copyright 2013 1 roger clarke xamax consultancy, canberra visiting professor in computer science,...

Copyright2013

1

Roger ClarkeXamax Consultancy, Canberra

Visiting Professor in Computer Science, ANUand in Cyberspace Law & Policy, UNSW

Wirtschaftsinformatik Forum – GI Deutsches Eck Universität Koblenz-Landau

17. Januar 2013

http://www.rogerclarke.com/EC/eCIS {.html, .ppt}

eConsumer InsecurityFive Headlines – Sensationalist But

True

Copyright2013

2

What Do eConsumers Do?

• Inter-Personal CommsEmail, Chat/IM

• Content Discoveryand Access

• Reading

• Content PublicationWeb-Sites, Blogs, Personal Galleries, Music, Video

• Doc Prep

• File-Sharing with Friends, Colleagues

• Personal DatabasesAccounting, Investments, Hobbies, Family Trees

Copyright2013

3

Consumer Computing

Email clients, usingsmtp/pop/imap

Personal Web-Sites

Dedicated Devices

Office on the Desktop

FTP-server and -client

[Books]

Webmail, usinghttp / https

Flickr, Picasa, 3rd Party Blogs

iTunes

Zoho, Google Docs

Dropbox

eBooks, Rented

Functions Applications ==>> Services 1975-2000 2000-Email

Personal Galleries

Personal Music

Doc Prep

File-Sharing

Readinghttp://www.rogerclarke.com/EC/CCC.html

Copyright2013

4

A Participant-Oriented Classification of Social Media

Interaction

Broadcast

Collaborationor

Sharing

few1

many1

1 1

Content

Indicator

Gaming

many1

OR(Closed)

(Open)

(Semi-Open or Open)

Email / Chat-IM / Skype

Web-Pages'Walled-garden' 'wall-

postings'YouTube

Wikis

Dis/Approval'Like', '+1'

Second Life

http://www.rogerclarke.com/DV/SMTD.html

Copyright2013

5

eConsumer Wants – 1 of 4The Basic Needs• Does it do what I want it to do? [Fit]• Will it be there when I want it? [Availability,

Reliability]

http://www.rogerclarke.com/EC/CCC.html

Copyright2013

6

eConsumer Wants – 2 of 4The Basic Needs• Does it do what I want it to do? [Fit]• Will it be there when I want it? [Availability, Reliability]

The Basic Protections• How do I keep going if it stays fallen over for a long time?

[Service Interruptions]• Will you respond helpfully and quickly enough when I ask for help?

[Customer Service]• Will you lose my data, or muck it up? [Data Integrity]• Do I get my data back if you fall over or withdraw the service? [Survival]• Can I move my data to another supplier? [Lateral Compatibility]• Who can I complain to if I get dudded, and will they actually help me?

[Consumer Protection]


Copyright2013

7

eConsumer Wants – 3 of 4More Advanced Needs• Will it keep doing what it does now? [Service Integrity]• Will it stay up-to-date? [Future Fit]• Will it fall over too often? [Robustness]• Will it come back quickly after it falls over? [Resilience]• Is my service protected against you, them and the gods? [Service

Security]• If bits of it are broken, will you fix it without breaking it some

more? [Maintainability]• Can I fiddle with it a bit if I need to? [Flexibility]• Can I move my data to an upgraded version? [Forward

Compatibility]• How long will old versions keep working for me?

[Backward Compatibility]• Am I breaking the law if I use the service? [Legal Compliance]


Copyright2013

8

eConsumer Wants – 4 of 4More Advanced Protections• Am I going to get gouged? [Cost]• Can only appropriate people get in and do things?

[Authentication and Authorisation]• Can I get access to all data that you hold about me?

[Subject Access]• Is my data protected against you, them and the gods?

[Data Security]• Is my privacy protected against you, them and the gods?

