Portfolio

  • Privacy Tools: Mask Your Location

    March 24, 2014

    In the course of writing my book, Dragnet Nation, I tried various strategies to protect my privacy. In this series of book excerpts and adaptations, I distill the lessons from my privacy experiments into tips for readers.

    “Where R U?” There’s a reason that is among the most common text messages of the modern age.

    Location is one of the most revealing pieces of information about us. In 2013, researchers found that four instances of a person’s location at a given point in time were enough to uniquely identify 95 percent of the individuals they examined. “Human mobility traces are highly unique,” the researchers wrote. “Mobility data is among the most sensitive data currently being collected.”

    Location is also predictive. In another study, researchers at Microsoft were able to use location data to predict where people would be in the future. Wednesdays were the easiest to predict, and weekends the hardest. “While your location in the distant future is in general highly independent of your recent location,” the researchers wrote, “it is likely to be a good predictor of your location exactly one week from now.”

    To mask my location I took several steps:

    1)   When browsing the Web, I tried to use  the Tor Browser as often as possible.  Tor anonymizes the location – known as the IP Address — that you computer transmits automatically to every website you visit. It’s amazing to see how revealing your IP address can be –this site pinpoints my location exactly.

    Tor bounces your Internet traffic around the world so that your computer’s location is masked. However, because your traffic is bouncing around the world, using Tor can slow down your Web browsing. Click the Tor button on this graphic to see how Tor protects your location from potential eavesdroppers.

    2)   Masking my location when using my cellphone was more difficult. I turned off ‘location services’ for my apps. And I tried to opt out from companies that track cellphone users via the Wi-Fi signal emitted by their phone.

    I identified 58 companies that appeared to be in the mobile location tracking business—ranging from advertisers to wireless carriers. Of those, only 11 offered opt-outs—which I attempted to complete. Here is the chart of the folks I found that offered opt outs.

    Service
    Type
    Privacy Policy
    Opt Out Link
    Information Required
    DataXuAdvertisingClickClickCookie
    DrawbridgeAdvertisingClickClickCookie
    Sense NetworksAdvertisingClickClickDevice ID
    Euclid AnalyticsAnalyticsClickClickMAC address
    FlurryAnalyticsClickClickDevice ID and UDID
    MixpanelAnalyticsClickClickCookie
    NomiAnalyticsClickClickMAC address
    AT&TWirelessClickClickvia your AT&T account
    SprintWirelessClickClickVia your Sprint account
    Verizon WirlessWirelessClickClickvia your Verizon account
    T-MobileWirelessClickClickCookie

    The Future of Privacy Forum has also built a location opt-out site, which as of today, offers opt-outs from 11 location tracking companies.

    Ultimately, I decided that turning off my Wi-Fi signal was a more effective opt-out.

    3)   When I really do not want my location to be tracked, I throw my phone into a Faraday cage – a bag that blocks it from transmitting signals to Wi-Fi or the cellphone tower. I use this one from OffPocket, but any Faraday cage will do.

    Of course, this also means that I can’t use my phone. So, like most of my privacy fixes, it is a highly imperfect solution.

     

     

     

     

     

  • New York Times Op-Ed: Has Privacy Become a Luxury Good?

    March 4, 2014

    The following article appeared in the Opinion pages of the  New York Times on March 3, 2014.

    LAST year, I spent more than $2,200 and countless hours trying to protect my privacy.

    Some of the items I bought — a $230 service that encrypted my data in the Internet cloud; a $35 privacy filter to shield my laptop screen from coffee-shop voyeurs; and a $420 subscription to a portable Internet service to bypass untrusted connections — protect me from criminals and hackers. Other products, like a $5-a-month service that provides me with disposable email addresses and phone numbers, protect me against the legal (but, to me, unfair) mining and sale of my personal data.

    In our data-saturated economy, privacy is becoming a luxury good. After all, as the saying goes, if you aren’t paying for the product, you are the product. And currently, we aren’t paying for very much of our technology.

    Not long ago, we would have bought services as important to us as mail and news. Now, however, we get all those services for free — and we pay with our personal data, which is spliced and diced and bought and sold.

    Consider Google, which scans what you write in Gmail to offer advertisers a chance to promote their items based on your missives. Or a visit to an online news site where your data is secretly auctioned and sold before the page loads. Or Facebook, which allows marketers to turn your status updates into ads for their products.

    Continue reading at nytimes.com.

