CAN WE TALK ABOUT HOW DIFFERENT THIS IS??? because as someone who works in digital marketing, my jaw literally dropped.
When I put out an ad for a client on Facebook, I can target like… new moms in their 30s who are looking for furniture within a 10-mile radius. Or people who have an anniversary coming up. People who have just moved. People who are in a new relationship. People who have elementary school kids and tend to vote Republican. People who have liked certain Pages. It’s absolutely unnerving.
the utter chaos of this, though.
it’s just… incredible.
Honestly though, as someone myself who works in infosec and data privacy, what this suggests to me is that Tumblr either doesn’t have, or isn’t willing / able to use, that detailed targeting information about its users. Which is great!! Every other company out there - not just social media companies but everything from your grocery store to your car insurance company to your operating system provider - actively collects as much demographic data as it can about its users specifically for this kind of ad targeting purposes.
Obviously Tumblr still collects some data and uses it for ad targeting; they do have this in their Privacy settings:
But the fact that they’re either unable, or are choosing not, to make that data available to people buying Blaze posts is such a huge win for data protection and a giant thumbing of the nose to the FAANGs who believe that the only way to make ad revenue work is to make ads as targeted as possible.
I can’t express how much I hope Blaze succeeds with this insane and chaotic model. XD
Every day in our online lives, we share hundreds of intimate details: PIN numbers, political beliefs, photos of significant others, addresses, work history. But can we ever truly trust any Internet service to protect our information? This was the central question at a panel discussion on Internet privacy held last night at SubCulture, a subterranean venue on Manhattan’s Bleecker Street. The panel was organized to celebrate the launch of Tunnel X, a secure messaging service meant to ensure that people can have confidential online communications with friends, family and colleagues. As guests in the packed room nibbled on perfectly cut radishes and sipped on complimentary Blue Point ales, the conversation kept circling back to the same question: why should we believe your service is safer than any other?
Tunnel X, a Brooklyn-based startup, is the brainchild of web designer Eric Liftin, who moderated the panel. Joining him on the blue-lit stage were Harvard constitutional law professor Laurence Tribe, attorney Ian Samuel, Salon CEO Cindy Jeffers and Daniel Menaker, the former fiction editor of the New Yorker. Given the diversity of the panelists’ backgrounds, the conversation ranged from the abstract (what defines a private conversation) to the technical (how the government uses SSL keys to decode encrypted communications). The one thing all of the participants agreed on, however, was that digital privacy should be considered a basic human right.
Liftin designed Tunnel X with this exact concern in mind. After Edward Snowden’s revelations of mass government surveillance launched digital privacy into the public consciousness last summer, ordinary people became worried about who could access their online communications. Liftin wanted to make it easier for people—not just journalists, whistleblowers or others in possession of highly confidential information—to feel that their conversations with lovers and friends were safe from prying eyes. Though there are a number of existing email encryption services, like Proofpoint and Hushmail, Liftin designed Tunnel X with a user-friendly interface so that those unversed in the language of cryptology could have an easy, reliable way to keep their online exchanges private.
Yet skeptics, including several panelists, argue that these tech services are always only one step ahead of government regulation. Sophisticated encryption algorithms are all well and good, but what happens when the government asks for the encryption keys? As Ian Samuel, the attorney, put it, “If one wishes to have a private conversation, online or in person, there are no real reliable legal guarantees.” Given the Supreme Court’s willingness to defer to other government branches when it comes to matters of national security (that catchall term), it seems reasonable to expect that Tunnel X may eventually come under the same level of scrutiny other encryption services have.
There is a precedent for this sort of legal interference. In August 2013, Lavabit, an encrypted email service founded by tech entrepreneur Ladar Levison, suspended operations after a protracted legal battle in which the US government ordered Levison to turn over the master encryption keys for the site. The reason the FBI was so interested in gaining access to the service? One of Lavabit’s 410,000 users just so happened to be Edward Snowden. But this blanket request meant putting the private communications of all other Lavabit users in the hands of federal officials. Given the centrality of privacy to his company’s mission, Levison opted to shut down Lavabit, but still had to comply with the court’s order.
