About 15 years ago, I was an avid amateur photographer. I also loved building websites, so I embarked on building a website showing off my best photographs. It was a simple website that I cobbled together taken from an open source shopping cart system. The shopping cart system had a ‘share this product’ feature which I converted into an ‘e-card’ system. A year later when I decided to back it up, I was surprised at the size of the database. Thinking that I had bug or a misconfiguration, I browsed through my backup sql file.
In that file where thousands personal messages that used my e-card system. I began to browse through the messages. It was mostly just short hellos, messages of love, and how much the sender would love to visit New Zealand. But in the midst of browsing through entries, I came across a note from a close friend of mind that discussed a very private matter that clearly intended for the recipient’s eyes, not mine.
I felt sick for my act of voyeurism. I wished I had never read it, not only for its content, but also for the fact I would not want anyone reading my own personal messages. Most of my users did not understand privacy issues of sending messages through a website. I, as a site owner, I had also not considered them. Even though my janky e-card system was popular, I decided to take it down.
Even today this doesn’t just ring true for businesses, but entire industries. Surveillance capitalism profits by monitoring consumers. This type of capitalism gleans personal information from the internet or mobile devices to target consumers. It often leverages others businesses to provide this data. It hinges upon us not knowing or caring about how it works.
Upton Sinclair once said: “It’s difficult to get a man to understand something when his salary depends on him not understanding it.”
This is my own story of my involvement with surveillance capitalism. It goes beyond my experience with this tiny website to one of this countries most successful internet companies. Though my work was based in New Zealand, the tendrils of surveillance capitalism know no boundaries. Much of this is uncomfortable to write, because in doing so, it made realise that my own ignorance made me an accomplice to many of the abuses that are discussed here.
Though 2005 is a lifetime ago in technology, it was the first time I got a glimpse of Google’s over reach in data. Google blacklisted CNET reporters after reporting then CEO Eric Schmidt’s personal information, by using Google itself:
After the article appeared, David Krane, Googles director of public relations, called CNET editors to complain, said Jai Singh, the editor in chief of CNETNews.com. “They were unhappy about the fact we used Schmidt’s private information in our story,” Mr. Singh said. “Our view is what we published was all public information, and we actually used their own product to find it.”
Since then, it Schmidt changed his tune. On one hand he abhorred that others find out how much money he made (where he lived, and his donations), but just 4 years later he came up with this gem of quote that been oft repeated in many ways:
“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”
Conversely, are there things that Google should not have been doing in the first place? [mozilla quote]
That same year Eric Schmidt blacklisted CNET, we also launched our start up. For our new business, one of my roles to to lead search engine optimisation and online advertising. Our company became really good at this. So proud were we of our advertising prowess, we later spun off an advertising agency that displayed our efficient use of Google’s pay per click program:
In the graphic above, our Adspend nearly doubled from 2012 to 2013. Why was this?
We ran a multiple web site marketing strategy that was hit hard by Google algorithm updates in 2013, causing our organic (non-paid) traffic to plummet. . Prior to the algorithm change, roughly 20-25% came from organic search. Immediately the algorithm change, it was around 3-5%. Making matters worse, the organic markets that were hit hardest were in our own backyard, New Zealand and Australia. We took a big chance by doubling our spend on Adwords. However, the same sites culled by Google for organic searches did exceedingly well under Google paid ads. Google dominates the global search market both ends: through paid and organic (non-paid) search. From business point of view, it would make sense to profitise the organic searches as much as possible. Unfortunately, every algorithm in Google’s war on spam had collateral damage that hit private individuals and small businesses. [Google Algorithm Updates]
in 2013, we spent over $11 million dollars in Google advertising. That year, Google reported a $60,000 loss. [Googles Earnings]. Following this time, we saw many small businesses, particularly those who did not want to invest in Adwords, fall away to obscurity or even go under.
Our business could not survive without using the Google platform, there is no alternative. In the end, what could our company do? What could any New Zealand company do? What can any company in any country do where Google has more than 70% of the search market share?
We offset some exposure to Google by creating an affiliate program and also an advertising agency. Our affiliate program targeted partners that did well in search engine optimisation, to make up for our own losses. Our advertising agency used the strength of our in-house paid marketing. But whether it was SEO from affiliate partners, or new clients for our advertising business, all roads lead to Mountain View.