    Privacy Tools
    Purpose
    Cost
    Total$2,467.53
    hard drivebackup data storage$119.99
    MiFiportable Internet connection$419.88
    1Passwordpassword management software$69.99
    shreddershred documents$61.98
    flash drivestransfer files securely$30
    MaskMe disposable identity service$30
    walkie-talkiesunmonitored short-range communications $57.94
    Riseupe-mail service (donation)$100
    Postboxe-mail software$9.95
    Silent Circleencryption phone software$124.80
    Virgin Mobileprepaid phone charges$440
    Samsungcellphone$200
    Off Pocketcellphone Faraday cage$85
    Delete Medata broker opt-out service$209
    MailStop Shielddata broker opt-out service$35
    Acxiom info-request fee (Acxiom required me to send in $5 to obtain my data)$5
    laptop privacy filterprevent snoopers$34.05
    SpiderOakencrypted cloud storage$232
    Access Denied RFID shielded wallet
    $52.95
  • Privacy Tools: How I Quit Google

    February 24, 2014

    Dragnet Nation cover artIn the course of writing my book, Dragnet Nation, I tried various strategies to protect my privacy. In this series of book excerpts and adaptations, I distill the lessons from my privacy experiments into tips for readers.

    The following excerpt appeared on Time.com on February 24, 2014.

    I think it was the search for “pink glitter tiny toms” that finally prompted me to quit Google.

    I had long been worried that Google knew too much about me — after all, like most people, I used Google Search, Google Maps, Google Docs and Gmail on a daily basis. Not to mention the Google ads that tracked me across the web.

    But I didn’t quite realize how much Google knew until I dug deep into my Gmail account settings and found the section where Google had been logging my search queries dating back to when I opened my account in 2006.

    There, I found that Google had been carefully cataloging the 26,000 searches that I apparently conducted every month, by date and by category (maps, travel, books, etc.).

    My searches were a horrifying insight into what Buddhists call the “monkey mind,” leaping from place to place restlessly. Consider Nov. 30, 2010: I started the day by reading some technology news. Then, suddenly, I was searching for “pink glitter tiny toms” for shoes I was considering purchasing for my daughter. Then I was off to the thesaurus to look up a word for an article I was writing, then to OpenTable to book a restaurant reservation, and then to Congress‘s site to download the text of privacy legislation. Phew.

    This was more intimate than a diary. It was a window into my thoughts each day — in their messiest, rawest form — as I jumped from serious work topics to online shopping for my kids. My searches are among the most sensitive information about me. If I’m planning a trip to Berlin, all my searches are about Berlin. If I’m researching an article about facial-recognition technology, all my searches are about facial-recognition technology. Basically, my searches are a fairly accurate prediction of my future actions.

    This was something I didn’t want anybody to see — not my boss, my friends or my husband. And even more desperately I did not want my information fed into some algorithm that will reveal that people who considered buying pink glitter shoes and recently visited Berlin are poor credit risks, or some such thing that will likely arise in the future world of Big Data.

    And I couldn’t expect the company to keep all my data secret. Google has a history of abusing users’ trust. In 2010, it launched a social-networking tool called Buzz that automatically listed people as “followers” of people with whom they frequently emailed or chatted on Gmail. Users who clicked on the button “Sweet! Check Out Buzz” were not adequately informed that the identity of their closest Gmail contacts would be made public. Google later agreed to settle the Federal Trade Commission’s charges that Buzz was deceptive and paid $8.5 million to settle a Buzz-related class action.

    Google was also caught bypassing the privacy settings of Safari, used by millions of iPhone and other Apple users, with a special computer code to trick the browser into allowing Google tracking. Google later paid a $22.5 million fine related to that violation. And, of course, Google violated people’s privacy when its Street View cars inadvertently collected personal information from wi-fi networks.

    And then there is the data that Google hands over to the government. Google gets legal requests from the U.S. government for information about tens of thousands of accounts per year — and it complies with most of them. This is partly due to the outdated privacy laws that make it easier for law enforcement to legally read people’s email than to open their postal mail. Most mail can only be opened with a search warrant, but “stored” email can be obtained without a warrant.

    The leading Internet companies, including Google, Apple and Facebook, have joined a coalition that is pushing to amend the Electronic Communications Privacy Act to require search warrants for email and cell phone location records. So far its efforts to reform the law have not been successful.

    If that wasn’t enough, we have learned from the top-secret documents obtained by Edward Snowden that the National Security Agency has been hacking into Google’s data centers.

    So I decided I needed to go on a Google data diet. I started by quitting Google Search.

    I found a tiny search engine called DuckDuckGo that has a zero-data-retention policy. It doesn’t store any of the information that is automatically transmitted by my computer — the IP address and other digital footprints. As a result, DuckDuckGo has no way to link my search queries to me. “When you access DuckDuckGo (or any website), your web browser automatically sends information about your computer,” the company’s privacy policy states. “Because this information could be used to link you to your searches, we do not log (store) it at all. This is a very unusual practice, but we feel it is an important step to protect your privacy.”

