How your data feeds the beast

April 6th, 2019

Info 4 Sale

Outline:

  • Introduction
  • Rules n’ Such
  • History of surveillance & data brokers
  • Game (Red v Blue
  • Mini Workshops
    • Browser security
    • Securing local networks
  • Thank You/Resources

Who are we? Who are you?

  • We are the…
    • The Cypurr Collective: A group of folks that organize cybersecurity workshops and socials, looking to spread knowledge and talk about privacy rights!
  • ...and you are?
    • Name
    • Pronouns (i.e. he/him, she/her, they/them, etc)
    • In a few words, what brings you here today?

A few rules for this workshop …

  • Share the space!

    • Ask a question, give a comment, leave room for others to speak

  • Stack!  Raise your hand, we will queue speakers

  • Saf(er) Space

    • We DO NOT tolerate language or behavior purposefully meant to demean or harm others

    • Don't pressure anyone to discuss their experience/threat model/situation

    • Consent: Ask before helping someone out, e.g. before taking their device

  • Photo/Video- No photo/video without asking!

  • Reporters/Researchers: Make yourself known

  • Bonus Rule: Don't invalidate experiences!

     

A Brief history of

Surveillance Capitalism

"What we wanted to do was to build a tool that made it easy for everyone, everywhere to share knowledge, opinions, ideas and photos of cute cats. [...]  What we’re asking for today is a conversation about how we could do this better, since we screwed up pretty badly the first time around."

Maciej Cegłowski

Ad-based internet

the thing no one wanted

Oct 27, 1994: First banner ads online, on Wired's "HotWired" site.

  •  AT&T paid $30,000 for 3 months of ad presence
  • Website space treated as real-estate-- unlike "pay-to-click"
  • 44% click-through rate (closer to 0.06% today)
  • "Let's not sell somebody something, let's reward them for clicking on this thing brought to you by AT&T."

Targeted Ads and OPC

1995, WebConnect

  • Matched advertisers with sites their "ideal customers" visit.
  • CustomView tool, limited the number of times on saw a banner ad

 

1996, Doubleclick

  • Advertisers had no idea if banner ads were working
  • Dynamic Advertising Reporting & Targeting (DART)
  • Can track clicks, and change ads during ad campaigns
  • switch to Cost per impression (CPI or CPM) for dat ROI

(Ads helped make gifs animated)

Internet's Original Sin

1997, the pop-up ad

  • a way to associate an ad with a site, without taking up space
  • In response to the decline of banner clicks
  • By early 00's, blocked by default
  • " I wrote the code to launch the window and run an ad in it. I’m sorry. Our intentions were good." Ethan Zuckerman

Paid Search and PPC

1999, pay-for-placement

  • Search engines (GoTo.com/Yahoo),  sell result ranking

2000, pay-per-click

  • GoTo $1 per click
  • No idea if it worked
    • Google AdWords, ranked according to a combo of payment and click-through rate

Proper surveillance capitalism

2006, hyper-targeting

  • Banners are dead, social media growing
  • Facebook starts using user data to display sponsored links and small ads

2010, the use of native ads

  • Ads still have low click rate and are being blocked
  • Advertisements as content
  • Facebook, Youtube, etc promote existing user content which is favorable to clients

Features of surveillance capitalism

  1. The drive toward more and more data extraction and analysis.
  2. The development of new contractual forms using computer-monitoring and automation.
  3. The desire to personalize and customize the services offered to users of digital platforms.
  4. The use of the technological infrastructure to carry out continual experiments on its users and consumers.

~Hal R. Varian, Chief Economist at Google

Why such surveillance?

  • Advertisements don't work. Few companies have been able to run on them (Yahoo, Gawker)
  • Tech relies on Investor Storytime, premised on promises od ad revenue

    • "We’d run as a subscription service! [...] Get paid to bundle a magazine with textbook publishers! Sell T-shirts and other branded merch!

      At the end of the day, the business model that got us funded was advertising." (Ethan Zuckerman)

  • The mystery machine of Big Data + Algorithms = $$$ has become the best story. Not because it works, but because it is easiest.
  • Insensitive of "digital-gangsters"-- most predictable behavior is forced behavior.
  • Lots of made up data

Game: Red v Blue

Scenario:

US based internet search giant Goggle Inc has successfully implemented a new program DragonFly in the Peoples Republic of China. This project allows China to manipulat internet search results in their country in a form of "soft censorship", out outright blacklist objectionable terms. Goggle has faced a lot of public backlash for this decision from customers, rival companies, humanitarian organizations, and even their own workers-- giving them an inscentive to minimize the publicity of this project as much as possible or frame it in a positive light. They are also facing more scruitiny for their mass collection of user data, facing EU sanctions and stiff compitition for rivals such as GooseGo.

 

Mini Workshops

  1. Network security

2. Browser Security

Thank You and Resources

  • CyPurr Collective

    • https://www.cypurr.nyc

    • Facebook & Twitter

  • Sign up to our email list too, we won’t spam ya!

  • Further Resources

    • NYC CryptoParty Meetup/CryptoParty Harlem (Meetup)

    • HackBlossom (Hackblossom.org)

    • ctrlshift.space I/O

    • Tactical Tech Collective- Holistic Security, MyShadow, Data Detox

  • EFF- Surveillance Self Defense (ssd.eff.org)

  • Freedom of the Press Foundation (Freedom.press)

Upcoming

  • Anniversary Party April 20th
  • securiTEA time April 21st
  • Here again on May 4th
  • Open meeting here the week after
  • Find more on Facebook/Twitter/ email list

Thank You!

Made with Slides.com