In reflection, Google’s monopoly is not what is bother me today. In hindsight, this monopoly help feed their data beast. Every site we owned contain Google statistical tracking codes, whether from Analytics or Google Ads. We generated millions of dollars for Google, but we also generated millions upon millions of clicks, billions views and impressions. While this data looked impressive to us, we could not connect our data to user. This is a blind spot for ever business; we never see our data out of the bubble of our business. However, Google can connect the dots.
Google could use data collected from all its tools (Analytics, Adwords) to connect data from users, business and entire industries, in ways we could never image. It keeps them one step ahead of everyone, and gives the ability to bring entire industries under their heel [Google Takes On]. In fact Google, requests its users to upload its offline data for adwords, upload additional analytics data, and DataStudio.
In a particularly surreal moment for our business, a new Google account manager introduced themselves for our business verticals. The account manager candidly remarked that they were not only our account manager but also managed our biggest competitor. This was no small account, spending millions of New Zealand dollars per annum. They saw no conflict of interest, after all, it was just data to them. The comment was made out of naïvety, the account manager was an obviously very smart and educated person. I’ll not forget the startled look on their face when we called them out on that. I can but for a brief moment they considered our position, before towing the company line that all data was neutral. We eventually got a new account manager. [Google Aside]
Our business fed Google the countless sets of data, without batting an eye of what those consequences would be.
But how did it get this way?
Opacity: The state or quality of being opaque, not allowing light to pass through.
How did Google become a monopoly? Under the shadow of night of fog:
Former ex-Googler Douglas Edwards writes compellingly about this predicament and the culture of secrecy it shaped. According to his account, Page and Brin were “hawks,” insisting on aggressive data capture and retention: “Larry opposed any path that would reveal our technological secrets or stir the privacy pot and endanger our ability to gather data.” Page wanted to avoid arousing users’ curiosity by minimizing their exposure to any clues about the reach of the firm’s data operations. He questioned the prudence of the electronic scroll in the reception lobby that displays a continuous stream of search queries, and he “tried to kill” the annual Google Zeitgeist conference that summarizes the year’s trends in search terms. [I’m Feeling Lucky]
Think about how all pervasive Google has become. Your mail, maps, mobile, translations, and even your DNA is part of the Google empire. To get there, Google became masters of obfuscation. Though are manyexamples of Google’s data-first, users-be-damned strategies, here are 4 examples of the tactics Google used or is using to get your data:
Maps & Streetview . Wardriving is using a vehicle to find unsecured or easily hacked wifi hotspots. Google, did not have internet access to many places to enable their map products. In many areas, Google tapped in private wifi routers to enable their mapping capabilities. Google recovered a lot of data from their quest to map the world.
Technical experts in Canada, France, and the Netherlands discovered that the payload data included names, telephone numbers, credit information, passwords, messages, e-mails, and chat transcripts, as well as records of online dating, pornography, browsing behavior, medical information, location data, photos, and video and audio files. They concluded that such data packets could be stitched together for a detailed profile of an identifiable person.
Though Google vigorously denied this type data collection, it had be found out they had specifically selected an internal engineer who was renown for his expertise in wardriving. [Wardriving]
The Google ToolBar – A few may remember when Microsoft Internet Explorer dominated the search market. The Google Toolbar was brilliant idea and a trojan horse. It allowed for users to search on Google without even going to Google website. During the early 2000s, Microsoft had over 95% of the browser marketshare, and Google piggybacked off its ubiquity. It simple to install but nearly impossible to uninstall completely. In some cases it kept tracking users after it would be uninstalled. The Google toolbar appeared in the year 2000, but has evolved to just putting your search search term directly into URL bar.Google reCaptcha – What is so bad about a cute little button that asks if you are a robot? Googles war on spam bots, actually captures your browsing information, such as what site you are on, your ip information where your browser moves and a screenshot of the entire web page that you are on . Here are some other things to be aware of:
Data Laundering. By its own behaviourial precedent, Google has created hydra by proxy. Google has emboldened others to tap in to the data ‘free collection’ with hopes for a cashing out big. To get an idea how much this market has grown, check out the Martech infographic. Visually it is staggering, looking closer to the million dollar home page project than a standard marketing infographic:
All these companies will likely use some type of Google tool (analytics, ads, captcha, tagmanager, datastudio) to collect data for their systems and in a sense, become data laundering service for Google.