    As soon as I switched, I realized how dependent on Google I had become. Without Google’s suggested searches and perfect memory of what I usually search for, each search required more work from me. For instance, DuckDuckGo doesn’t know that I live in New York City, so when I mistyped “Naturaly History Museum,” it brought up the Natural History Museum of Los Angeles. For a comparison, I checked Google — and sure enough, it corrected my spelling and guessed I was in New York, listing the American Museum of Natural History in Manhattan at the top of my search results.

    DuckDuckGo’s lack of knowledge about me forced me to be smarter in my searches. For instance, I noticed I had become so lazy that I had been typing URLs — like CNN.com — into the Google Search bar instead of the navigation bar, even though I knew exactly where I was going. So I began typing the addresses into the correct spot on my web browser.

    The next thing I noticed: I had been Googling web pages that I visit regularly — such as my kids’ schools and my yoga-studio schedule — instead of just bookmarking them. And so I began bookmarking them.

    In fact, I had gotten so accustomed to letting Google do my work that I found it a bit jarring to have to finish typing an entire word without Google’s finishing it for me. Without Google’s suggestions, however, I found that I was less distracted to search for things I didn’t need. No more typing in the letter a and having Google suggest “amazon,” and then suddenly remembering that I needed to order something from Amazon.com.

    With DuckDuckGo, I usually found what I wanted, although sometimes it was strange to be confronted with just three results. I was so conditioned to seeing millions of results for everything on Google.

    But DuckDuckGo had some black holes. I desperately missed Google Maps and couldn’t find any other online maps that I liked as much. And I missed the Google News section.

    Before going to a friend’s dinner party, I searched to remind myself of the promotion he had just landed at Columbia University. There had been some recent news about it, but all my searches on his name, Sree Sreenivasan, and his name and Columbia, turned up nothing. Finally, I tried “Sree, Columbia and News” and an article popped up. The news was there. I just had to retrain myself to use DuckDuckGo’s structure for news searches.

    It dawned on me that I had attuned myself to Google. I had always thought of Google as a clean sheet of paper — possibly because of its nice white interface — but in fact I had molded my questions to adjust to how Google likes to answer questions.

    Now I was attuning myself to a different service, DuckDuckGo, which had different ways of answering questions. It was like a new relationship: I was discovering my new partner’s quirks and foibles. And it was empowering. I was attuning myself to a partner that didn’t have a hidden agenda of building a file on me for advertising purposes.

    I had broken free from Google, and the world was still on its axis. I had mastered another service and could still find the information I needed. The whole experience reminded me of a quote from Marc Andreessen, the man who created Netscape, the first web-browsing software, back in 1994. “The spread of computers and the Internet will put jobs in two categories,” he said in a 2012 interview. “People who tell computers what to do, and people who are told by computers what to do.”

    Mastering my switch to DuckDuckGo made me feel like I had a better chance of being in the category of people who tell computers what to do.

  • Privacy Tools: Protecting Your Kids Online

    February 23, 2014

    Dragnet Nation cover artIn the course of writing my book, Dragnet Nation, I tried various strategies to protect my privacy. In this series of book excerpts and adaptations, I distill the lessons from my privacy experiments into tips for readers.

    The following excerpt appeared in The Wall Street Journal on February 21, 2014.

    If you search for my kids online, you’ll find barely a trace of them. Not only do I not post any information or photos of them, I have also taught them to erase their own digital footprints.

    My children, whom I will call Woody and Harriet, are 6 and 9. They use fake names online—always. They use software to block online tracking, and instead of Googling homework assignments, they use a search engine that doesn’t store any data about their queries. They have stickers that cover their computer cameras. Harriet, my older child, uses an encryption program to scramble her calls and texts to my cellphone, using passwords that are 20 characters long.

    Why go to such extremes at such a young age? Because if I don’t do anything to help my children learn to protect themselves, all their data will be swept up into giant databases, and their identity will be forever shaped by that information.

    They won’t have the freedom I had as a child to transform myself. In junior high school, for example, I wore only pink and turquoise. But when I moved across town for high school, I changed my wardrobe entirely and wore only preppy clothes with penny loafers. Nobody knew about my transformation because I left no trail, except a few dusty photographs in a shoebox in my parents’ closet. Try that in the age of Facebook.

    Even worse, if my children leave their data lying around, they will face all the risks of what I call our “dragnet nation,” in which increased computing power and cheap data storage have fueled a new type of surveillance: suspicionless, computerized, impersonal and vast in scope. Criminals could use my kids’ data to impersonate them for financial fraud. Extortionists could seize control of their computers’ Web cameras and blackmail them with nude photos. And most terrifyingly, their innocent online inquiries would be forever stored in databases that could later place them under suspicion or be used to manipulate them financially.

