2011-11-16T05:11:28-16:00 lifetype-1.2.10_r6971 http://www.jamesbutler.net/blog/rss/atom/1 Copyright (c) james tag:www.jamesbutler.net,2011-11-16:21 2011-11-16T05:11:28-16:00

Ohhhh ... I was sooo hoping that the Android ecosystem would be driven by enlightened self-interest instead of by the money- and data-grubbing tradition. This 11/14/2011 article from ...

james Ethics Ohhhh ... I was sooo hoping that the Android ecosystem would be driven by enlightened self-interest instead of by the money- and data-grubbing tradition. This 11/14/2011 article from XDA-Developers exposes a disturbing piece of software installed with Android that puts the lie to my naive little hope. Not surprisingly, this piece of tech is also found in most major mobile device operating systems, too. The software is called "CIQ" (Carrier IQ), and it is a network activity observation and reporting tool. This tool gathers unknown quantities of info from mobile devices, and posts it to unknown entities. Among the items CIQ gathers are such things as device location, calls placed, text messages sent and received, and even extends to the actual text the user is entering into their keyboard. Here's a link to the story:  http://www.xda-developers.com/android/the-rootkit-of-all-evil-ciq/ It seems the software was designed to take its data from user input (i.e. surveys, etc.), but it actually runs invisibly without any user interaction. The data it gathers and posts would be useful for lots of different kinds of troubleshooting and performance issues, so it's not like it's completely malicious. But the fact that this software is installed without the users knowledge and gathers such deeply detailed information about the use of the device puts is squarely into the "spyware" category ... a category from which manufacturers must NEVER draw. Those of us with some technical expertise can remove the software from our devices, but the vast majority of mobile device users either cannot or will not approach this solution, and therefore will be tracked in all manner of ways over which they have no say for the life of their device. Filing this under "un-Ethical", as simply installing this software without the user's knowledge is a violation of trust.   tag:www.jamesbutler.net,2011-07-13:20 2011-07-13T08:12:42-15:00

I don't have much comment on the following link, except to duplicate the link text as written by  Hacker News : IBM Patent Trolling Patent Application Turns out that IBM is ...

james Ethics I don't have much comment on the following link, except to duplicate the link text as written by  Hacker News : IBM Patent Trolling Patent Application Turns out that IBM is trying (2007) to patent the practice of enforcing patents (exploiting assets). Imagine that. I'm speechless as to the lengths companies go to to scrape a buck off the pavement. tag:www.jamesbutler.net,2010-11-17:19 2010-11-17T07:56:00-16:00

At my day job, we have used  Google's AdWords  program exhaustively ever since it was rolled out (and before that we were charter GoTo/Overture members). While there have been numerous ...