In 2017, Google generated 20 Petabytes of data day, which would mean roughly 6,798,655,000 Gigabytes of data per year. I am sure that number has grown since then. What does Google do with this data?
In essence, your actions are the raw material to feed Google’s actually customers: the Advertisers. In this sense, its not you, its what you do. This becomes a very important distinction [decision righs footnote], as it allowed for sidestepping privacy issues:
Data has become our modern God. It has been said in so many ways. Just as priests are the middle man between you and God, Google is the middle man for your data. Your email, your video watching habits, your searches, your dna, your movements. This means power for the new priests, and you must pass through them first.
In this sense, Google become the intercessor, or priest of our data. The definition of a priest is one authorized to perform the sacred rites of a religion especially as a mediatory agent between humans and God; Google is the intercessor between your data and those that have interest in it. Simply put, Google wants our know our habits. Our habits make us predictable. In the past centuries, we trusted priests to guide our behaviour based on holy scripts. Now, using predictability of petabyes of collected data, Google can drive user users behaviour.
Shoshana Zuboff explains Google’s abuse of decision rights:
That Google had the power to choose secrecy is itself testament to the success of its own claims. This power is a crucial illustration of the difference between “decision rights” and “privacy.” Decision rights confer the power to choose whether to keep something secret or to share it. One can choose the degree of privacy or transparency for each situation…
Surveillance capitalism lays claim to these decision rights. The typical complaint is that privacy is eroded, but that is misleading. In the larger societal pattern, privacy is not eroded but redistributed, as decision rights over privacy are claimed for surveillance capital. Instead of people having the rights to decide how and what they will disclose, these rights are concentrated within the domain
of surveillance capitalism. Google discovered this necessary element of the new logic of accumulation: it must assert the rights to take the information upon which its success depends.
Surveillance is the path to profit that overrides “we the people,” taking our decision rights without permission and even when we say “no.” The discovery of behavioral surplus marks a critical
turning point not only in Google’s biography but also in the history of capitalism.
The first stage of successful dispossession is initiated by unilateral incursion into undefended space: your laptop, your phone, a web page, the street where you live, an e-mail to your friend, your walk in the park, browsing online for a birthday gift, sharing photos of your kids, your interests and tastes, your digestion, your tears, your attention, your feelings, your face. The incursion is when dispossession operations rely on their virtual capabilities to kidnap behavioral surplus from the nonmarket spaces of everyday life where it lives. The incursion initiates Google’s most basic and prolific form of dispossession: Arendt’s repeated “original sin of simple robbery.” [Hannah Arendt] Incursion moves down the road without looking left or right, continuously laying claim to decision rights
over whatever is in its path. “I’m taking this,” it says. “These are mine now.”
Here we see the pattern:
Google has, and always will make claims, about your privacy. It will never sell your data, because that data is far too valuable to them. It will launch Privacy Awareness Weeks and have very slick videos that all your data is in safe hands. However, what choice did you have in the matter of giving your data away? Did you ask for Google to track your purchase history, your whereabouts on google maps, health history, and your search history. Some of these have only been recently exposed. Other exposures have been done under subpoena or whistleblowers.
People don’t want to admit that propaganda works, because to admit it, means confronting own susceptibilities, horrific lack of privacy, and hopeless dependency on tech platforms
ruining our democracies on various attack surfaces. David Carroll, The Great Hack.
As bleak as this may seem, the tide is turning. New Zealand as individuals and as a country can see what steps have been taken around the world. In Europe, the General Data Protection Regulation is step for users to reclaim their data, and the right to be forgotten. California Consumer Privacy Act is the strongest privacy protection yet in the United States.
This article may never have been possible with out Shoshona publication earlier this year, The Age of Surveillance Capitalism. The words that I have struggled to put together over the last 15 years, where so succinctly put together in her work. Her writing is a rare gift, and I would like close out with another passage from her book:
The Greek word asylon means “unplunderable” and founds the notion of a sanctuary as an inviolable space. 5 The right of asylum survived into the eighteenth century in many parts of Europe, attached to holy sites, churches, and monasteries.
English common law retained the idea of the castle as an inviolable fortress and translated that to the broader notion of “home,” a sanctuary free from arbitrary intrusion: unplunderable.
…“There is a strong theme of a proper realm of inaccessibility or secrecy with respect to the world at large as well as a recognition of the important social dimension of such protected inner space….”
May every New Zealander find their own asylon away from eyes surveillance capitalism.
The sole worth of Google and Facebook is the fact that they possess and holid, and use the personal data of people from all around the world. So I think the best way to move forward are for people to really possess their data like their property. Brittany Kaiser
Part of my own reflections was reduce (and hopefully altogether close) my own reliance on Google. Give how intertwined this data, its not an easy feat. My own online life is a work in progress. While there is no magic solution, here are some little things every New Zealander can do to step up your own privacy.
The great news is that there are a lot of options, in fact this section is the longest of m
Tightening up your Social: There are a few things you can do to your Google, LinkedIn, Facebook, Netflix Twitter accounts to limit their invasiveness. Specifically for Google:
Understanding Fingerprinting. Your browser is likely to have a unique fingerprint, meaning advertisers can identify precisely who you are. Even if Google doesn’t have your name, it is likely that your browser can identify who you are 99% of time. There are several tools to combat this, but to get an idea of how this is done.
NoRoot Firewall / Disconnect.Me Apps for your mobile. Both of these can (and probably will) break your favourite mobile apps, but at least you will be able to see the outgoing data collections.
Using Tor Browser – Tor is probably the best privacy tool on internet . Your network connection is bounced between at least 3 connection globally – in a way that final connection can never know the originating source. It is inherently more secure than a VPN – which only offers a single point of failure, and where is Tor is essentially decentralised and trustless (that word sounds funny, but its opposite of you may think!).
Used Secure Messenger service. Signal and Telegram are both highly encrypted messenger services that you can use on your phone.
Get rid of unwanted apps/programs – Tidy up your devices – if you are not using an app on your mobile phone, remove it. See also removing bloatware below.
Use a password manager – Beyond just your own security, some password managers also can report if you password has been involved in a data breach. As with everything do your research – many password managers are a single point of failure, meaning if they are breach, it gives access to all your passwords. So if you your password for password manager is ‘password’ or ‘abc123’, you are probably going to have a bad day. Well known password managers are are Keepass and Lastpass.
Consider different search engines. I weaned my reliance on Google by switching to Duckduckgo, which I use about 90% of the time. Other search engines to consider include Qwant, Yippy, and
Faraday Bags and Boxes. Your smart phone is constantly signalling the carrier, even when in airplane mode [get more info, footnote] * . Faraday bags and boxes block.
Consider a private email service. ProtonMail, Mailfence, and Tutanota are all advocates of privacy. If possible set up your own mail server. In either case, though won’t get slick cartoons about data collection on your terms and conditions, but at least you’ll get peace of mine about your privacy. Well less featured than Gmail, many times they offer a free service and paid service.
VPN Use – This allows you to surf the internet on another IP. The internet is swarming with VPN providers, some are more anonymous than others.
Private Search Engines: American search engine DuckDuckgo has been making ripples for taking a stand against Google marking practices. Outer search engines include Qwant, [list]. If you are using Tor and want to visit onion sites.
Antivirus – Often the programs that are designed to protect us may actually being collecting data on you! This is a tradeoff, so please read the terms and conditions.
Personal data removal service. There are several of these services, these are professionals who scour the internet for your information and help you delete or remove information. And example would Privacyduck.com. Ultimately, your data should your responsibility. However, if you have an exceptionally large online footprint and poor record keeping, it might be worth the money.
Educate yourself on Privacy – What apps, website, and device do you spend the most time?. Consider what sort of data is collected that you may not feel comfortable about. What would Netflix know about you that you wouldn’t tell others? What does Steam know about you after playing over 1000 hours on Skyrim? Will 23andMe reveal unwanted family history? How about your GPS coordinates from Fitbit? Ask yourself the questions about the applications that are likely to make you uncomfortable, and take action according to your new comfort levels.