    Persuading my kids to care about privacy wasn’t easy. To them, “privacy” was just a word that meant “no.” Privacy was the reason they couldn’t post videos on YouTube or sign up for kids’ social networks. Privacy is the reason I complained to their teachers about posting pictures of them on a blog that wasn’t password-protected. So I began my family privacy project by explaining to my daughter how strong passwords would let her keep secrets from me—and her nosy younger brother.

    We began by using a password methodology known as Diceware, which produces passwords that are easy to remember but hard for hackers to crack. Diceware is deceptively simple: You roll a six-sided die five times and use the results to pick five random words from the Diceware word list, which contains 7,776 short English words. The resulting passwords look something like this: “alger klm curry blond puck.”

    Harriet loved building strong passwords. Soon I began paying her to build passwords for me too. Eventually she branched out and started selling strong passwords to friends and family members for $1 each.

    Excited by her successful business venture, Harriet soon became curious about some of the other experiments I’ve tried to reclaim my online privacy. She loved the fake identity that I created for some of my online accounts (“Ida Tarbell,” borrowing the name of a turn-of-the-century, muckraking journalist) and decided to use a fake name for her online accounts as well.

    Harriet was also entranced by the encryption tools I used to turn my text messages and emails from plain text into huge blocks of code that could only be read by the intended recipient. So I set up an encryption app called Silent Circle so that she and “Ida” could exchange encrypted texts and phone calls.

    Harriet also got interested in a program called Ghostery that I use to block online tracking. She particularly liked Ghostery’s logo—a cute little blue ghost that sits at the top right corner of her Web browser. So I installed Ghostery on her own computer, an old netbook that we got free when setting up our high-speed Internet connection. She began to view Ghostery as a videogame, with the goal being to find websites with the most trackers. “Mommy, I found one with 41 trackers!” she crowed, running into my room toting her computer.

    Harriet even started to like DuckDuckGo, a privacy-protecting search engine whose logo is a cheerful duck in a bow tie. I set it up as her default search engine, and she happily showed the duck off to her friends.

    To keep outside snoops away from the family iPad, we found an app from Brian Kennish, a former Google engineer who quit to build privacy-protecting software. His powerful Disconnect Kids app captured all the traffic leaving our iPad and blocked any contact with a list of known mobile tracking companies. I thought the app’s invisible whirring was quite clever, but Harriet was disappointed that it lacked a videogame aspect: She couldn’t see how many trackers it was blocking.

    After Harriet had used Disconnect Kids for a while without breaking any of her other apps, I decided to install Disconnect Kids on my own iPhone. Sure, it was a kids’ app, but I had been struggling to block ad tracking on my phone—and this was the best solution I’d seen yet.

    Now, whenever I glance at Disconnect Kids’ dancing green robot on my iPhone, I remember that my kids and I face the same online challenges. After all, what’s the difference between privacy-protecting software for kids and adults when all of our data is being swept up equally indiscriminately?

  • My Q&A with Laura Poitras about Bill Binney

    December 26, 2013

    In the course of reporting my Wall Street Journal article about NSA whistleblower Bill Binney, I interviewed filmmaker Laura Poitras about her relationship with Binney and how it led to her meeting Edward Snowden. Here is a transcript of our exchange:

    Q: What sparked your first interest in Bill Binney?

    A: I first learned about Bill in 2011 from Jane Mayer’s New Yorker story on NSA whistleblower Thomas Drake.  The article focused on the government’s effort to prosecute Tom under the Espionage Act.  In the article, Bill went on the record for the first time in order to defend Tom.  He said something that really struck me – he wanted to apologize to the American people for helping build tools now being used to spy on them.

    I got Bill’s phone number after reading the article, but it took me a few days to call him. I knew I couldn’t call a former top level NSA crypto-mathematician turned whistleblower without flipping a switch. When I finally called, Bill said something like:  “Yes, I’ll speak to you.  I’m sick and tired of my government breaking the law and harassing me.”

    I imagine that conversation is sitting in a data repository somewhere.

    Q: At the time that you reached out to Bill, it was difficult to substantiate the allegations he was making. What made him credible to you?

    A: There was no question about Bill’s position in the NSA.  By all accounts, he was a legendary mathematician.  His eyewitness account of what happened after 9/11 is very compelling and supported by other reports.

    I met Bill on the eve of Tom’s trial in 2011. Bill was eager to testify in Tom’s defense because he wanted to be placed under oath and tell the court what he knew about STELLARWIND – NSA’s post 9/11 domestic spying program.  Bill didn’t get the opportunity to testify because the government reduced the charges against Tom from espionage (and 35 years in prison), to a misdemeanor.

    I think Bill is still hoping to testify under oath someday.

    Q:  You published your op-doc about Binney “The Program” on August 22, 2012. What prompted you to break off the piece about Binney and publish it prior to your film being completed?

