Category Archives: Internet

Twitter Follower Audit

Posted on October 22, 2018 by Michael Froomkin

SparkToro analyzes a random sample of 2,000 of your Twitter followers and tries to estimate how many are fake.  I did OK (love the spike at 9 out of 10), and given the methodology I think the 12% fake number is probably a slight over-estimate..

Posted in Internet | Comments Off on Twitter Follower Audit

10 Things You Can Do to Protect e-Privacy & Autonomy

Posted on February 7, 2018 by Michael Froomkin

At UM’s Data Privacy Day event I made 10 suggestions about what you can do to protect your e-privacy and autonomy.  Here they are:

  1. Trust cyber-civil liberties NGOs like EFF to recommend things to use and to do. If you take away nothing else, remember this URL: Eff.org.
    1. Use EFF’s Privacy Badger browser plugin.
    2. Take their audit – Panopticlick – of how unique your browser fingerprint is.  Unique fingerprints are a way you can be tracked. Block cookies and super-cookies.
    3. Use their Https Everywhere tool
    4. Find the EFF surveillance self-defense guide. It offers advice tailored for different groups that might have greater / lesser needs for privacy/defense (e.g. LGBTQ, activists, journalists, lawyers, activists).
  2. Use VPNs — virtual private networks.  And only use good ones – be careful about jurisdiction and policies:
    1. The UM off-campus VPN is a valuable service, and good to protect against third parties … but not against UM. Does UM log your usage? Do they record your originating IP#? The sites you visit? Despite some frantic Google searches, I can’t tell — it seems they don’t say. I think therefore you have to assume they do. And if were the UM General Counsel my first instinct would probably be to say they need to do the logging to protect themselves.
    2. Is your VPN service dirt-cheap or free? Does the service cost only a few dollars for a lifetime service? There’s probably a reason for that and your browsing history may be the actual product that the company is selling to others.
        1. Look for establishment in a democratic country with a strong commitment to the rule of law.  Without that, even the best promises in the Terms of Service (ToS) to not log web page access OR IP# and access times is meaningless.  Note that many, probably most, VPNs in most other countries are required to do some logging.https://it.miami.edu/a-z-listing/virtual-private-network/index.html
        2. Does the VPN promise to prevent DNS leakage to your ISP?
        3. Ideally, the VPN should support IPv6 as well as IPv4 to prevent leakage when the remote site is on IPv6. This will become more important in the future as more and more sites move to IPv6.
  3. Use Tor as much as possible.  (But see #8 below.)
  4. Inspect your browser settings on your phone and computer to set max privacy options (including blocking 3rd party cookies and enabling Do Not Track).  Use a privacy hardened browser on your phone such as the Warp browser.  On both computer and phone always use a search engine such as Duckduckgo that will not track you.
  5. Encrypt every drive, every email (when possible), and especially all cloud-stored data before uploading it.
  6. Get a password manager and use it – never re-use a password. Use 2-factor authentication for google, other services that support it. (Only 10% of google users do!)
  7. Don’t put any apps on your phone that connect to anything financial (due to risk of ID theft if phone stolen).
  8. Lobby UM to make it easier to use VPNs and Tor, on both the wired and wireless networks.  Ask UM to be more transparent about what cookies its web pages set and what they track and record.  And, importantly, ask UM to not require you take every single UM cookie in order to use the “remember me for 30 days” feature of its authentication app DUO.  Also, ask UM to promise that it has your back, and that it will challenge any request for your data to the maximum extent the law allows (right now it makes no such promises at all; even National Security letters are sometimes withdrawn if the data-holding entity says it will go to court to ask for it to be reviewed).
  9. Lobby for privacy laws that limit data collection – once data are collected major First Amendment issues come into play, making it hard to limit use and re-use of accurate data. Also lobby to stop the US government secretly introducing vulnerabilities into fundamental crypto standards.
  10. Resist the frame: understand that the true definition of the ‘greater good’ is one in which the individual is able to flourish. Remember that ‘terrorist’ is a label that fits best after conviction – before that what we have is a ‘suspect’; conceivably any of us can be a suspect. So arguments that we should control crypto or prevent privacy in order to give law enforcement access to all our data when they decide they need it should be viewed with great caution and a firm eye on how the powers they want could be misused by them or by others who get hold of their tools. And even if we someday find ourselves in a world where things have gone badly wrong, and we do find ourselves subject to pervasive surveillance, follow Vaclav Havel, who in his great work ‘Living in Truth’ reminded us that so long as we choose not to self-censor we have chosen not to surrender a key part of our freedom.

(Some links added after original posting)

Posted in Cryptography, Internet, Law: Privacy, Surveillance, Talks & Conferences | 1 Comment

Firefox Hates On Its Users

Posted on November 14, 2017 by Michael Froomkin

Ok, maybe FF57 is faster, but it’s uglier and less functional. They finally pulled the trigger and killed off thousands of add-ons. My workflow just got noticeably worse.

I just lost about 30 enhancements and extensions. Admittedly, many were just frills. But I’ll particularly miss Tab Mix Plus, Autocopy, CoLT, Tab Mix Plus, Zoom Page and the beautiful and functional Nautipolis theme.

