Changing threats to privacy: Moxie Marlinspike on privacy threats at Defcon. Part 2.

Adblock Plus Firefox extension

‘Adblock Plus’ Firefox extension

One of my favourite most recent examples of small choices becoming big choices is this Firefox extension called ‘Adblock Plus’ – I’m sure that many people are familiar with this. The idea is that it’s supposed to help you block ads on the web. And the way it works is it allows you to specify a set of regular expressions that would match URLs that would be advertising URLs. And the problem with this is – you know, it’s quite effective – but these URLs are constantly changing, and so you want to be changing your regular expressions as well, and it could become a pain to keep up with that. So they’ve done a clever thing where they have a subscription model where you can subscribe to a list of regular expressions that someone else is maintaining. That way, you know, you only need one person or a group of people who are sort of ‘on the ball’ looking at these regular expressions and everyone else just benefits from that research. So there’s a number of popular subscriptions and they’re not all for ads, so there’s a few popular subscriptions for blocking trackers – you know, these are like web bugs that track your movements around the web as you browse along. And so I’m subscribed to one of these tracker lists, and of course one of the trackers that I’m most interested in blocking is ‘Google Analytics because, you know, there’s ‘no problem’ with Google Analytics at all. And one day, something interesting happened: ‘Google Analytics’ disappeared from the list of trackers in my subscription.

You know, if you think about the old world – the way the things used to work – you imagine that some Google executive tracked down the person who is maintaining this list and, you know, showed up with a briefcase of cash, and there was some shady backroom deal, hands were shaken – and, you know, ‘Google Analytics’ was removed from this list.

Google Analytics: the useful features might imply online user activity tracking

As far as I can tell, that’s not what happened and that actually something much more subtle and much more insidious actually happened. The way that ‘Google Analytics’ works is through JavaScript. What happens is website operators who wish to use ‘Google Analytics’ just import a little bit of JavaScript into their HTML file, and when the page loads, the JavaScript tracks it. Now, what Google did was they started including small bits of just usefully generic JavaScript functions into this ‘Google Analytics’ JavaScript file. And what they were essentially saying was “Hey, you guys are importing this JavaScript file anyway. Just use ‘Google Analytics’ on your website. We’re gonna throw in a few just generically useful functions – we’ve done this right and, you know, we figured this out – that you can use as long as you’re importing this thing. And then, you can just use it for the core functionality of your website”. And so now what happens is if you block the ‘Google Analytics’ JavaScript, you don’t just break ‘Google Analytics’, you actually break the core functionality of the website, because now these JavaScript functions the website is actually depending on (for the functionality of the website) don’t exist.

And so again, what they’ve done is they expanded the scope of the choice that you have to make. It used to be a very simple small choice – “Do I wanna be tracked by Google or not?”. Simple enough: you can either block the JavaScript or not block the JavaScript. Now, the choice becomes larger – “Do I want to visit this website or not?”, and that’s a much more difficult choice to make.

John Poindexter So why is this significant? Well, this guy’s name is John Poindexter, and he’s incidentally the guy who was found to be most responsible for the Iran-Contra scandal. He was convicted of lying to Congress but then never went to jail. And in 2001, he started a Government program called ‘Total Information Awareness’. He made a speech when he announced the program, where he said that “…data must be made available in large-scale repositories with enhanced semantic content for easy analysis”. Essentially, what he wanted to do was have the Government siphon off all Email traffic, all web traffic, all credit card history, everybody’s medical records and throw it into one big sink, just put it in one big pile – don’t worry about analysing it or processing it in real time. And then, develop the technology to really efficiently mine this data, to pull out the interesting statistics, relationships profiles that they are interested in at any point in the future. So you just collect this big sink of data and then, at any point in the future, you can go back and pull out anything that you want from it.

So this was the totalitarian future, this was the cypherpunk nightmare that, you know, they had been worried about. This is what they have been thinking about and preparing all this time. And people freaked out – I mean, this was a significant story in the news, people were up in arms, and in fact even Congress was like “What are you guys doing?”, and eventually the program was shut down.

Information Awareness Office logo

Information Awareness Office logo - the object of Moxie's scoffing

Okay, so why was it shut down? First of all, these people are clearly from the old world, they really don’t know what they’re doing. This was the actual logo of ‘Information Awareness Office’ (see image). This isn’t like the ‘Onion’, ‘Mado’ logo and parody of this. This was the logo they came up with. They have the pyramid with the Eye of God and a light beam shining down on the planet…That little bit of Latin over there means “Knowledge is power”. I mean, come on…If you’re gonna have some scary Government program, you know, you need like a friendly logo. Don’t call it ‘Total Information Awareness’ – call it the ‘Kitten Surveillance Society”. I mean, really you want something that’s sort of like colourful, almost cartoonish – something that seems childish and really harmless, you know: something like Google logo. ‘Cause if you go back and you look at what ‘Total Information Awareness’ was trying to do – Google has done all of it. I mean, in fact they have exceeded the original scope of what TIA dreamed to collect in process. And one thing that we know that they really excelled at and actually how they made their money is in being able to really efficiently mine the data that they collect and pull out the statistics and relationships of everything that they have.