    A: I decided to make “The Program” for a couple reasons:  First, Bill’s health was bad and I didn’t know how long he’d be with us.  He had taken so many risks to speak out that I felt an urgency to make public his warnings.  Second, the FISA Amendments Acts (FAA), was up for renewal in December 2012, and there was little public debate or interest about the bill and its renewal.  For these two reasons, I felt the story couldn’t wait for me to finish the longer film, so I approached the NYT to make the short op-doc.

    Q:  Is it correct that Edward Snowden reached out to you because of the Binney documentary?

    A: I can’t speak for Snowden’s decision-making process, but he did tell me he learned of my interest in NSA surveillance from the op-doc I made about Bill.

  • My Q&A with Edward Snowden about Binney and Big Data

    December 26, 2013

    While reporting my Wall Street Journal article about NSA whistleblower Bill Binney, I posed some questions to Edward Snowden. Here is our exchange, which was fielded by his legal counsel, Ben Wizner at the ACLU:

    Q: In a June Q&A with the Guardian, you were asked about the treatment of Binney and Drake, and you replied “these draconian responses simply build better whistleblowers.” Can you elaborate on what you learned from the treatment of Binney and how it has informed your actions?

    Snowden: I have tremendous respect for Binney, who did everything he could according to the rules. We all owe him a debt of gratitude for highlighting how the Intelligence Community punishes reporting abuses within the system. If you stay quiet and keep your eyes forward, you’ll be taken care of, even if you lie to Congress. If you buck the system, you find armed agents in your bathroom.

    Q: One of the points that Binney makes is that not only is dragnet surveillance harmful to civil liberties, but it also overwhelms the NSA analysts who have to sift through it, weakening our intelligence apparatus. Do you agree with that argument?

    Snowden: I do. Mass surveillance causes us to miss events like the Boston Bombings because analysts are distracted by low-effort analysis of endless and unfocused chatter rather than the focused, targeted investigation of things like tipoffs from partners. When your working process every morning starts with poking around a haystack of 7 billion innocent lives, you’re going to miss things like that. We’re blinding our people with data we don’t need and it puts us at risk.

  • NSA Struggles to Make Sense of Flood of Surveillance Data

    December 26, 2013

    Binney photo

    By Julia Angwin

    LAUSANNE, Switzerland— William Binney, creator of some of the computer code used by the National Security Agency to snoop on Internet traffic around the world, delivered an unusual message here in September to an audience worried that the spy agency knows too much.

    It knows so much, he said, that it can’t understand what it has.

    “What they are doing is making themselves dysfunctional by taking all this data,” Mr. Binney said at a privacy conference here.

    The agency is drowning in useless data, which harms its ability to conduct legitimate surveillance, claims Mr. Binney, who rose to the civilian equivalent of a general during more than 30 years at the NSA before retiring in 2001. Analysts are swamped with so much information that they can’t do their jobs effectively, and the enormous stockpile is an irresistible temptation for misuse.

    Mr. Binney’s warning has gotten far less attention than legal questions raised by leaks from former NSA contractor Edward Snowden about the agency’s mass collection of information around the world. Those revelations unleashed a re-examination of the spy agency’s aggressive tactics.

    Read more at The Wall Street Journal and see the full privacy series.

  • U.S. Terrorism Agency to Tap a Vast Database of Citizens

    December 13, 2012

    By JULIA ANGWIN

    Top U.S. intelligence officials gathered in the White House Situation Room in March to debate a controversial proposal. Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens—even people suspected of no crime.

    Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens-even people suspected of no crime.

    Not everyone was on board. “This is a sea change in the way that the government interacts with the general public,” Mary Ellen Callahan, chief privacy officer of the Department of Homeland Security, argued in the meeting, according to people familiar with the discussions.

    A week later, the attorney general signed the changes into effect.

    Through Freedom of Information Act requests and interviews with officials at numerous agencies, The Wall Street Journal has reconstructed the clash over the counterterrorism program within the administration of President Barack Obama. The debate was a confrontation between some who viewed it as a matter of efficiency—how long to keep data, for instance, or where it should be stored—and others who saw it as granting authority for unprecedented government surveillance of U.S. citizens.

    Read more at The Wall Street Journal and see the full privacy series.

  • New Tracking Frontier: Your License Plates

    September 29, 2012

    For more than two years, the police in San Leandro, Calif., photographed Mike Katz-Lacabe’s Toyota Tercel almost weekly. They have shots of it cruising along Estudillo Avenue near the library, parked at his friend’s house and near a coffee shop he likes. In one case, they snapped a photo of him and his two daughters getting out of a car in his driveway.

    Mr. Katz-Lacabe isn’t charged with, or suspected of, any crime. Local police are tracking his vehicle automatically, using cameras mounted on a patrol car that record every nearby vehicle—license plate, time and location.