Ian Samuel, who represented Levison in court, recounted his client’s last stab at subversion: Levison printed the encryption code—an extraordinarily long string of numbers—in 4-point font on 8x11 computer paper, earning himself a $10,000 contempt of court fine. Still, Samuel remains in favor of a technological solution to the online privacy issue. Citing his former client, he said, “You can count on algorithms in a way you can’t count on judges.”
Other panelists, like Harvard professor Larry Tribe, had a more optimistic take on the protections the law can offer. Referring to the recent Riley v. California ruling, which held that the police cannot search the cell phone of an arrested individual without a warrant, Tribe pointed out that we are in uncharted legal territory and that the Supreme Court is only beginning to grapple with the intersection of technology and legislation. According to Tribe, the 9-0 ruling “inaugurated a new era in the digitalization of constitutional law.”
The Snowden disclosures were also a legal watershed. While the courts used to claim that organizations had no standing and could not prove that they were the victims of government surveillance (this happened to the ACLU just six years ago), the revelation of widespread NSA surveillance radically undermined this argument. For Tribe, the distinction between individual cases and dragnet surveillance is critical. “The difference is between looking as specific individuals versus a preventative posture, like Snowden revealing this huge program…once that is made public, the instinct to be deferential to government is much less strong.”
Despite these positive developments, it’s clear that Tunnel X is entering a murky and rapidly shifting legal landscape. The audience pressed Liftin on this point over and over, asking how he would respond if the feds came knocking and why he expects his story will end any differently than that of Lavabit’s founder. Liftin pointed to several features of the site aimed at ensuring privacy, like the fact that Tunnel X will not have the encryption keys or be able to access peoples’ messages (users log in and authenticate using a self-selected image rather than alphanumeric passwords). He promised that the code would be audited by an independent organization. But he kept hedging when it came to the specifics. “It’s all in motion right now,” Liftin said. “The software and security features are constantly improving.”
As audience members kept pushing the question, the atmosphere in the room grew tense. Tribe, Samuel and Liftin all resorted to the easy answer: we put our faith in technology in innumerable ways every day without any absolute guarantee of security. As Liftin said, “Ultimately there has to be some degree of trust if you’re using something that someone else built. It’s your decision whether you trust them or not. We’re trying to be as straightforward as possible.”
Intentions aside, it remains to be seen if Tunnel X can live up to its slogan of offering online users “secure, private conversation.”
How your phone documents your abortion experience and what to do about it! By: the Digital Defense Fund
Risk: receipt for payment for your abortion and/or travel in your inbox Alternative: Make an email account just for this purpose, then delete it after
Risk: period tracking app shares your data Alternative: Use a privacy-driven period tracker like Euki App
Risk: search history saved in your phone’s browser, and with your ISP (internet service provider) Alternatives: - Use a privacy-driven search engine, ex: DuckDuckGo - Install a paid VPN to hide websites you visit from your ISP - Browse with Tor or Firefox - Use a private browsing window, or delete your browser history
Risk: payment history for your abortion in a banking or payments app Alternative: use cash or pre-paid gift cards where possible
Risk: ad tracking & location tracking from apps, browser history, & social media activity Alternative: in your phone settings turn off location tracking & mobile ad ID
Risk: sensitive text messages about your abortion experience are kept forever Alternative: use an encrypted chat app, ex: Signal or Wire, with disappearing messages turned on (important!)
It would’ve been one thing if they were upfront about this, but hiding it means they can’t be trusted. Time to look for a new search engine. Any one know any other tracker-resistant search engines?
I looked into this because I use DuckDuckGo and I think it’s really important to keep organizations accountable especially when they claim to be different TM than shitty ones. So it looks like this is true (as of now) for the mobile browser application specifically, not the search engine in general.
which means that using the search engine on another browser like Firefox should be fine, and also now is a great time to let the company know exactly why you are uninstalling their *application* on your device to hopefully either force a backpedal or heavily discourage further shit like this down the line.
it’s a slimy move to be sure. I just think it’s important to be specific and precise. Here’s another article on the subject:
This news originated with Zach Edwards. It is not widely reported IMO and I wish it was to help with the confusion. The best I can tell, DDG was not allowed to discuss the agreement with Microsoft but after Mr. Edwards tweeted about the issue the DDG CEO clarified.
