Folks who’ve followed my exploits for a while will know that I use an UN-Godly number of different computers, operating systems, browsers even ISP connections (my use of public WiFi and a HotSpot). I know many think “way too complicated” or “must have a compulsion or something”.
I’d love to just have one laptop that I used forever and never change. It would be a lot less work. Unfortunately, life doesn’t let me do that. In many cases, the reason comes down to privacy vs tracking. Security by Obscurity and frequent flushing of bits to assure the flow is away from me and there’s some hope for a little peace, quiet, and privacy.
So about every 3 or 4 months you will see an article about some new SBC (Single Board Computer) I’ve bought and set up. Or an old “junker” that I’ve brought back from the dead. In between those, there will be articles about this or that different operating system installed, or maybe a comment about using at least 3 browsers on every system. The occasional complaint that I’ve lost track of all the systems I run or where some particular web page was kept open. In short, it’s a movable feast ( or rotating the shields to try to keep the Borg out…)
For example, the Mac I’m typing this on right now. I’ve had 2 different OS installs on it in about a year. I’m in the process of implementing a whole new micro-SD chip with a fresh install. (Well, “in the process” is a bit much. I bought the chip and have it in the carrier ;-) Inside a week or two I’ll be running on a brand new installation of a clean OS, fresh browser install, the whole nine yards.
I’ll scrape any files from this chip that I want to keep (any pdf or .img downloads, or screen caps on the desktop) and put them in a file archive (removable disk). Then create anew my preferred account name on the new chip. NOT brought forward will be any malware, beacons, cookies, etc. etc. scattered in the account or system.
Now this isn’t perfect. Some folks have started using the list of WiFi spots you’ve ever connected to, to finger you. Well 3 will be enough for me (home, Florida Friend, Niece) I’m the only overlap of those three. I’ll also lose the saved passwords to their WiFi (so will need to beg them again when I visit next). Not a major problem, just a petty annoyance.
On my desktop there are 2 SBCs I use most of the time for general browsing and email that gets saved (i.e. not just the browser interface). One is used about 30% of the time, the other, for one or two days a week. Then there are a few other system images used when I want to know I’m not leaving too many bread crumbs… So it works out to be sort of like:
1) Private system – no internet use, no email.
2) Communications system – internet, email, no private things.
3) Special Use system chips – Tor, router, bills – financial, browsing “risky” places, …
4) Wide Open Web Use – At the moment, the Mac laptop. Disposable at will. NEVER used for anything at all private. Only connection to the “home network” is via the telco router. Essentially my “public face” seen at public WiFi too.
There’s a usage habit wall between those systems. They don’t get to share much…
The YouTube Example
So one example of why, in a trivial way, is the use of YouTube on the TV sets. The LG TV says “I’m Smart!”… but that’s a relative judgment. It does have apps on it. One of them is YouTube. I have 3 Roku devices now. (Living room, bed room, office – though the office one claims to be by the pool outdoors. Why? They let me give the description ;-) Each Roku has a YouTube app.
These YouTube Apps are NOT as robust as the computer apps. They are designed to not need a keyboard, so a lot less “type something in and search”. You can do it, but painful… Instead, they offer things they think you might like based on profiling you. Except it doesn’t get much to go on as my TV doesn’t get the smarts used hardly at all (Roku is smarter and faster with many more choices) and near as I can tell the Roku is NOT sharing thing like what I watched. At least not with YouTube (Google / Alphabet…).
Now add in that I watch all 4 different YouTube instances at various times (along with using the Chromebox when I want more selectivity via keyboard, bookmarks, and a big screen, and the Mac when I just want a quick look for something…) we’re talking 6 different “Me” profiles.
What makes this fun is that on each, I tended to pick a different “First Thing” when I first was given a list of “what’s trending”. That, then, started the Stereotyping Du Jour on each App. It kept giving me more “in that mode” and I’d tend to watch more of “that thing”. There may also be some bias based on when I’m in each room and what I’m feeling like when in that room, but who knows.