    “Why are they keeping all this data?” says Mr. Katz-Lacabe, who obtained the photos of his car through a public-records request. “I’ve done nothing wrong.”

    Until recently it was far too expensive for police to track the locations of innocent people such as Mr. Katz-Lacabe. But as surveillance technologies decline in cost and grow in sophistication, police are rapidly adopting them. Private companies are joining, too. At least two start-up companies, both founded by “repo men”—specialists in repossessing cars or property from deadbeats—are currently deploying camera-equipped cars nationwide to photograph people’s license plates, hoping to profit from the data they collect.

    The rise of license-plate tracking is a case study in how storing and studying people’s everyday activities, even the seemingly mundane, has become the default rather than the exception. Cellphone-location data, online searches, credit-card purchases, social-network comments and more are gathered, mixed-and-matched, and stored in vast databases.

    Read more at The Wall Street Journal and see the full What The Know series online.


  • How Grabby Are Your Facebook Apps?

    April 7, 2012

     

    The Wall Street Journal analyzed 100 of the most used applications that connect to Facebook’s social-networking platform to see what data they sought from people. The Journal also tested its own Facebook app, WSJ Social. See the apps tested by the Journal, along with the permissions they ask users to grant them.

    Read more at The Wall Street Journal and see the full What The Know series online.


  • Selling You on Facebook

    April 7, 2012

    Many popular Facebook apps are obtaining sensitive information about users—and users’ friends—so don’t be surprised if details about your religious, political and even sexual preferences start popping up in unexpected places.

    A Wall Street Journal examination of 100 of the most popular Facebook apps found that some seek the email addresses, current location and sexual preference, among other details, not only of app users but also of their Facebook friends

    The Wall Street Journal, Page W1

    Not so long ago, there was a familiar product called software. It was sold in stores, in shrink-wrapped boxes. When you bought it, all that you gave away was your credit card number or a stack of bills.

    Now there are “apps”—stylish, discrete chunks of software that live online or in your smartphone. To “buy” an app, all you have to do is click a button. Sometimes they cost a few dollars, but many apps are free, at least in monetary terms. You often pay in another way. Apps are gateways, and when you buy an app, there is a strong chance that you are supplying its developers with one of the most coveted commodities in today’s economy: personal data.

    Continue reading at The Wall Street Journal and see the full What They Know series online.


  • Google’s iPhone Tracking

    February 17, 2012

    Web Giant, Others Bypassed Apple Browser Settings for Guarding Privacy

    The Wall Street Journal, Page One

    Google Inc. and other advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.’s Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked.

    Read more at The Wall Street Journal and read the full What They Know series online.


  • The Surveillance Catalog

    November 19, 2011

    The Surveillance Catalog allows readers to peruse secret marketing materials published by companies that make tracking equipment.

    Documents obtained by The Wall Street Journal open a rare window into a new global market for the off-the-shelf surveillance technology that has arisen in the decade since the terrorist attacks of Sept. 11, 2001.

    The techniques described in the trove of 200-plus marketing documents include hacking tools that enable governments to break into people’s computers and cellphones, and “massive intercept” gear that can gather all Internet communications in a country.

    Read more at The Wall Street Journal and see the full What They Know series online.


  • Stewart Baker: Why Privacy Will Become a Luxury

    November 14, 2011

    Stewart Baker, the former assistant secretary for Homeland Security, talks with Julia Angwin about the need for balancing privacy rights with security concerns. In The Big Interview, Mr. Baker explains why privacy may one day be a luxury available only to the privileged and the rich.


  • Judges Weigh Phone Tracking

    November 9, 2011

     

    The Wall Street Journal, Page One

    State and federal authorities follow the movements of thousands of Americans each year by secretly monitoring the location of their cellphones, often with little judicial oversight, in a practice facing legal challenges.

    Electronic tracking, used by police to investigate such crimes as drug dealing and murder, has become as routine as “looking for fingerprint evidence or DNA evidence,” said Gregg Rossman, a prosecutor in Broward County, Fla.

    The use of cellphone tracking by authorities is among the most common types of electronic surveillance, exceeding wiretaps and the use of GPS tracking, according to a survey of local, state and federal authorities by The Wall Street Journal.

    Read more at The Wall Street Journal and see the full What They Know series online.


  • Secret Orders Target Email

    October 10, 2011

    WikiLeaks’ Backer’s Information Sought

    The Wall Street Journal, Page One

    The U.S. government has obtained a controversial type of secret court order to force Google Inc. and small Internet provider Sonic.net Inc. to turn over information from the email accounts of WikiLeaks volunteer Jacob Appelbaum, according to documents reviewed by The Wall Street Journal.