Firewalls – For any device you have, consider using a fire wall. For instance if you do not want a program (Google, Adobe, Steam, Cortana) reporting back on your behaviour. Notice that
Tails OS – Tails OS is a free, USB operating system that anonymises your online experience through tor, and also doesn’t save any data. This requires more effort because you have to create the USB yourself and get familiar with a new operating system. However, you do not have to install it. It is a fascinating project, and one that helped former Intelligence Community Systems Adminstrator Edward Snowden escape scrutiny while he reported on citizen privacy voilations. NSA has reported that use of Tails with the Tor browser was the biggest hindrance to their global Survelliance programme.
Get rid of Bloatware – I wish this was any easy step, but getting rid of bloatware – unwanted programs that are preinstalled on your device, can actually be complicated proccess. Not only may they stream out data on your actions, but also clog up system performance. Both Android and Windows can be bad, but there are plenty of tutorials on how to reduce difficult to remove programs.
For Windows 10 Laptops and computers, Windows10Debloater is a good start. It does require some work, but it will take away unwante windows programs and help tame Cortana. For Android, here is an article that aids in removing bloatware: https://www.androidpit.com/how-to-uninstall-preinstalled-android-apps
Consider Another Operating System: While I know changing from Mac or Windows is tantamount to changing religions, the experience needn’t be that difficult. Personally Linux Mint is very easy learning curve, but there are many other ones that may suite your taste. You don’t even have to abandon your favourite Windows or Mac Programs, with compatibility software layers such as Wine and Darling. This is not for everyone, but considering you’ve already made it past 2,000 words, you are probably considering all options!
Reducing smart phone time. You’ve read this far? Take a breather. It this article should still be here when you get back.
Consider non Android/IOS phone. There are other operating systems for Smartphones, which may mean a learning curve. There are several already in the marketplace, and there has been alot of talk about the Librem 5. Other devices such as Necuno use Voice over IP instead of cellular modem [cellular modem problems], and the Betrusted – a device that acts as a middle man between your mobile and communications.
Below will require considerable effort – though not all of it is technical, but making conscious choices to change behaviour. I am still working through many of these points myself; while the concepts are simple, in practice it becomes much more difficult.
Quitting Social Media: This has been much talked about, and is large of scope to be written about here. The hardest part of quitting is that everyone else is one it as well. Consider incremental steps and studying how your data is used. The more you know how it affects your asylon, the easier it becomes to break free.
Dropping Gmail/Free Email Service – For some people, this will be as difficult than social media
Get a burner phone – You smart phone is always transmitting, sometimes even when Airplane mode is enable [reference]. A brick mobile has advantages in that the battery can be moved more easily and their are very fewer apps that report back to their mothership about your habits.
Root your Mobile (Android Users)– No that kind of root, but gain administrative access. By
Learn the technology – Set up your own mail server or file server. Set up a VPS for tor relay or an onion site. Learn to build your own farraday box, create a Tails USB disk. Be curious about possibilities, instead of fearful or resigned. Learn about XKeyscore and New Zealand’s involvement with the Five Eyes. If you find privacy interesting, then it makes all the above much easier to learn. Be the persons that loves the learning as much as they love using the technology.
Be that girl (or guy) – If you see online company that violates privacy, do not be silent. Often times, business leaders don’t know what is implemented on their websites. Marketers and programmers will implement what is easy; Google products are optimised for ease of configuration, at the cost of privacy. There is no doubt a leaders will roll their eyes, but ethical leaders will take these requests seriously. This requires a minimum of knowledge of technology, but does require an effort to go against complacency. [Footnote nz gov site]
[Google Algorithm Updates]
Here is a comprehensive history of Google Algorithm updates: https://www.searchenginejournal.com/google-algorithm-history/. There are numerous articles about the collateral damage of their search algorithms. Here a couple:
It is hard to imagine them making a loss. Going forward, its likely that Online Republic will have spent over $100,000,000NZD on Adwords by 2020.
Though Online Republic an international business, a large chunk of the revenue were from New Zealand customers, even if they represented a lower volume of sales. We know that our local partners and competitors also shelled out big money for paid ads as well – if you paid $1.00 for a click and they appear above you, they pay the same or more. Aside from the Tourism vertical, I imagine home grown successes Trademe.co.nz and the New Zealand real estate sector also contribute a huge amount to the local economy.
