* Posts by GcdJ

23 publicly visible posts • joined 25 Aug 2016

Behind Big Tech's big privacy heist: Deliberate obfuscation


GDPR insists on inmformed consent

There is the GDPR clause requiring "the user" to provide "informed consent" to the "processing of their personal data". This means that the privacy policy must be within the reading ability of all users required to agree to the processing of their data.

I did my Masters paper on this very clause - this assessed many privacy polices for readability and then contrasted this with the profile of reading ability of their expected users.

he only company that came even close to meeting this "informed consent" threshold was the BBC. All other companies were dire - this included Amazon, Facebook and Microsoft - it also included various banks, on-line casinos. They could all fined for non compliance to GDPR simply because they can not credibly argue that they have "informed consent" for processing personal data.

Get ready for full holograms and 6G while living in the metaverse, says Samsung



So 2030 is the year that SkyNet starts to be rolled out.......

The Six Million Dollar Scam: London cops probe Travelex cyber-ransacking amid reports of £m ransomware demand, wide-open VPN server holes


Re: Don't forget this is Travelex

Quote > "once they get their ransom, what's stopping them from making extra profit by flogging this data, record by record, or in bulk?"

if the ransom is paid and then the data is put out on the internet (sold or free) then there will be no incentive for the next organisation they attack to pay the ransom. These blackmailers must solicit trust to make money in the future.


Secret mic in Nest gear wasn't supposed to be a secret, says Google, we just forgot to tell anyone


Re: Don't be........

The action of Google was blatant in reading the SSID and the data load for the packets. They also stored the packet data for later analysis.

Google then spent 6 years denying repeatedly that they did store the WIFI user data. The patent mentioned earlier and internal emails evidenced that the cars were deliberately set-up to store this data. Google was fined (tiny amount) and agreed to stop storing LAN data. To my knowledge this has never been verified via external audit..

Microsoft menaced with GDPR mega-fines in Europe for 'large scale and covert' gathering of people's info via Office


So much for Microsoft applying GDPR globally

When GDPR was being implemented it was refreshing to hear that Microsoft would implement GDPR compliant policies globally. This is quite a unique position compared to the other US tech giants.

Alas, I guess that was just PR optics and Microsoft will just do whatever they like wherever they like.


Re: Abide by their rules or GTFO

Assigning share of global profit for any of these global companies is

very problematic. Do not treat any numbers as accurate.

ICANN't get no respect: Europe throws Whois privacy plan in the trash


At a micro level - I don't get SEO spam anymore

I have a few domains that I use for a micro-business. Prior to GDPR (May 25th) I would get 3 or 4 spam emails a week offering SEO or web design services. Since May 25th I get ZERO spams offering these servcies.

For this tiny benefit I love GDPR!! The data privacy is also important but it is extra value for me.

UK.gov told: Draw up code of practice for cops bulk-slurping car plates


Who is harmed and how?

As with all matters related to personal privacy - there are two ways to look at the problem:-

1) We don't like and resist anything that has the potential to reduce our privacy. Our default position is we want total protection. All people with vested interest then jump on the privacy argument to further their own objectives.

2) Analyse who is harmed and how, and make decisions that achieve the greater good.

It strikes me that the article and police surveillance generally is always debated using category (1) above. As a society we have to think in terms of category (2).

Why did top Home Office civil servant lobby Ofcom for obscure kit ban?


Could the request to regulate then be related to crime rather than cost saving?

Whilst COMUGs save dialing costs arn't these the same deices being used by fraudsters to spoof phone numbers onto phones. They pretend to be from your bank and need to "take you through security" before taking you on a merry dance that results in your bank account being emptied.

If these companies are allowing spoofing then the government is right to ban them - or at least regulated them so that they can not be used for nefarious purposes.

VTech hack fallout: What is a kid's privacy worth? About 22 cents – FTC


What a small fine

If this data hack impacted Europeans and it was to occur when the GDPR legislation is active (after May 25th 2018) then the maximum fine that the EU data commissioners could impose is EUR20m. That would be more reasonable and much more likely to focus the minds of these (and other) directors.