    Read more at The Wall Street Journal and see the full What They Know series online.

    Plus, more on Sonic.net, the little ISP that stood up to the government.


  • Latest in Web Tracking: Stealthy ‘Supercookies’

    August 19, 2011

    The Wall Street Journal, Page One

    Major websites such as MSN.com and Hulu.com have been tracking people’s online activities using powerful new methods that are almost impossible for computer users to detect, new research shows.

    The new techniques, which are legal, reach beyond the traditional “cookie,” a small file that websites routinely install on users’ computers to help track their activities online. Hulu and MSN were installing files known as “supercookies,” which are capable of re-creating users’ profiles after people deleted regular cookies, according to researchers at Stanford University and University of California at Berkeley.

    Read more at The Wall Street Journal and see the full What They Know series online.


  • Device Raises Fear of Facial Profiling

    August 16, 2011

    The Wall Street Journal, Page One

    With this device, made by BI2 Technologies, an officer can snap a picture of a face from up to five feet away, or scan a person’s irises from up to six inches away.

    Dozens of law-enforcement agencies from Massachusetts to Arizona are preparing to outfit their forces with controversial hand-held facial-recognition devices as soon as September, raising significant questions about privacy and civil liberties.

    With the device, which attaches to an iPhone, an officer can snap a picture of a face from up to five feet away, or scan a person’s irises from up to six inches away, and do an immediate search to see if there is a match with a database of people with criminal records. The gadget also collects fingerprints.

    Read more at The Wall Street Journal and see the full What They Know series online.


  • Web’s Hot New Commodity: Privacy

    February 27, 2011

    The Wall Street Journal, Page One

    As the surreptitious tracking of Internet users becomes more aggressive and widespread, tiny start-ups and technology giants alike are pushing a new product: privacy.

    Companies including Microsoft Corp., McAfee Inc.—and even some online-tracking companies themselves—are rolling out new ways to protect users from having their movements monitored online. Some are going further and starting to pay people a commission every time their personal details are used by marketing companies.

    Read more at The Wall Street Journal and see the full What They Know series online.


  • Your Digital Fingerprint

    November 30, 2010

    Companies are developing digital fingerprint technology to identify how we use our computers, mobile devices and TV set-top boxes. WSJ’s Simon Constable talks to Julia Angwin about the next generation of tracking tools.


  • Race Is On to ‘Fingerprint’ Phones, PCs

    November 30, 2010

    The Wall Street Journal, Page One

    BlueCava CEO David Norris plans to fingerprint billions of devices. Tracking cookies ‘are a joke,’ he says.

    IRVINE, Calif.—David Norris wants to collect the digital equivalent of fingerprints from every computer, cellphone and TV set-top box in the world.

    He’s off to a good start. So far, Mr. Norris’s start-up company, BlueCava Inc., has identified 200 million devices. By the end of next year, BlueCava says it expects to have cataloged one billion of the world’s estimated 10 billion devices.

    Advertisers no longer want to just buy ads. They want to buy access to specific people. So, Mr. Norris is building a “credit bureau for devices” in which every computer or cellphone will have a “reputation” based on its user’s online behavior, shopping habits and demographics. He plans to sell this information to advertisers willing to pay top dollar for granular data about people’s interests and activities.

    Read more at The Wall Street Journal and see the full What They Know series online.


  • ‘Scrapers’ Dig Deep for Data on Web

    October 11, 2010

    The Wall Street Journal, Page One

    At 1 a.m. on May 7, the website PatientsLikeMe.com noticed suspicious activity on its “Mood” discussion board. There, people exchange highly personal stories about their emotional disorders, ranging from bipolar disease to a desire to cut themselves.

    It was a break-in. A new member of the site, using sophisticated software, was “scraping,” or copying, every single message off PatientsLikeMe’s private online forums.

    Read more at The Wall Street Journal and see the full What They Know series online.


  • One Smart Cookie

    August 4, 2010

     

    New York ad company [x+1] made predictions about users based on just one click on a website. This interactive shows the company’s assumptions about users and how they affected what credit cards were shown.

    Read more at The Wall Street Journal and see the full What They Know series online.


  • On the Web’s Cutting Edge, Anonymity in Name Only

    August 3, 2010

    The Wall Street Journal, Page One

    You may not know a company called [x+1] Inc., but it may well know a lot about you.

    From a single click on a web site, [x+1] correctly identified Carrie Isaac as a young Colorado Springs parent who lives on about $50,000 a year, shops at Wal-Mart and rents kids’ videos. The company deduced that Paul Boulifard, a Nashville architect, is childless, likes to travel and buys used cars. And [x+1] determined that Thomas Burney, a Colorado building contractor, is a skier with a college degree and looks like he has good credit.

