[Plura-list] The surveillance advertising to financial fraud pipeline
Cory Doctorow
doctorow at craphound.com
Fri Sep 29 10:01:34 EDT 2023
Read today's issue online at: https://pluralistic.net/2023/09/29/ban-surveillance-ads/
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
Monday (October 2), I'll be in Boise to host an event with VE Schwab:
https://www.thecabinidaho.org/all-events/ve-schwab
On October 7-8, I'm in Milan to keynote Wired Nextfest:
https://eventi.wired.it/nextfest23-milano
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
Today's links
* The surveillance advertising to financial fraud pipeline: Finding suckers is the one thing ad-targeting is good at.
* Hey look at this: Delights to delectate.
* This day in history: 2003, 2008, 2013, 2018, 2022
* Colophon: Recent publications, upcoming/recent appearances, current writing projects, current reading
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧛🏼♂️ The surveillance advertising to financial fraud pipeline
Being watched sucks. Of all the parenting mistakes I've made, none haunt me more than the times my daughter caught me watching her while she was learning to do something, discovered she was being observed in a vulnerable moment, and abandoned her attempt:
https://www.theguardian.com/technology/blog/2014/may/09/cybersecurity-begins-with-integrity-not-surveillance
It's hard to be your authentic self while you're under surveillance. For that reason alone, the rise and rise of the surveillance industry - an unholy public-private partnership between cops, spooks, and ad-tech scum - is a plague on humanity and a scourge on the Earth:
https://pluralistic.net/2023/08/16/the-second-best-time-is-now/#the-point-of-a-system-is-what-it-does
But beyond the psychic damage surveillance metes out, there are immediate, concrete ways in which surveillance brings us to harm. Ad-tech follows us into abortion clinics and then sells the info to the cops back home in the forced birth states run by Handmaid's Tale LARPers:
https://pluralistic.net/2022/06/29/no-i-in-uter-us/#egged-on
And even if you have the good fortune to live in a state whose motto isn't "There's no 'I" in uter-US," ad-tech also lets anti-abortion propagandists trick you into visiting fake "clinics" who defraud you into giving birth by running out the clock on terminating your pregnancy:
https://pluralistic.net/2023/06/15/paid-medical-disinformation/#crisis-pregnancy-centers
The commercial surveillance industry fuels SWATting, where sociopaths who don't like your internet opinions or are steamed because you beat them at Call of Duty trick the cops into thinking that there's an "active shooter" at your house, provoking the kind of American policing autoimmune reaction that can get you killed:
https://www.cnn.com/2019/09/14/us/swatting-sentence-casey-viner/index.html
There's just a lot of ways that compiling deep, nonconsensual, population-scale surveillance dossiers can bring safety and financial harm to the unwilling subjects of our experiment in digital spying. The wave of "business email compromises" (the infosec term for impersonating your boss to you and tricking you into cleaning out the company bank accounts)? They start with spear phishing, a phishing attack that uses personal information - bought from commercial sources or ganked from leaks - to craft a virtual Big Store con:
https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/common-scams-and-crimes/business-email-compromise
It's not just spear-phishers. There are plenty of financial predators who run petty grifts - stock swindles, identity theft, and other petty cons. These scams depend on commercial surveillance, both to target victims (e.g. buying Facebook ads targeting people struggling with medical debt and worried about losing their homes) and to run the con itself (by getting the information needed to pull of a successful identity theft).
In "Consumer Surveillance and Financial Fraud," a new National Bureau of Academic Research paper, a trio of business-school profs - Bo Bian (UBC), Michaela Pagel (WUSTL) and Huan Tang (Wharton) quantify the commercial surveillance industry's relationship to finance crimes:
https://www.nber.org/papers/w31692
The authors take advantage of a time-series of ZIP-code-accurate fraud complaint data from the Consumer Finance Protection Board, supplemented by complaints from the FTC, along with Apple's rollout of App Tracking Transparency, a change to app-based tracking on Apple mobile devices that turned of third-party commercial surveillance unless users explicitly opted into being spied on. More than 96% of Apple users blocked spying:
https://arstechnica.com/gadgets/2021/05/96-of-us-users-opt-out-of-app-tracking-in-ios-14-5-analytics-find/
In other words, they were able to see, neighborhood by neighborhood, what happened to financial fraud when users were able to block commercial surveillance.
What happened is, fraud plunged. Deprived of the raw material for committing fraud, criminals were substantially hampered in their ability to steal from internet users.