The issue at hand is, while most of our protections like 3rd-party cookie blocking apply to Microsoft scripts on 3rd-party sites (again, this is off of DuckDuckGo,com, i.e., not related to search), we are currently contractually restricted by Microsoft from completely stopping them from loading (the one above-and-beyond protection explained in the last paragraph) on 3rd party sites. We still restrict them though (e.g., no 3rd party cookies allowed). The original example was Workplace.com loading a LinkedIn.com script. Nevertheless, we have been and are working with Microsoft as we speak to reduce or remove this limited restriction.
The issue impacts iOS/Android browser users, as noted above, by not blocking the flow of tracking information to Microsoft sites like LinkedIn and Bing. The agreement is related to DDG’s syndication of Bing search results. If you don’t visit Microsoft sites on DuckDuckGo’s browser on mobile, this doesn’t affect you.
But @anarchy-in-new-vegas asks an important question, we want to have multiple search engines at our disposal. In addition to DuckDuckGo, check out StartPage(with the caveat since they were acquired their future is uncertain), Qwant(sanitized Bing results), and SearX, just to provide a few examples. These tools provide varying results and YMMV on any given topic, but if you’re digging deep on a subject you’ll want to use multiple search tools anyway. Google and Bing are difficult to compete with due to their sheer breadth, but as Google search results become increasingly junkified, look to hand-curated directories for specific and niche topics.
For up-to-date privacy recommendations, check out privacytools.io
Do your part - use literally anything other than Google Chrome
Reminder that switching to Firefox is incredibly easy and takes just a few minutes, you WILL be able to copy over all your cookies, browsing history, logins etc, as well as change the look/layout so it feels like what you’re used to.
If you’re willing to tinker a bit, the arkenfox user.js includes a lot of setting you won’t find in the normal settings gui, especially for privacy/security, but also things like will clicking on the address bar select the whole url or place the cursor where you clicked. And the customcssforfx is what’s left of the classic theme restorer after firefox killed the old addons. With this you can set things like size, colors, which icons, context menus, what form the tabs have and a lot more. It is so worth it, even if it takes some upkeep.
“queerbaiting in real life” you mean exploring self expression regardless of the outcome bc it’s good for you and not owing it to people to come out???
queerbaiting is a marketing technique real people aren’t products or your fictional blorbos even the mega celebrities are owed privacy jesus christ
So I kind of hate that Putin is trying to restrict the flow of information into Russia so that he can control the narrative, so for my Russian friends, here is my guide on
How to get around internet censorship and maintain internet privacy
This will hopefully help you access the internet regardless of Russian government bans. It’s a little slow, but better than nothing. It hides your IP address from the internet, so it’s kind of like using a VPN. A very basic summary of how Tor works: your internet traffic is routed through several “nodes”. The Entry Node, can see your IP address but has no idea what data you’re sending, and this goes through several middle nodes, until it reaches the Exit Node. The Exit Node can see what data you’re sending, but it can’t see your IP address so it doesn’t know WHO sent it. That’s why it’s a good idea to do nothing identifying when using the Tor Browser, like writing personal information. Here’s a blog post with more detailed information about the Tor Browser.
Get a VPN
VPNs are often used to get around government internet restrictions. Russia will probably not be able to do much about it. However, not all VPNs are created equal. Nearly all of the free VPNs are a scam that turn around and sell your data, so free VPNs are not secure. The only exception to this is ProtonVPN which has a free tier, but it’s very slow. Basically the only good VPN is one you pay for. When choosing a VPN, be aware of where the company is based, because if a VPN company is based in the USA, it will have to comply USA privacy laws. So choose a VPN based in a country that has good privacy laws. A great one is Mullvad VPN, which is based in Sweden. But for the purposes of Russia, just making sure your VPN is not Russian or in a country sympathetic to Russia is probably good enough.
Alternative Front-Ends A frontend is the the part of a website which the user interacts with directly. To browse the contents of websites, you usually have to visit them. However, many people have made alternative privacy-respecting frontends to popular websites that allow you to see the site’s content without actually visiting the website. This helps avoid tracking, data-collection, and even countries’ attempts to ban websites. Twitter is banned in Russia right now, but using all an alternative frontend to Twitter works (according to my Russian friend).
