DOJ and AP Telephone Records

Telephone Pole & Wires

Telephone Pole & Wires

The story about the U.S. Department of Justice issuing a subpoena for phone records of the Associated Press has spread like wildfire. With good reason, as the EFF reports.  There is a major need to look at the laws that affect privacy and information in this country, it is no longer sufficient to believe that information that is provided to third parties is of no value, or has no impact on the privacy of the individual.  Not to mention that it is (to me at least) amazing how much information people will share without even considering that there are possible implications.

Now, I want to talk about this some in light of some other recent news stories.  As I talk about these I will be using some of the larger social media sites, and service providers as examples.  However, I am not directly commenting on their businesses or their motives, etc. I am using them only because they (a) are in the news, (b) are the closest fit to the types of issues that need to be discussed.

So, let’s get on with the discussion…

 Facebook and cell phones

So far Facebook had tried twice to get in the mobile market and has failed. (It was noted recently that the Facebook Home Phone is now selling for $0.99, and will likely be dropped by AT&T once their display obligation to HTC has been met.) That’s for the best in my book (yup, puns are fun).

I was not enthused by the idea of Facebook getting into the mobile market. The way I understood what they are doing was just about looking for ways to mine more information out of their users. Information they aren’t getting now, like GPS tracking, more data usage info, and possibly even phone records and video chats. Not to mention the wealth of information they can get by just knowing what applications you have installed on your phone and how much you use them. Oh, and there is something to be said for knowing what things you are paying for, and which of them are free.

Now, admittedly, no one had come forth with a definitive list of all the things that Facebook was trying to track via the Facebook Home application, but I think the above list was a good start, and if Facebook missed any, they would just add it in an update to the application.

Now much of this information was already being gathered by your cell phone provider.  Which meant that it was already available to be subpoenaed, just like phone records of the AP journalists.  But, with the addition of Facebook home there is an additional danger because the information is compounded when added to all the information Facebook mines from the users of their web service.  And, guess what, that information can now be subpoenaed from Facebook as well.

This adds another facet to the situation.  Now by issuing subpoena’s for both your phone records, and Facebook records, the government or possibly any lawyer involved in a lawsuit can have information that tracks both your daily movement activities and your online activities.  With a little simple work, it would be possible to reconcile any discrepancies between the two sets of records.

The likelihood that this would reveal more information about your life is quite chilling.

G+ And Android / Play

If you think Google is better regards to the gathering of information about you than Facebook, you might be in for a surprise.  Google has the dominant cell phone operating system, and it has been documented that most (if not all) of the cell phone carriers modify the operating system to log a lot of technical information about the phone, and your usage of it.  Compound that with the information Google has at its fingers including: applications loaded from the Google Play store, any information you share on G+, and any additional Google applications or services you use (Gmail, Google Docs, Blogger, Picasa, etc.) there is now a strong linkage there.

But it doesn’t stop there.  Google is now selling a lot of things through the Play store: music, videos, books, magazines.  That’s even more information that is being logged.  And, there is probably even information that you hadn’t considered: if you keep your shopping list in an application that uses Google services to store the information (even something like Google notes, or Google Docs Write), they have that information too.

Basically, it’s the same situation as Facebook.  Between Google and your cellphone provider it is possible to reconstruct a pretty good portion of your day based on the information that your phone provides, and the information from connected services.  It’s not a problem to reconcile the pieces of information to come up with a pretty good picture of things from your movements, what you read, what you talk about, and possibly even what you eat.

Amazon coins

This was the strangest and silliest story to catch my attention in the last couple of weeks.  Apparently Amazon thinks it can cash in on the BitCoin buzz by starting its own “Amazon Coins”.  Of course, Amazon Coins is the antithesis of the concept behind BitCoins.  In reality, it is just a glorified digital gift card that can potentially be used in applications, as well as on the Amazon website for purchasing products.

Basically, the silliness of the whole thing is that BitCoin is a completely decentralized virtual digital currency, the value of which is determined by a market consensus.  This of course means there is inherent instability in the currencies value.  Amazon Coins, on the other hand are a digital currency that is centrally administered through Amazon, and is strictly tied to the value of the products sold by Amazon, and to the value of national currencies as Amazon interprets their value.

However, as I mentioned, the one thing about Amazon Coins is that they are designed such that they can be used in applications that accept them for payment.  These, of course, would be applications that are installed on your Kindle through Amazon’s Application store.  this is where the concept of Amazon Coins crosses the lines from being nothing more than another form of a gift card into another realm.

Amazon now use this information to track what you purchase even more deeply than just the applications that you have purchased from them, or the products you buy on their website.  Now they have the ability to track the services you spend your money.  Buy additional service for that game using Amazon Coins?  Amazon knows about it.  Buy some additional server space for that Todo List application using Amazon Coins?  Amazon knows about it.

