Tag Archives: corporations

The Panama Papers: Dirty Money or Dirty Media?

Panama PapersOn 3 April 2016, the first few of the so-called Panama Papers were published by mainstream media across the West. The Panama Papers are a collection of allegedly 2.6 TB of data and documents by and related to Mossack Fonseca, a Panamanian law firm providing offshore trust services.

The leak, given by an anonymous whistle-blower to Bastian Obermayer of the German Süddeutsche Zeitung, consists of 11.5 million documents created between the 1970s and late 2015 by Mossack Fonseca. A consortium of journalists, the International Consortium of Investigative Journalists (ICIJ) subsequently organised the research and review of the documents.

These documents allegedly provide proof of the rich and powerful in the world storing their massive stashes of money in tax havens across the world like the British Virgin Islands (BVI), Guernsey, The Netherlands, etc. This practice is called tax avoidance, and is usually not illegal. It is highly questionable from a moral standpoint though. Billions of euros or dollars flow through thousands of shell companies that provide no benefit to society in terms of services, goods and employment. And the country of residence of the billionaire in question doesn’t receive tax income which could be put to better use to improve society rather than sit on an anonymous bank account on the Cayman Islands.

Media Bias

Putin_mediaOne of the first things that struck me as odd, but that is sadly no longer surprising, was the incredibly one-sided reporting done on this by the media. On 3 April, lots of articles appeared about the Panama Papers, and they strongly implied that President Putin of Russia was mentioned in these documents. Even though Putin was not mentioned in the few actual documents released to this point, the mainstream media strongly implied (by using photographs depicting Putin, for instance), that Putin is personally involved with the arrangements mentioned in the documents by Mossack Fonseca. The BBC Panorama documentary entitled “Tax Havens of the Rich and Powerful Exposed” is also strongly biased in their editing, showing documents on-screen for only a few nanoseconds behind an unclear background. When you stop the video and zoom in you can clearly see that the documents shown are from the British Virgin Islands, while this British overseas territory is not mentioned even once in the documentary itself, while they are droning on about Putin and the Icelandic former Prime Minister Gunnlaugsson.

Why this massive media bias? Why is it necessary to remind us that leaders from countries like Russia, China, Zimbabwe, North Korea, Syria etc. are corrupt? We know that. That is not news. What would be news is to reveal hard evidence that Western billionaires like George Soros are just as corrupt, and worse, that they influence politics and world affairs using their massive stashes of money.

The reason why the bias is so strong is partly due to the methodology used, and partly because of other interests. The Süddeutsche Zeitung gives a detailed explanation on how these documents were searched for interesting titbits. One of the things they did is focus on countries that may be violating UN sanctions, which might explain in part why the bias is on non-Western countries as it is. Also note that these documents only come from one law firm in Panama. If there would be another leak from, say, a law firm on the BVI, then we might find other people involved.

As Craig Murray, former UK Ambassador to Uzbekistan has written, Western journalists, the corporate media gatekeepers, are withholding the vast majority of the actual documents from the public. If we truly want to know what the impact of the Panama Papers is, without spin from the media, we should have access to the actual raw documents. Raw docs or it doesn’t exist, so to speak. If you don’t release 99% of the documents, you’re engaged in 1% journalism by definition. This is why I like the work that WikiLeaks is doing. They work very hard to publish the original source documents responsibly so that we can all learn how the world works from the original and authoritative source material. And then all journalists can read these documents on an equal standing. It’s been a pet-peeve of mine for many years that mainstream media don’t link to their sources like bloggers do. If a story is clearly based on documents like in this case the Panama Papers, just release the source documents together with your explanatory articles. Why is this such a problem?

Or are the journalists who have access to these documents afraid of possible blow-back if they report on the hand that feeds them?

Who is funding this?

Because that is the big elephant in the room. Who could be funding this propaganda extravaganza? Let’s have a look at the ICIJ’s site shall we?


George Soros at the Festival of Economics 2012, Trento. Photo by Niccolò Caranti.