[Privacy Controls]• If I terminate our relationship, will my data be irretrievably

deleted? [Fully Effective Withdrawal]• What happens to my data if I die? [Archival /

Memorialisation]


Copyright2013

9

Headline 1:

Software on consumer devices becomes datedand local data is often not recoverable, but ...

eConsumer services are a very bad deal

Copyright2013

10

The Terms of Service

• eConsumers can usually only know what Terms apply to an earlier transaction if they mirrored the Terms at the time

• The Terms applicable to the next transaction may not be the same as they were for previous transactions

• The Terms applicable to transactions and to the eConsumer’s data are entirely under the provider's control

• eConsumers can place no reliance on what they may have previously read or heard about the Terms

Copyright2013

11

Second-Party Risk-Exposure Summary of Results

• 3 – the Terms provide the ISP with no right to use the data (iinet, Internode, Yahoo!)

• 2 – use is authorised, but ... only in a manner directly related to the contract (Infinite, Zoho)

• 1 – use is limited to 'access' - although what that limitation means is unclear (Dropbox)

• 1 – use is authorised "to provide the service" - which can be readily interpreted as being the service as a whole not just the service provided to that user (MS Live)

•• 2 – the ISP has very substantial rights (Google, LinkedIn)

http://www.rogerclarke.com/EC/IU-SPE-1012.html

Copyright2013

12

In-Depth• No responsibility to provide the service,

or to do so reliably, or to sustain data stored in it• Subscribers must disclose physical location, even if

irrelevant• No internal complaints process• No rights to restitution, no liability for identity fraud• LinkedIn gains rights to customers' data that are almost

equivalent to the rights of the customers themselves• Unilateral changes to the Privacy Statement, without

notice• Storage in the USA under lax privacy laws• No undertakings to control staff behaviour• Enforced 'permission' to disclose personal data, "to

assist government enforcement agencies", without legal authority

• Inadequate subject access and correction rightshttp://www.rogerclarke.com/EC/LinkedIn-1012.html

QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.

Copyright2013

13

The Cloudy Future of Consumer Computing

• Inaccessibility and Lack of Clarity of Terms• Service Malfunctions• Loss of Data• Provider Exploitation of Personal Data• Largely unfettered scope for changes to the Terms• Supra-Jurisdictionality and Use of Regulatory

Havens• Seriously Inadequate Consumer Protections

• Dominance of US marketing morés• Pro-corporate / anti-consumer US regulators• Meekness of regulators in other countries• Lack of Organised Consumer Resistance


http://www.rogerclarke.com/EC/CCEF-CO.html

Copyright2013

14

Headline 2:

Mobile devices are irretrievably insecure

Copyright2013

15

MalContent

• How Much Illegal Porn ison Your Personal DeVices?

http://www.rogerclarke.com/II/OffIm0511.html

Copyright2013

16

MalContent


• Unexpected Email-Attachments and Microsoft Email-Emedded Files

• Unexpected Downloads over the Web

• Unwitting Downloads over P2P• Malware, Unauthorised Users, ...

http://www.rogerclarke.com/II/OffIm0511.html

Copyright2013

17

MalContent


• Unexpected Email-Attachments and Microsoft Email-Emedded Files

• Unexpected Downloads over the Web

• Unwitting Downloads over P2P• Malware, Unauthorised Users, ...

• How can you know?http://www.rogerclarke.com/II/OffIm0511.html

Copyright2013

18

MalBehaviour

• Many categories, includingFlaming, Incitement, 'Trolling', ...

• 'Social Engineering'Enveigling users into harmful actions, incl.• 'Phishing', esp. for authenticators• Download of 'free anti-virus software'

Copyright2013

19

MalwareA Definition to Cope with the

Complexities Software, or a software component or feature,

that(1) is capable of being Invoked on a device;

and(2) on invocation, has an Effect that is:

• Unintended by the person responsible for the device; and

• Potentially Harmful to an interest of that or some other person

http://www.rogerclarke.com/II/RCMal.html

Virus Worm Spyware Backdoor / Trapdoor Remote Admin Tool Rootkit Drive-by-Download

Copyright2013

20

Absolute-Minimum InfoSec Safeguards

Malware Detection and Eradication

http://www.xamax.com.au/EC/ISInfo.pdf

QuickTime™ and aTIFF (LZW) decompressor

are needed to see this picture.


are needed to see this picture.QuickTime™ and a

TIFF (LZW) decompressorare needed to see this picture.