Now, this information isn’t quite at the level of the information that Facebook and Google are able to gather with level of integration into your life as they are making.  However, it is still information that is of interest for numerous reasons (a) it allows Amazon to form a more complete profile of your purchasing interests, which allows them to try to market things to you more, and (b) it is more information that the government might be interested in having (and there is nothing stopping the government from subpoenaing that information).

disqus

Whenever I mention this, the person that hears me talk about it tends to roll their eyes and give me a blank look that is intended to make me think that I am some extremist that just doesn’t get it.  But, I have to include this here as it fits the subject very well…

If you go to your favorite online publication and they are using a service like Disqus for the commenting system stop and think about what is happening.

If you use the comment system you are trusting a single service to store you comments across multiple websites.  Most of the time this is probably not a huge issue if you are sticking to the mainstream publications.  However, consider if you are particularly interested in politics and frequent a lot of political publications.  Now, consider if you are also a gun enthusiast and frequent publications for gun enthusiasts.  You now have a single system (Disqus) that can link information about you together across multiple subjects.

I’m using politics and gun rights as they are two very popular and touchy subjects to drive the point home.  It doesn’t have to be those two topics.  For an example, I am interested in free software, free culture, and copyright and patent reform.  Now sometimes, I might not want my views on those topics linked together, or linked with my political interests, or my religious views or any dozens of other topics that I might make a comment on.

Now all of this information is in a single repository that can be accessed and used to track your activity across potentially dozens of websites on the internet.  It not only tells people which publications, but when you were reading them.  Oh, and it can be compounded: use your Facebook, Google, Twitter, or another common login to access Disqus, and now there are links to all the information I mentioned in earlier sections of this article.  It’s enough to make your head hurt, at least it’s enough to make my head hurt, and I go out of my way to avoid a lot of these things.

Summary

The thing about these scenarios that I have talked about is they are all situations where information is contributed either intentionally or unintentionally to a third-party.  The comments I made on a website are stored in another service.  The service I purchased in an application, is tracked by Google or Facebook or Amazon.

It’s a side effect, often, of the activities that you are trying to do with your phone is captured by another service.  Even things that you intend to be captured by Google, Amazon or Facebook, may now be tracked by your phone service provider.

There are people who attempt to keep a lot of their information secure when they are on the internet.  They use encryption and certificates to safeguard their information.  That is the best way to provide a certain level of privacy during the immediate activities.  The problem is that much of this information can be tracked by third parties that aren’t involved directly in the activity that you are performing, nor are they (necessarily) parties to any agreements you might have with the provider of a service, or worse, that provider may have clauses that state it’s okay for them to give out that information to other “partners” without defining the amounts of information at are being passed on.

Hopefully this makes it even more clear that there is a major need, as the EFF has pointed out, to reform the third-party scope of information, and how that information can be used and accessed legally.  I don’t think any of us want to be in the situation that the AP reporters find themselves in because they can no longer trust the phone company to be able to protect their information.

How I switched to eCigs / Vaping Part 3

The first two stories in this series dealt with me switching to eCigs.  In the first two parts I recounted the weekend I decided to try some disposable eCigs as an experiment, and then some of the first kits that I tried. While that journey isn’t completely over yet, I’d like to divert for a short post to explain some if the research I did at this point.

Classic Stasher Bundle

Classic Stasher Bundle

First, during this time, I mostly stayed with the Stog Stasher kit I referenced in my previous article.  I was honestly very pleased with the flavor of their cartridges, and very pleased with their service.  In fact, I keep the Stog Stasher in my bedroom for those times when I don’t have something from my current kit with me.  In fact, I am still looking for something that approximates the same flavor that their cartridges have.  Someone recommended a possible similar flavor for me to try with my current vaping setup (more about that in a future post), but I haven’t had a chance to order it yet.

While I was happy with the Stog system, I was still doing some reading.  I mentioned before that I was reading some of the postings over on the eCig Forums.  I was learning about a number of options that are available in terms of devices (or mods, as many vapers refer to them) that are available, as well as many of the Juices (ecigarette fluids) that are available.

With the NicStick I had experience with buying pre-made Juices.  But, I always had a bit of a nagging feeling when I was using their juices because there was no list of ingredients on the bottle, no way to know exactly what was in them.  To make things more interesting, it seemed that sometimes the flavors changed some.  Apparently NicStick was in the habit of re-formulating their flavors from time to time.  So the question of exactly what was in (or rather, what should be in) these Juices became interesting to me.

Now, around this time Stog did something else: they started selling refill-able cartridges, along with a line of Juices from an Italian company called DKS Aromatic.  They are a blend of “100% Natural” flavors with zero nicotine.  This intrigued me, so I ordered a couple of bottles of the fluid, and some blank cartridges.