While this is something that security professionals have understood for years, this study puts some empirical spine into the large corpus of qualitative accounts of the surveillance-to-fraud pipeline.
As the authors note in their conclusion, this analysis is timely. Google has just rolled out a new surveillance system, the deceptively named "Privacy Sandbox," that every Chrome user is being opted in to unless they find and untick three separate preference tickboxes. You should find and untick these boxes:
https://www.eff.org/deeplinks/2023/09/how-turn-googles-privacy-sandbox-ad-tracking-and-why-you-should
Google has spun, lied and bullied Privacy Sandbox into existence; whenever this program draws enough fire, they rename it (it used to be called FLoC). But as the Apple example showed, no one *wants* to be spied on - that's why Google makes you find and untick three boxes to opt out of this new form of surveillance.
There is no consensual basis for mass commercial surveillance. The story that "people don't mind ads so long as they're relevant" is a lie. But even if it was true, it wouldn't be enough, because beyond the harms to being our authentic selves that come from the knowledge that we're being observed, surveillance data is a crucial ingredient for all kinds of crime, harassment, and deception.
We can't rely on companies to spy on us responsibly. Apple may have blocked third-party app spying, but they effect nonconsensual, continuous surveillance of every Apple mobile device user, and lie about it:
https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar
That's why we should *ban commercial surveillance*. We should outlaw surveillance advertising. Period:
https://www.eff.org/deeplinks/2022/03/ban-online-behavioral-advertising
Contrary to the claims of surveillance profiteers, this wouldn't reduce the income to ad-supported news and other media - it would *increase* their revenues, by letting them place ads without relying on the surveillance troves assembled by the Google/Meta ad-tech duopoly, who take the majority of ad-revenue:
https://www.eff.org/deeplinks/2023/05/save-news-we-must-ban-surveillance-advertising
We're 30 years into the commercial surveillance pandemic and Congress still hasn't passed a federal privacy law with a private right of action. But other agencies aren't waiting for Congress. The FTC and DoJ Antitrust Divsision have proposed new merger guidelines that allow regulators to consider privacy harms when companies merge:
https://www.regulations.gov/comment/FTC-2023-0043-1569
Think here of how Google devoured Fitbit and claimed massive troves of extremely personal data, much of which was collected because employers required workers to wear biometric trackers to get the best deal on health care:
https://www.eff.org/deeplinks/2020/04/google-fitbit-merger-would-cement-googles-data-empire
Companies can't be trusted to collect, retain or use our personal data wisely. The right "balance" here is to simply ban that collection, without an explicit opt-in. The way this should work is that companies can't collect private data unless users hunt down and untick three "don't spy on me" boxes. After all, that's the standard that Google has set.
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧛🏼♂️ Hey look at this
* Philips Kept Complaints About Dangerous Breathing Machines Secret While Company Profits Soared https://www.propublica.org/article/philips-kept-warnings-about-dangerous-cpaps-secret-profits-soared
* The Philips Hue ecosystem is collapsing into stupidity https://rachelbythebay.com/w/2023/09/26/hue/ (h/t Slashdot)
* Breaking Down What the Writers Guild Won https://gizmodo.com/breaking-down-what-the-writers-guild-won-1850877952
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧛🏼♂️ This day in history
#20yrsago Accenture puts Verisign in charge of US Internet voting https://web.archive.org/web/20031008122745/http://rss.com.com/2100-1029_3-5083772.html
#15yrsago Olympics reach a new low: trademarking the Canadian national anthem and threatening lawsuits over competing uses https://web.archive.org/web/20080928162742/http://www.cbc.ca/canada/british-columbia/story/2008/09/25/bc-vancouver-olympics-trademark-o-canada.html
#15yrsago Philip Pullman on the futility and evil of banning books https://www.theguardian.com/books/2008/sep/29/philip.pullman.amber.spyglass.golden.compass.banned
#10yrsago No one harmed in Whac-a-Mole/Rock-a-Fire band warehouse explosion https://web.archive.org/web/20130930154953/https://blogs.miaminewtimes.com/riptide/2013/09/the_guy_who_invented_the_whac-.php
#10yrsago Top UK cop calls for end to war on drugs, legalization of Class A substances https://www.theguardian.com/commentisfree/2013/sep/28/ending-war-on-drugs-cut-crime-mike-barton
#5yrsago Twitter suspends academic who quoted feminist STEM research https://civic.mit.edu/2018/09/29/twitter-suspended-me-for-tweeting-feminist-academic-research-heres-why-thats-a-problem/
#5yrsago Visualizing the relative evasiveness of Kavanaugh and Ford https://www.vox.com/policy-and-politics/2018/9/28/17914308/kavanaugh-ford-question-dodge-hearing-chart
#5yrsago A detailed anatomy of the hack that compromised Facebook's 50 million user breach https://www.vice.com/en/article/bja7qq/how-50-million-facebook-users-were-hacked
#5yrsago Facebook's spam filter blocked the most popular articles about its 50m user breach https://memex.craphound.com/2018/09/29/facebooks-spam-filter-blocked-the-most-popular-articles-about-its-50m-user-breach/
#1yrago Porn on Tumblr is a complicated subject https://pluralistic.net/2022/09/29/go-nuts-show-nuts/#chokepoints
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧛🏼♂️ Colophon
Today's top sources: Naked Capitalism (https://www.nakedcapitalism.com/).