The bottom line is the TV App thinks I’m “Way into Aviation”. Lots and Lots of aviation stuff. The Bedroom Roku YouTube just knows I’m interested in all things cultural and historical. Greeks and Ted Talks and how Antarctica formed. The Livingroom Roku is sure I’m interested in all things Military. Guns, ships, explosions… The Chromebox clearly thinks it knows me best – it offers lots and lots of music videos. Madona, Lady Gaga, Beyonce, Sia. Then I drive it a bit around the bend with a bunch of stuff in other languages. Mostly Spanish and Portuguese, but the odd run into Slavic and German and more… So it’s a little unsure on my language preferences. I’m particularly fond of some Shakira songs in Spanish – just better than the English ones IMHO.
Since that’s where I watch music videos, it’s sure I’m a teens or 20 something Latin guy. (Oddly, between that, and watching some Spanish Language TV on the Roku, AT&T has started showing me ads in Spanish – but ONLY on that TV!)
The one in the office is still trying to figure me out (it’s relatively new and not used often) while the Mac is a bit schtizo. I use it a lot of R&D for postings, so all sorts of strange stuff gets looked at, but rarely what would be called “typical entertainment”.
I mention all this for 3 reasons:
1) Realize YOUR YouTube experience will be far different from MY YouTube experience. Or even your YouTube experience on some new device you bring home…
2) They clearly ARE tracking what gets watched on each device. One must do a “reset” if you ever give the device away or sell it… At some point I’m going to do a reset on one of the Roku sticks, just to see what changes. But that’s a year+ in the future.
3) Polluting the data harvesting stream is your friend and valuable use of your time. At this point, “they” think there are 6 different users living here. A “Dad” into military stuff and machines. A quiet guy, Granddad?, interested in history and things academic including chemistry and geology. A Hispanic young guy with a thing for Shakira. Someone really interested in private planes and aviation, along with stories of strange and unbelievable things (like space aliens visiting). And someone who seems a bit scattered and just pops off into all sorts of random things.
Yet not one of us watches Cat Videos… so we’re really not normal ;-)
Then all of a sudden, some future day, one of them will “wink out” and a new persona will appear….
The Facebook Shaft
So what got me started on this note? Well, I’d been pondering something about the YouTube thing, but wasn’t motivated enough. Then I hit this little gem of a story:
Well, I knew Facebook tracked non-users. I’ve mentioned it here before. But this article gives some nice specifics. If for no other reason that Facebook, you need a separate and distinct “Browser Box” system. It can be as simple as a bootable “Live CD / DVD” link Knoppix, or a unique bootable USB Stick; or as complex and complete as a dedicated laptop or tablet. Just make sure it is somewhere you can periodically flush back to factory spec and not care.
Facebook admits it does track non-users, for their own good
Oh that snitch-code? It’s just a little thing to make the web more convenient … for Facebook and its advertisers
By Richard Chirgwin 17 Apr 2018 at 05:53
Facebook’s apology-and-explanation machine grinds on, with The Social Network™ posting detail on one of its most controversial activities – how it tracks people who don’t use Facebook.
It’s no real surprise that someone using their Facebook Login to sign in to other sites is tracked, but the post by product management director David Baser goes into (a little) detail on other tracking activities – some of which have been known to the outside world for some time, occasionally denied by Facebook, and apparently mysteries only to Zuck.
When non-Facebook sites add a “Like” button (a social plugin, in Baser’s terminology), visitors to those sites are tracked: Facebook gets their IP address, browser and OS fingerprint, and visited site.
Yes, even non-Facebook users have their IP, browser type, OS type / release and site cataloged to be used against you.
Now the first thing that ought to light up in your brain is how offensive this is. But the second thing ought to be that by mutating any of those parameters you can “fuzz” your identity in the database and put more crap in it. Things like having 4 browsers used on 3 OS fingerprints makes you 12 DIFFERENT entries. (Assuming you went to some Facebook afflicted site once with each combo). And NONE of them will match the identity of the OTHER system you use to buy things at Amazon or the other other one used to pay bills. Just trying to “connect those dots” will drive their little computer snoop robots around the bend.
