokes/satire usually also contain a small grain of truth. Same is true for the clip by the Onion Network (below). The clip perfectly highlights the phenomenon of selling one’s privacy (e.g.  consuming free internet access in exchange for georeferenced user data which is most precious for advertiser) and it is interesting to see speculations by the makers of the clip how far users might actually go in return for free services.

For all of you who think that the whole clip is ridiculous I recommend to check out the ‘free’ service Peter Pays which enables users t make long distance calls for free in exchange for watching ads while being on the phone. The basic idea of the video however combines that idea which tailored ads. Enough words. Enjoy!

The Onion Network: New Google Phone Service Whispers Targeted Ads Directly Into Users' Ears. Click onto the image to watch the clip.

PS: One could also go on at this point about the separation between ads and content, but no… it’s a weekend post.

*How Much Information Does A Search Query Reveal About A User?

One search query on its own might actually not reveal too much information about a user. If you however, keep logging the queries from one particular user one might very soon be able to gain interesting insights. At some point early this year Google extended its ‘personalized search’ function onto all users, not matter if they were logged into any Google service or not (explanation found >>here<<).

I was first confronted with this topic at the Suma e.v. conference in Berlin 2007. Hendrik Speck (a indeed humble man who even has a ‘My Quotes’ section on his website) mentioned in his speech search engine log files and talked in detail about how much information search engines could gain out of analysing them. In the example provided by Speck he talked -as far as I remember about an overweight, sick old lady who had some kind of fixation on cats. I didn’t really like the example and labelled the whole idea as ‘Google-Bashing‘.

My next encounter with this topic was when I was playing around with the Google Dashboard and was surprised to see that how precisely Google kept track of what I did and was even kind enough to tell me on which days I had been lazy, not doing much research for my blog or my thesis.


Then, last week I stumbled across a ‘cute’ YouTube-video, on the German Basic Thinking Blog, telling a romantic story, just by showing the queries a user had typed in.


Cute, as I’ve said, right? But… let’s take the idea a bit further:

I have repeatedly reported lengthy a service called TweetPsych which allows users to create kind of an psychological profile of any twitter feed, analysing the language used, the topics covered, the frequency of the posts, etc… The first worrying thing about this service is, that it works quite well. The second worrying thing is the idea of spreading this idea from a person’s twitter feed, which he deliberately had decided to publish freely on the internet, to a users search queries. Doing this we would be able not only to analyse a person’s interests but also its mood and even living habits.


Most of you will now say, yes that’s what Google (Google Insight) does anyway. True. But the difference is that Google, at least that’s what they’ve communicated only do this on a large scale.

Interest in the search term 'Michael Jackson'... not so much apparently until his unexpected death


Doing the same with just a single user takes the whole thing to a completely new level. I am not saying this because I am just another privacy-prayer hoping to get ‘street cred‘ for his words but to rephrase an idea I’ve heard from THE Austrian privacy activist (Hans Gerhard Zeger). [I know this idea isn’t entirely new, but I do think its worth being repeated many, many times…]


If data/information about everybody is available, authorities will start searching the data for unusual patterns to be able to investigate or even predict potentially malicious behaviour. So, the second a user types in ‘uncommon’ queries, he/she thus would be under suspicion. And here comes the point; under such circumstances, the whole principle of “presumption of innocence” (ei incumbit probatio qui dicit, non qui negat) is actually turned over. Then the authority won’t have to proof that the user has done anything wrong, but the user would be under the obligation to prove that he/she hasn’t.


I guess, nobody is feeling comfortable about being tracked/logged. At the same time we all appreciate the benefits of this technique. So as always a compromise has to be found as stubborn search engine bashing will just blur the whole situation and allow competitors to use the confusion and find loopholes to put things into practise, big corporations are still struggling to be allowed. Example? While some 70 year old Austrian even attacked an Google Streeview car last week with a pick-axe, nobody seems to care that an Austrian company (Herold Straßentour) has already recorded most of Vienna’s inner city, using pretty much the same technique. So shall Google be punished for at least openly speaking about their plans while others ‘just do it‘?

*Sell Your Privacy For A Nectar Cookie And A Cadbury Chocolate Bar

Internet publisher is cooperating with customer loyalty scheme Nectar to connect users’ (offline) shopping profiles with (online) user accounts so as to subsequently utilize this information for perfectly targeted online advertising campaigns.

Nowadays as well as in the past, users surfing on the net are exposed to ads coming from a multitude of providers, all trying to gain consumers’ attention and – of course – his/her personal data in order to eventually deliver tailored ads.