The International Consortium of Investigative Journalists is based in Washington, D.C, and is a project of the Center for Public Integrity. There, on the funding page, you can read that amongst the big institutional funders are names like the Omidyar Network (Pierre Omidyar, owner of The Intercept and founder of eBay), the Open Society Foundations (George Soros), the W.K. Kellogg Foundation, the Rockefellers, The Democracy Fund (again: Omidyar), and many others.

The OCCRP (Organized Crime and Corruption USAIDReporting Project) is also heavily involved with the Panama Papers project, and is sponsored, by (again) the Open Society Institute of George Soros, and also USAID, which is a US government agency and front organisation posing as a charity and frequently used as an instrument of regime change.

Is it strange that which such backers the very first news reports that came out were so incredibly biased? Given how much the US administration would like to see regime change in Russia, are these reports bashing the Russian President a surprise? No, sadly, I’m not surprised any more. What I find despicable, is that so many journalists who worked on this, like to think of themselves as independent and the ultimate arbiters of truth, when evidently, they are not.

Why are there not reports about the vast amount of wealth stashed away in tax havens by George Soros? Mark Zuckerberg? Warren Buffet? The journalists sacrificed a token Western leader like Gunnlaugsson from Iceland, so they can claim to be bias-free (“look, we’re also publishing on Western leaders!”), while in reality, their entire enterprise is funded by the rich and powerful in the West. So I think I can quite confidently predict that for instance George Soros’s financial arrangements in various tax havens will not be published. Mark my words.

The TTIP Tragedy

europeYesterday, the European Parliament passed a draft report containing the EP’s recommendations to the Commission on the negotiations for TTIP. TTIP is the “free trade” treaty that is being negotiated between the US and the EU. It is the latest chapter in a long range of abbreviations across the world, from ACTA, to CETA, to TPP, TISA, etc. The end goal for TTIP is to create a single, massive free trade area/single market between the United States and the European Union member states. In practice, this requires that our standards be lowered to theirs and American businesses given unfettered access to the European markets (and in name vice versa, but it remains to be seen whether that will be the case in reality.)

The negotiations with the United States are being conducted in secret. There are various MEPs who are regularly informed about the progress of the negotiations, but they are prevented from saying anything substantial about the actual contents of the documents currently on the table. The peoples of Europe have no influence and no say in what makes it in the final treaty. Most of the Members of the European Parliament also have no idea about the exact contents of the negotiating document, and what is currently on the table. The European Parliament will vote on TTIP when the treaty is completed, but does not have the power to make amendments to the final text. This is a massive shame, since this treaty will influence us in major ways. In practice, it will open up our markets to American big business, while the effect for European middle and small enterprises are almost non-existent (as the vast majority of SMEs will not make the step to export to the United States).

Negligible Economic Advantages

The long-term economic advantages of TTIP to Europe is in fact completely negligible. Karel De Gucht, the previous EU Commissioner for Trade until 2014, claimed that TTIP will create lots of jobs in Europe, when in fact, we’re looking at an increase of GDP of at most 0.4 to 0.5 percent over a time period of decades. Claiming that this treaty will be about job creation and creating opportunities for workers on both continents is just completely dishonest, as also claimed in a blog on the U.S. Center for Economic and Policy Research (CEPR) website. According to various studies, the economic advantages are quite negligible. Incidentally, when De Gucht was confronted by some questions asked by the journalist regarding the alleged economic advantages of TTIP, he couldn’t provide an answer. And these are the sorts of people in charge of these things?

ISDS With A Different Name

ttip-2One important aspect that hasn’t been scrapped in the new resolution is the notorious ISDS provision (Investor-State Dispute Settlement). ISDS is a arbitration provision, that basically says that if a corporation thinks that a certain law passed by a nation-state’s parliament is hurting the profits of the corporation, they will have a way to sue the state for damages, in practice amounting to hundreds of millions of euro’s.

The most laughable thing about this arbitration commission is, that in the initial proposals, it consists of 3 lawyers, one of which will be from the company and another one from the nation state; the third one to be decided by the 2 parties. No legitimate judge would be asked to take this decision, and this provision has the potential to hurt democracy in a massive way. That this was even up for serious discussion is simply insane. When we as people can no longer decide for ourselves what we do and do not allow onto the market, because we should always take into account whether or not that will hurt someone’s business model, what independence do we have left? What will be left of the people’s sovereignty, granted to them by international law?