If anyone knows of one of these for Tumblr please let me know. I found this site called Tumgir but it looks sketchy and unlike the rest of the ones I listed, it’s not open-source. So visit with caution, but I’m mentioning it because it might be better than nothing.
There are also these browser extensions that automatically redirect site links to the available alternatives:
Privacy Redirect - Redirects Google Maps, Google Search, Instagram, Reddit, Twitter, Youtube.
iPhone (iOS 15+) Safari
Privacy Redirect - Twitter, Reddit, YouTube, Instagram, Google Translate, Google maps, Google Search, Medium
Android
UntrackMe - Google Maps, Instagram, Twitter, YouTube
Messaging / Communication
Matrix is a federated and decentralized End-to-End Encrypted (E2EE) messaging with many platforms, the most popular of which is Element. It’s like Discord, but worse. It’s getting better over time though! You can even use a a throwaway email to sign-up.
If you’re Russian you likely already know about Telegram, but MAKE SURE you’re aware that only Secret Chats are End-to-End Encrypted. So don’t say anything that would get you in trouble outside of a Secret Chat.
End Notes
China is way better at internet censorship. They’ve had years to build the infrastructure to control the flow of information online. And yet, the Chinese people still manage to “climb the wall” and find ways around this. Russia is new to this game and doesn’t have the resources China does. So I really doubt it’ll be that hard to get around their attempts to block websites. Have faith! And feel free to DM me for more info cause this post just scratches the surface for things you can do tbh.
How your phone documents your abortion experience and what to do about it! By: the Digital Defense Fund
Risk: receipt for payment for your abortion and/or travel in your inbox Alternative: Make an email account just for this purpose, then delete it after
Risk: period tracking app shares your data Alternative: Use a privacy-driven period tracker like Euki App
Risk: search history saved in your phone’s browser, and with your ISP (internet service provider) Alternatives: - Use a privacy-driven search engine, ex: DuckDuckGo - Install a paid VPN to hide websites you visit from your ISP - Browse with Tor or Firefox - Use a private browsing window, or delete your browser history
Risk: payment history for your abortion in a banking or payments app Alternative: use cash or pre-paid gift cards where possible
Risk: ad tracking & location tracking from apps, browser history, & social media activity Alternative: in your phone settings turn off location tracking & mobile ad ID
Risk: sensitive text messages about your abortion experience are kept forever Alternative: use an encrypted chat app, ex: Signal or Wire, with disappearing messages turned on (important!)
It would’ve been one thing if they were upfront about this, but hiding it means they can’t be trusted. Time to look for a new search engine. Any one know any other tracker-resistant search engines?
I looked into this because I use DuckDuckGo and I think it’s really important to keep organizations accountable especially when they claim to be different TM than shitty ones. So it looks like this is true (as of now) for the mobile browser application specifically, not the search engine in general.
which means that using the search engine on another browser like Firefox should be fine, and also now is a great time to let the company know exactly why you are uninstalling their *application* on your device to hopefully either force a backpedal or heavily discourage further shit like this down the line.
it’s a slimy move to be sure. I just think it’s important to be specific and precise. Here’s another article on the subject:
just saw people on tiktok being like “if you have your likes hidden on here i assume you’re a freak and a bad person :/” i am so tired of social media stop stop stop stop
Maybe you don’t need to know exactly which chicken recipes I’m liking.
“If you haven’t done anything wrong then you have nothing to hide.” Honey do you think I lock the bathroom door because shitting is against the law?
Back in 2019, I wrote a case-study on ad- and tracker-blocking as part of EFF’s series on adversarial interoperability (AKA “competitive compatibility” or comcom). My point was that the ad-tech industry says that it tracks you as part of a bargain: you trade away your privacy and get media in exchange, but that this was a bizarre kind of take-it-or-leave-it form of bargaining.
The ad-tech deal boils down to this: “Just by following a link to this page, you have agreed to, well, anything we feel like doing. We can collect your data, sell it, merge it with other data, share it, mine it, exploit it. Forever.”
