Obfuscation as a Privacy Tool

This essay discusses the futility of opting out of surveillance, and suggests data obfuscation as an alternative.

We can apply obfuscation in our own lives by using practices and technologies that make use of it, including:

  • The secure browser Tor, which (among other anti-surveillance technologies) muddles our Internet activity with that of other Tor users, concealing our trail in that of many others.
  • The browser plugins TrackMeNot and AdNauseam, which explore obfuscation techniques by issuing many fake search requests and loading and clicking every ad, respectively.
  • The browser extension Go Rando, which randomly chooses your emotional “reactions” on Facebook, interfering with their emotional profiling and analysis.
  • Playful experiments like Adam Harvey’s “HyperFace” project, finding patterns on textiles that fool facial recognition systems ­ not by hiding your face, but by creating the illusion of many faces.

I am generally skeptical about obfuscation tools. I think of this basically as a signal-to-noise problem, and that adding random noise doesn’t do much to obfuscate the signal. But against broad systems of financially motivated corporate surveillance, it might be enough.

Tags: , , ,

Posted on November 5, 2019 at 6:15 AM53 Comments

Comments

Fazal Majid November 5, 2019 6:58 AM

You’d be surprised. Most machine learning algorithms need to ingest significant amounts of data before they yield statistically significant results, and it doesn’t take a lot of chaff and sabotage to cripple them.

jbmartin6 November 5, 2019 8:03 AM

I always felt that random obfuscation is pointless since it is easy to filter out. If I randomly click on a lawnmower ad (I have no real interest) ONCE, versus the twenty mountain bike ads I clicked on (I do have an interest), that is easy to recognize and filter out. Better would be a way to periodically switch profiles with some other person. Maybe there would be some way to use machine learning to train a model to behave like one person, then another person could use that model in their obfuscator temporarily.

Faustus November 5, 2019 8:04 AM

I am a big fan of Finn Brunton and Helen Nissenbaum’s book “Obfuscation: A User’s Guide for Privacy and Protest”. I am applying many of its techniques, although to a lesser extent than I might because shutting down javascript prevents many attacks against my security from being loaded.

A lot of sites work sufficiently without javascript now. Is this a recognition that it is the site’s responsibility if they force people to use javascript and thereby enable attacks against their users (and themselves)?

But on occasion I am forced to enable some javascript so I love watching the Ad Nauseum meter of money corporations have lost by presenting ads to me which are then hidden and invisibly clicked on. Or to watching Track Me Not spray randomized searches at nosy search engines.

As far as I can tell, every single person who says privacy is dead simply means they are too tired, lazy or implicated to bother preserving their privacy. Or perhaps it is learned helplessness. https://positivepsychology.com/learned-helplessness-seligman-theory-depression-cure/

Noise signal analysis might be effective when the signal is a sum of sin waves. In the complex data of human lives noise is much harder to identify. In any case, why make it easy for the identity vampires? Increase the cost, decrease the accuracy, and whenever you can bring the costs home to them.

It’s a bracing feeling, refusing to going along with being a sucker.

me November 5, 2019 8:09 AM

@Schneier

and that adding random noise doesn’t do much to obfuscate the signal

i was going to write exactly the same thing: you can filter out random noise by averaging the signal.

futility of opting out of surveillance

there are some differences, for example:
-the facebook likes, i don’t see any reason to click random likes, if you don’t want to be tracked just never click like button, problem solved.
while if you want to use them expect to be tracked, adding random likes to real ones will not prevent facebook from finding out which one are fake.
you can check this also with akinator, the website that with questions find out what you are thinking, it will detect random answers and also lies by asking the same question twice.

-tor, tor is different, now the tracking is not caused directly by your actions[1], so here obfuscation is useful, because you can’t opt out so the only way is obfuscation.

but obfuscation is not always possible, for example you can’t obfuscate what you buy at the supermarket by buying random extra stuff, it would cost quite a lot.
also you can’t obfuscate your path to work by taking random roads all the time.

we need law that forbid the collection of such data in first place.
not laws that punish misuse (and we don’t even have such laws)

[1] we can say that your request to visit the website is your choice in the same way of facebook you can optout by not using internet at all but to me this seems a not valid solution. while using facebook but not pressing like might be a good trade off (i’m not on facebook)

Förster. November 5, 2019 8:15 AM

…adding credible (but phony) ‘signals’ to a signal-to-noise spectrum being analyzed — is much different than merely adding ‘random noise’ inputs to that spectrum.

It presents a much bigger problem to the adversary analyst.

Smart obfuscation is fundamental to electronic deception.

me November 5, 2019 8:21 AM

@Faustus

Noise signal analysis might be effective when the signal is a sum of sin waves.

no, it works also on ads and “all other things”, as @jbmartin6 pointed out if you randomly click on any ads once but you click on bikes ads 20 times you have interest. and no, clicking 20 times on one of the random things is not going to help.