Currently writing:
* A Little Brother short story about DIY insulin PLANNING
* Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. FORTHCOMING TOR BOOKS JAN 2025
* The Bezzle, a Martin Hench noir thriller novel about the prison-tech industry. FORTHCOMING TOR BOOKS FEB 2024
* Vigilant, Little Brother short story about remote invigilation. FORTHCOMING ON TOR.COM
* Moral Hazard, a short story for MIT Tech Review's 12 Tomorrows. FIRST DRAFT COMPLETE, ACCEPTED FOR PUBLICATION
* Spill, a Little Brother short story about pipeline protests. FORTHCOMING ON TOR.COM
Latest podcast: How To Think About Scraping https://craphound.com/news/2023/09/24/how-to-think-about-scraping/
Upcoming appearances:
* An Evening with VE Schwab (Boise), Oct 2
https://www.thecabinidaho.org/all-events/ve-schwab
* Wired Nextfest (Milano), Oct 7-8
https://eventi.wired.it/nextfest23-milano
* The Internet Con at Moon Palace Books (Minneapolis), Oct 15
https://moonpalacebooks.com/events/30127
* 26th ACM Conference On Computer-Supported Cooperative Work and Social Computing keynote (Minneapolis), Oct 16
https://cscw.acm.org/2023/index.php/keynotes/
* 41st annual McCreight Lecture in the Humanities (Charleston, WV), Oct 19
https://festivallcharleston.com/venue/university-of-charleston/
* Seizing the Means of Computation (Edinburgh Futures Institute), Oct 25
https://efi.ed.ac.uk/event/seizing-the-means-of-computation-with-cory-doctorow/
Recent appearances:
* Seize the Means of Computation (Movement Memos)
https://open.spotify.com/episode/3OXPCnbiZHdIxUf8UTFnnu
* How to Seize the Means of Computation (rHatchery)
https://www.podpage.com/rhatcherylive/how-to-seize-the-means-of-computation/
* Give Them An Argument
https://www.youtube.com/watch?v=yhTphllBUEM
Latest books:
* "The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
* "Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com. Signed copies at Dark Delicacies (US): and Forbidden Planet (UK): https://forbiddenplanet.com/385004-red-team-blues-signed-edition-hardcover/.
* "Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
* "Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The *Washington Post* called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance." Order signed, personalized copies from Dark Delicacies https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html
* "How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59 (print edition: https://bookshop.org/books/how-to-destroy-surveillance-capitalism/9781736205907) (signed copies: https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)
* "Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
* "Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p2682/Corey_Doctorow%3A_Poesy_the_Monster_Slayer_HB.html#/.
Upcoming books:
* The Lost Cause: a post-Green New Deal eco-topian novel about truth and reconciliation with white nationalist militias, Tor Books, November 2023
* The Bezzle: a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books, February 2024
* Picks and Shovels: a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books, February 2025
* Unauthorized Bread: a graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2025
This work - excluding any serialized fiction - is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Pluralistic.net
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
https://mamot.fr/@pluralistic
Medium (no ads, paywalled):
https://doctorow.medium.com/
(Latest Medium column: "How To Think About Scraping: In privacy and labor fights, copyright is a clumsy tool at best https://doctorow.medium.com/how-to-think-about-scraping-2db6f69a7e3d)
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
https://twitter.com/doctorow
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xBF3D9110957E5F4C.asc
Type: application/pgp-keys
Size: 4820 bytes
Desc: OpenPGP public key
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20230929/d720e83c/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20230929/d720e83c/attachment.sig>
More information about the Plura-list
mailing list