What a small fine

removed - duplicated

Google to crack down on apps that snoop


No Mention of banning locaiton data

Under GDPR location data is also classed as personal data

It only takes 4 location data points to uniquely identify any phone/user.



Escrow you, Apple! Ireland expects Cupertino to cough up to €13bn


You do not understand - Eire have underwritten the fine

As part of the "attractive tax" agreement that was formed to get Apple into Ireland Apple asked Ireland to confirm via a formal legal opinion that the tax agreement proposed by Ireland was legal. Ireland provided that legal opinion and assured that should the opinion be incorrect that Ireland would cover the costs of ant litigation or fines. It has been featured in documentaries on the topic.

This is why Apple is not that bothered by the fine except for the reputational damage - Putting the money in Escrow provides a bit of a cash-flow challenge but nothing major for Apple.

If/When apple is required to pay the money to the Irish Government the Irish government will simply pay it back. This proposal for offsets is simply a way to improve the optics.

Also - The BBC Panorama programme on the Paradise Papers (recent data hack from wealth managers) showed that Apple had gone "tax avoidance" shopping after it's problems in Ireland. The programme featured the invitation to tender that was sent to all the zero tax centres around the world.

But none of this stop people buying the phones.......

Ex-Autonomy exec agrees to be a witness for HP fraud case


But the alledged dodgy accounting only bring forward sals 1 quarter

The dodgy accounting that has been listed (see here http://fortune.com/2016/12/14/hewlett-packard-autonomy/) serves only to bring sales forward 1 quarter. That is bringing a sale into Q1 that should be in Q2 serves to inflate Q1, but simultaneously deflates Q2. There is no net effect over a year (except when going from Q4 to Q1.

It is not clear what the annual growth rate of Autonomy was is but if we are optimistic and assume 20% then bringing the whole of 1 quarter forward will at the very best makes the company appear 5% more larger or more valuable than it should. But a 5% error in company size that not generate a £8.8bn write-off from $11.1 bn purchase price.

There has to be something else happening here.

Surprise: Android apps are riddled with trackers


Re: GDPR - is a standard - it will have a logo

The apps and the app stores will change with GDPR

With GDPR will come a standard along the lines of "GDPR compliant" - probably with a better name.

An app that is compliant to GDPR will carry a clear logo to make it clear to the propspetive user that it meets GPDR requirements (in the same way that have "HD ready" TV). Then when we are in the APP store we can choose only accept apps with the GDPR compliant logo.

There will still be apps out that are not complaint - but users will download those non-compliant apps at their own risk. The download rate for these non-GDPR compliant apps will plummet. The store owners will be made responsible for ensuring that no-apps advertise a false GDPR-compliant labels.

The business model for all these snooping apps (In Europe and the other 100 of countries that copy the EU data protection standards) becomes breaks.

This will impact the users and the apps in north America too. If you are a well educated or wealthy US citizen given the choice of downloading two similar apps - and one is marked one marked GDPR-compliant what will she do? Even in the US GDPR is going to have a big influence and correct badbehaviour.

Many of the non-GDPR app providers and trackers will go out of business. The world becomes a better place.


Judge stalls Uber trade-secret theft trial after learning upstart 'ran a trade-secret stealing op'



So we currently have Softbank about to tender to buy-up private shares in Uber on the cheap (30% discount) - will they go ahead now, or even require a bigger discount?

And we still have the new CEO aiming of an Uber IPO in early 2019.

I am a firm believer in the adage that you can sell anything at the right price. But what would you want to invest $1000 in this company?

Me thinks these plans are now in a distressed state.


Smartphone SatNavs to get centimetre-perfect GNSS receivers in 2018


I seem to recall the GPS sats have a dither error parttern

I seem to recall that the GPS sats enforce a randomly changing dither pattern for all non-military uses.

Receivers can then correct for the differ if a know position transmits its dither delta. int he UK this is done using the BBC radio masts

Are we saying the dither has now been disabled - or the correction is now so widespread that we just ignore it in conversation.