Now, clearly, their intent is different. They are not John Poindexter, they’re trying to sell advertising. But make no mistake about it – they are in the surveillance business; that is how they make money: they surveil people and use that to profit.

And so the effect is the same. Who knows more about the citizens in their own country, Kim Jong-Il1 or Google? I think it’s Google, I think it’s pretty clearly Google. So once again, there’s this question: why are people so concerned about the surveillance practices of Kim Jong-Il, or the John-Poindexters of the world, and not as concerned about people at Google? Well, again I think it comes back to this question of choice, right? You choose to use Google and you don’t choose to be surveiled by John Poindexter or Kim Jong-Il. But once again, I think the scope of this choice is expanding and that it’s going to become harder and harder to make that choice as it’s a choice between participating in society or not. I mean, already if you were to say “Well, I don’t want to participate in Google’s data collection, so I’m not gonna email anybody that has a Gmail address”, that’s probably pretty hard to do. I mean, you would be in some sense removed from the social narrative, you would be cut out from the part of the conversation that’s happening that is essential to the way the society works today.

So I would say the trends have changed. Now we’re dealing with a situation where technology alters the actual fabric of society and information, as a result, accumulates in distinct places – and the ‘eavesdroppers’ now just moved to those distinct places.

The direct past vs. the subtle present The past was really direct: we saw the ‘eavesdroppers’ trying to embed surveillance equipment into every consumer communications device. And the present is much more subtle: instead of doing that, they just moved to the few distinct places where information tends to accumulate: places like room 641A2 in the AT&T WorldCom facility where the NSA has been operating the fibre optic splitters. The past was direct, you saw people like ‘Total Information Awareness’ directly trying to take your data. And the present is a lot more subtle: it starts by soliciting rather than demanding your data, and the ‘eavesdroppers’ just moved to those points where the data collects.

So when I’m thinking about the future, the first thing that I want to think about is these choices that aren’t really choices, and I want to deal with those problems. I want to acknowledge that the choices are expanding and in some sense they are becoming demands. So some projects are along those lines.

I started by thinking, okay so what’s up with Google? The main problem is that they have an awful lot of data about you. They record everything, they never throw anything away. They have your TCP headers, they have your IP address, they issue you a cookie, they know who you are, they know where you live, they know who your friends are, they know about your health, your political leanings, your love life. They know not just about what you’re doing, but they have some significant insight into the things that you’re thinking about. They’ve also done a really good job of controlling this debate by defining the terms. They say things like, you know “We care about privacy, so we anonymize your information after nine months”. What they mean by ‘anonymize’ is drop the last octet of your IP address. That’s not anonymity, but they’ve done a very good job of being able to define that as anonymity so that they could just start throwing that word around. They also did this brilliant thing with this ‘Google Dashboard’ where they say “Oh, you know, we’re putting privacy under your control”.

First of all, they only show you some of the information that they are most obviously capable of collecting about you. They don’t show you any of the other correlational stuff that they could easily derive about you. And the most diabolical thing about it is that to get privacy you have to have to be tracked, because to control your privacy using ‘Google Dashboard’ you have to stay logged in all the time and maintain a cookie. So it’s like, you know, they’ve turned the tables on you. And, you know, they have warned us: Eric Schmidt3 said this famous thing: “If there’s something you don’t want anyone to know, maybe you shouldn’t be doing it in the first place”. So they’ve warned us.

And lastly, we now know that the ‘Aurora’4 attacks on Google were at least partially about intercept. One thing we’ve learned from those attacks is that the Government is running intercept systems on their networks, and not only that but other ‘eavesdroppers’ are trying to get access to those intercept systems. So what we are seeing is as more and more data accumulates in these places, it becomes more and more valuable. And so ‘eavesdroppers’ move to those places and even ‘eavesdroppers’ without a legal backing also try to move to those places. So I think we are going to continue to see that as a problem as these become more and more valuable over time.

Read previous: Changing threats to privacy: Moxie Marlinspike on privacy threats at Defcon
Read next: Changing threats to privacy: Moxie Marlinspike on privacy threats at Defcon. Part 3.


1Kim Jong-il (born February 16, 1941 or 1942 – December 17, 2011) was the supreme leader of North Korea (DPRK) from 1994 to 2011.

2Room 641A is an intercept facility operated by AT&T for the U.S. National Security Agency, beginning in 2003. Room 641A is located in the SBC Communications building at 611 Folsom Street, San Francisco.

3Eric Schmidt (born April 27, 1955) is an American software engineer, businessman and the current executive chairman of Google.

4Aurora (or Operation Aurora) was a cyber attack which began in mid-2009 and continued through December 2009. The attack originated in China and targeted Google as well as dozens of other organizations

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: