Pinned toot

2000s hackers: My dream is to connect all of my devices to the internet.
2020s hackers: My dream is to disconnect all of my devices from the internet.

It took an extra 35 years to get here, but at long last, the TV watches you!

https://twitter.com/random_walker/status/1177570679232876544

@random_walker: When we watch TV, our TVs watch us back and track our habits. This practice has exploded recently since it hasn’t faced much public scrutiny. But in the last few days, not one but three papers have dropped that uncover the extent of tracking on TVs. Let me tell you about them.

@random_walker: The first paper looked at Roku and Amazon Fire TV. These platforms let you subscribe to “channels”, which are basically apps. As you can guess, they are loaded with trackers. Doubleclick alone is on 97.5% of Roku channels. https://tv-watches-you.princeton.edu/tv-tracking-acm-ccs19.pdf https://pic.twitter.com/gGphX2sPwd

@random_walker: There are some channels with over 50 trackers. Also, the majority of trackers were able to grab a unique ID such as MAC address. A few channels leaked email addresses to trackers and many leaked video titles⁠—often unencrypted, so your viewing history is exposed on the network. https://pic.twitter.com/wPMP7suWFS

@random_walker: Reverse engineering is hard. The paper was possible due to the hard work and ingenuity of the five PhD/postdoc authors Hooman Moghaddam, Gunes Acar, @baburges, @aruneshmathur, and @danny_y_huang. The other authors are @feamster, @EdFelten, @prateekmittal_, and me.

@random_walker: The most technically challenging part of the paper was building a bot to automatically install thousands of channels, launch each channel, navigate to a video, watch it until encountering an ad, and collect data on everything that happens behind the scenes. https://pic.twitter.com/27z2JU5fHe

@random_walker: Here’s a doozy: Roku has a “Limit Ad Tracking” option. Turning it on increased the number of tracking servers contacted 🙃 It did prevent Roku’s AD ID from being leaked, but a whole bunch of other unique IDs are available. Even Pi-hole wasn’t that effective at limiting tracking.

@random_walker: The second paper is by researchers at Northeastern University and Imperial College London. They have an impresive testing setup! https://moniotrlab.ccis.neu.edu/wp-content/uploads/2019/09/ren-imc19.pdf Here’s a thread from one of the authors: https://twitter.com/proffnes/status/1174255273042743297 https://pic.twitter.com/xcYKEXG0kC

@random_walker: They analyzed 81 IoT devices including five smart TVs. Their method was quite different from ours: they did controlled experiments. This is powerful: for example, they can test if devices phone home when someone starts talking or moving. Good news: none of the TVs did. Bad news: https://pic.twitter.com/NGm9ex9kvC

@random_walker: Some of their findings are what you’d intuitively expect: devices made by Chinese companies tend to talk to Chinese servers. Others findings are more surprising: Nearly all TVs they tested contacted Netflix, even though they never configured any TV with a Netflix account (?!?!)

@random_walker: The third paper is from my colleagues @danny_y_huang Noah Apthorpe Gunes Acar @frankli714 @feamster (I wasn't involved). They built software called IoT Inspector that lets you examine your own IoT devices and, in exchange, contribute data for research. https://iot-inspector.princeton.edu/

@random_walker: It’s a really neat tool that I’ve tweeted before. Over 4,300 people have installed it and the team has just released their first set of findings using data on 45,000 devices, including nearly a thousand TVs from 19 vendors. https://arxiv.org/pdf/1909.09848.pdf https://twitter.com/random_walker/status/1116674411862556672

@random_walker: (By the way, what I love love love about the three papers released near-simultaneously is that we now have three different ways to interrogate Smart TVs and IoT devices. It bodes well for future efforts to uncover tracking and surveillance in our homes.)

@random_walker: IoT inspector’s findings on TV tracking are consistent with the other 2 papers. In their sample, they find about half the TVs talked to tracking services (the authors tell me they think this is an undercount because many of the TVs were turned on only briefly during the study).

@random_walker: One creepy finding in this study is that some TVs connect to Automatic Content Recognition services. ACR involves sending a “fingerprint” of your screen contents to a server, say once a second, for a Shazam-like algorithm to figure out what you’re watching to serve you ads.