james Ethics At my day job, we have used  Google's AdWords  program exhaustively ever since it was rolled out (and before that we were charter GoTo/Overture members). While there have been numerous issues related to Google programming, over the years, I had to write about the latest SNAFU which involved a serious security breach. Was it an ethical lapse? Maybe. Let's see ... Since I use my computer at work for managing our AdWords campaigns, there are probably lots of 'cookies' floating around in there. It is these cookies that most probably triggered the issue, here. One of the projects I am working on relates to exporting our inhouse calendar data to a private Google Apps Calendar, per the request of my boss, who happens to enjoy Google's approach to email and search suggestions. To satisfy the demands of the project as it enters a testing phase, we needed a new account with Google through which we could experiment with the Calendar application without compromising our existing lifeblood ... the AdWords account. We have several Gmail accounts for various purposes, so I thought I'd simply start a new one and then expand that new account's profile to include Google Apps. Sounds simple, right? And it is ... the problem was created by some new "features" Google engineers figured were "must haves". I booted up my computer, started my web browser and surfed over to the Gmail home page. Not the AdWords page ... the Gmail page. On that page, I selected the button clearly labeled "Create a new account", and went through the process of supplying unique identifying information, different from the info I had used to set up the AdWords account, and responding to the various verification mechanisms Google uses when setting up a new account. The nasty surprise came at the END of the "new account" process, when I was congratulated for successfully ADDING a Gmail account to my existing Google Account! You can guess that the "existing" account Google chose to link to happened to be the AdWords account ... rather than any of the other Gmail accounts. Even nastier, I logged into AdWords using my original credentials to be certain they still worked (they do), and I noticed that, in addition ot linking the new Gmail account to the AdWords account, the new credentials I had used in registering the Gmail account had now taken over our AdWords account! The new user was an Administrator of our AdWords account without a single mention to me that this would occur, or that it had occurred. Let me run that down, very simply : Anyone, like a janitor, who turned on my computer and set up a new Gmail account using the standard Google mechanism for doing so could COMPLETELY TAKE OVER our company's bread-and-butter advertising account with NO NOTICE to the existing account holders! COMPLETELY! A malicious person could not only wipe out our entire set of ad campaigns, they could have blocked any authorized user from accessing the account with a few mouse clicks.  All without a word of notice that the account was being pirated. So let's ask whether this program behavior was ethical, or not. On the one hand, is it ethical to automatically link accounts? I don't think this is necessarily an ethical issue, but I would answer that to automatically, with no notice, link any new account with an existing account is very bad practice. When a new user comes onto an established account, the fact that is happening should be front and center ... very obvious ... AND the existing account holders MUST be able to reject the link. It is mind-boggling to me that Google didn't observe BASIC security practices, here. On the other hand, what purposes could automatically linking accounts serve? Well, it could be spun as a "convenience" for the user.That's not ethically bad. However it could also be seen as a marketing ploy to get and keep users within a single ecosphere, inside a "walled garden", where they receive greater exposure to branded elements and features. On the third (and final) hand, doesn't the user deserve some credit for proceeding intentionally? When I clicked the button to "Create a new account", that is EXACTLY what I intended to do. If I wanted to link my existing account, I would have clicked the button that said, "Link to your existing account" or "Add Gmail to your Google Apps Account".  But I did not. I wanted a new account. I clicked the "new account" button, for crying out loud! Google should NOT have assumed that I wanted to REPLACE my administrative credentials on an existing, NOT-LOGGED-IN account, and at the very least the should have notified me, as the account holder, that such a DRASTIC change was about to occur. Failing all of the above common sense practices, Google should have made it possible to revert the changes, or to delete the new identity from the AdWords account. But you can't. They don't even know how to do it! It's going to take a team of engineers a few days before I even find out whether such a thing is possible!! And THAT, my friends, IS unethical : Never secretly force someone down a road for YOUR benefit, and then FORBID them from getting back on the road they thought they had followed. Google: I've watched as your programming has gotten sloppier and sloppier, and your UI has gotten sloppier, too. There have been several serious screw-ups on your part since you embarked on this course. If you want to remain a company that deserves to be respected, you will reconsider your QC processes and re-focus your efforts on your CUSTOMERS. Otherwise, you might be big, now, but so was Microsoft. And you know where they are headed ...  tag:www.jamesbutler.net,2010-09-09:18 2010-09-09T08:27:52-15:00

A  recent article from ARSTechnica  calls attention to a company called  Ringleader Digital  and its practice of using Apple devices' internal database storage system to hold ...

james Ethics A  recent article from ARSTechnica  calls attention to a company called  Ringleader Digital  and its practice of using Apple devices' internal database storage system to hold tracking identifiers. This practice not only evades normal user tracking identifier management (cookie management), it also prevents complete removal of the tracking identifiers because RingleaderDigital can't keep their hands off your database. It is the position of this blog entry that RingleaderDigital's practice (and any other company that engages in opt-OUT practices) is completely unethical, and I will try to make an argument for outlawing opt-OUT schemes. To begin, there are basically two ways to get on a list: Registering with the list owners by indicating your interest, or by being placed on the list without your consent. The first method, where YOU choose which lists you would like to be included in, is called "opt-in". You need to take the "option" to get "in". The second method, where the marketing firm (or whomever) places you on a list, is called "opt-out". You need to take the "option" to get "out". By assuming that everyone they can find needs to be on their list, RingleaderDigital is making a business decision. Their business is providing web browsing data to advertisers. Therefore, they need to collect web browsing data in order to sell it. If nobody participates in their enterprise, it is dead. Since their service is unproven, and frankly not at all valuable to those on their lists, nobody would willingly sign up with them to be tracked. Therefore the have chosen to secretly add people to their marketing list in order to have data to sell. To accomplish this, they have decided that everyone who visits certain websites (operated by advertisers who buy their data) will be included automatically, silently and secretly into their list. They then place certain information in YOUR computer's database that contains their tracking data. That, in itself, should be illegal, but at the very least it is definitely unethical, as website visitors do not expect or appreciate having their database manipulated and their surfing data monitored by a company they have no idea about. The company argues that by collecting the data (what you PAY), they deliver a more relevant advertising experience to the user (what you GET). In my opinion, they owe me. What I am getting is nowhere near as valuable as what I am paying, and I want a full refund! It gets more sticky when the practice of "drive by inclusion" is combined with Apple's database storage mechanism. Not only have you been "tagged" and followed as you flit from website to website, but if you try to remove the tracking mechanism from your own computer, RingleaderDigital puts it right back the next time you stumble across one of their advertisers' websites. They say you can "opt-out" of their system by sending them notice. However they STILL must maintain their tracking mechanism, because without it, they claim that they don't know who has opted-out! Their Position, Simply: We can't tell if you opted-out if we don't know who you are.  My Position, Simply: If I'm not in your list already, you don't get to know me. Instead of forcing unsuspecting web visitors to harden their systems against this unethical behavior, the legal standard should be opt-IN only ... if your service is so great, then people will WANT to join you. As it stands, however, the service they provide to you in exchange for the use of your web visiting data is a poor deal ... they are getting a LOT more from invading your privacy than they are giving back to you. To sum up, it is my position that this is prime territory for the government to step in and regulate this unethical behavior. Americans need to know that simply visiting a website will not mark them for life, and allow some unscrupulous third-party to monitor wherever you go online, just so they can sell some advertising.  tag:www.jamesbutler.net,2010-08-24:17 2010-08-24T08:34:59-15:00