Copyright2013

21


1. Physical Safeguards2. Access Control3. Malware Detection and

Eradication4. Patching Procedures5. Firewalls6. Incident Management Processes7. Logging8. Backup and Recovery9. Training10.Responsibility

http://www.xamax.com.au/EC/ISInfo.pdf

Copyright2013

22


1. Physical Safeguards2. Access Control3. Malware Detection and

Eradication4. Patching Procedures5. Firewalls6. Incident Management Processes7. Logging8. Backup9. Training10.Responsibility

As applicable to consumers as to business and government

Copyright2013

23

Headline 3:

That's not a Password; it's a Passéword

Kennwort wurde schon Bekanntwort

Copyright2013

24

Password Vulnerabilities and ThreatsDirect Acquisition• Visual Observation• Electronic Observation

Keystroke LoggingDiscovery of a Personal Password Database

• Interception• PhishingCompounding Factors• Use of One Password

for Multiple Accounts• Continued Use of a

Compromised Password

Indirect Acquisition• Guessing• 'Brute Force' Guessing• Compromise of the

Password-Reset Process• Compromise of a

Password Stored by a Service-Provider

• Acquisition and Hacking of a Password-Hash File

http://www.rogerclarke.com/II/Passwords.html

Copyright2013

25

Access Control – Threats Safeguards

• What You Knowpassword, 'shared secrets'

• What You Haveone-time password gadget,

a digital signing key• Where You Are

your IP-address, device-ID

• What You Area biometric, e.g. fingerprint

• What You Dotime-signature of password-typing key-strikes

• Who or What You Arereputation, 'vouching'

• Interception Channel Encryption, e.g. SSL/TLS

• Rogue or Compromised Second Party Transmission and Storage of only a password hash

• Compromise of the Client One-Time Passwords, Variable Action Passwords

• Imposter Multi-Factor Use Authentication:

Copyright2013

26

Headline 4:

Mobile devices are irretrievably insecure

Web technologies are designed to be insecure

Copyright2013

27

Server Control of Consumer Devices

• Java Applets• ActiveX 'Controls'• 'Asynchronous JavaScript

and XML' (AJAX)• Drive-by Downloads• HTML5 • Mobile Apps

Copyright2013

28

Drive-By Downloads• A big majority of requests to web-sites result in

Unrequested Content being pushed to the browser from other sites – variously 'strategic partners' and parasites

• Third-Party Tracking Cookies are imposed by the vastmajority of commercial web-sites, and are used by over 200 tracking companies (DoubleClick, et al.)

• Those companies use Additional Spyware to try to circumvent protections (web-bugs, Flash cookies, etc.)

• All of this is in breach of eConsumer consent

• Careful eConsumers use Protections

Copyright2013

29





Copyright2013

30

HTML

• Support for:• multi-media streaming• open channels as well as sessions• geolocation

• A way to subvert sandboxing• A way to subvert user control,

by inverting the Web from pull to push• A way to access local data and devices

(e.g. cameras, microphones), giving rise to "A Pandora’s box of tracking in the Internet”

http://www.sophos.com/en-us/medialibrary/PDFs/other/sophosHTML5andsecurity.pdf




Copyright2013

31

Mobile Apps

• Will Google and Apple protect eConsumers against other parties?

• Who will protect eConsumers against Google and Apple?

• Retrofitting of Mobile OS to the DesktopMac OSX iOS Android / bluetracks





Copyright2013

32

Headline 5:

The spy in your pocket leaks your location,

10 times per second, and

to far more organisations than you thought

Copyright2013

33

The Practicability of Location and Tracking

• Cell-Location is intrinsic to wireless network opsMore Precise Location is now mostly available

http://www.rogerclarke.com/DV/YAWYB-CWP.html

Copyright2013

34

The Primary Geolocation Technologies



http://www.rogerclarke.com/DV/LTMD.html

Copyright2013

35

The Practicability of Location and Tracking

• Cell-Location is intrinsic to wireless network opsMore Precise Location is now mostly available

• Tracking is feasible, because the handset sends a stream of messages

• Retrospective Tracking is feasible if the series of locations is logged (√), and the log is retained (√)

• Real-Time Tracking is feasible if the data-stream is intense (√) and latency is low (√)