I recall that network rail in the UK is very keen to have accurate satellite positioning so that it can find its track side junction boxes. It appears that Network Rail keeps loosing them and then goes to the cost of sending out a search parties before the maintenance can take place..

iRobot just banked a fat profit. And it knows how to make more: Sharing maps of your homes


But what is phase 2 of the plan

So iRobot enables the room layouts to sold for marketing purposes. In and of itself this would be annoying but it is of limited value.

BUT - what if a later version of the vacuum cleaner was equipped with a dust analyzer?

The dust data then becomes VERY valuable. Imagine the targeted ads for soaps & detergents, or letting us know that our cat has fleas.

Some bright-spark will write an app that tracks home cleanliness, mashes the data into a single index and then shares the ranking with our friends. Some other bright-spark will take the home cleanliness index and use that to feed into credit scoring, or employability ranking.

AI-powered dynamic pricing turns its gaze to the fuel pumps


it really depends what the dynamic pricing is

How frequently will the pump prices be updated?

If this is daily then I see no problem with the process. If it is minute by minute then it is anti-competitive.

You can imagine petrol companies selling "club membership" to those that want reasonably fixed pricing at their local station

You can also imagine the academics and app makers reverse engineering the pricing process.

Also - why limit the pricing to "demand and supply" parameters when they would really like to use "ability to pay" as the price setting logic. That is brand new Range Rover rocks up to the forecourt so the price to this customer is raised 10%. At the same time a beaten up Nissan Micra arrives and they get a 10% discount.

Where does it stop?

ICO fines 11 big charities over dirty data donor-squeezing deeds


You can see how the deep dive into the data would work

When the charity gets a new one-off donation they check to see if the donor can be upgraded to a regular donation? When they get a new regular donation they check to see if the donor can be upgraded to bequeath a payment in their will.

From the charities perspective they do not need to spend time and effort (+£) trying to upgrade donors that refuse to comply because they would rather spend the money on good causes.

So the cost of little data mining to narrow their focus to the more likely candidates is economically very attractive.

No point fining the CEO or trustees - they are not paid very much (relative to FT350 companies with a similar turnover) and is would only prevent the charities being able to attract good talent.

A slap on the wrist is the right way to proceed. If a charity continues with the behavior the fine will be increased and the reputational damage will be significant.

Guess who's suffering an email outage. Go on, it's as easy as 123-Reg


Customer service fail indeed

123-reg decided to restore my filing system to an image of 1 week ago and leave it publishing all Sunday. They also set it to read-only, so nothing I could do would upgrade it.

Meanwhile - they had a message on the status page saying that everything was back up and running normally. We are clearly a post-truth society

The status updates were rubbish - copying 1 week old data to my live site was stupid.

The support desk was useless - the support desk told me that there was no way for 123-reg admin to set read-only and I should use filezilla to edit the site. Needless to say their status page said they had enabled read-only, I was using FileZilla, and it was very clear that nothing would write to the file system.

The support desk is also blaming the service providers to 123-reg. Buck passing in the internet age.


Sextortion on the internet: Our man refuses to lie down and take it


What about the "other" Ian Thomson?

In your quest to post a breaking news article - You appear to have provided a great deal of information that can be used to identify the victim - your doppelganger.

(Name, facial hair, weight, iphone)

This is not good journalism and I suspect any person that fits your identification may have a legal case against your publication for deformation of character etc?


US Treasury to launch pre-emptive strike on EU's Ireland tax probe


Apple has a get out of jail free card!!!

To some extent the discussion re Apple pre 2014 is academic.

When Apple was discussing the setting up of its European base in Ireland and the tax structure that it wanted way-back-when, it had the fortitude to ask the Irish government to confirm that the tax structure was fully legal. This lead to the Irish government providing a written legal assurance to Apple that it was legal - and to confirm that the letter was worth more than the paper it was written on, the letter included a full indemnity by the Irish government. So if, at any point in the future, the tax structure was found to be illegal and penalties/back tax was to be paid then the Irish government would pay the bills on behalf of Apple.

Suddenly it makes sense why Irish government is being so slow assisting the EC. It also means it is right for the US to be concerned as the EC may choose restitution that helps to protect the Irish government.