The Surveillance Capitalism Will Continue Until Moral Improves

[Music] okay so in case you hadn't noticed I've got a little something on my face right about here we'll get to that in a bit right now I want to lay some foundation about the talk today so surveillance capitalism case not familiar with the term coined in 2005 by a Harvard Business School professor Nick professor named Shoshanna Zubov this is how she defines a new form of information capitalism that aims to predict and modify human behavior as a means to produce revenue and market control so rubato meaning and consequences packing that definition and give us more background on it the concept was formed upon and as our action to Google's accumulation management processing of immense volumes

of data so 2012 omits in golf is a senior VP of engineering at Google News talking about Google search capability thirty trillion URLs twenty billion of those a day hundred billion search queries a month this is in 2012 I'm sure they've grown a lot since then Hal Varian stelson for he's a Google chief economist talking about the work they have to do create databases that sorry store data in massive table spread across thousands of machines clearing more trillion records in a few seconds that's complicated stuff a lot of data to sort through so Shoshanna Zubov cheese guided history of studying capitalism 20 decades and so sort take on this is that data is becoming everything big data is plucks my lives

without our knowledge without our informed consent and all this exists no longer to be employed and served we exist to be harvested harvested for our data the matrix we harvested for energy will will were harvested for our data so there's a lot more to her to her to her serving of capitalism she's attention she puts it forth I'm not doing the justice you should definitely look up her works on it all my sides are online will be a link at the end she can go to see the sources of all my material so it's fascinating stuff and today for today just remember this google has shown that big data accumulation and analytics can be highly profitable and there are many

other companies that are desperately trying to follow their business model of collect data and monetize it so today I want to run through some examples of surveillance capitalism how it's played out how it's happening in real world any talk on surveillance isn't complete without a bit on privacy so privacy the past few years has been a battle that will change from privacy being the same as secrecy to privacy being about control Daniel stole over a paper in 2007 if you got talking about if you if you have nothing to hide you've got nothing to hide and he is against the question entirely because most people that you said if you've got nothing to hide what do you have to fear to surveillance

the government watching you and his take on is that the problem isn't very question itself if the underlying assumption that privacy is about hiding bad things and it's not when you ask that kind of question you're saying what bad things are you hiding it's not about hiding bad things Bruce Schneier wrote an article on fainting privacy and control and in his words privacy is about secrecy sorry back up the older generation privacy is about secrecy and the Supreme Court once said once something is no longer secret there's no longer private but that's not how privacy works and it's not how the younger generation thinks about it privacy is about control it's about when your health records are sold to a

pharmaceutical company without your permission when a social networking site changes your privacy settings to make what used to be visible to your friends visible to everyone the NSA eavesdrop some Evelyn's email conversations your loss of control of that information is the issue so we may not mind sharing our personal lives and thoughts but we want to control how where and with whom a privacy failure is a control failure identity is the chief privacy officer for Cisco extremely smartly positive woman to follow her on Twitter I highly recommend it the interview in January she said this when you say privacy is dead if what you mean that by secrecy and hiding away and not being connected

I agree to that part is dead the privacy as a definition of how we define ourselves how we live our culture how we and how we live our lives privacy is alive and well so ok a couple things more on privacy again just a friend of the talk today most privacy violations are not caused by a huge personal secret but by many small things but by bit coming out eventually till it overwhelms you so my opinion on it privacy is evolving privacy is a battleground and it's a battleground about control not about whether I control my information myself anymore but who controls the data generated by and about our lives so privacy being about control maybe some of you

recognize these pictures this was a lady caught up in some tabloid style situation four years ago she to go to court and when going to court people out there photographing her so to protect her face she gets a privacy visor like this it was quite interesting because she's she's dressing up and she's coordinated with their outfits he's obviously looking nice she knows people taking a picture of her but she's wearing it to protect her face maintaining the symptoms of control and so that's why I work today I wanted to see what it's like and it's pretty weird I parked about a block down the street got in my car put this on and walked up

here everyone's looking at you it's kind of warm and uncomfortable but it does put this barrier between me and the rest of the world a kind of big sunglasses so being about control if when I want to reveal myself I can and it's pretty cool divisor is like 18 dollars on Amazon so pretty fun things to have so most my face like it to the 17 minutes also so topics of today the examples I'll go through and I haven't timed this out that's my first time running through the presentation got a lot of material to cover so I may just go through some examples quickly but like I said if something interests you it'll all be

online but covering things like instant facial recognition geofence content delivery retailer municipal tracking location tracking browser fingerprinting cross device tracking all the stuff in the description and I have some examples of each so stay shal recognition to give some background the the there's open source software out there to do it yourself you can sign up you can incorporate it into your apps it's it's so commonplace now that there's a a company in Missouri that offers startup company that offers special recognition to local businesses so that if you want to go in the store to be a customer scan your face and if you're a known shoplifter known felon if you're wearing sunglasses they won't open the door for

you you have to skin your face to get inside and it's not like some government thing this is just like a maybe small mid-level store a retail store it's been tested for years but it's being explored all over the world for all kinds of good reasons weird reasons one of the big ones that cuddle out at intention last year 2016 Russian startup called fine phase tomato app they have in Russia there's a social media site called V contact similar to Facebook and B contact may be made information available to people who have defined face apps so have an app on your phone walk down the street take a picture of someone and it will find that person's

matching profile on B contact so you add a bar on the subway you want to who that person is and find out about them you can take a picture and get it like that so with I think Facebook and Twitter have come out saying that they're not in favor of that they won't allow that kind of integration but it's kind of a matter of time until these databases of faces are it's so easy for anyone just all of the world to look up a face right away it's coming one consequence that let's don't know how you can see it but it's Lois Lane on Facebook and a caption is do you want to tag Clark Kent and it's Superman holding

her so pretty clever comic but good demonstration of what facial recognition can do and again at the source they filled my slide you can click on and you get the source of the cartoonist good stuff the us control us example just mostly it's in Chicago it's been added to their citywide camera system fr meaning facial recognition here NYC wants to add at all their bridges if people come into the city FBI has worked on a database for years there's a big report last year 2016 the one of two American adults is now in a law enforcement based recognition network from passports from driver's licenses from our 50 other sources all kinds of oak databases of your scraped or sold

people could their consent to and then the FBI FBI and law enforcement get a hold of it and they add it to a much bigger database so that they can compare it to the people walking into the facility a big one that I want to mention that gives people a lot of concern 2017 taser the company that makes you know they're the shock things and body are police gear they make body cams for police they want to roll out live streaming for to body cams but in this year where someone back at the station at the precinct whatever can see what's happening on the police of body cams right then and next year they've come out and said this they want to

plug-in live facial recognition so officer walking down the street has cameras on scanning faces if there's a match for a known felon known person whatever he gets an alert even on the stone some kind of device he says hey find this person because of such-and-such reason so the concern is you know you have to speak to a police officer you walk down the street in your with inside of one that's now a police interaction how is that going to change the the legally what what sweida fallout of that what what rights do we give up an interesting take on is for years people have fought to record the police you're in public anything you do officers we're going to

record you please have been happy about that but it kind of goes make sense Samoa everything's up with the public point of view well now it's going to go both ways please can record anyone they see in public and do their own look upon it and I I guess I see it coming and I see unless there's legal protections in place it's going to be hard to push back on that kind of technology that's coming out here in public it's open season for everyone so defensive against facial recognition you can wear a mask to a scene in 13 states some states outlaw it completely I think Ohio and a few others in the south mostly because it come to

have passed laws originating in against the KKK I think Ohio actually their law says you can't wear a white hood a white mask a white cover to the face a lot of states did to say you can only wear it on Halloween you can't wear it in the commission of a crime but there's some kind of restriction on wearing a mask many countries have restrictions as well too so so max max masks as we protect yourself are kind of right out a project called CD dazzle this was I think 2014 I figured off hand but a make it this wrong Adam Harvey by the time was a master student and 2010 our 2012 when it

originated I think you noticed the advancing in facial recognition software he looked at the open source version called a CD something I'm blanking on this but he's essentially figured out how it recognizes the face you know it looks for the white space between the nose looks for that the distance between where the eyes are all the rules that the algorithm uses to find say this is the face here's the mouth here's that I've and so on and he did some some work into boarding that what can you do to stop that recognition from happening an additional example he came up with styling the hair to to cover the bridge from the nose putting lines and patterns

and stuff high contrast areas to throw recognition so that's why I did I wanted to try it out I seen it for a while got a lot of press when it came out and I'm happy to say this morning my wife's ready to take a photo of my face or phone try as you know a phone type of magic face and find it couldn't be with is like going nuts couldn't find my face and just quit tried three times and so proof of concept it works for phones at least oh and so I'll go back real quick part of his reasons for doing makeup in here was because you can't rely on masks you can't do crazy accessories you want

to make it kind of fashionable to work patient recognition so that that was the theme behind his project different ways to throw off the algorithm and he did hit a cool video at a conference in Germany called I think of the name CCC Kaos communications conference I believe get a video talked about 30 minutes on he's got a cool demonstration of the of the software actually working and and talk about the work he's done and really explains as well it's super interesting I recommend looking at it this is a guy who these are 3d printed based gauges again to throw off the algorithm so they can't find out where the eyes are any I remember correctly can want to make it