Oh, and did I mention I’m missing Tab Mix Plus?

With this revision and the disabling of key customizations, FireFox eliminates its #1 advantage over Chrome. After all these years, I may just switch.

Posted in Internet, Software | 4 Comments

Back Up All Google Data

Posted on November 20, 2016 by Michael Froomkin

Google Takeout–I didn’t know this was even possible, but you can download a copy of your email,  contacts, calendar, google drive, and indeed everything google, in .zip format.  Alas there is no way obvious way to automate it.  So do it right away, or you’ll forget.

Thank you to Stefan Krasowski for the pointer.

Posted in Internet | Comments Off on Back Up All Google Data

How to Fix Chrome Suggested Article Annoyance

Posted on October 25, 2016 by Michael Froomkin

Techcrunch to the rescue:

Several months ago, Chrome started experimenting with adding suggested articles to your new tab page. That was neat when it was optional. In the new Chrome 54, it’s mandatory. Here’s how to turn it off.

When you open a new tab in Chrome 54, if you scroll down you’ll see recently used bookmarks, followed by a list of suggested articles (the same one Google Now shows you that can be a little bit of an echo chamber). If you’re not a fan, open both of the following settings in Chrome and disable them:

chrome://flags/#enable-ntp-popular-sites

chrome://flags/#enable-ntp-snippets

You may have to restart the browser for it to work. Once it’s done, however, those suggested articles should be gone. Enjoy your clean new tab page!

Posted in Internet | 1 Comment

Why the Attempt to Enjoin the IANA Transfer is Baseless

Posted on September 29, 2016 by Michael Froomkin

The Attorney Generals of four right-wing states sued today to block the transfer of the US’s control over IANA to ICANN.  Here’s a link to the plaintiffs’ complaint and request for declaratory and injunctive relief.

And here’s my very quick take on the lawsuit: The APA claim is bogus.  I think they lack standing for the property claim. The property claim is also meritless, as the government is not giving away any property it “owns”.  The US is letting go of a contractual right to veto alterations to the data in a computer file (the root zone file) held on a privately owned machine.  There is no intellectual property right because the contents of the file are in the public domain, and US law would not recognize this as a compilation copyright.  What’s at issue in the IANA transfer is the loss of the US government’s right to veto authoritative changes to the file, not to own the contents.

In any case, the proposed transfer doesn’t harm the defendants in any way now, and their complaint fails to say that it does.  Plaintiffs only give extremely speculative allegations of possible future damage. Indeed, the most they can come up with in para 22 of their complaint is that “Plaintiffs will lose the predictability, certainty, and protections that currently flow from federal stewardship of the Internet and instead be subjected to ICANNs unchecked control.”  While I am more sympathetic than most about the dangers of being subject to ICANN’s unchecked control, the fact remains that in the absence of any clear threat by ICANN do something that would harm the plaintiffs in some way this is far too speculative a harm to be recognized by a US judicial system that is allergic to speculative harm. The same argument applies to the claim that ICANN might – no sign at all it will – increase fees to GSA for .gov, which might – no clear sign it would – be passed on as a cost to the plaintiffs. (para 29).

More generally, the complaint takes a surprisingly collectivist view of private property given that it was filed by some of the more right-wing state officials in the land.  My computer is not a public forum.  Yet, by claiming that “the internet” has been “established” by the US as a public forum, the plaintiffs seem to want to (in effect) nationalize every computer on the Internet, or at least all the US ones. See for example paras 32 and 35-36 of the complaint which refer to the private use of private computers, but try to turn the computers and the uses into something that requires licenses or which government could control.

Count 3 is bogus because the Commerce Department’s act isn’t a rule in either form or substance.  It might arguably be an adjudication – I wrote an article arguing that other related actions should be seen as adjudications (but the courts didn’t bite).  NTIA has always taken the view that changes to the IANA relationship are just contract negotiation, like buying paperclips, and those don’t require notice and comment and are not adjudications either; instead it’s just purchasing (I thought the $0 cost of the purchase orders was odd, but that failed to convince enough people.) In any case, not renewing the contract is even less an action than altering it.

Count 4 – the claim that the government is lacking statutory authorization for its actions – is a little more interesting.  It has two problems, however: first, the plaintiffs lack the standing to bring it.  Second, if it is correct, it likely proves too much, for if getting rid of the Root Zone File was lacking authority, so too was maintaining it.  So were this to go forward, the result would be to say the government couldn’t do any of the things it has done in the ICANN/IANA space … which is exactly the result that the plaintiffs are suing to prevent.

Count 5, the tortious interference with contractual relations claim, founders on the absence of any non-speculative damages.  US tort law requires you have damages to prevail on a tort claim.

In the long run, this claim cannot succeed.  Whether the parties might be able to scare a judge into throwing a spanner in the works while he or she figures things out, I don’t know, but even if they do I just don’t see any way for this lawsuit to prevail in the long run.

Posted in ICANN, Internet, Law: Internet Law | 1 Comment