Now do it sometimes from 3 or 4 public WiFi spots, occasionally reset your IP Address (leave the Telco router off when you go on vacation, it ought to DHCP a different address on your return). Sometimes use a mobile HotSpot. Swap ISP every year or three… (Oh, and for good measure, try to use machines that finger you as poor and not worth bothering, like a Raspberry Pi or an old Pentium machine some times… ;-)
Facebook denied non-user tracking until 2015, at which time it emphasised that it was only gathering non-users’ interactions with Facebook users. That explanation didn’t satisfy everyone, which was why The Social Network™ was told to quit tracking Belgians who haven’t signed on earlier this year.
Baser gave a pinky-promise that this kind of non-user tracking is all about functionality: “knowing your IP address allows us to send the Like button to your browser and helps us show it in your language. Cookies and device identifiers help us determine whether you’re logged in, which makes it easier to share content or use Facebook to log into another app.”
Don’t ya just love it when someone claims to have never ever done The Very Bad Thing? Don’t ya just hate when they get caught out and have to admit they always did The Very Bad Thing? Don’t ya just want to strangle them when they promise to never again do The Very Bad Thing they promised they didn’t do, but did?
Then there’s the tracking that advertisers perform on behalf of the news-groomer: “An advertiser can choose to add the Facebook Pixel, some computer code, to their site. This allows us to give advertisers stats about how many people are responding to their ads — even if they saw the ad on a different device — without us sharing anyone’s personal information.”
In other words, it’s data-gathering for advertisers, rather than for Facebook: an advertiser who plants the Facebook Pixel on their site gets an easy way to identify someone who bought something, so they can “reach this customer again by using a Custom Audience.”
Have you ever wondered why advertisers think you’re a perpetual customer for a product you just bought? Wonder no more (we’re aware that the Tweet below relates to Amazon, but you get the picture).
“The Facebook Pixel” – what a cute little name for a sneaky spying little weasel of a pixel… And then web sites wonder WHY I run an ad blocker and map their IP address to a black hole. It is NOT just to avoid their obnoxious dancing animated craplets, it is to put their spyware in jail too.
[.. cute little ‘letter to Amazon’ deleted. Hit the link…]
Facebook Analytics, the post said, “gives websites and apps data about how they are used”, with IP addresses offering geolocation, browser/OS fingerprints (developer information, promise!), and cookies dishing up “aggregated demographic information” about site visitors or app users.
The Facebook Audience Network links non-Facebook sites and apps to Facebook advertisers, and honestly, The Social Network™ only needs all that data it gathers for technical reasons like making sure the ads display correctly (fingerprints again), to encourage victims visitors to sign up to Facebook, and to hammer people with ads for similar products to the advertiser they viewed/clicked on.
If you don’t like all this, it’s your fault: you didn’t use Facebook’s preference menus (until recently hidden as if it were “in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard’”) to manage your news and advertising management.
Neither of which, of course, will be as effective as just blocking Facebook’s cookies. ®
Why I don’t want devices with a GPS in them for my browsing devices. It’s bad enough that the IP fingers my rough county location. I’m in the process of choosing a VPN (yes, a real paid for one with quality and everything) just to fuzz up that information too. Looks like about $4 /month, though as low as $2.75/mo if you buy 3 years in one go..
Now take just a moment to think about what you do.
What are you doing to isolate your web browsing from your email from your private work (taxes, documents)?
What are you doing to dirty the data on your “Fingerprint”? (OS type, Browser type, subtypes of each, release levels, etc.etc.)
What are you doing to dirty the data on your “geolocation”?
What are you doing to dirty the data on your IP address?
What are you doing to dirty the data on your identity or personal characteristics? (Said characteristics can just be what kind of music you like or favorite brand of candy…)
In short: What are you doing to defeat the intrusions into your life and onto your devices?
And that is why I have so many “computers in play” and change the OS types and rotate the browsers and flush the bit with a periodic reset of the account on most of them, and have dedicated machines for different use cases, and have 4 different “Smart TV” devices for 2 people with 6 different YouTube “identities” and never never ever sign up for “accounts” that finger me exactly with such folks. No social media (Facebook / Faceplant, Linked-In, etc.), no YouTube account, no Google Account (well, I had get one to set up the Chromebox, bit it is full of crap answers…)
Is it a royal Pain In The Ass? Yes.
But don’t do it and you get a bigger pain in the ass as they BOHICA you.