so that you could print it up yourself and again kind of make it acceptable it's obviously a bit weird off-putting for some but think about it this way she could have disposable base max disposable privacy essentially you have a little bending machine with a face mask you buy for the day and then throw away in the next year get a new one this is research that just came out last fall I believe I'll get to talk about this bit later but you have these facial recognition algorithms they have the comparing a picture to a huge database what is a known face what features will match this space and so they did some research into making glasses they added

a certain kind of noise certain kind of patterns to make someone give a return of face that was not the person wearing the glasses the top row yeah top row the people wearing the glasses and the bottom three on the right are the faces that were returned as a match so to humanize your like that stuff is not a match how is that guy in the second the left being identified as a woman but to the algorithm it says this is that person because of the data I'm coming in the way it looks at the data and it's all just glasses that are custom-made whatever glass is a piece of paper printed with that color pattern

this is untested I'd love to do this these are shirts you can buy them made big in China apparently you can order them and a few other varieties of celebrities which are spaces all over them like I'd love to order one of these and see if how it throws off facial recognition software they're like 15 20 bucks I might do it just for fun I think Will Ferrell wore one on Colbert show a while ago okay I anyone recognize this comic comic book fans anyone okay so this is a I gotta find my notes on this okay comic strip called Private Eye so the premise is the story about privacy this comic book came out

two years ago I think you can buy it in digital format on Amazon it's really really good so the premise is the story of our privacy in the year twenty seventy six everyone will have a secret identity once upon a time Americans trusted their most precious information to something called the cloud and whether they knew it or not this cloud also contain detailed information about their darkest secrets darkest secrets and most hidden desires then one day the cloud burst look go back there no one knew if it was an accident or a declaration of war or an act of God but for 40 days and 40 nights the cloud rain down its entire contents across the country the ensuing

flood hurt everyone digital assets were wiped out vast online libraries were lost forever there's a slow and steady weak Avenger individuals personal information that destroyed the most lives so the premise is that one secrets comes out and the way society reacts to that is there's nowhere Internet but also everyone wears costumes out in public everyone has a persona you go on public you always cover yourself and you only take it off in the private of your home with your friends and it's all about privacy as control as you as you wear these these these costumes or these masks so you can go out and experience new things you can and read about new books you can go to new clubs whatever

without people knowing who you really are my name is just indirect reaction and it's a cool premise you know what happens if the internet goes and and all information is out there how does the world react it's actually kind of a story about a more detective Maurer story but that's the backdrop for it so book is called a private eye you can order it online actually if you can pay whatever you want you for it plug it for free get it for free getting five dollars get it downloaded five for five dollars the print book you get from Amazon and that's also really cool okay moving on forgive you fungal and fast a bit excited mystic fun state up a long time

doing this so like I said if I go too quick it's all online how does this link at the end geofence content delivery so geofencing is with software putting an area kind of a digital barrier around the dealer location say around a city around one building and when a device crosses that barrier something happens in the 90s Andrew to thousands it was all about location baked location-based device tracking monitoring vehicle fleets emergency notifications to every cellphone in the area really basic you know service emergency it makes sense to kind of do this stuff 2002 there's a paper that what I found the first time someone proposed geofencing at the method to identify mobile users and

condemned content let's find all the people in an area and push out some point content to them and 2010 2012 you start seeing articles online talking about well let's use geofencing as an enhancement your absence will do something special in this location you can your business you want to find people in your area who people marked market you right away because you have a higher chance of getting them into your store you can find better real estate leads looking in certain areas so geofencing has a way to push content out as a way to interact as net as an action it's kind of evolved over the past 15 years all kind of um it kind of makes sense you want to sell

things you want to keep track of things anything so it like it's your phone sitting out its location sorry its receiving this location via GPS you have nap that's monitoring that when you pass a certain GPS you might get an ad that pops up or push notification hey this business down the street has got a sale on something you like you should go visit them so location-based actions until 2015 2016 so there's about abortion so it that aside any feelings you haven't just let's take a look at what happened an article about this kind of sums it up well anti-choice group uses smartphone surveillance to target abortion line and women during clinic visits so i read a bit 2015 an

advertising executive had an idea instead of using his his mobile surveillance technique to find out which consumers might be interested in buying shoes cars or some other product what if he could use the same technology to figure out which women were contemplating abortion and send them ads on behalf of anti chores anti choice organizations the targeting of women seeking abortion presents a serious threat to privacy and safety of women exercising their right to choose as well as to the abortion providers and their staff but due to the laws govern privacy and data collection in the US the conduct was and how it was perfectly legal and there's two law articles about it so essentially a woman goes to an