The ironic thing is that in the latest resolution passed by the European Parliament (P8_TA-PROV(2015)0252), the term “ISDS” has been replaced with: ‘a system for resolving disputes between investors and states’. Tell me: how is that different from “Investor-State Dispute Settlement”? This was just a different term used in the new resolution just so some fractions in the European Parliament can say: “Look people, we stopped ISDS!”, while at the same time the Commission and the negotiating team can say to the Americans that it’s still in. In effect, nothing has changed on this point. The entire concept of investors suing states for damages because legislation is a threat to their business model, and doing so in kangaroo courts, is an utter travesty to the legal system.

Another problem is that big corporations have an excessive influence on European policy-making. During the preparatory phase of TTIP, 590 meetings took place between the Commission and corporate lobbyists. 92% of these meetings were with representatives of big business. In fact, quite a few sentences in the proposals are directly written by the lobbyists, and made it in the proposals virtually unchanged. And this is not only a problem for TTIP, this happens all the time.

Consequences of Arbitrary Arbitration

An example of where this could lead to is the case of Achmea vs the Republic of Slovakia. In this case, Achmea (which is a major Dutch insurance conglomerate) sued the Slovak Republic for damages because they wanted to re-nationalise their health care system. Of course, Achmea stood to lose millions of euros in potential profits due to this policy change, so they sued, citing alleged breaches of the Treaty on encouragement and reciprocal protection of investments between the Czech and Slovak Federal Republic and the Kingdom of the Netherlands. Luckily, the arbitration committee in this case dismissed all of Achmea’s claims, and recognised the sovereignty of the Slovak Republic to make these kinds of policy decisions.

Now imagine what happens when TTIP is implemented, on a massive scale and in a vast area across many different industries? What sovereignty do we have left when we have to think about protecting the profits of huge corporations with each and every policy decision?

Investor-State Dispute Settlement is wholly unnecessary

Protecting investments by means of arbitration committees only makes sense if your trading partner is a country without a well-developed and functioning legal system. It does not make sense whatsoever in the context of a free trade deal between the United States and the EU, since European countries do have functioning legal systems. It isn’t a union of banana republics. At least not yet. So any investment arbitration mechanism in the TTIP treaty that circumvents the nation states’ legal system is wholly unnecessary. The only reason it will make it into the treaty is to give big business a lot more power to overrule the decisions made by our elected representatives. One step closer to a United States of Europe, which in the vision of eurocrats the likes of Guy Verhofstadt is only complete when it stretches from California to the Caspian Sea.

Benito Mussolini, the fascist Italian dictator during WWII, once defined fascism as: the merger of the corporate with the state. When TTIP is passed, the corporate is the state! We will open our European markets up to American multinationals who, as we know, have little concern for labour standards, food safety regulations, and more. It will amount to us lowering our standards to theirs in the interest of “free trade”.  If we don’t lower our standards, that would imply that the United States would raise theirs, which is extremely unlikely to happen in the current political climate. It will introduce a dispute settlement system that is actively hostile to the very principle of democracy. And our parliaments will have no say in the matter. Despite what the average eurocrat says, these are very real dangers. But there are even more reasons not to want this trade agreement with the United States.

Free Trade? With the people who spy on their allies?

nsaRecently, news came out that the United States NSA spied on the German Chancellor and her most senior officials and also on the last 3 Presidents of the French Republic. These documents on WikiLeaks also reveal that the US has a decade-long policy of economic espionage, and is intercepting all French corporate contracts and deals valued over $200 million.

Two years after Edward Snowden’s revelations were made public, we have seen a move towards more secrecy, more surveillance, and more corporatism, and a lot less transparency and accountability. Transparency and accountability is also a major issue within the EU institutions and in particular the TTIP negotiations, but I’ll get to that it a bit.