@jbmartin6

Better would be a way to periodically switch profiles with some other person.

this is not going to work too, for example if we exchange our cookies (browser fingerprint, and all other relevant data)… let’s say i give you my pc and you give me your:
it will not work because of ip address is different, interests will be different.
ad company will just detect that the device has been sold or something like that.

use machine learning to train a model to behave like one person

this may work alone but not if you and the machine algorithm use the pc for the reason explained above, but again i don’t see the reason for it.
just ignore the ads.

a bit off topic:
this apply also for hacked profiles, they are easy to detect by facebook: how is possible that this italian person with only italian friends, connecting always from italian ip with italian time now connects from russian ip with russian timezone and deleted all the friends?
what i don’t get is why they(companies in general) do nothing about it, so many people complain about being hacked and companies do nothing to restore accounts.

me November 5, 2019 8:29 AM

@Förster

adding credible (but phony) ‘signals’

good idea, this might work but suppose that i have interest in bikes and they track me bacuse i click on bikes ads.
i also have smart fake ‘signals’ (click on ads, whatever) that click always on “english course” ads.
now who track me think that i have interest in bikes and english.
but 5 minutes later i buy a bike and 1 year later i never bought any english course.
i don’t think that obfuscation help unless it’s made in a good way (read difficult/impractical for most uses), tor works because anyone is equal/the same person. but you can’t apply it everywhere.
in the above to make it tor-like i should shop online for all my friends and keep for me the bike, give to my friend A the english book and my friend B the new pc.
i’m the “tor exit node”
but it’s not easily applicable to real life most of the time.

me November 5, 2019 8:38 AM

This is blog also about cryptography so here is an example of where it works, but again it’s hard to do in real life:
Chaffing and Winnowing: Confidentiality without Encryption
https://people.csail.mit.edu/rivest/chaffing-980701.txt

(@Schneier i’m sorry that i have posted so many comments, i hope i’m not spamming, i wrote them because i think they have something useful in them)

TimH November 5, 2019 9:09 AM

@Faustus

It’s a bracing feeling, refusing to going along with being a sucker.

Exactly. This is the message to teach… push back against being used and treated as a free profit.

Faustus November 5, 2019 9:42 AM

@ Me

“Chaffing and Winnowing: Confidentiality without Encryption” is a great contribution to the discussion. Thanks!

I really wish I could get into the head of people with different views. But that would be surveillance!! It does seem like your sympathies lie with advertisers based on your comments. Are you unaware that the Like button surveils you whether you click it or not?

I think using a simplistic system with a couple of well defined variables to understand the behavior of a system with many hard to define variables provides limited insight. In my experiments with deep learning systems more than 10% noise starts massively degrading performance and any significant noise has real impact. I’m sure everything that I do could be defeated at a cost of dollars and effort. Which is the point. We should:

— Increase the cost of surveillance
— Decrease its effectiveness
— Deny social capital to the architects of surveillance systems and other tech abusers through ridicule, disdain and isolation. These people are not heroes to be emulated, they are parasites to be restricted to sterile and uncomfortable environments.

The more people obfuscate the better it will work. Is that why people are trying to convince others it is pointless?

@ Mr. C – (Are Ad Nauseum clicks charges?) Am I personally sure? No. But the book contains studies to that end. And what would be the mechanism to not charge the ads? If nobody is getting charged because of the presence of Ad Nauseum that is simply a win in the other direction. But I know fake clicks are a big concern in the pay per click model. I’m just doing my bit to make the problem worse!

gordo November 5, 2019 10:37 AM

I think that all these so-called private systems (Google, Facebook, Amazon, e.g.) should be nationalized, stripped of advertising, treated as public utilities and usage anonymised as much as is systemically feasible and possible. Profiling or stalking, i.e., microtargeting, commercial or otherwise, should be illegal. Credit bureaus, for example, existed before the Internet and can function without the mostly extraneous data produced there. I’m sure there are other examples.

uh, Mike November 5, 2019 10:41 AM

I advocate garbage-in when it’s a legal option.
In particular, swap retail discount cards with other people.
Do a few captchas completely wrong before demonstrating sentience.
Also, I clean out my Facebook page routinely, if I visit it at all.
Just trying to be a rodent among the digital dinosaurs.

Bob November 5, 2019 11:42 AM

Similarly:

  • Change and obfuscate PII in unused online accounts before you deactivate or “delete” them.
  • Don’t provide more PII than you need to.
  • Use a different email address for every online service.
  • Use a different browser profile or Firefox containers for known tracking websites (Google, Facebook, etc.), in addition to ad or cookie blockers.

  • Changing browser user agent is futile:

https://www.privacy-handbuch.de/handbuch_21e.htm

(Use https://www.deepl.com/translator to translate.)

  • “IPv6 hurts your privacy, removes plausible deniability and is on by default”:

https://privacylog.blogspot.com/2019/09/ipv6-hurts-your-privacy-removes.html

Bob November 5, 2019 12:52 PM

Great password, Ralph!

The only thing to make it better would be to fit a number in there somewhere. Nonetheless, great job.

MikeA November 5, 2019 1:36 PM

@Faustus — . Are you unaware that the Like button surveils you whether you click it or not? —

You beat me to it, but forgot to mention that a non-sleazy website can use the approach that this one does, to not “display” the “share” button (in clickable form) until the reader has deliberately asked for it. Hover over the “do you want to even see the real button” icons just above the comments to see what is happening.

Unfortunately, I can only recall seeing one other site use this technique, and have forgotten which it was. But at least Bruce is trying. I simply don’t have any share buttons on my own site (but I understand there are folks who would be eating cat food under a bridge if they couldn’t pimp out their readers. 🙂

Obfuscator November 5, 2019 2:13 PM

I have to say that this page gets better for everyday, first this tempest thingy and now obfuscation, i like this idea of feeding the beast, since it works not only on internet, you know your phone is bugged, use it to your advantage, if you are followed, go places, be stupid give fake clues that adds up in the end it will cost who ever is in the receiving end of the obfuscation trickstery alot of money and vasted time and resources for absolutely nothing. I find it highly amusing.