abortion clinic which has the location on a map and because they have an app that that whatever reason is is tracking their location maybe two ads or something else it's returning her okay to an advertising company he had access to he could then say hey there's a woman with this demographic in this location I will now push out ads that on the web pages she goes to that might say thinking of abortion there's options something kind of innocuous but there's choices for you know something that you're targeting someone this application but the purpose was to get them to leave the clinic and and go to a pro-life service so again my point of view no matter how you certainly

abortion argument debate it's pretty creepy to specifically target someone in that kind of vulnerable situation as a bottom court said that they're in a private moment at a difficult moment and you're serving them custom ads to get them to go do something to influence their decision I can see the logic behind wanting to do that if you believe in the if you're if you're pro-life and you want to get them out but the method of doing so seems pretty invasive so it's got some press last year and I haven't found any other democratic example similar to this where someone does this kind of targeting until uber there's article a couple month or so ago New York Times

yeah how Lewbert is Eve's authorities worldwide super goes to a city city tries to regulate it find out what they're doing so they have government code enforcers regulators signed up for uber to make sure the drivers are complying with city code goober wants to know this is happening wants to figure it out so they had different ways to identify the regulator is is using their service one of them put a geofence around government offices when someone opens your app and requests a ride and they're in that location that the high probability they work for the government like to keep an eye on them who did other things matching the credit card to known City locations matching to the

payment details of the customers move the mouse sorry about that matching inexpensive cell phone models they have someone go to stores in the area and see what kind of cheap phones are being bought because they said the phones that regulate their code enforces regulators will probably buy so they don't so they don't use their personal phone one of the cheap phone these regulators are using what models are they so when someone installs an app we can say hey we have an install matching this phone model again another flag for possibly a government regulator as well as scripting social media so is in combination with several other things but this point of view makes sense you

want to find out who which who's using your app you set up geofencing to see when someone comes or goes to a certain area so I haven't seen this is this kind of prediction speculation on my part but how could this be these maliciously you working InfoSec you start to get that mindset how could this go wrong how could I break this top guide misuse it and hopefully if you think that way you're on the good side but imagine someone using geofencing to do skier fencing geo fishing mislead someone show them ads that gleam through a phishing website based on their location someone's voting inside a polling station that a medical office as I mentioned before instead of domestic

abuse shelter you want to get those women targeted as women and find out where they live who they are serve them content whatever not good reason maybe based on the job you want to target journalist and identify them lease officers law enforcement FBI officers who's going inside the geo location of the FBI office regularly where are they going I mean this is all hypothetical I haven't seen any evidence of this happening and if you could try to see if this actually happened but knowing phishing and knowing you know how malicious people work to get the possibility that it could be used to target people based on a geolocation so defense against this disable your location services they'll install free

apps that display ads because they usually end up putting lots of data back the advertisement companies with Android you can restrict permissions of installed apps at Android 6 or above you can sell an ad blocker if the website see what you go to you block origin is the one that's most used by people in the intro psych industry an awful situation awareness realized hey I'm at a doctor's office why am i seeing ads on my phone about the the kind of doctor I'm coming to see you know that now that you wear that kind of targeting can happen maybe we'll catch it when it does so retailer in municipal location tracking let's use empty Wi-Fi

tracking you sensor spread over an area to record the Makah tribe broadcasted MAC address of your phone and with it looking for a Wi-Fi hotspot or to connect to Chiefs tents are set up and you measure signal strength to measure MAC address as it moves across an area and from that you can build up the map of a device's movement through space and time and I'll have a lot of examples here because I didn't have time to get to this but objects examples are you move through a store to store wants to know which display so they go to where do they stop how long do they been in front of a certain display cities might

want to know where the foot traffic is on certain areas I think some companies have sold this to real estate and department companies to figure out where the foot traffic given certain air is the where should we build hash we construct our cities there's a some research done in the London Underground the subway system there few stations how do people move these stations let's track their their Wi-Fi devices and see how they move so it's not the track to figure out where they are but how can we make the services better so and again stores want to do this so they can make their stores better fix the layout be more more profitable more efficient so

it's not too nefarious unless you you have a city that say let's track people to go to a certain area and then find out where they live after that I mean you can again imagine that the ways of convenience use once you identify a device and then track it over time and use it if and and and miss you that information so defense again turn off your Wi-Fi Bluetooth from not in use go connect to your store is free Wi-Fi because they're going to care about everything you look at everything you do you can record when you came into that store article just came out yesterday I think about Mac randomization you I think it was a Naval Academy