This system has already changed a bit.  I now notice a tendency to try to lock users on platforms where there data is collected and where (tailored) ads are shown to them during their stay (iGoogle, Facebook, MySpace, etc.)

At my presentation in Salzburg, I’m presenting an idea according to which a consumer/user signs up at an “Advertising Provider” and in exchange for providing this provider with his personal details and the ability to fill all the advertising space in his browser while surfing, the consumer will be compensated for this by some sort of incentive (money, loyalty credits, etc.). This idea incorporates elements from the “Peter Pays” business idea, where users can make calls from their computer to foreign land-lines for free (!), but they have to watch ads while they are on the phone (and they have to prove that they’ve actually watched them by answering simple questions about the ad afterwards).

I think this move has both advantages and disadvantages. There is of course the looming risk that having a vast majority of your data stored with one provider will make abuse even simpler, as anyone wishing to (ab)use the data wouldn’t really have to search for it anymore; he/she will find it already perfectly stored in just one place. Thus also, sooner or later, the government and e.g. insurance companies will get hold of this data and use it (for example, just imagine your insurarnce company’s interest in knowing what food you buy etc.)

There might, however, also be a couple of advantages for users and advertisers: First and foremost, the data provided will enable perfectly tailored advertising, making ads more interesting for consumers, while at the other hand also reducing the advertising costs for advertisers. Secondly, the fact that all the data is stored in one single place might also present some benefits.

First of all there is one single opt-in, instead of many opt-outs. Secondly, as the data is stored in one place it might also make sense to address the provider, asking for a copy of the data held and/or ask the provider to change/rectify the data. This might sound naive to some readers, but the Austrian Data Protection act is very fine piece of legislation, grating the consumer e.g. the right to request a copy of all the information held about him once a year for free (please see my post on about how I’ve tried this myself.) Secondly I wonder if that provider, being the target of public criticism, wouldn’t be under much more scrutiny to prevent data leaks than e.g. any small loyalty program or online newspaper you have signed up for.

While preparing my presentation already a month ahead of the IRIS2010, I was only speculating about such a system. Reality however has “overtaken” me and today at the day of the presentation there is already such a programme, interconnecting offline identities with online accounts to deliver tailored ads.

The British, are -apparently- a nation that was fortunate enough never to have suffered under a government who has abused personal data for bad purposes. Thus, it did not come as an surprise to me that customer loyalty schemes provider Nectar and Yahoo! are using British consumers to perform the marketing masterpiece of connecting a offline consumer with an online (Yahoo!) account. Nectar offers its services (“Consumer Connect”) for a wide range of shops and one can only imagine the wealth of data available in their database.

Nectar partners starting with an "A"

Consumers, opting into the service “Consumer Connect” will then be supplied with ads, matching their online, as well as their offline- behaviour. Yahoo and Nectar however  have of course pointed out that Nectar accounts are linked to their Yahoo! profiles without revealing personally-identifiable information.

Personal opinion about privacy & conclusion

Although I see no particular reason to distrust Yahoo!’s statement, I’d like to follow my credo that “people aren’t no good” & “what can be done, will be done“. I am almost amused by the thought that while some users are heavily protesting Google Streetview etc. more than 20.000 Nectar customer’s have already sold their privacy for the mere price of a chocolate bar.

I am personally strongly in favour of the  idea of privacy as I think that the alternative, a user made out of glass, would lead to the effect that everybody whose behaviour is not 100% unsuspicious and normal will be seen as a potential suspect and will, as a consequence, suffer under the burden to proof that he/she has not done anything wrong (and sooner or later we all do something we should not have done. After all, doing wrong is just a part of learning.)

*Your Insurance Company Might Charge You Extra For Using Social Media & Location Based Services

As Social Media & Location Based Services are suspected to lead to an increased risk of burglaries, insurance companies are contemplating about increasing their insurance premiums for users of such services.

As reported last week, most users are unaware about the wealth of information they broadcast into the web through their Facebook-status or Twitter feed. As Richard Evens in the Telegraph has reported, this might lead to big rises in home insurance premiums of people who use such services and offers following advise:

1. Never post your home address or other personal information such as your home phone number on social networking sites

2. Don’t follow people you don’t know on social networks and use block others from seeing your profile if you don’t know them

3. Turn off location-based services on Twitter and Facebook unless you absolutely need to use them.

*How Unique Is Your Browser’s Fingerprint? – The EFF’s Panopticlick Test

ORF’s reported last week about the PANOPTICLICK initiative of the Electronic Frontier Foundation which aims to inform users how traceable their browsers  are and suggest various  relief-measureSo far nothing new or exciting.