I think that obfuscating traffic on tor is easier than not using tor, since the first hop can only see that the traffic is tor traffic, use it to your advantage, should be possible to use your imagination to create 24/7 tor traffic that makes no sense what so ever, at least it will hide your real tor traffic and if you have the bandwidth and it doesnt cost you extra, i think it could work quite well.

I hope i find some great ideas reading this thread, i guess i have to start to google that Hellen Nissenbaum thing, sounds like a good start, cheers

David Leppik November 5, 2019 2:40 PM

Adding bogus signals (e.g. extra “Likes”) won’t make any difference if you’re trying to obscure your actual likes. Collaborative filtering and personalized advertising algorithms don’t care how many interests you have; they just add them together.

The only time it works is when a system needs to decide where to expend its resources, and your chaff can convince it not to spend resources tracking you. For example, if there’s a physical person tailing you, you can lose them in a crowd. Or if everyone uses SSL to visit a website, users who need SSL become less noticeable. But in most cases a machine can search all the data, or at least enough that most obfuscation won’t make a difference.

I used to avoid giving personal information to local stores. Then I realized I was just giving Amazon an advantage.

David Rudling November 5, 2019 2:51 PM

@Bruce
I am not at all technically competent to judge whether a paper which promotes “…the futility of opting out of surveillance, and suggests data obfuscation as an alternative.” is sound on a technical level but I feel that the basic premise that one is an alternative to the other is just fundamentally unsound thinking.

As you yourself say “I think of this basically as a signal-to-noise problem,”

The two COMPLEMENTARY, not alternative, things to do are:-

1) reduce the signal e.g. opt out of surveillance – to the very limited degree this may be possible, and

2) increase the noise e.g. by the obfuscation methods suggested. As you admit “..against broad systems of financially motivated corporate surveillance, it might be enough.”

Doing both has a multiplier effect on the signal to noise ratio reduction. Based on your own thinking therefore, both together should absolutely be encouraged, not discouraged.

Alyer Babtu November 5, 2019 4:02 PM

In that the surveillance (dis-)services seem often to have their own certificates, is there some way to soup up one’s browser to reject those certificates (and still connect to the good part of the site, if any)? I mean, after all, they are not in good faith, ie are “fraudulent”.

Jesse Thompson November 5, 2019 4:27 PM

@Obfuscator

should be possible to use your imagination to create 24/7 tor traffic that makes no sense what so ever

One of the recommended ways of doing this is to host your own tor bridge node and/or entrance/exit nodes. Then you get tons of tor traffic through your node, and can use your own node as on-ramp locally (external surveillance can’t see when you connect to a node on your own LAN). In this setup they may still be able to subtract inbound from outbound traffic, but there’s tons of timing noise there as requests don’t instantly transact through the box. So there’s a lot of traffic accounting work to do.

That said, if you could configure your node to have a “transmit Xkbps of noise 24/7, then automatically nerf that when local user passes real traffic so that total of real and noise traffic remains as close to Xkbps as possible” would be hella useful. (assuming it’s not already there and I just missed it, of course..)

If noise traffic is unroutable and next hop unwraps and then drops it, all the better as it kills differential analysis at that hop a bit as well. Better still, wrap noise traffic in random number of layers so that sometimes it gets 2 or 3 hops before being dropped.

@Moderator:

I think of this basically as a signal-to-noise problem, and that adding random noise doesn’t do much to obfuscate the signal.

I don’t quite grok this pessimism: isn’t SNR kind of the biggest problem in information science? Why should we pass that off like it was already solved?

If you say something at ordinary speaking volume in Massachusetts, and I try to measure the “signal” of your speech with a microphone physically located in Oregon, I am aware of no technology that can redeem the signal from that much noise. So noise can absolutely kill any effective signal detection. And it can do so without the “noise-canceling” strategy of pre-sampling the signal as well, so long as “no signal will survive” is the only goal.

Perhaps your concern is with “random noise”? To me it just sounds like an issue of frequencies. If one concerns oneself less with white noise (all frequencies evenly present) then one can instead focus on whatever higher-order metafrequencies the signal detectors are likely trying to distinguish. If they’re listening for a voice, drown out the signal with a mass of other plausible voices. Or even that plus white noise, just to cover all bases.

Also bear in mind that I am advocating this approach in conjunction with boycotting the services offered by one’s adversaries. I don’t expect a person to be able to comfortably use Facebook simultaneously to perfect flooding of Facebook, because then you could never reliably get back the page you wanted to click on. But a third party website serving low-commitment cruft like ads or social media buttons? One should be able to view one of their pages while nixing the useful data gathered by the cruft.

For example @me, stop clicking through ads and then buying what you see there. This should be a general rule of thumb, never do business directly with something unsolicited.

If somebody calls you and claims to be company X, you don’t hand over your Credit card number or PII to them, do you? Personally, I thank them for the info (which I take with a hefty barrel of “read it on the bathroom wall” salt) and then directly phone up company X (solicited!) to confirm said info and if needed carry out whatever business I am doing.

Also @me:

we can say that your request to visit the website is your choice in the same way of facebook you can optout by not using internet at all but to me this seems a not valid solution.

I think this gets to the heart of a pretty big issue I’ve been detecting recently on a broader scope. I think as a society we’ve been having a hard time figuring out how to negotiate consent across a strong power gradient.