I forgive you the research they looked at the Mack randomization capabilities of modern devices Windows 10 androids Android phones iPhones and they all have them I mean that there is water research Lasher done into there randomization capabilities Mack randomization capabilities of devices and research I forgot this got published yesterday was that you can even with devices that broadcast a random mac address because of other information that's brought that's broadcasted out other information leaks the way it's sent out you can still identify what kind of device it is you can still be anonymized it essentially so that the details are interesting from technical point of view the takeaway is devices that offer mac randomization are not

truly random are not robust and it can be broken so relying on mac randomization according this research is not a way to stay anonymous when you're out and about and lastly if you don't like it just don't go in the store and I'll have where hacks that I was going to mention some of the stores install cameras to to also track where they go there's a couple examples of cameras being installed and mannequins to record where people are looking see how long they look at something see what their mood is like so combining Max Max tracking I guess I could say checking the MAC addresses a combining that with with with data from cameras again just

to find out what people doing in the store and how to improve improve it unblockable browser fingerprinting okay the other fingerprinting it's you go to a website and they want to figure out what kind of browser you're running your browser sends information in the user-agent header what what version it is what kind of browser it is what the capabilities are the website can can't send code back to the browser execute this command in JavaScript to draw an image and canvas fingerprinting what that does because devices have different GPUs different graphics drivers different capabilities different yet to some capabilities there's new variations and how the same image is drawn across if the same device is sometimes or it's

affected by the browser version and so on so your fingerprinting device based on what it can do well on what and how how it renders a website and up until the bottom section cross browser fingerprinting that just came out month ago couple months ago pretty recently the standard defense was we just use different browsers for things maybe Chrome for random surfing well chrome fear banking sites maybe Firefox the random surfing ie the work stuff kind of compartment compartmentalize your habits so you go to different place with different browsers and no one can build up a solid picture of what you're doing or install adblocker as well too but the research that came out someone did some research showing that again

running code on the computer looking at all these factors graphic cards sorry I'm going back up again running code to get the browser to to run the same code in multiple browsers are they the laptop the computer turned the same code on multiple browsers and they do some analysis to say yep this is the same person coming back because of such-and-such reason so again you identify the user even for using different browsers to go to the same website and as long as a bunch of website that will show you what information does your browser stand back and mostly depends on running JavaScript but some of it just is stuff like your window size IP address the time

what fonts are loaded so if you want to see really how unique you are in these websites interesting the very last one is pretty fun click-click click-click real URL and i kind of game if eyes you go to it and you've gotten it's just a blank screen you start moving the mouse you have this voice that says oh good job move to the right and say you do something like you clicked are time to say good job you please click five times it's like a scoreboard you can see of all the actions you've done moving to a corner clicking forward and back clicking five times looking a hundred times and it's all then to demonstrate

how the web so the server can track what you're doing track with your browser is doing and record it so it's way to kind of game of five but also show you what is capable to be measured then you go to a website and though the voice is I think slightly few customers on in there so I wouldn't blast it at work but it's still kind of fun to do this to see this to see how what can be tracked so defense against that even more extreme compartment ation I mean how well will work but you have a different browser or different VM one Linux VM with chrome or different willing to be em with a brave

brave browser or one with of all the or one with IE or in the Windows 10 VM and you have leave some tags to a different VPN as well to you so you mixing up your IP addresses I mean it may come the point where if you don't want to be tracked that the extremes you might have to go to to trill out noise about your behavior the ESF has a browser extension the privacy badger it does how well it does what does attempt to block canvas fingerprinting only coming from third-party sources you can sell an ad blocker that does cut down on some of the tracking you can entirely block JavaScript from running that's where

almost all the tracking comes from running code in your browser to to do something behind the scenes rates a lot of websites but that's why we need to use a tor browser it disables JavaScript by default to fight back against some of the fingerprinting techniques out there or if you like being tracked I mean some of these things that I give is just you just have to get off the internet if you want to be tracked by the internet don't use it cross device tracking and ultrasound beaconing so again it's got a lot of press last year mostly this technology I'm going over is pretty recent stuff has matured in the past couple years cross device tracking is ID in the same

user across devices I go to website on my phone I go to website on a laptop I visit Netflix on TV or eventually IOT devices you know I get seen on a camera somewhere and that gets tied to me using the store's Wi-Fi basing their websites now they got a picture of this advertising of this user identified by an advertising code just identifying a user as they move across devices because many people have multiple devices now and visit websites and services across multiple devices so advertisers web sites one of them when they're coming back for different reasons to improve their service to sell better ads and so on two different ways they do this probabilistic and