Here are the links to financial statements from Google New Zealand from the companies office.These documents are all available to the public. I highlighted the “Total comprehensive income/loss for the year“, but I am not a forensic accountant. I imagine any spend that is Ad-generated falls under international. Have a look for yourself.
Taxation has been controversial for Google. They were renown for their ‘Double Irish With A Dutch Sandwich‘ tax strategy. This tax strategy was recently abandoned due to more relaxed tax laws in the United States.
[Google takes on]
Almost 10 years ago, our business went to a Google Travel Conference in Sydney. Here they unveiled the Google Flights, which aggregated flight data. Keep in mind, the invitees to the conference where the some of the same businesses that Google could destroy with this tool! The assured us they were the good guys during this conference. Expedia shortly find out Google is more than happy to break their promises.
Is this type of disruption good for the businesses?
A part of that difficulty is also knowing that my contacts at Google were some of the smartest and most genuine people that I have had the privilege of working with. My sincere wish is that the focus should be on corporate practices, not individuals.
[I’m Feeling Lucky]
I’m Feeling Lucky: The Confessions of Google Employee Number 59, written in 2011, is a book by Douglas Edwards, Google’s first director of marketing and brand management. Here is an interesting review of this book by the late Aaron Schwartz:
There were many, many times in this book that I couldn’t help but wonder: How did he get away with writing this? Google apparently approved of the project and had chaperones in all his interviews, but nonetheless the book is just full of revelations and shockers that it’s hard to imagine Google would ever want to see the light of day.
See page 142-3, Age of Capital Surveillance:
The FCC found evidence that contradicted Google’s scapegoating narrative. The records showed that the engineer had e-mailed links to his software documentation to project leaders, who then shared them with the entire Street View team. It also found evidence that on at least two occasions, the engineer told his colleagues that Street View was collecting personal data. Despite these facts along with evidence of the company’s exhaustive internal software reviews and testing procedures and the regular transfer of payload data from Street View’s hard disks to Google’s Oregon data center, Google’s engineers denied any knowledge of personal data collection
I was completely unaware of that Google would collect data from the reCaptcha service until I had sign up for BC Hydro Account while I was in Vancouver. I will have to give kudos to BC Hydro for putting this on this disclaimer on their website.
Here is an article by Zuboff, which further describes philosopher Hannah Arendt view of the ‘original sin of simple robbery‘:
The process that began in cyberspace mirrors the nineteenth-century capitalist expansions that preceded the age of imperialism. Back then, as Hannah Arendt described it in The Origins of Totalitarianism, “the so-called laws of capitalism were actually allowed to create realities” as they travelled to less developed regions where law did not follow. “The secret of the new happy fulfilment,” she wrote, “was precisely that economic laws no longer stood in the way of the greed of the owning classes.” There, “money could finally beget money,” without having to go “the long way of investment in production …”
For Arendt, these foreign adventures of capital clarified an essential mechanism of capitalism. Marx had developed the idea of “primitive accumulation” as a big-bang theory –– Arendt called it “the original sin of simple robbery” – in which the taking of lands and natural resources was the foundational event that enabled capital accumulation and the rise of the market system. The capitalist expansions of the 1860s and 1870s demonstrated, Arendt wrote, that this sort of original sin had to be repeated over and over, “lest the motor of capital accumulation suddenly die down.”
[cellular modem problems]
regarding cellular data, below is from the Purism website. It describes the issues around cellular hardware and their vulnerabilities:
The cellular modem is arguably the most complex part of a mobile phone. The modem is the component that has to implement all the familiar protocols you would associate with a phone (like 2G, 3G, 4G and the upcoming 5G). It does so by running its own proprietary black box operating system. The cellular modem is also covered by thousands of patents held by hundreds of patent owners. Now imagine this… This cellular modem sits right on the same RAM bus as the SoC*! Non-free software not only has access to the data flowing to and from the SoC, but also has the ability to modify it. Because this modem operating system is a proprietary black box, we have no idea what this component does or what kind of vulnerabilities it has.
* system on a chip