• Predictive Tracking is feasible if the data-stream is intense (√) and latency is low (√)

http://www.rogerclarke.com/DV/YAWYB-CWP.html

Copyright2013

36

Terms of ServiceImposed by ISPs on Consumers

• Substantial Rights to collect, use and disclose personal data, incl. location data

• Unilateral Power:• to change the Terms of Service• to do so without notice• to do so with immediate effect

• No Obligation to delete data, ever

http://www.rogerclarke.com/EC/IU-SPE-1012.html

Copyright2013

37

Rampant Location and Tracking

• Through Pseudo-Consent:• Uncontrolled personal data collection• Uncontrolled personal data use• Uncontrolled personal data disclosure

• US data havens undermine EU protections• Consumer rights and data protection laws

inadequate for the task• Parliaments, Regulators asleep at the wheel

Copyright2013

38

Headline Spare:

Unauthenticated payments are switching card risks from merchants to consumers




Copyright2013

39

Headline Bonus:

Social media services have only one business model,

and it's based on personal data exploitation

and behaviour manipulation


are needed to see this picture.QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.QuickTime™ and a


Copyright2013

40

Copyright2013

41

Some Implications

Copyright2013

42

Naive Advice from 1998'Apply Consumer-Friendly

Principles'• Information

• Choice

• Consent• 'opt-in' the norm• 'opt-out' with stringent

justification

• Fair Conditions

• Recourse

http://www.rogerclarke.com/DV/DirectMkting.html#Princ

Copyright2013

43

Consumer-Oriented Social Media Features

Interoperability, Portability

• Content, Messages

Consent, which means:• Informed• Freely-Given• Granular not Bundled• Settings Management• Conservative Defaults

Trustworthy Terms

Identity Protections• Protected Pseudonyms• Multiple Identities• Caveats, Social Norms

and Reputations

Non-User Protections• Content• Social Networks

Location Protections

http://www.rogerclarke.com/II/COSMO-1211.html

Copyright2013

44

Some Possible Measures

• IT Security Risk Assessment (SRA)done by someone, from the eConsumer Perspective

• IT Security Risk Management Planning (SRMP)done by someone, from the eConsumer Perspective

• Designed-In Security Safeguards• Practicable and Economic• Default and with Minimal Usability Trade-Off• Documented, with Tutorials

Copyright2013

45

Ways to Get There

• Depend on the proactive and productive prosumer?

• Impose liability for designed-in insecurity?• Impose liability for serious security errors?

• Develop eConsumer Protection Law?http://www.rogerclarke.com/EC/ICEC06.html#TNT

• Impose Minimum Privacy Undertakings?http://www.rogerclarke.com/DV/PST.html

• Impose Standards on eConsumer Services?http://www.rogerclarke.com/EC/CCC.html#CRR

Copyright2013

46

BYOD Issues• Hosting Organisation Perspective

• Need for Network Protection• Need for Device Challenge and Testing• Need for Minimum Security Standards• Need to provide Device-Cleansing Advice

• eConsumer Perspective• Transparency of the Organisation’s

Actions• Auto-Reporting of Sensitive Information• Exclusion from Services / Participation

Copyright2013

47

Will Consumers Be Precluded From Owning General-Purpose Computing

Devices?

Many powerful groups will discover that they want it

• Copyright-Dependent Corporations• Government Censors• The Moral Minority, who want governments to extend

censorship to whatever content the moral minority thinks the majority shouldn't have access to

• (Dominant) Computing Device Providers (iOS, Android)• Law Enforcement & National Security Agencies

(LEANs)• 'Fraud Experts'• Employers and other Organisations permitting BYOD

Copyright2013

48

eConsumer InsecurityFive Headlines – Sensationalist But True

Agenda• eConsumers• 5 Headlines

• eConsumer services are a very bad deal• Mobile devices are irretrievably insecure• Passwords are Passé; Kennwort heisst