@random_walker: OK, so our TVs are watching us. Is that so bad? Well, TVs are going down the same road that turned the web & smartphone apps into a cesspit of surveillance. I worry that things like TVs ads emitting ultrasonic beacons for analytics will become more common. https://arstechnica.com/information-technology/2017/05/theres-a-spike-in-android-apps-that-covertly-listen-for-inaudible-sounds-in-ads/ https://pic.twitter.com/jWD3rv0T0O

@random_walker: It’s unfortunate that TV platforms are turning to targeted ads as the main way to make money. To maximize revenue, they will likely turn to data mining and algorithmic personalization/persuasion to keep people glued to the screen as long as possible. https://digiday.com/media/rokus-advertising-business-outpacing-hardware-business/

@random_walker: Unlike web tracking, our ability to control tracking on TVs is also limited, because TVs are closed platforms and there is no analog of browser extensions. And, in a familiar story, the law and regulations are easily worked around. https://www.washingtonpost.com/technology/2019/09/18/you-watch-tv-your-tv-watches-back/ https://pic.twitter.com/X442obQrHj

@random_walker: I'm sorry to leave this thread without a satisfying conclusion. It's not obvious what's the most effective way to push back against privacy intrusions in our homes. I think more awareness is a necessary first step, and I see the recent papers as progress. I hope more will follow.

@random_walker: There are steps we can take. Stay away from vendors whose business model is targeted ads. Every device is a potential tracker; do your research before buying. Install tools that give you control, such as Pi-hole, even if imperfect. Install a monitoring tool on your home network.

@random_walker: These individual steps are not enough: we need collective action. Researchers must keep doing our part; we look forward to teaming up with journalists, civil society organizations, and the public, so that we can choose our future, not sleepwalk into it one channel at a time.

für Damen im : So fair produzieren , und Co.

Ganze 15 Hosen im Test fallen mit "mangelhaft" oder "ungenügend" durch. Fünf sind immerhin noch befriedigend – darunter bekannte Bio-Marken wie und , die in puncto Glaubwürdigkeit und mit Abstand am besten abschneiden. Sie belegten durch Dokumente glaubhaft, dass sie sich um hohe Sozial- und Umweltstandards in der Produktion bemühen. 

oekotest.de/kosmetik-wellness/

"Oh, wart ihr im Urlaub?"
"Nee, wieso?"
"Ihr stellt gar keine gelben Säcke raus, morgen ist Abholung."
"Ach. Danke, aber wir haben da nix für"

Die Gräben werden tiefer...

We published a statement on our stance on neutrality of free software (and why we won't stay neutral in this case): f-droid.org/en/2019/07/16/stat

Still looking for someone to help transport a 7HE switch from Gothenburg (SE) to somewhere in Germany. Maybe someone travelling to #camp2019 or #36c3? Would pick up anywhere in Germany though.

#followerpower [boost/rt welcome]

@vonderleyen stellt in Brief an Liberale Schutz der Privatsphäre in Frage: Man müsse eine "Balance zwischen Privatsphäre und Innovation" finden. "Wir sollten das volle Potenzial einer datengetriebenen Wirtschaft nutzen." Das ist Überwachungskapitalismus pur!

Want to avoid cancer? Eat these foods:

nature.com/articles/s41598-019

The contained profiles of compounds within selective foods, which were highly likely to be effective in fighting cancer. Each node in the figure denotes a particular food item and node size in each case is proportional to the number of CBMs. The link between nodes reflects the pairwise correlation profile of CBMs in foods, thus the clusters of foods illustrate molecular commonality between them.

♲ @oekofuzzi@twitter.com: Es beginnt.
"Der Sommer 2019 könnte als die große Umbruchszeit in die Menschheitsgeschichte eingehen, in der das Überschreiten der Kipppunke des globalen Klimasystems evident wurde."

Niemand soll sagen, man hätte das ja alles nicht gewusst. #Thread www.heise.de/tp/features/Weltk…

Wieso verwenden AfD Kreisverbände in Hessen ein SSL Zertifikat, das für subdomains unter geizhals.at ausgestellt ist?
Weiß Jemand genaueres?

Bei einer kleinen Gruppe älterer Männer wurde gemessen, dass diese bei ner neuen experimentellen Behandlung jünger werden. So richtig jetzt.

Verjüngung: Forscher wollen das Altern besiegt haben
zeit.de/wissen/gesundheit/2019

Postmensch gerade wg #plastikpost: "Abbestellen nützt nix, weil keine Adresse drauf. Nur Kleber 'Keine Werbung' würde helfen".
Wenn ich sie ablehnte würde DHL die Tour größer machen, weil "Zeit gespart".
Vereinbarung: Postmensch wirft es jetzt gleich in die blaue Tonne 🤦‍♀️
#twx

Die Tomaten fragen nach Schnorchel. Soviel zum Wetter nSüdhessen

Show more
chaos.social

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!