If we cannot condone a boss and an employee starting a romantic relationship from that unequal power footing (it’s sexual harassment, the powerful has control over the career of the powerless, etc) then how can we call it consent when the largest social network on earth, or the largest search engine, or email host, or retail provider offers the same “take it or leave it” ultimatum to paltry individuals?

“Allow me to transgress your boundaries with unchecked impunity or I will deny you this resource that virtually everyone else is already benefiting from”. “Everyone else is doing it, why can’t you be game?”, etc.

Dang, where is @echo when you need them?

Impossibly Stupid November 5, 2019 4:46 PM

For starters, I love it when a web site concerns itself about privacy, but then also decides to throw up a modal dialog asking for our email address. In the spirit of obfuscation, I subscribed someone else at mit.edu; enjoy bothering yourselves.

I’m going to side with @David Rudling on this topic, because the more you reduce your signal, the less obfuscation you have to do. I mean, yeah, you can screw around with Tor or fake traffic to advertisers and social media, but it’s just so much easier to simply not waste any time on those useless things in the first place.

Same thing goes with “real world” tracking like loyalty cards. There was a time when I entertained the idea of swapping them around with friends or random strangers just to screw with tracking algorithms. But I could never find anyone nearby who was equally interested in playing around with systems that way (likely for the same lazy reasons most people don’t care they’re being tracked in the first place). And without a large enough population to frequently mix things up, like Bruce suggests, it probably wouldn’t be that hard to sift out the “signal” (i.e., when card exchanges happen and with who) based on regular usage.

These days, what I do is just essentially become another person. The big surveillance problem these days is that we too often seek (or are pushed) to maintain a single unified identity for our whole lives. Email accounts and phone numbers are kept for decades. Social media insists on you maintaining relationships with everyone you’ve ever known since you were a child. It’s just so much cruft that, for my own mental health, every decade or so I think it’s a good idea to sit down and clean up all the “hoarding” we’ve been doing, both digitally and physically.

That is my suggestion to everyone for 2020: Get a fresh start online. If you engage in gift giving, request that someone you know buy you a new device (phone, tablet, laptop, Raspberry Pi, or whatever), otherwise, use cash to gift yourself something nice. Set it up, as much as possible, so that it isn’t linked with any of your current accounts. Create brand new accounts for any sites/services that you still need to use. Use the new accounts more and more (ideally for specific things) and use your old accounts less and less. At some point, maybe in 10 years when you rinse/repeat the process, you’ll likely find that all the old stuff is completely useless and can be deleted. It’ll be a big weight off your shoulders, I’m telling you, never mind the fact that you made the job of online trackers that much harder.

Alejandro November 5, 2019 5:48 PM

I am trying TrackMeNot now on FireFox. Doesn’t seem to break anything, but doesn’t seem to be doing much of anything, either. The developers sound sincere.

AdNauseum offers potential for abuse, i.e., auto-clicking “special” ads for financial benefit.

Sancho_P November 5, 2019 6:10 PM

Random noise is completely different a cake as nicely clicking.
However, (big) businesses – like the ad or surveillance industry (or face crook, …) – need growth to survive.

Data is the black gold of our century, if you believe what they say.
So it is our duty to increase data & traffic, to help sustain our economy.

  • To obfuscate is a nasty word for saving the world.

Foobar November 5, 2019 9:23 PM

I am generally skeptical about obfuscation tools. I think of this basically as a signal-to-noise problem, and that adding random noise doesn’t do much to obfuscate the signal. But against broad systems of financially motivated corporate surveillance, it might be enough.

While I liked this entry and the ideas in general, I feel that this statement is a little incautious. If you stretch the obfuscation theme a little further, you’ll notice a lot of serious research done in this area; like, say, differential privacy and additive noise mechanisms?

Faustus November 5, 2019 9:27 PM

@ Alejandro

Track Me Not sends random or specific queries to various search engines. It has a log window of what it is up to. Did you look at its config? You may have to choose search engines.

It will send terrorist-suggestive searches if you so choose but I can’t imagine who would want that attention!

Wael November 5, 2019 9:33 PM

Agent: What were you doing in the USA between Feb and Oct?
Bob: I was collecting my Fat CIO bonus, sir!
Agent: you sofa ucin bt!
Agent: Talk about CFO Sin!
Bob: Obtain focus!
Bob: It’s “Fat CIO bonus”, dawg!
Agent: And no US BIO fact?
Bob: It’s not my cubs of tea!
Agent: “cubs” of tea, eh?
Agent: Busted! CIO, my foot! You’re “CFO Abu Tonsi“, for sure!

🙂

Hint: Obfuscation or obfuscate 🙂

Mike Thunder November 6, 2019 12:01 AM

Re: Jesse Thompson
If they’re listening for a voice, drown out the signal with a mass of other plausible voices. Or even that plus white noise, just to cover all bases.