Bekannt• Web technologies are designed to be insecure• Mobiles leak location, very often, far and

wide• Some Implications

Copyright2013

49

Roger ClarkeXamax Consultancy, Canberra

Visiting Professor in Computer Science, ANUand in Cyberspace Law & Policy, UNSW

Wirtschaftsinformatik Forum – GI Deutsches Eck Universität Koblenz-Landau

17. Januar 2013

http://www.rogerclarke.com/EC/eCIS {.html, .ppt}

eConsumer InsecurityFive Headlines – Sensationalist But

True

Copyright2013

50

Copyright2013

51

eConsumer Differentiation

• Education, Income, Wealth• Infrastructure Availability• Technical Capability

• Opportunity-Awareness• Leadership / Followership• Risk-Awareness, Risk-

Aversion

• Age / 'Generation'

Copyright2013

52

The Generations of eConsumers

Indicative Indicative Generation Birth-Years Age in 2010Silent / Seniors 1910-45 65-100Baby Boomers – Early 1945-55 55-65Baby Boomers – Late 1955-65 45-55Generation X 1965-80 30-45Generation Y 1980-95 15-30The iGeneration 1995- 0-15

Copyright2013

53

The Generations of eConsumers

Baby Boomers (45-65)Handshake/phone, PCs came late, had to adapt to mobile phonesWork is Life, the team discusses / the boss decides, process-oriented

GenXs (30-45)Grew up with PCs, email and mobile phones, hence multi-taskersWork to Have More Life, expect payback from work, product-oriented

GenYs (15-30)Grew up with IM/chat, texting and video-games, strong multi-taskersLife-Work Balance, expect fulfilment from work, highly interactive

iGens (to 15)Growing up with texting, multi-media social networking, networked games, multi-channel immersion / inherent multi-tasking?Life before Work, even more hedonistic, highly (e-)interactive

Copyright2013

54

ActiveX 'Controls'• There is no ‘sandbox’. Access is given not just to

the browser but to the entire workstation• The designer thereby gains enormous power

over remote workstations• An ActiveX ‘control’ can be ‘authenticated’, but

that doesn’t assure that it will not be harmful• ActiveX security problems are far worse than

Java:“The embedding of ActiveX into the Internet Explorer web browser created a combination of functions that has led to an explosion of computer virus, trojans and spyware infections” (An over-ridden Wikipedia entry for ActiveX)

Copyright2013

55

A ‘Lightweight Alternative’ – AJAX

• 'Asynchronous JavaScript and XML'• A Successor to the vague ‘Dynamic HTML’• Applies well-established tools:

(X)HTML/CSS -> XML, JavaScript/ECMAScript • Utilises the XMLHttpRequest Method of HTTP

in particular to enable partial-window-refresh• Involves an 'Ajax engine' within the

browser, which intercepts and processes user-requests and server-responses

http://www.rogerclarke.com/EC/Web2C.html#AltT

Copyright2013

56

Headline Spare:

Unauthenticated payments are switching card risks from merchants to consumers

Copyright2013

57

Contactless Chips

• RFID / NFC chip embedded in card

• Wireless operation, up to 5cm from a terminal

• Visa Paywave and MasterCard PayPass

• Up to $100 (cf. original $25)





Copyright2013

58

Contactless Chip-Cards as Payment Devices

• RFID / NFC chip embedded in card

• Wireless operation, up to 5cm from a terminal

• Visa Paywave and MasterCard PayPass

• Up to $100 and $35 resp. (cf. original $25)

• Presence of chip in card is not human-visible, butLogo / Brand may be visible

• No choice whether it's activated• Operation of chip in card

is not human-apparent• No action required when within

5cm range, i.e. automatic payment

• No receipt is increasingly the norm

• Used as Cr-Card:Unauthenticated auto-lending

• Used as Dr-Card:PIN-less charge to bank account

Copyright2013

59

• Authentication – None? / A Non-Secret? (but Yes, for Transactions >$100 Only)

• Act of Consent – None? / Unclear? / Clear?If the card is within 5cm of a device, whether seen or not

• Notification – None? / Audio? / Display?If 'None', then enables surreptitious payment extraction

• Receipt / Voucher – None? / Option? / Y?