deterministic tracking probabilistic they have a bunch of different data sets we think this data group matches into a data group with a high enough probability that it's the same person deterministic you log into Facebook on your account on your phone you log into Facebook on your laptop Facebook knows those two vices belong to you because it's determined this user account is using these two devices or I sign up with the same email address across different websites and it was advertised on those websites no hey he's signed in here here and here the same email address it's the same person ultrasound beaconing a sitting out ultrasound audio clips a sound that sounds that our ears can't hear higher

frequency our ears can't pick it up with speakers can you have a device like a TV mix an ultrasonic audio signal and it's detected by software and app on your phone or different device there was a lot of hype about it and 2015 CDT is the Center for Democracy and technology great organization great people really pushing for for transparency and they're very Pro consumer on pro privacy so they had they submitted some excellent comments the FTC about cross-device tracking they did a great job explaining the technology the methods uses and the privacy concerns so if unison that their comments are great they call that a company called silver push which was not operating in the u.s. at the time the sec warning

about that siliceous entually was the app that was the software that was installed in the app so that when an ad comes on TV and someone has that app running and it's listening on the microphone the silver push app record that this device saw this ad at this time and it sends it back kind of a confirmation that an advertisement is being watched that this person who matches this demographic is seeing these ads so Silver's got a lot of bad press I think they're operating yet operating in India mostly not not in us right now last I heard last I read so this is website you beak sec org independent research into the ultra sound tracking

ecosystem privacy security problems and some proof of concept methods to block it it's not if the technology is not being widely used yet but obvious you can imagine you don't want devices talking to each other signaling hey this person is listening to this ad here without without your knowledge and that was a big big big point that the FTC made the tracking often takes place without consumers knowledge without your consent and you have limited choices to control it and the collection of this information results in more and more sensitive data that needs to be protected so you're generating databases that are desirable to attackers they're having some companies that latter example here if you do want to consent and you want

someone to track you're okay with that there's a company that will install an app and I think a device of your TV as well to to see what you're listening to but it pays five to twelve dollars a month that's what they're paying customers to allow themselves to be tracked when people do that and they're okay with that and I guess the I guess the FTC is assuming that there's a big point they made about about consent then with some of the organizations that that that set standards for the web that the tracking that goes on you can do it if you inform the consumer and they and they give consent to it but the privacy

laws in the u.s. are based about to is is informed consent of the tracking and surveillance that goes on so we leave it up to you to decide if you want your activities to be be tracked if you don't like it you want to defend against it against tell an ad blocker that might cut out some of it add noise to your browsing behavior and by that I mean not audio noise but but a dirty browsing behavior that hides what you're really doing fake data that you spit out well maybe you could help the phone manufacturers will enable filtering of ultrasonic frequencies it's apparently phones are capable of not responding to it not emitting to it but it's a

hardware driver issue that phone manufacturers has to build in I have seen a couple examples of people who want to avoid the magazine microphone being activated you plug in a headset that has a little mic on it like that and you break the microphone when the headsets plugged in apparently the phone will override the external mic and use yeah jigs are perfect it's even better so you're doing that so okay that's the same you don't your phone you microphone reactivated get one of those go to DEFCON data brokers collection data analysis data collection and analysis this is a great paper data brokers in an open society came out last year the definition of data broker they defined

it a company that earns his primary revenue by supplying data or inferences about people gathered mainly from sources other than the data subjects themselves and it has some explanation about those terms but you know an information broker we have information we collect it from one source and then we sell it to someone else who wants it I'm not collecting it from you specifically but maybe from the companies that that collected here and there and I aggregated that information from them and I sell it off to Facebook to whoever wants to buy it so this article will go back look like one just mentioned the article linked in here is a high-level overview of the data

brokerage industry it's super interesting relevant laws and Poli develop policy developments in the US and the EU the impact the data brokers and profiling and marketing on consumer credit and policing and suggestions and questions that the social sector should consider so again if you're whined about this stuff the group that put it out there called up turn to do a lot of great reports on the kind of thing but it's a pretty established entrenched process data collectors have gone on for decades - 10 15 20 years online and this is another great article about it you are what you click marking this tree is profiling and classifying this all the advertising can be customized the

thousands of companies are making it their policy in business to profile us in detail all in the hopes of craft the crafting better sales pitches there's no incentive for them to stop this activity there's no law prohibit it but prohibit it and the growing data databases afford be difficult to expunge there's lots of examples of it a few examples 2012 this is really big one the article in here is the New York Times this long-form article talking about how target does it's a statistical analysis of its data to sin adds to people that they think want them and the kind of theme is how do you in it the premise here 2002 two colleagues the marketing department