Found this intresting
https://www.youtube.com/watch?v=nXV4nTfGHuI

Its a documentary of USSR and their efforts on making shortwave reception complicated, there are some rather intresting ways to do mix in other voices kindof noise allready i think in the 60s or 70s, but this was going on until 1991 ? and still used in other countries such as democratic? prp china iran and vietnam and cuba to name a few, NK mostlikely as well allthough not sure if anyone in NK has access to a shortwave radio anyhow.

me November 6, 2019 2:38 AM

@Faustus

It does seem like your sympathies lie with advertisers based on your comments

oh no! quite the opposite, i deeply care about the issue, i hate tracking and i try hard to avoid it:
-javascript disabled by default (umatrix)
-ublock origin also present
-privacy badger and https everywhere from eff
-blocked third party cookies in firefox
-blocked tracking using firefox option
-enabled encrypted sni
-disabled tls 1.0 and 1.1 and not pfs ciphers
-firewall in default-deny to block every app from accessing the internet if they don’t need it
-dns over https system wide
-same on mobile phone (i have root)

Are you unaware that the Like button surveils you whether you click it or not?

i know, i just forgot to mention because i have all third party things blocks.
also i meant the likes while you are on facebook, i just forgot that they were present also outside facebook (mainly because i have never been on fb and i block all tht things)

Is that why people are trying to convince others it is pointless?

i was telling “pointless” because i don’t want to that people think “oh well two random clicks and i can’t be tracked” i want them to have real security.
i think that a well made “auto clicker”, so a not random one, might help a bit, but it’s not a good solution.
i find that disabling javascript prevent the tracking from loading in first place and it’s much more effective.

me November 6, 2019 2:54 AM

@Obfuscator

create 24/7 tor traffic … it doesnt cost you extra, i think it could work quite well.

it doesn’t cost you extra, but cost a lot to the tor infrastructure.
so if you want to do it do it in the right way: run a tor bridge!
this is what Snowden have done to hide his tor traffic, the brige was making useful tor connections while he was using tor too.

@Faustus

“Chaffing and Winnowing: Confidentiality without Encryption” is a great contribution to the discussion. Thanks!

i’m happy that it’s useful! i found it very nice too

@David Rudling
about the snr thing, well said, i didn’t notice that!
we are all pointing out that adding random noise doesn’t work, but maybe adding credibile noise could be an idea, it can be filtered out too, but it’s harder and increase the cost.

Clive Robinson November 6, 2019 3:37 AM

@ Bruce,

I am generally skeptical about obfuscation tools. I think of this basically as a signal-to-noise problem, and that adding random noise doesn’t do much to obfuscate the signal. But against broad systems of financially motivated corporate surveillance, it might be enough.

As a “first approximation”, “signal-to-noise” is a starting point, but the reality is we are much further along the path, in fact way beyond.

But at the signal to noise level, the signals users generate are the equivalent of being “multi-spectral” in nature some having quite narow spectral bandwidths. Every time people talk about “adding noise” they think only of what is in effect one noise source and it’s generally very broad band.

So in effect you have a very wide bandwidth channel into which you push very wide bandwidth noise to try to “lift the entire noise floor” across the entire channel bandwidth. Thus the result is that the energy per unit of bandwidth of our artificial noise is quite small.

As some of the signals we generate that can be used for tracking are very narow in band width, we would have to generate a thousand or a million times the level of noise to the average signal, to even marginally have a deleterious effect on these very narrow band signals. Thus “just adding broadband noise” is the wrong way to go about obfuscation these days.

But further we also need to consider that tracking comes in two basic forms as well. Firstly Those that are in the communications generated by the servers you visit such as cookies, java script etc. Traditionaly these have been put in servers effectively owned –directly or by trade– by the Big Corp service providers an individual uses (think facebook likes etc). The second type of traffic are those various large Service Providers have tried, who due to HTTPS now blocking their view of user data in the communications, hang on tags to the encrypted traffic to try to follow it through VPN’s etc, which are in essesnce traffic analysis techniques.

There are two areas that “an individual” has to consider to deal with this,

The first is to analyse your signals intently, to find then change or remove as many of these very narrow band signals as you can (such as randomly picking the time you take for lunch and not browsing every lunch time). Then with the remaining signals target the noise to their bandwidths not the channel bandwidth.

The second way is similar to techniques used to avoid traffic analysis. In essence you reduce the channel bandwidth as much as possible, and ensure it’s fully utilized by randomized traffic. This is over and above the first are methods of stopping the more obvious tracking techniques (cookies, javascript, etc, etc).

The analysis of signals for the first area can prove very difficult if impossible to do reliably. This is due to the fact you don’t know what narrowband signals the trackers are using as they try to keep them secret. Then there is the issue of if you can even recognize what signals there are available to be used by the trackers. As an individual you would have to have a very wide domain of knowledge at quite some depth as well as enough experience that “thinking hinky” comes naturally.

The problem with this is that whilst it means you have to use less obfuscation noise to signal, you still have to reduce the potential signals.

The result is the basic wide band noise obfuscation effect is not as effective as it could be by quite a long way when used on “an individual” basis.

To get obfuscation to work effectively needs other “co-operative” ways.

Whilst Tor can to a limited extent provide traffic analysis protection and IP address and other routing data protection. It’s “outside” the message channel, thus as the FBI demonstrated a poisoned server will taint all who drink from it via anything that the client computer can be hit with. As I’ve noted in the past a lot of HTML5 that W3C put in, is going to significantly aid in putting tracking inside of the communications channel.

It appears sad that organisations like the W3C, that are there supposedly to improve the user experience, are actually putting in place mechanisms that will aid those who track users. It is hard to see how tracking will improve the user’s experience…

But at the end of the day, what we can say about this user tracking, is one heck of a lot of money goes in at the top side of the process to the likes of the Silicon Valley Big Corp’s but very very little comes out the bottom to those web site owners who try to earn money by it.

Which should be enough to tell people that it is a “faux market” that uses “Hollywood Rules” to hide just what is going on.