    The company didn’t get every detail correct. But its ability to make snap assessments of individuals is accurate enough that Capital One Financial Corp. uses [x+1]‘s calculations to instantly decide which credit cards to show first-time visitors to its website.

    Read more at The Wall Street Journal and see the full What They Know series online.


  • Sites Feed Personal Details to New Tracking Industry

    July 30, 2010

     

    The Wall Street Journal, Page A1

    The largest U.S. websites are installing new and intrusive consumer-tracking technologies on the computers of people visiting their sites—in some cases, more than 100 tracking tools at a time—a Wall Street Journal investigation has found.

    The tracking files represent the leading edge of a lightly regulated, emerging industry of data-gatherers who are in effect establishing a new business model for the Internet: one based on intensive surveillance of people to sell data about, and predictions of, their interests and activities, in real time.

    Read more at The Wall Street Journal. See the interactive database accompanying the article and see the full What They Know series online.


  • The Web’s New Gold Mine: Your Secrets

    July 30, 2010

    A Journal investigation finds that one of the fastest-growing businesses on the Internet is the business of spying on consumers. First in a series.

    The Wall Street Journal, Page W1

    Brian McCord for the Wall Street Journal

    Ashley Hayes-Beaty

    Hidden inside Ashley Hayes-Beaty’s computer, a tiny file helps gather personal details about her, all to be put up for sale for a tenth of a penny.

    The file consists of a single code— 4c812db292272995-e5416a323e79bd37—that secretly identifies her as a 26-year-old female in Nashville, Tenn. The code knows that her favorite movies include “The Princess Bride,” “50 First Dates” and “10 Things I Hate About You.” It knows she enjoys the “Sex and the City” series. It knows she browses entertainment news and likes to take quizzes.

    Read more at The Wall Street Journal and see the full What They Know series online.


  • Who Owns Your Name on Twitter?

    May 19, 2009

    The Wall Street Journal, The Decoder column

    Social networks can be friendly places, but they are not democracies. Nor are they free markets. They are authoritarian regimes with whimsical and arbitrary rules.

    Read more at The Wall Street Journal.


  • Facebook: Can It Be Tamed?

    April 21, 2009

    The Wall Street Journal, The Decoder column

    My Facebook account is becoming unmanageable. It’s filled with updates, notifications, messages, wall postings, pokes, notes, friend requests and group requests (and that’s just a small sampling of it all). My Facebook correspondents range from professional contacts, to friends and family, to people I don’t really know at all.

    Read more at The Wall Street Journal.


  • Recipe for a Successful Viral Video Campaign

    February 17, 2009

    The Wall Street Journal, The Decoder column

    When Judson Laipply posted his six-minute “Evolution of Dance” video to YouTube in April of 2006, he didn’t advertise it at all. One month later, someone noticed his frenzied moves and e-mailed it to a friend. That friend e-mailed to other friends and more than 100 million views later, the rest is history. “It was all just pure luck” Mr. Laipply says.

    Read more at The Wall Street Journal.


  • A Problem for Hot Web Outfits: Keeping Pages Free From Porn

    May 16, 2006

    To Help MySpace Sell Ads, Photo Site Hires Checkers And Tests Software Filters

    The Wall Street Journal, Page One

    DENVER — Working quickly, Photobucket.com employee Jeff Gers can look at nearly 150,000 images on his computer screen during an eight-hour shift, or about 300 a minute. His job is to find and destroy anything that might cause offense, a task that’s getting harder all the time.

    Read more at The Wall Street Journal.


  • Elusive Spammer Sends EarthLink on Long Chase

    May 7, 2003

    Web Service Uses Lawyers, Private Eyes To Track Buffalo Sender of Junk E-Mails

    The Wall Street Journal, Page One

    ATLANTA — For more than a year, Mary Youngblood has been chasing the “Buffalo Spammer.”

    The 34-year-old Ms. Youngblood, who sports a picture of Darth Vader on her company ID badge, works at the headquarters of EarthLink Inc., a bigInternet-access provider. She leads a team of more than a dozen investigators whose job it is to find spammers, hackers and other “bad guys” who haunt the company’s network.

    Read more at The Wall Street Journal.


Julia’s Work

Julia Angwin specializes in investigative and technology journalism.

Her current primary area of interest is digital tracking and the way in which the digital revolution has enabled surveillance of all kinds. Ms. Angwin pioneered coverage of this area in the What They Know series for The Wall Street Journal.

Ms. Angwin's most recent book, Dragnet Nation: A Quest for Privacy, Security and Freedom in a World of Relentless Surveillance, discusses the impact of surveillance on our society.

In addition to her work on privacy, Ms. Angwin has long written about the technology industry as a whole and provided advice to everyday users in her Decoder column. Her last book, Stealing MySpace, chronicled the rise of online social networks.