stopped by the statisticians desk asking odd question we want to figure out a customer's pregnant even if she doesn't want us to know how can you do that and the way it was done is is you watch the buying habits before someone gets pregnant they start buying certain things prenatal vitamins volume equalities before they get pregnant they they buy certain things and what they know they're pregnant you start buying prenatal vitamins kid clothes they're baby clothes stuff like that and so if targets tracking that and they know this person is buying this aha she's pregnant and this is a big deal and the article explains it because is most of us have our buying habits we know what we like

there's very few times when once were adult that we start we change them drastically and pregnancy apparently is a big one where you'll buy go off in a whole new direction buying a whole new brand a whole new variety of things and so targets goal was to capture these families women and men at this moment when about to be pregnant and sell what they want to sell if they can capture these people interest and make long-term customers out of them so the the big thing that caught a lot of attention was that Wicomico from the article about a year after the statistician created the pregnancy prediction model a man walked into a target outside Minneapolis and

demanded to see the manager he was clutching coupons that had been pent to his teenage daughter and he was angry my daughter got this in the mail he said she's still in high school and your city her coupons for baby clothes and cribs he trying to encourage her to be pregnant turns out they weren't she was pregnant I could figured that out because of her activity the dad didn't know it he eventually came back and said I'm sorry I had dust legal on my house I didn't know about but if ya targets found out that this teenager was pregnant before her parents knew and we sitting her coupons because of her buying habits so surprise yeah so and then target changed

their that they didn't really comment on that and the guy that reported in the article kind of lost his access to the target guys once that came out and he did some investigating but and and they changed their marketing and targeting sentence but that that was kind of at the time I got a lot of new attention for that same reason too just like first of all kid with no target was dealing with that kind of targeting and mystic mountain a fiscal analysis then when it goes so wrong like that that's that's what it makes the news a couple other examples 2016 Gizmodo website started buying Facebook ads targeted to federal employees in Washington DC so you know

Facebook you can send ads based on whatever demographic you like you know mail this salary range this location with this with this interest you can feed this micro targeting and the point with the made of website say hey you have information about Trump here's an ad talk about a website we want you to leaked to us that's a pretty specific targeting but there are capable capable of doing on Facebook and 2017 snapchat advertisers they have access to data from offline purchases stats from a loyalty card program the user target consumers with relevant snapchat ad so it's information that they don't get some snapchat they get it from elsewhere what do you buy in the grocery store

well now we're going to serve ads to use your snapchat account because we know what you're buying in a grocery store ah down 13 what this was an article research done by Amnesty International I believe why build a Muslim registry when you can buy it website called exact data you can go to it and they have let us say just get down both the total database of 200 million u.s. context can be filtered by four hundred and fifty terms religion ethnicity ethnicity the city household income and vehicle make so MSA international I believe it was the one and they said they signed out the few clicks we want a database of people who are Muslim 140 thousand

dollars to do that that one doesn't have to build it it's already out there you can buy it 7.5 that's a person with the cost to get that and there are so many examples I mean I couldn't even list them all in here that there's covering every industry every swatch of life swath of life all kinds of samples of data collection and micro-targeting being done to find consumers and tell them exactly what you think they want what you want them to buy these are all links to articles news articles you can read if you like so how do you defend against it don't install free apps that display ads restricted permissions kind of the basic stuff again there's software you

can install to install to keep your apps from connecting out buy everything with cash and on tracks you don't install apps burn your phone and live in a cave or just deal with it and if it's been going on for years long enough that is and there's no laws against it there's so many companies doing it that's just the way it is so it's kind of a first world problem now install adblocker I'm seeing add that I liked yesterday across the web so I do this to make a point because if the big hand ring in the US is advertisers are tracking us and it's definitely a first world problem as I see it like not that critical

it could be misused by the government but I don't see this most well what I've seen this isn't a huge concern over in many other parts of the world a few more examples biometrics you can extract fingerprints on a photograph biometrics can be faked Samsung TVs when they came out they were always on kind of like Alexa or Cortana Siri or whatever Google thing is you know disabled they're always listening for their wake word all the FS leave how-to articles always on mics or privacy threat privacy policy is not helpful 2017 yeah month or so ago a lawyer rewrote instagrams policy so parents can keep understand it and he put it in simple plain language as a way

to help facilitate parents and kids understanding what's going on but it takes a lawyer to translate that into something that you can talk about and someone thought was interesting the very last link generate a privacy poly for any policy for any country you can go there just like a template thing what's your country what's your state's step policy and this may be why you see the same policy language on so many websites and so many things we just copy it and paste and it's not really useful okay I'll try to turn this up quick and be close to time not all that I did find some kind of interesting cool examples of AI and stuff and all the data

collection being used Syrian refugees they have access to funds me when you and had a problem how do we track and make sure the same person is getting those funds and it's not being stolen or or misused they have ATMs with an iris scanner you go to the ATM scan your eye you get your funds the even has a way to audit and track yes this person got their funds so we can prove that it's going to the right people to the refugees and we continue funding them as we can audit and track it down 16 a guy set up little camera to see once a boss walking down the aisle he trained it on the boss's

face so the boss started walking the screen would flip up to the code he was doing instead of the website he was reading yeah yeah it's pretty fun an article about such creative art pranksters doing things too the term was devious devices like the coffee maker would make coffee really good or really bad based on some social ranking it would burn your toast or cook it well based on your application online so just devices that that react to the data about you and also as a rave that ai2 crafts music based on public profiles of the attendees so with all this fun stuff how do we fight back when you can do it on a small scale and I

wish I could talk about these in depth and all these topics and go on from there our body to them but you can build privacy in there's companies that are building privacy tech government nonprofits are researching ways to do it there's talk in industry about things like data ethics ethical engineering billing data protection into our laws and regulations things like data avoidance the the app signal on your phone they received a subpoena I made summarize as long as pinna last year about information this was before subscriber and they returned like like to a few bits of data like an IP address that was signed up and that was it like almost no one Meishan because they don't collect

information if you don't collect data it can't be misused if you stolen or subpoenaed and it's some company they think we have to collect everything but you don't have to you don't collect it and it can't be can't be misused and a common ahab's there it's um don't add a survey for magazine so I put it in fake information five hundred dollars my salary my age 43 I love messing with data is take away and then as with so many other things Kellan Hobbs was ahead of its time but using putting fake data out there using false personas false information throw away email addresses you sign up for something don't use your gmail address use a throwaway one don't

put your real name oh this is super cool adversarial import input you have AI this goes back to the stuff I should earlier throw an off facial recognition those glasses that once you know how to algorithm works and you know how to forward it well you put out fake information that gives wrong answers or you or you submit an image that has enough noise in it so taking image of a panda but the AI machine running whatever recognizes it as something else entirely because you've altered the image in such a way as to throw off it's it's recognition capabilities so adversarial machine learning adversarial inputs this is all if you're into AI and machine learning and big data and neural

metrics neural networks this is all super interesting stuff that's just now coming the cheering I guess in the past year so because for so long the the push for AI and machine learning has been to make it good enough to work now there's working they have to start worrying about how people give us paid that data how do you know when it's correct how can we test that we're getting the outputs that we want okay so to kind of close up here on the present surveillance really worried about the government's spying on US government's everywhere you know we've been washed all the time and this is kind of a reality check that I saw this was read

this off so this was a news article from here in ksl here in Utah month or so ago a five-year-old child reported being sexually assaulted after entering a bathroom at a library surveillance video shows a man who libraries employees they frequently visit the building following going to a restroom man leaves the bathroom boy comes out and tells decision mother what happened absolutely horrible what do they have this is the surveillance video they have this is a kind situation where you want facial recognition you want to know who this guy is identifying right away and catch him because of the horrible thing he's done so this is the the balance we have to worry about the trade-offs we have to

worry about we want protection for situations like this we don't want to give up the control we have over our privacy and our personal lives and data and so it's this constant tension that's going on that we saw played out for example last year with the FBI trying to get to the Apple Apple phones this Apple of Iowa they break their encryption for some cases not others there's victims of crimes where a son or daughter is murdered and the parents and the police want access to fill in the information but Apple wouldn't release it you're on the side of the parents there that your parent you want police to solve the crime you want to get the device that

has information about it but people on the side of the F of Apple against the FBI you want to do something special access the FBI because of all the reasons that entails so Cain just doing the research for this talk I saw this article and just like this is a time where you want that surveillance to be there but this is the hype most people worry about we'd be washed all the time it would be abused so how do you find the balance between the two of them and I don't know I've had some good conversations with if with FBI agents about their opinion is one that talked about their opinion is let the people

decide because it's not up to us to decide it's and likewise people in the tech world in security world there as little control for governments as well servants for government as possible cuz they assume it will be misused that's outside of conversation of the topic date again is talking about surveillance capitalism about how edik election is happening how beats being monetized and it's been going on you don't know about it hope this will open your eyes some all my slides online slides that's a cute org lots of cool links lots of stuff there's so much I couldn't go into so much if interesting stuff going on out there so happy to talk answer questions don't take my photo all right thanks a

lot