Thus the question arises as to when those pouring money in realise they are “being bilked”, will they stop pouring? Or will they keep throwing good money after bad because they convince themselves that the must, which is the very essence of the “marketing” market which is apparently the largest business in the world, more so than even religion.

tfb November 6, 2019 3:40 AM

@me

Yes, of course you can filter out noise by averaging. But you have to average: to remove noise you need more data, and you need to do more work on it to recover the information you are after. This means that adding noise drives up the cost of recovering the signal: driving up your opponents’ costs is a rather good approach. In fact, outside of some fantasy, driving up your opponents’ costs is all you can ever hope to do.

In fact adding noise can do even better than that: if there is some pattern which occurs only once, the averaging will not recover it at all: it’s simply hidden in the noise. That has some obvious uses.

That latter approach is likely to be problematic I think: if you are trying to evade detection for some specific act then you’re probably worried about opponents who are not just trawling through data to show you adverts. Those opponents might decide that people whose behaviour looked much more random than they’d expect are interesting enough to attack in other ways. So the obfuscation approach perhaps only works if enough people to it to, again, force up the opponents’ cost far enough.

Clive Robinson November 6, 2019 4:15 AM

@ Mike Thunder,

NK mostlikely as well allthough not sure if anyone in NK has access to a shortwave radio anyhow.

If it’s “AM Broadcast” you don’t need much, a few lengths of wire to make an antenna coil and ground, optionally two metal plates and an insulator to go between that makes a variable capacitor and importantly an improvised “detector” which can be made with all sorts of thing, including a razor blade[1]. As for turning the tiny envelope detected signal into audio there are generally many things around you can use. As for an antenna some POWs used the barbed wire fences that surounded them or even the electrical wiring of light circuits[2]. You can even “gamma match” water pipes or metal poles. There is even something called the “Roland Ring / coil” that is in effect a current to voltage transformer that uses the earthed metal pipe as a single turn “current” primary and a coil of wire as the multiturn “voltage” secondary[3].

Harsh oppression, apparently drives an inventive mind to make what has been denied to them.

[1] https://blog.jgc.org/2012/02/my-foxhole-radio.html

Personally I’ve often got one or two germainium signal diodes in my “Every Day Carry” repair kit along with fuses and other usefull bits such as a 12v soldering iron. It’s a habit I got into when “wearing the green” you’ld be surprised how often such simple bits could turn a major excercise disaster into just a minor anoyance that took just a few short minutes to sort out. Mind you I don’t carry the eight inch kitchen knife these days, which I used way more times than I can remember, including opening cans and “digging a hole to take a c…”

[2] https://en.wikipedia.org/wiki/Foxhole_radio

[3] https://dailyantenna.blogspot.com/2019/05/rowland-ring-railing-hf-receive-antenna.html

Clive Robinson November 6, 2019 4:28 AM

@ me,

i find that disabling javascript prevent the tracking from loading in first place and it’s much more effective.

I’ve been saying to turn off javascript and cookies for so long now, it must be getting on for a quater of a century.

For most of that time I was told one or all of,

1, Google was good…
2, Web developer’s need them…
3, I was a crazy / paranoid…

You can still see them on this blog if you search for them.

Well I guess others are finally starting to realse that all those points were false.

I’m just waiting for the kickback to “don’t use HTML5″…

Clive Robinson November 6, 2019 4:43 AM

@ Mike Thunder,

I mentioned using a “gamma match” to couple into earthed “water pipes and metal poles”, which needs you to make electrical connections, and the current transformer Rowland Ring that does not.

Well there is something almost as simple you can do that is kind of between the two which is a “loop match”. And very timely, VK3YE down in Australia has put up an article on his experiments using it today,

https://dailyantenna.blogspot.com/2019/11/loading-up-tall-light-pole-for-quick.html

By the way, this sort of thing does make quite good “Father and Son” projects even these days if you start when they are around 7-9 and they give a gentle and interesting way into STEM subjects, which most schools don’t do (hence the “STEM is not for us” you hear so much about).

Anders November 6, 2019 5:25 AM

Actually adding lot and LOT of noise around useful signal
works quite well.

Let not forget about this:

blog.mozilla.org/firefox/hey-advertisers-track-this/

and this

github.com/spacehuhn/esp8266_beaconSpam

Ergo Sum November 6, 2019 5:48 AM

Surveillance in the browser is just the tip of the iceberg. Yes, one can do x,y,z, etc., with more or less success. Mainly less, if you take in to account the vast financial resources available for the purpose of countering x,y,z.

The rest of the iceberg is the underlying operating system, that the browsers run on. Every one of the OS, from Apple, Google and Microsoft, has built-in telemetry that is impossible to stop. This is where the surveillance capitalism thrives. The browser based surveillance is just for companies, that have no access to OS level surveillance.

Let’s pick on Windows 10, Microsoft’s effort to join in to the data collection. Their telemetry is extensive, have a list of your application, including the browsers and their plug-ins. Do you think that MSFT does not monitor how the browsers used and what sites visited? They even monitor the time frame when you actually use your computer:

“We noticed you regularly use your device between ‏‎6:00 and ‏‎22:00. Would you like Windows to automatically update your active hours to match your activity? We won’t restart for updates during this time.”

Sounds like a helpful advice to prevent conflict between working and updates. Except the system is backed up nightly and the backup software shuts the system down around 1:00 in the morning. In another word, MS knows when you actively use your Windows 10.

Apple and Google do the same, but have more experience in collecting telemetry data. Can you escape them? Sure, you can always use some oddball Linux distros, since the most popular ones also have some telemetry function built-in.