Safeguards

Copyright2013

60

Mobile Payments can be

• Faster• More Intuitive• More Convenient• Less of an Obstacle

Copyright2013

61

Mobile Payments can be• Faster• More Intuitive• More Convenient• Less of an Obstacle

For the Thief Too

Copyright2013

62

Risk Analysis Summary

• A lost, stolen or borrowed card can be used by anyone,for multiple transactions up to $100 at a time, without any form of authentication, against the credit or debit account the card it linked to

• The facility is in every card,the choice is merely to have a card or to not have one, and there is no 'Off' switch

• Many Parliaments and Consumer Protection Agencies have done absolutely nothing about it

http://www.rogerclarke.com/EC/CPS-12.html

Copyright2013

63

Risk Management Possibilities• Reconcile your Statements. But:

• Statements are now very long indeed• Statements are increasingly online, not sent, and

charged for • The time available for challenges is limited (60 days?)• Many transactions will not match against a receipt• Many business names are not recognisable

• Query unrecognised transactions. But:• The consumer has no evidence, much detail, and is

uncertain• Only a minority of unreconciled entries will be fraudulent• Effort, time and fees are incurred for each challenge• Processes are designed to be inconvenient and slow (60

days?)• Card-issuers can refuse to reimburse

Copyright2013

64

Headline Bonus:

Social media services have only one business model,

and it's based on personal data exploitation

and behaviour manipulation

Copyright2013

65

A Participant-Oriented Classification of Social Media

Interaction

Broadcast

Collaborationor

Sharing

few1

many1

1 1

Content

Indicator

Gaming

many1

OR(Closed)

(Open)

(Semi-Open or Open)

Email / Chat-IM / Skype

Web-Pages'Walled-garden' 'wall-

postings'YouTube

Wikis

Dis/Approval'Like', '+1'

Second Life


Copyright2013

66

Currently-Available Social Media Genres

1-with-1/Few INTERACTION Tools• networked text email (asynchronous)• networked text chat / IM (synchronous)• SMS / texting from mobile phones• email-attachments, any format (asynch)• voice:

• over Internet (VoIP, Skype) (synch)• tele-conferencing (VoIP, Skype) (synch)• videophone (Skype Video) (synch)• video-conferencing (Skype Video)

(synch)

1-to-Many BROADCAST Tools• bulletin boards systems (BBS)• Usenet / netnews • email lists• web-pages• indexes (Lycos, Altavista, Google, Bing)• blogs (WordPress, Blogspot)• micro-blogs (Twitter, Tumblr)• glogs – wearable wireless webcams,

cyborg-logs, retro-nymed as 'graphical blogs'

• 'content communities', e.g. for images (deviantArt, Flickr and Picasa), for videos (YouTube), for slide-sets (Slideshare)

• closed / 'walled-garden' 'wall-postings' within SNS

(Plaxo, MySpace, LinkedIn, Xing, Reddit, Facebook, Google+)

1-with-Many SHARING Tools• Content Collaboration

• wikis (Wikipedia)• social news sites (Slashdot, Newsvine)• online office apps (Zoho, Google Docs, MS Live)

• Indicator-Sharing• 'social bookmarking' (Delicious)• dis/approvals (Digg's dig & bury, Reddit's up &

down, StumbleUpon's thumbs-up & thumbs-down,

Facebook's Like button, Google+'s +1 button)• Multi-Player Networked Gaming

• text-based MUDDs• social gaming sites (Friendster)• Massively Multiplayer Online Games (MMOGs),

esp. Role-Playing Games (MMORPGs), e.g. World of Warcraft

• online virtual worlds (Second Life)


Copyright2013

67

Social Media’s Business Model• 'There must be a way to monetise this somehow'• 'You will find something interesting here'

is a self-fulfilling prophecy, because people can be enticed to contribute 'something interesting'

• Contributors, and the people who come after them, can be enticed to click on targeted advertisements

• Targeting is based on:• profile-data that users supply about themselves• content that they have donated• their online behaviour while using the service• their online behaviour more generally• data that other people contribute about the user

Copyright2013

68

Privacy Risks in Social Media• Second-Party Risk Exposure (Service-

Provider)• Content relating to Oneself• Content relating to Others• Social Networks including Oneself and Others

• Third-Party Risk Exposure• Openness that was Unanticipated • Openness through Breach of Original Terms• The Service-Provider's ‘Strategic Partners’• 'Syndication', to any player• Government Agency Demand Powers• Interception and Hacking

