Monday, October 14, 2019

Safari in iOS 13 was sending browsing data to Chinese tech giant Tencent
http://flip.it/_rQW_A

I find it a little amusing in a way. Having had internet access since about 1996, I’ve long since gave up on considering my browsing habits to be private—it’s my browsing contents that I want kept private.

Between how browsers work and how much control we yield to the other end of a socket, I think it fool hearty to assume you can remain private about the basics. If you have ever visited a web site in recent times, it's a fairly safe bet that someone, somewhere can collate a unique identifier for you across several websites. Yielding things like your IP and resources (you know, the /blah/blah part of urls you visit) are integral to how user agents (browsers) and servers work. Cookies have been a fact of browsing virtually forever. You don’t have enough control over how any of this shit works, to be able to enforce strict privacy from being tracked.

Anonymity is the difference between sending the Gestapo to 742 Evergreen Terrace and f24088cc-4914-43ab-9810-07cdc069ebac visited five websites about donuts, and then logged into Yahoo mail; let’s ask Yahoo about them.

What we do however have some control over is the secrecy of our session content. Transport Layer Security, ala HTTPS, provides for some measure of privacy where it matters in our browsing. Nothing is going to stop donuts dot com from using an obvious /glazed resource for finding out about glazed donuts, but telling that you typed “HJS” into the search box and it popped up a super secret bulk ordering form, and your transaction details, is a different story. The security measures make it harder for someone to be dropping eaves if the other side is trustworthy; not being tracked is just hopeless at this point.

I have more hope in solutions that are technical and procedural in nature. Because if you can’t trust donuts dot com with where to bill and ship donuts then you probably shouldn’t be ordering donuts from them. If donuts dot com isn’t allowed to do business in your country without being obligated to offer up your payment data to the request of law enforcement, or pushing it to government donut databases, that’s a social problem and therefore political.

For better or worse there’s only so much that can be done on a technical front without changes to how the World Wide Web functions, and that shit just isn’t going to change for the sake of personal privacy.

No comments:

Post a Comment