Things however got exciting when I ran the TEST with my default browser (Firefox) and was shown why my browser has got a pretty unique  (unique among the 414,408 browsers tested so far by the EEF) fingerprint on the world wide web.

Summary for Jurists: Browser do not only transmit very basic information such as the computer’s operating system (e.g. Intel Mac OS X 10.6; en-US), the language selected, the screen resolution, the time zone used but also about the plugins (e.g. Windows Media Plugin 2.2.1, Java Embedding Plugin, iPhotoPhotocast) installed and the individual fonts (as I do graphics for clients who use specific fonts, I have added a nice selection of fonts) that are installed on the computer. Each element of this information, continuously provided by your browser while surfing, viewed on its own, is widely irrelevant, but combined however it creates a pretty distinctive “fingerprint“.

Click on the image to be forward to the test page

To definitely identify a single person on the net 33 bits (quantity of entropy) are needed, my browser alone provides around 19 bits of information (For a very interesting description of the whole issue, that will force you to reactivate knowledge untouched since you last maths exam at high school, please click here).

At this point readers of this blog should be reminded of the fact that I also use a free blog counter ( which allows me to analyse some of the information (OS, browser type and version, screen resolution, location, ISP) mentioned above. I do this to track the performance of my recent post. The counter only stores the last 500 views (2-10 days depending on the traffic). To read more about this blog’s privacy policy please refer to the “About-Tab“.

*Social Media Services Provide A Rich Resource for Data Mining

While people in the past used to be terribly worried about hackers etc. breaking into their computer and thus accessing their data, the current (at least gradually progressing) exhibitionism on the social web (feel free to call it ‘web 2.0‘) combined with a status quo of today’s search technology already enables to gain impressive insights not only into user’s private details, but also into users’ behaviour.

Such insights are of great relevance for e.g. the advertising industry as they enable advertisers to ‘efficiently target‘ the users and to supply them with ‘tailored ads‘, minimizing advertising waste coverage.

Not being able to index social networks thus constitutes a competitive disadvantage and thus search engines are willing to pay to be granted access to such data. As the data on e.g. Twitter and Facebook however is changing in “real time” SEs were required to modify the way in which they index data to be able to cope with short term peaks caused by unexpected events (e.g. Hudson river plane crash, Michael Jackson’s death, more >>here<<).

The service TweetPsych for example creates a psychological profile of any public Twitter account and compares it to the others already in their database. This enables the service to identify those traits/issues that are used more or less frequently by the user analysed.

Far less creepy but still interesting, Google also offers a service to help you gaining and combining information from the (social) web. The service Google Social Graph, still a Beta and aiming at developers, makes information about the public connections between people on the Web, expressed by certrain markup languages (XFN and FOAF) and other publicly declared connections, easily available. The service however returns only web addresses of public pages and publicly declared connections between them. The service is not able to  access non-public information, such as private profile pages or websites accessible to a limited group of friends.

Google Social Graph should help help users connect to their public friends more easily.

Google’s statement on the sources for their data doesn’t necessarily mean much as having e.g. a friend on facebook who has fully published and opened his profile for search engines will thus also enable search engines to gain access to certain data from your profile.

Since the most recent change of Facebook’s Privacy Policy in December 2009 some data (picture, current city, friends list, gender, and fan pages) is now deemed to be ‘publicly available information‘, which means that users have no way to prevent any other Facebook user from viewing this information on their profile. Thus it is e.g. easy for marketers to create a dummy facebook account and to supply facebook with an email-list of its customers. Facebook then scans the email-list and will as a consequence supply the marketer about his customers with all the information below:

“Certain categories of information such as your name, profile photo, list of friends and pages you are a fan of, gender, geographic region, and networks you belong to are considered publicly available to everyone, including Facebook-enhanced applications, and therefore do not have privacy settings. […]”

This data is furthermore also accessible to the developers of applications used by your friends. That means that you don’t even have to use the apps yourself to allow the developers of your friends’ apps’ so get your publicly available information. An option (FaceBook API opt-out) which could be used to prevent this got removed from Facebook through its last Privacy Policy change. For more information on this issue please refer to the EFF.

This Satelite Doesn’t Beep But It ‘Tweets’

Please click here if you want to follow this blog on Twitter.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 94 other followers

Author’s Rights - Online reporting hotline for child pornography and nationalsocialist content on the internet
JuraBlogs - Die Welt juristischer Blogs

Previous Posts:

RSS Goldman’s Tech & Marketing Blog

  • An error has occurred; the feed is probably down. Try again later.

RSS Class 46 Blog

  • An error has occurred; the feed is probably down. Try again later.

RSS WIRED Epicenter

  • An error has occurred; the feed is probably down. Try again later.
wordpress stat