How much information about you does the maker of your cell phone need? This is the big question in my mind after reading about  Apple's newly-exposed patent application . The broad ...

james Ethics How much information about you does the maker of your cell phone need? This is the big question in my mind after reading about  Apple's newly-exposed patent application . The broad strokes of what Apple wants to be able to do to iUsers from a remote location include: Take a picture without any indication that it has happened ... no flash, no click, no notice. Where will the camera be aimed when such a photo is snapped? Will it be trained on the inside of a drawer ... or maybe on the contents of your bathtub? Record the user's voice , with or without an active phone call. That "top secret" meeting? No iPhones allowed, just like Elmo. Create and store for use a "signature" of the owner's heartbeat. Your heartbeat. As a security device. Next up? Pheremones. To determine if the device has been hacked, they want to watch for "a sudden increase in memory usage" . Like if you download a bunch of movies from Netflix or something ... keep your eyes peeled for the cops at the door, because Apple thinks your device is being hacked. Oh, yeah ... they'll also check to see if the device is "jailbroken" , so watch out for that, too. You could wake up with a "brick". Monitor and store for use Internet and telephony activity "packets". After all of their screaming about Google's Street View, this is pretty surprising. Take a photograph of the device's surrounding location , again, without notice to the owner. Great. More of your life stored without notice to you on Apple servers somewhere ... and probably offered for sale to hundreds of marketing firms. Supposedly, these measures (and more!) will help Apple protect you and your iDevice. Frankly, the cure is worse than the disease.  If Apple thinks its userbase will let it roll right over their privacy, it's probably right. The Apple userbase has been subjected to a lot of arrogance from the computer company, so they'll probably swallow whatever Steve Jobs tells them is good for them. It seems to be part and parcel of the psychological profile applied to Apple product users since Lisa was plopped into the retail space. But for Apple to declare that obtaining this information without notice to the user, without any indication of how long the data will be kept, or for what it will be used ... and I mean really used, not for the lame "security" reasons they included in their patent application ... and without any indication with which third parties it will share such information, the iUser had better get their heads out of the sand long enough to bray, "Enough!" The ethics of capturing data in secret from a device your company sold are not discussed too often in any serious manner. Most such discussions are quickly ended with fanboi retorts of, "if you don't like it, don't buy it." But the fact that companies like Apple believe they have a right and a responsibility to continuously and surreptitiously gather all sorts of data from their customers does not make it ethical. In my opinion, it is EXTREMELY unethical to maintain ANY sort of contact with a customer's kit following the purchase as Apple insists on doing UNLESS the customer PRO-ACTIVELY requests such service. "Services" like those proposed by Apple should NEVER be bundled with the original purchase. To do so KNOWINGLY takes advantage of the fact that customers do NOT read the fine print, and are usually in such a lather to purchase the device that they are not thinking as clearly as they should while standing at the checkout counter. So, Apple, go ahead and sell your little toys/spy devices. But advertise your "value-added" products like any other, and let your customers decide AFTER they have already bought the device whether they want to sign on to your Big Brother Over-The-Shoulder Nanny services, okay? It will make your products more appealing, and it will certainly help with your increasingly bad public image.