Copyright2013

69

A Catalogue of Social Media Privacy Concerns

Source: Reviews of Media Reports 2005-11

1 Privacy-Abusive Data Collection

2 Privacy-Abusive Service-Provider Rights

3 Privacy-Abusive Functionality and User Interfaces

4 Privacy-Abusive Data Exploitation


Copyright2013

70


1 Privacy-Abusive Data CollectionDemands for User Data• identity data• profile data• contacts data, including users' address-

books:• their contact-points (some sensitive)• comments about them (ditto)• by implication, their social networks

Collection of User Data • about users' locations over time• about users' online behaviour, even when

not transacting with the particular service• from third parties, without notice to the

user and/or without user consent

2 Privacy-Abusive Service-Provider RightsTerms of Service Features• substantial self-declared, non-negotiable rights

for the service-provider, including:• to exploit users' data for their own purposes• to disclose users' data to other organisations• to retain users' data permanently,

even if the person terminates their account• to change Terms of Service:

• unilaterally• without advance notice to users; and/or• without any notice to users

Exercise of Self-Declared Service-Provider Rights• in ways harmful to users' interests• in order to renege on previous undertakingsAvoidance of Consumer Protection and Privacy

Laws• location of storage and processing in data havens• location of contract-jurisdiction distant from users• ignoring of regulatory and oversight agencies• acceptance of nuisance-value fines and nominal

undertakings

Copyright2013

71


3 Privacy-Abusive Functionality and User InterfacesPrivacy-Related Settings• non-conservative default settings

• inadequate granularity

• complex and unhelpful user interfaces

• changes to the effects of settings, without advance notice, without any notice and/or without consent

'Real Names' Policies• denial of multiple identities

• denial of anonymity

• denial of pseudonymity

• enforced publication of 'real name', associated profile data

Functionality and User Interface• inadequate documentation and reliance on interpolation

• frequent changes; and/or without advance notice to users, without any notice to users and/or without user consent

User Access to Their Data• lack of clarity about whether, and how, data can be

accessed

• lack of, even denial of, the right of subject access

User Deletion of Their Data• lack of clarity about whether, and how, data can be deleted

• lack of, and even denial of, the user’s right to delete

4 Privacy-Abusive Data ExploitationExposure of User Data to Third Parties• wide exposure, in violation of previous Terms,

of:• users' profile-data (e.g. address, mobile-

phone)• users' postings• users' advertising and purchasing

behaviour• users' explicit social networks• users' inferred social networks,

e.g. from messaging-traffic• changes to the scope of exposure:

• without advance notice to users• without any notice to users; and/or • without user consent

• access by government agencies without demonstrated legal authority

Exposure of Data about Other People• upload of users' address-books, including:

• their contact-points• comments about them• by implication, their social networks

• exploitation of non-users' interactions with users

Copyright2013

72


3 Privacy-Abusive Functionality'Real Names' Policies• Denial of multiple identities• Denial of anonymity• Denial of pseudonymity• Enforced publication of 'real

name', and associated profile data

Copyright2013

73


4 Privacy-Abusive Data ExploitationExposure of Data about Other People• Upload of users' address-books, including:

• their contact-points• comments about them• by implication, their social networks

• Exploitation of non-users' interactions with users

• Disclosure of non-users' social networks

Copyright2013

74

Social Media Privacy Disasters

• Plaxo, 2004http://www.rogerclarke.com/DV/ContactPITs.html

• Twitterhttp://tweepi.com/blog/2011/07/10-must-know-twitter-privacy-tips/

• Facebook, 2004-http://www.rogerclarke.com/DV/PrivCorp.html#FB

• Google Gmail, Orkut, Buzz, Google+http://www.rogerclarke.com/DV/PrivCorp.html#Goo04

• http://www.rogerclarke.com/DV/PrivCorp.html#Goo10http://www.rogerclarke.com/DV/PrivCorp.html#Goo12

• Instagramhttp://www.rogerclarke.com/DV/PrivCorp.html#Instagram

copyright 2013 1 roger clarke xamax consultancy, canberra visiting professor in computer science,...

Documents