As it turned out, I liked one of the flavors (Gringo) but not the other (My Bud).  The one thing I figured out was that I wasn’t ready to completely remove nicotine from my experience.  But, this did lead to my desire to do some experimentation.  I wanted to see if it was possible to make my own eCig Juice.

So, this is what I came to understand about eCig Juices, and how they are made.  First there are two base fluids used: Propylene Glycol (aka PG) and Vegetable Glycerin (aka VG).

Propylene Glycol has been around for a very long time: over 70 years.  It’s properties are what give the “throat hit” to an eCig.  Propylene Glycol has been through extensive clinical trials: over 35.  It is so well know and tested that the FDA has afforded a rating as being non-harmful to humans.

Vegetable Glycerin has also been around for a long time, and has been put to many uses.  Most frequently it can be used on chapped, wind-burned, chafed or cracked skin.  You can typically find it in the first aid section of many drug stores (including Wal-Mart).

These two ingredients are typically combined in a ratio, such as 80% VG, 20% PG.  There are some fluids that have more of one or the other.  In some cases, when a person has an allergic reaction to Propylene Glycol they may go to a 100% VG based fluid, although that is typically more difficult to vape due to the thickness of the fluid.

The “flavoring” of a eCig fluids is typically made from the same extracts and flavorings used for baking and confectionaries.  In general, most of these flavors (both natural and non-natural) are well-regulated by the FDA, so there is a reasonable basis to believe in the non-toxic nature of these additives.

The final ingredient is, of course, nicotine.  That is the only “toxic” or dangerous substance in eCigarette fluids.  Of course, it is the same substance that is in normal cigarettes.  And, the amount of nicotine can be controlled much more precisely in eCigarette fluids, as I mentioned above, you can have literally zero nicotine if you want.  Typically the upper-end of most eCigarette fluids is somewhere between 24mg and 32mg.  Having been a smoker of top-end Natural American Spirit cigarettes, I started off with 24mg of nicotine.  I am now down to 11mg of nicotine, and I should be able to cut it down to 5 or 6mg of nicotine fairly soon.  Eventually, I want to hit 0mg, and just be able to vape for the fun of it.

eCig_Extracts

A somewhat blurry picture of the extracts I used for experimenting with making eCig liquid.

So, I went out and bought a bunch of different flavors from a couple of different stores in the area.  I typically went for flavors that were all natural, like orange, lemon, cherry, vanilla, almond, etc.  I also purchased a bottle of Vegetable Glycerin from Wal-Mart.  The only thing that took a bit to track down as the propylene glycol.  That I finally found through a vape store in North Carolina.  This pointed out one of the more interesting facts to me.  One of the least known parts of eCigarette liquids is where the nicotine is sourced from.  Turns out, most of it is coming from China.  Personally, I don’t have an issue with this as long as the supplier can ensure the quality of the nicotine they are getting.  However, with the store I found in North Carolina, they were sourcing their nicotine from local tobacco growers by extracting it themselves.  Which, IMO, is a good way of helping tobacco farmers.

Cigarette fluid mixing supplies.

Cigarette fluid mixing supplies.

There are also a lot of supplies you need to mix eCigarette fluids.  I have a picture of them here.  I’m not advocating that people go out and start mixing their own fluids, unless they have a good reason to.  (My reason was that I wanted to make all natural / organic fluids.  Something that I found I was unable to do because I couldn’t find extracts that were labeled as organic.)  I will say that I was successful in that I was able to make fluids that vaped properly, didn’t do any damage to the atomizers, and were repeatable.  Admittedly, it took a fair amount of work as each extract has different properties, and had to be combined with other extracts to get a desirable flavor.

But, still, I proved a point to myself: I could do the research into what is in electronic cigarettes, and I could take that research and re-create a product that worked the same as the fluids I could by online.  I will say this, I wish more vendors would follow in the footsteps of V2 eCigs.  V2 not only sells pre-filled cartos, but blanks and fluid separately, as do many other eCigarette brands.  however, where V2 sets themselves apart is in (a) providing lists of the components (pdf) used in their flavors, and (b) perform batch testing on their product, which you can look up the results for any batch of fluid used in their cartos or eLiquids.

However, there are many good suppliers out there.  Personally, I use (mostly) the fluids from a shop local to me.  But you can do your research and find suppliers that have good reputations, and shouldn’t have any problem with the quality of their eLiquids.

So, there is really only one more (main) part of this series to go.  In that article I will talk about making the switch from the eCigarette style of devices, to  an actual vaping device.  My experiments with making eLiquids and switching to a vaping device actually overlap each other, as I will explain in that article.