“…leading academics such as Cathy O’Neill and Frank Pasquale, who study the social, economic, and political effects of algorithmic decision making… point to emergent practices of “weblining,” where algorithmic scores reproduce the same old credit castes and inequalities. Because these systems learn from existing data sets, it often follows that existing bias shapes what the machine decides is good, bad, normal or creditworthy.”
“While companies are generally up-front about what data is input to refine and upgrade the decision-making processes, the black box of the algorithm dictates that no one person really knows what data — or what combinations of data — will prove significant. With a little trial and error, for example, Joe Deville, a researcher at Lancaster University in the U.K., discovered that simply changing the screen resolution on his phone seemed to result in a different score for some algorithmic lenders, while others have suggested that actions as mysterious as charging your phone more often may produce a more favorable result.”
ZestFinance’s patent describes the use of payments data, social behavior, browsing behaviors, and details of users’ social networks as well as “any social graph informational for any or all members of the borrower’s network.”
I guess it’s time to unfriend all the deadbeats!
On a serious note, giving anyone access to such intimate details is idiotic, and whomever allows it deserves what they get in exchange.
It’s not like you have a choice. Whatever you do online anywhere is theoretically and probably actually available to any determined search. Data analysis engines can build a profile of you from whatever activity you do online, including posting at fragiledeal.
While that is true, it is much more costly than just asking people to link their facebook and twitter page. Since so many people will do that freely, that’s likely what most companies do and will continue to do. So there is a difference between having info out there that companies would actively have to sift through and just giving that info away in an easily crawl-able format whenever a company asks for it.
It’s like Cambridge Analytica. They can learn a lot about you simply by seeing things you do online. They don’t need what you think is confidential data. They gauge what you are by simple activities online, websites you visit, etc.
Correct me if I’m wrong, but didn’t Cambridge Analytica get data from facebook that facebook later admitted they shouldn’t have handed over? Obviously, there is nothing we can do to stop that if we are using facebook. But generally speaking, consumer data analytic companies are getting the conglomerated data from a few main platforms (google, facebook, twitter, etc) and not going out and actually combing publicly available data from all over the web and then piecing it all together.
Not exactly. The app had access to data and gave info to Cambridge:
“The personal data of approximately 87 million Facebook users were acquired via the 270,000 Facebook users who explicitly chose to share their data with the app “thisisyourdigitallife”. By giving this third-party app permission to acquire their data, back in 2015, this also gave the app access to information on the user’s friends network; this resulted in the data of about 87 million users, the majority of whom had not explicitly given Cambridge Analytica permission to access their data, being collected. The app developer breached Facebook’s terms of service by giving the data to Cambridge Analytica.”
So if you were just “friends” with someone on Facebook, your info is being seen by apps you never gave permission to. 270,000 gave actual permission; then the app got data from an additional 87 million. I am certain this is not the sole app that has done this.
This is not true. With ad blocker the only orgs that can build such a profile are the three letter govt agencies and your ISP, and as far as I know they don’t share this with commercial entities. With HTTPS, they only see which website you are visiting, not actual page. With VPN or TOR they see nothing (although in theory TOR can be subverted, that’s next level expensive attack which will likely be targeted and the results most likely would not available to commercial entities).
As far as facebook goes, the only way to prevent a Cambridge Analytica is to #deletefacebook (and to use ad blockers to prevent off-site tracking). Short of that, don’t use your real name, don’t post anything, and don’t share your empty profile with anything or anyone who’s not your actual friend. Also don’t post any photos of your face or allow anyone to tag you (there’s a privacy feature that alerts you and you can remove all tags).
This is what I meant when I said “facebook later admitted they shouldn’t have handed [the data] over.” Meaning facebook was partly at fault for the poor security that allowed the breach. And yes, there is nothing that you or I can do about stopping these sort of data gathering operations aside from just not using the sites that collect the data and are likely targets of a breach.
Everything is out there for anyone to find. Any determined hacker can find out all they want about you. You have records everywhere and nearly all of them are online. Your smartphone can track you. You can be viewed on a Web cam.
You are baiting and generalizing. I’ll take the bait once, but if you don’t have anything specific, I won’t reply again.
There’s nothing a hacker could find on me that a legal investigator or I myself couldn’t find. In other words, mostly public records, things I myself made available, and things that have leaked, like my credit history. Employment history and banking history may also be available to an investigator, there’s really no need to hack anything.
My smartphone is capable of tracking me, but you’d have to find my smartphone first – it’s not registered to my name or address, I pay cash, and nobody has my number besides Google. So first you’d have to know this, and then you’d have to find (again, no name), then hack my google account (uhm… good luck?). To do this legally you’d need a subpoena and a search warrant.
I can’t be viewed through a web cam if I don’t have a web cam. Or if I have a properly secured network.
My point was that if the information doesn’t exist “out there”, then it can’t be found. While the things you are talking about are possible, it doesn’t mean that there’s no way to prevent them. You said “it’s not like you have a choice”, but I’m telling you that you do if you care enough.
I don’t try to hide anything, I try to make it so that there’s nothing to hide. I don’t share personal information on social networks (my profiles are empty and I rarely post or “like” anything). I use adblock, requestpolicy, refcontrol, and a few others to prevent online tracking (so I’m fairly confident that facebook doesn’t know anything about me that isn’t on facebook). I have the best technology and network protections I could find that have no known vulnerabilities (discussed in another thread). I practice personal privacy and security like a way of life. That means opting out of information sharing, withholding information when it’s not absolutely required (and knowing in advance what is and isn’t required), feeding false information when there are no potential consequences, keeping up with security research and bug disclosures, and telling my friends and associates “don’t tag me bro”.
Security is an onion. I make it improbable for a random hacker to get to me, and very expensive for a targeted attack. Going back to my original point, I am absolutely confident that a random financial organization could never obtain my “social behavior, browsing behaviors, and details of my social networks” as described in my original response above, and it is absolutely possible to prevent them from getting this info.
Cambridge were such incompetent pikers. Back in 2012 the Obama campaign demonstrated how the professionals operate in this realm. That campaign weaponized data from 200 million Facebook accounts in their successful effort to defeat the hapless Mitt Romney . . . . . who was certain of victory right up to his bitter end. But how do we know this?
Members of the Obama team, following their 2012 election victory, bragged openly and proudly about their accomplishment and success. They are on the record in this regard. Romney’s moribund team was not even on this playing field.
So why all the hubbub with the relatively paltry and second rate Cambridge effort? You all probably can figure that out for yourselves.
Really excellent article, Argyll. Thank you for posting.
Most often I suppose it is a disadvantage. But from time to time I am blessed by my age. I never have felt, and I do not today feel, a compulsion to have my real name appearing anywhere on the internet. No facebook, which I think is silly, no twitter, also laughable, and no anything else. I do not use a cellular telephone today and never have.
There are the problems out of my control. Years ago (not recently), for example, over the years I was granted a number of patents. Today, because those patents are now available for reference on the net, I find my real name appearing and there is nothing I can do. Similarly I’m a victim of the finder service exposure we all suffer. This because I have a name and address. And of course the vulnerability stemming from the credit bureaus is not anything I can control as a practical matter.
But the concept of one intentionally putting oneself out there is not something I embrace. The other stuff, mostly beyond our control, must simply be tolerated in 2018 America.
There is an old saying, one taught me by my dad who passed away long ago:
“Fools’ names, like fools’ faces, Are often seen in public places.”
~ ~ ~ Thomas Fuller