Violet Blue Applied: Session 2 November 30th, 2015 Data and Society claudia joined us: attending a course at nyu: a stratosphere of surveillance can we escape the frame of surveillance exchange shopping lists --> claudia: please check out the book called "obfuscation: a user's guide for privacy and protest" https://mitpress.mit.edu/books/obfuscation (Thanks!) we did a recap of last meeting who is the audience how is the problem conceived and what technology is invoked it seemed the person was assumed to already be very knowledgeable but also maybe not knowledgeable enough my issue with the book was that the use case/user did not exist if you know this, you are likely to know all these other things who you hope that the user is a person that cares about tech and knows about it and cares about privacy and does not know about it that was me for a week i would distribute this to middle school students it should be part of a curriculum it would be beneficial to talk about privacy and you teach that to 7th grade students but you need an educated person to be able to explain some of these things or how you go about getting a lawyer in chapter 4: what i liked that she started with an empathizing tone, and emotionally taking care of yourself and remaining calm what i didn't like: my mom was swatted i was working on online harassment and somebody who is think was from gamergate called the local police department and i had already done my threat modeling anita sarkeesian had retweeted me it had been a month of regular internet usage i blocked over 60 people goodgame autoblocker randy harper built it it is a shared block list that pools from a twitter bot it follows people who are following main actors in gamergate it needs to be a certain amount in which case you land on the black list it blocks over 5000 people which means that sometimes blocks journalists those people can email randy and she will remove you couple of people have asked to be removed but they haven't been because they have been kind of abusive, and they don't think that they are i needed a short block list so i did threat modeling against myself randy had just been swatted i only have a couple of hundred followers i didn't say anything crazy i have retweeted anti gamergate people but that was it someone from the internet called my mom's local police department and they initiated a prank swatting it is usually a violent crime + hostage situation so the person said "i shot my girlfriend and am holding her daughter hostage" my mom lives in new orleans the police department regularly deploys a swat team high rate of gun and gang violence they didn't think it was real but they had to deploy she answered the phone, they surrounded her house she lives in a wealthier neighborhood, otherwise things would have been different there is a regular release of crime information i have not seen this elsewhere this local reporter looked into it my mom thought it was a prank call but the reporter found me i have listed my location in twitter he looked through my research and found my email crashoverride: zoe quinns non-profit it is in some cases a way better resource than this her directions feel more direct but i like the way that violet blue talks about first taking care of yourself, going to therapy and also listing tech-savvy therapists zoe's work is pulled from her experiences but that is a very specific one i think this book is great but sites like this get to the point faster and it is a pity that such sites are not organized better i want to organize and streamline it i was in a state of anxiety and the page felt like i had this many more things to do for example, the format of the book is so friendly, you feel the space, it doesn't feel overwhelming the chapters are succinct and i was surprised when the chapter was over: wait we have covered everything font size and space feels so important even though there is no control+F for a physical book there is a great index and ToC my second point: neutral one crashoverride felt very clearly outlined with 1,2,3,4,5 but the book does not feel partitioned well there are certain things like this is the way you should do something she starts with therapy and then moves to fighting back and then she says the legal system is not going to help you but then there is no number the next thing is get a restraining order and that felt like such a jump when i started work on online harassment most people did not know their perpetrators it is when you become persona non-grata then you get sustained harassers i am much more curious about the data how many people who face online harassment know their harassers so, this line of sections felt like a big jump and then she goes on to describe the legal system daniel citroen's book does a good job at this in a chapter which you could summarize a lot of this laws are different from state to state and this is where she also gets personal her history of being cyberstalked and talk about a couple who met when they were stalking her but this is too autobiographical it felt like such a jump and she started talking about getting your private photos offline dmca take down and creation of an evidence folder a jump to a specific use case final point, she gets into dmca takedowns it didn't feel like the right chapter for it that revenge porn is the main form of harassment that you know your harasser and they have information about you but in a lot of harassment it wouldn't be that but it would be threats and digital stalking that was problematic you need a lawyer and a lot of evidence that would be able to argue and be knowledgeable of all of this that is such an expensive to go about i think you need a chapter on cyberrevenge chapter in itself zoe had fake revenge porn made about her some of the fake ones felt like they were real you can photoshop to make things look real it is not quite revenge porn but it falls under the same cateogry you can argue that it is artwork, so it doesn't easily fall under dmca that is a weird territory that was my problem chapter 6: how to share it is about media settings and how to dispose of old devices i just got this new phone, and i was not able to accomplish the switchover not all contacts transferred contact migration: claude is an expert on the topic, she thinks that part of the problem is that some of the information is on the device and others are on the sd card a lot of what she says, maybe all of what she says, is not unlike tips that you come across elsewhere don't let people automatically tag you look at privacy settings and when she talks about friending: you should ask yourself, do i really know this person it feels like these are tips for teenagers view your profiles on google+, linkedin as someone else i tried doing that facebook: i looked at it and i did discover you can pretty easily filter your whole timeline and you do this while you are logged in what is public and i saw some random photos that were pblic posters for salsa dance that i have been tagged in soccer related stuff that you would know about me random photos of me that a cousin took of me the only possible options, through facebook, is says: report/remove tag i clicked on that and it asked me, why do you not want the tag but there was no way to say that the picture was ok but i did not want to be tagged with the phones one thing that she doesn't mention even trusted apps can do dangerous things with your privacy try to make a decision based on that she doesn't mention all the crap that the phone comes with i could probably root my phone i tried to uninstall and remove these things but then it says my phone may not work and i run the updates cause i want to keep my phone secure i have dozens of apps I don't want and she does not talk about that safely disposing old devices she talks about that 2014 sprint worker had distributed nude photos he had recovered from a disposed customer phone look online how to scrub your phone in general you look in settings look for factory reset i am wondering: would i be missing something with factory reset is there still a risk of recovery with the sim card i am going to send the old phone to verizon but it doesn't say anything about the sim card throwing it away would be the right thing to do, right? factory settings would not take care of your phone resyncing from cloud services sim card: should you throw it away android: we looked online and it says you should encrypt and then delete what if the phone fails to encrypt? Violet Blue generally says you should turn to device providers what to do if you are trying to provide a solution to people to say go to this other place, look at this other thing you should at least cite the place you should do it this way because so and so said so in the appendix: there is nothing she has links to the different social media sites i have my old iphone if you think you deleted everything there is still a lot that is easy to pull there is no way to completely wipe your phone when you give it back claudia: don't these books make it very individualistic and put the responsibility on the individual in some cases it doesn't matter or very individually based rather than something more collective it is your phone and not the phone of your friends something that empowers you rather than protection on the other side of that is because this is a book written by an author that has an encouraging voice you can read this book or you can make yourself crazy by searching online for an hour with contradictory results i frame things, as a curator of digital strategies she should have said: this is what i would do i was cyberstalked that is why i focused on that i could tell you shitloads about swatting but then dmca take downs: you need a lawyer and be aware of the law that is difficult in a state where it is not clear how well the courts understand these problems panel one of the panelists was cyberstalked CA has comprehensive laws around cyberstalking cause there are many celebrities that live there that could have been pointed out: LAPD has a department around this that could be something in the book: you can call LAPD and try not to tell them where you live. that is something i want to work on an app that would help victims what they can do to prevent swatting and how do police departments talk to each other can i call the lapd i don't live in your jurisdiction my mom went to the police department to tell them that she may be swatted again and that she had been swatted before but they didn't even have a recollection of the prior swatting they did there is a lot of human error did you all see the nyt magazine issue about swatting these women that use twitch one of the main characters is a detective how he tries to put the dots together and to get his colleguas to understand what is going on http://www.nytimes.com/2015/11/29/magazine/the-serial-swatter.html?_r=0 since prank swatting is local crime, it does not get put out at the national level what if, all police stations have to have recordings you can change your voice what if it was all the same imber tone if you use a certain kind of word or inflection they can be used to pin point your identity if local police department were sharing swatting information if you could look for patterns if you took a neutral time zone my mom is on central time i am on eastern time could you pinpoint to smaller groups this is though the point at which the demand to protect women/feminist positions clashes with years of digital rights and civil liberties i think those struggles need to be redefined but one thing is to train police departments maybe an fbi liason inside a police department so that they have to go through another protcol if there is a doxing, we go through you it has to however under the framework on what a digital crime is and then it is going further it is a digital harassment crime to define very explicitly what that is so you list doxing, prank swatting if it fits this, then it goes onto this national database is there a way to blend hyperlocal and hypernational without running into a surveillance issue? how does a girl in small town missisippi gets swatted how do i explain this to the local police department that this is connected to all these other incidents i am the link but i am removed and there is nothing that ties it to me here and the only linkage other than me is that those states touch each other are there any numbers? it is hard to distinguish between prank swatting and harassment prank swatting and accidental swatting responsibilization: institutions are externalizing risk onto consumers/users and she seems to accept that abine: who are their investors what is the data they are collecting you can give them your passwords they can be your wallet allow you to mask your credit cards and email addresses and allows you to block tracking i used deleteme: it is slow and it is not perfect and they took a long time they do this on behalf of you you are not ever completely removed but it is half gone --------- END of MEETING -------- If you made notes that you would like to add, please feel free to do so: Seda Notes on Chapter 9: abine: it's cool, it's expensive! i am trying out their free services used it to mask email and get rid of amazon emails great advantage: the first email they forward to me although i just subscribed and turned forwarding off (i hope this means they have some smart scanning going on). their privacy policy is somewhat kosher: they will not share your data but will only use it to give you the services so, what is their business model: $2 per card for cards under $100. An additional 1.5% of the Masked Card Amount for cards made for $100 or more so, for a 1000$ purchase 15$s in addition to what you pay your bank for the transaction. capital from general catalyst and another firm it seems like a boys club... what does it do to your credit record in the sense that every website checks to see if you are a "good customer" what happens to that and is there a greater chance that your purchases will be rejected? i don't know. they are in the bitcoin business, too comments from m: rejection of self-help/responsibilization with respect to bank security and identity theft american pragmatism as a way of depoliticizing issues weird appeal it becomes an existential argument if you believe in action as politics and not action as action you can do this but this is not political action stealth your mailing address: get a post box at the post office 17-75$s for 6 months for the smallest size stealth your phone number: You can set up a second phone number using popular ser- vices like Skype (very cheap) and Google Voice (free). Another option is to use disposable masking phone number services, like Burnerapp.com, which will let you create a temporary phone number to use and then delete it forever. note that abine does this for you, too. for calls: some people said that their phone did not ring and now that the call was being put through this new company, sometimes the call quality was not convincing. mailvelope: it is as secure as the plugin. for a while they would leak information because google would make a copy of your email while editing every few seconds an overview of crypto for messaging/email from eff (what the different applications offer and don't offer) https://www.eff.org/secure-messaging-scorecard#methodology does everybody understand the concept of public and private key? eff's table is not reliable but it has nice distinctions that one should look out for.