That’s not much of a bargain. Clearly the ad-tech companies don’t take it very seriously — as Facebook’s own privacy engineers have admitted in a leaked memo, they have no idea how they’re using your data (an FB engineer called the company’s data-handling “a complete shitshow”), so how can this possibly be a fair trade?
I’m no free market stan, but I do think that bargaining can improve outcomes. That’s where ad-block comes in: by blocking ads (or trackers, say, with EFF’s Privacy Badger), the website makes an offer: “Give me everything,” and you make a counter-offer: “How about ‘Nah?’”
A couple weeks ago, the folks at Adafruit got in touch to tell me about a new privacy kit they were developing: the ESPHole, a variant on the PiHole privacy appliance. This is a matchbox-sized gadget based on the open source Raspberry Pi processor. You get it onto your home wifi and then tell all your devices to use it as their DNS server. It has a list of known ad servers and when your computer tries to contact one of these servers (to fetch an ad embedded in a web-page or app), it sends back 0.0.0.0 as the IP address. Your computer is unable to reach the ad server, so you don’t see the ads — and the ad-tech company doesn’t get to harvest your data.
I sent them my EFF case-study and they thought it was a great fit, so they programmed their ESPHole to count blocked ads a “Nah”s — so the screen will tell you “283 Nahs!” after blocking 283 ads.
Back in 2015, Doc Searls called ad-blocking “the biggest consumer boycott in history.” The industry claims it harvests and processes our data with our consent. Gadgets like the ESPHole let you withdraw that consent, and make it stick. It lets you say, “How about ‘Nah?’”
In the early days of the browser, the web was taken over by an epidemic of obnoxious pop-up ads. They would spawn in invisible windows, or play sound, or run away from your cursor. Closing one would make three more pop up. We killed pop-ups once Mozilla and Opera shipped a browser with pop-up blocking turned on by default. All the arguments about whether pop-ups were good or bad for publishers or users were trumped by a technological fact: no one sees pop-up ads anymore. Once that fact was true, pop-ups disappeared for good.
America desperately needs a federal privacy law with a private right of action, and the EU desperately needs to start actually enforcing the GDPR. But as important as these laws are, the technology has a role to play here. Stopping tracking in your browser, or across your whole home network, will make it much easier to get good laws passed and enforced. After all, if no one sees invasive ads, the companies won’t have any money to mobilize to block privacy laws.
The ESPHole is $25, plus another $5 for a USB cable if you don’t already have one. I don’t have any commercial interest in Adafruit or the ESPHole — but I am proud as anything to have played a small role in inspiring this great little gadget.
[Image ID: An Adafruit ESPHole: an open-source hardware gadget the size of a matchbox with a small screen that reads ‘ESPHole/Conn'ing to Aisleds.Net…OK!/IP addr: 192.168.1.33/Checking 7061 domains/283 Nahs!]
This was intentionally manufactured by Facebook. Facebook implemented it’s “accountability culture” starting with its rule about only using your real name and photo on its service and encouraging you to disclose other information in your profile, and from there it just got normalized. It was entirely to gather data for advertising purposes, but now we associate that level of openness with “accountability”. Entire generations are now being raised with this as the norm. Privacy is no longer a priority, or even really seen as an option.
This is to your detriment. Your privacy protects you from predators of all kinds. You really should be guarding it carefully. Disclose what you feel is important on a case by case basis, but even your mental health status and beliefs are exploitable by big business and small-time bullies and abusers alike.
Even if you’re not overly fussed about what people know about you, just understand that not everyone has the luxury of feeling the same. Some people have stalkers and abusers they’re trying to evade, or don’t want to attract new abusers into their lives by being that vulnerable and open again. Some people have extreme social anxiety. Some people are protecting other people in their lives. Some people just don’t want their grandmothers to find their smutfics. Some people are Internet privacy advocates who keep their details private as a political statement and as a matter of principle.
You are not entitled to anyone’s information, and you do not owe anyone yours. You are allowed to just be an anonymous username until you feel safe to disclose more.
You are not entitled to anyone’s information, and you do not owe anyone yours.