The applications also have their own telemetry built-in, including your browser. Correlating all of the data from various telemetry sources is performed by data brokers. When you look at the whole picture, do you really think that little browser plug-in will prevent the data brokers from creating a relatively accurate profile about you? In my mind, the answer is no…

PS: This does not mean that I don’t try number of different ways to prevent surveillance of my digital activities. I actually do, even if I view these steps as futile…

Impossibly Stupid November 6, 2019 10:53 AM

@tfb

This means that adding noise drives up the cost of recovering the signal: driving up your opponents’ costs is a rather good approach.

The problem is that people are really poor judges of what truly is “noise”, and the costs for removing it keeps falling as technology advances. I also don’t doubt that there are vulnerabilities in various obfuscation technologies that can make it very easy to turn their “noise” into a signal that can be easily subtracted.

In fact adding noise can do even better than that: if there is some pattern which occurs only once, the averaging will not recover it at all: it’s simply hidden in the noise.

It could be quite the opposite. A unique signal in a sea of noise could act like a lighthouse. Consider this scenario: you’re throwing around a lot of random data to hide your monitored-but-perfectly-legal regular activities. At some point your fabricated noise/signal soup hashes to an entry in a kiddie porn database. Your life is now about to get a lot more complicated. That’s the thing about random data: as unlikely as it is to flip a coin and have it come up heads 1000 times in a row, it will happen if you flip enough coins. You can’t “average” that away, or do any other operations to “hide” it without also reducing the randomness, and thus making your signal easier to pick out.

SpaceLifeForm November 6, 2019 3:31 PM

@Clive

Avoiding the Human Tracking Manipulation Language is probably the best path forward.

@Impossibly

“It could be quite the opposite. A unique signal in a sea of noise could act like a lighthouse.”

That is how I look at it. Using VPN or TOR, you stand out in the DarkUniverse.

vas pup November 6, 2019 4:00 PM

Russian court rejects call to ban facial recognition technology
https://www.dw.com/en/russian-court-rejects-call-to-ban-facial-recognition-technology/a-51135814

“Her case is timely. Moscow is planning to expand its use of facial recognition this year. There are around 160,000 CCTV cameras in operation across the capital, around one for every 70 Muscovites. Over 3,000 of the cameras have been using facial recognition technology since 2017 — and the Moscow mayor’s office has announced that the number is set to rise. Nearly half of the city’s cameras will be connected to the system this year and last month the head of the Russian Interior Ministry said the plan is to ultimately use facial recognition technology on all the cameras in Moscow.

In May, the Russian daily Vedomosti reported that the police have been testing cameras with facial recognition technology. The cameras are worn on officers’ bodies and can reportedly recognize people up to 4.5 meters away. There have already been media reports of police wearing the devices at anti-government protests.

Vedomosti also reported in September that Moscow authorities plan to expand their use of CCTV technologies at large public events. The city department for information technology reportedly plans to work with the IT company “Sitronics” for the system and the cameras, which will cost 260 million rubles (over €3.5 million), can later be connected to facial recognition systems.”

Good short video (about 5 minutes) inside the article as well.

VRK November 6, 2019 5:02 PM

Thanks Bruce and “me”.

“obfuscation … might be enough”

1) Interesting thing with DOH (dns over https) on Mozilla lately, is the retraction of that benefit from computers with REGIME ADMINISTRATORS (those in public libraries etc), after Firefox 69.03, if the admin blocks it. Was bad enough before with the majority of the available servers blocked.

2) I also cant find the Obfuscation Tool that Mozilla put up NOT long ago that took a regular textarea post like this and replaced all the letters with emoji, so a reader had to have the key to read it easily. (May sound gimmicky but that’s a couple thousand code-sequences to replace the seventy or so ASCII codes rolling off our keyboards. Should be easy to replicate with JS Replace)

Maybe I just cant find the link, but it seems odd if they’ve backed away from these tweaks after they go public.

3) My question lately is how to obfuscate THIS sort of surveillance…

https… mediajustice.org/wp-content/uploads/2019/03/electronic-monitoring-guidelines-final.pdf

when the microdevice
– does NOT facilitate freedom of movement because it
– DOES inflict debilitating pain the farther you go from a power source,
– was installed covertly in the recipients sleep even tho there was NEVER any “due legal process”, and
– has be publicized and exploited like a damned video game for the local vigilante groups to toy with…

Think your pacemaker is vulnerable??? ADD a couple hundred self-righteous psychopaths, who really know NOTHING except the seduction of liars who are enraged with a personal vendetta.

SpaceLifeForm November 6, 2019 6:09 PM

@VRK noted

“Interesting thing with DOH (dns over https) on Mozilla lately, is the retraction of that benefit from computers with REGIME ADMINISTRATORS (those in public libraries etc) after Firefox 69.03, if the admin blocks it. Was bad enough before with the majority of the available servers blocked.”

@jer

Servers blocked.

This is not just the chicken-egg problem.

Do you still believe DoH is usable?

If you have time, tell us what a REGIME ADMINISTRATOR is.

Sure smells.

VRK November 7, 2019 10:58 AM

The goal of “good faith” is a boundary here. Already ruffled feathers, but…

DOH might have become effective if it lived up to the goals set by ietf. It wont ever, I suspect.

The single DOH server “working” at the college here, as much as I care to test, is …OSTENSIBLY the only way to a ton of websites such as torproject, (odd IF they have given that traffic a pass), and as I mentioned, many doh services etc. That’s what I call a REGIME: flying in the face of everything ever written on free speech, free thinking, etc.

Frankly, anthing you do that effectively mimics natural camouflage and rabbit holes, “might be enuf”, and probably is… BEFORE you become a “florescent ink wearing” walking wifi hotspot. But Im’ just a mechanic. Others have documented a broadly less optimistic success rate.

cmeier November 7, 2019 1:59 PM

@Anders – Thanks for the Track-This link. I installed Diversion on the home router last weekend. It has a massive hosts file which the DNS consults first. If the site is in the hosts file, it returns an ip for the router which then returns a pixel to simulate the blocked site. I’d heard of Track-this but didn’t book mark it and couldn’t remember the name. It might be a good test to see how much Diversion really blocks. Putting the onus on the router’s DNS to block the bad stuff seems like a better solution than trying to install numerous add-ons for every user in every browser on every device. It should also make obfuscation difficult since I should not able to contact the sites to which the obfuscated data is addressed.

Cash King November 7, 2019 11:01 PM

Bruce states:
“This essay discusses the futility of opting out of surveillance, and suggests data obfuscation as an alternative.”
I state:
Cash is extremely effective for opting out of surveillance!

Everyone worries about increasing or decreasing the noise through obfuscation.
In adverse situations we should be working to block the data collectors. Or not generate the data to begin with.

If you spew bogus data you risk that crap will actually harm you if the algorithms can figure out who you actually are. Or pin it to the wrong guy? Like who surfs using the same unique IP address?

Many employers will fire employees for using the Internet or smart phone during work hours. It may not even be an official policy. But when in doubt abstain from using your addictive ‘attachments’.

If you use a grocery store loyalty card, every item purchased will add to your profile which is then sold to insurance companies or future employers. Who is going to hire someone who purchases unhealthy food, alcohol and CBD oil?

Similar to the ‘free’ auto gps tracking systems. You itinerary can and will be sold without your knowledge or consent.

The accuracy of this data doesn’t matter given non-existent data protection laws or regulations. That your spouse purchased the beer and junk food for a party is irrelevant. The food score assumption is, if you bought it, you consumed it buddy!

Rather the smart data game player cultivates and shapes a pure, clean distinct signal, giving future managers little reason to make an adverse decision.

Solutions? Keep surveillance tech out of your home. Use a basic phone. Power off your work phone when off the clock. An RF pouch can help in a pinch. Pay with cash separately for junk or fast food.

Be prepared for new data collection twists like inside the car wash camera doing a facial through the window.

At stand-in-line restaurant I used a Visa card before seating. The LCD approval screen interrupted, asking for a 20% tip up-front (to pay for excellent service from the nonexistent waiters).
This new checkout system defaults to NOT giving the customer a receipt. So I asked and got one, but curiously my name was printed on it. Probably a precursor for flashing, dynamic personalized menus. Obviously little design thought was given to reduce customer Identity Theft.

From this intrusive new ordering system, I anticipate that restaurants are stealthy beginning to sell your entrée, drinks and tips, for fusing into your Food and Google Scoring.
Solutions? Paying with cash would have eliminated these monetizing, privacy and health scoring issues.

The food score scheme goes into high-gear when the pharmacist [1] confronts you when picking up prescriptions. They try to get you to sign, releasing your priceless medical records to non-medical hedge fund backed groups. As the 75 year old patient excitedly explained, her doctor now gets to see what she ate last Tuesday!

The solution here is never give out information unless there is a traditional, legitimate need-to-know justification which will directly benefit you and maintains a strong clean signal. Even then, always limit adverse information.

For decades credit cards used to be more convenient than cash. No more.
Like smart phones and social media, credit cards have become a privacy nightmare.
Owners are wise to curtail usage or replace with traditional mechanisms.

[1] pharmacists traditionally help patients but they are sadly misusing their position of trust to data-mine

JaffoNerr@excite.com November 28, 2019 10:03 PM

Opt out functions on social media serve exactly the same purpose as the bathing suit concession at Auschwitz:

They give the doomed a sense of choice on the way to the showers.

Google, Facebook, Twitter etc. would offer nothing that in any way would interfere with their capacity to mine your personal data and sell it to the top bidder of the criminal retinue they call customers.

In the end, you and your data will be sold to the grimmest, deadliest criminals you can imagine and the Zyklon tablets will drop, you can be sure.

The only hope is total, relentless, black-out obfuscation by a mile-wide flame-thrower of disinformation mounted and working on every client to completely overwhelm the surveillance merchants with plausible impenetrable strategy crated and delivered disinformation that are completely indistinguishable from mundane reality.

Sure, it’s about as likely as tossing grenades up the chimney to attack nazis in the death camps but someone has to want to first, to make it humanity’s choice to wrest control of their lives from twisted criminals like Zuck, Serge and Larry and that whole herd of grifter psychopaths.

Anonymous August 18, 2021 9:35 PM

I find it interesting you now support TrackmeNot when you criticized it when it was new.

https://www.schneier.com/blog/archives/2006/08/trackmenot_1.html

I myself have been using TrackmeNot. My only grievance with it is that it is a buggy poorly-coded mess that often completely destroys itself without any warning [glitching] and the only solution to this is seemingly to completely uninstall and then reinstall the system.

Anonymous August 18, 2021 9:35 PM

I find it interesting you now support TrackmeNot when you criticized it when it was new.

https://www.schneier.com/blog/archives/2006/08/trackmenot_1.html

I myself have been using TrackmeNot. My only grievance with it is that it is a buggy poorly-coded mess that often completely destroys itself without any warning [glitching] and the only solution to this is seemingly to completely uninstall and then reinstall the program.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.