Over the last 2 years we have seen moves by various European intelligence agencies to imitate the NSA and GCHQ in their capabilities. Just recently, the Dutch government released for public consulting a proposal aimed to give the AIVD, more power, authorising them to start tapping cable-bound communications.

Also, the FBI by means of James Comey and others in the US and UK (Cameron, May) are desperately trying to ban encryption, against all expert advice. Banning encryption makes us less secure, preventing, for example, banks and corporations from protecting our personal data against interception by criminals. Without encryption we cannot securely shop online, we cannot message online, businesses cannot keep their trade secrets confidential, etc. Encryption is essential to the internet, and essential to innovation.

The important point is this: Do we really want to increase cooperation in the areas of trade and industry, across all sectors, with the country that has been spying on us and disregards its own Constitution and rule of law? Do we really think that is in the interest of European citizens?

I wonder what would happen in the following hypothetical situation. Let’s say for the sake of argument that it is revealed that the Bundesnachrichtendienst (Germany’s foreign intelligence agency) has been spying on the last 3 US Presidents. Would the US then take the initiative and start negotiating a trade deal and much closer cooperation with the Europeans? Or would these actions be strongly condemned and action taken to prevent these actions in the future? I think we know what the response of the US in this hypothetical situation would likely be. However, in the real world, the US has been spying on the Europeans for decades on a massive scale, and we still don’t reconsider who our allies are?

verhofstadt_van_baalenWe still mindlessly follow the US lead when it comes to demonising Russia, we don’t consider what actions are in the best interest of European businesses, we continue to give the US great advantages as they continue to stir up trouble, start revolutions and regime changes in Ukraine, hurting stability in the entire region, with MEPs Verhofstadt & Van Baalen joining in, calling for regime change on Maidan square.

The fact that US foreign policy is not a force of good in the world would already be grounds to scrap this entire treaty altogether.

Europe’s democratic deficit


An Ancient Greek ὄστρακον (ostrakon), mentioning Megacles, son of Hippocrates (inscription: ΜΕΓΑΚΛΕΣ ΗΙΠΠΟΚΡΑΤΟΣ), 487 BC. In the ancient Athenian democracy, ὄστρακον were pieces of discarded pottery that people would scratch a name into to cast their vote of who to banish from the city.

Some people may accuse me of being Eurosceptic. That is not the case: I like the concept of European cooperation and integration, I have many clients across Europe, I like the fact that I am able to travel, live, and work anywhere in the European Union. That is not the problem, and in fact, one of the greatest achievements of close European cooperation.

What is the problem, however, is the clear lack of democracy and transparency at the European level at various European institutions. European elections are held to elect Members for a small piece of the pie that is the European Parliament (depending on the country you’re from the piece may be bigger or smaller), but other than that, the European institutions are completely closed from all meaningful interactions with European citizens. The Commission is not elected, and all other European institutions that make or influence European policy also have unelected officials who decide on things. We have 4 different Presidents responsible for God knows what, and all unelected. This is the major problem with the Union, and the thing in my opinion needs to be fixed before we start thinking about further expansion, or the transfer of even more powers to Brussels.

Europe should embrace democracy, not eschew it, like we could see yet again prior to the latest Greek referendum, when various European leaders made threats to the Greek people about the consequences should they not agree to more austerity. Even the President of the European Parliament, Mr. Martin Schultz has made such threats, which is wholly unbecoming of a President of a poor excuse of a Parliament, who should be above all parties, and adhere to independence from such political opinions.

Democracy is a great concept, invented in the 5th century BCE by the ancient Athenians in Greece. We should do more of it!

The Sad Truth

The sad truth regarding TTIP is that — based on the resolution just passed by the EP — I can already make the prediction regarding the final verdict of the European Parliament when the TTIP final document is finally presented to them: they will pass it, and it’ll probably include some sort of ISDS provision. There will probably be time pressure involved, requiring MEPs to read and interpret thousands of pages of legalese in a very short time-frame, which ensures that no MEP will actually read the document they vote on.

And when TTIP is passed, corporate fascism in Europe has won.

Belgian Privacy Commission Found Facebook in Violation of EU and Belgian Privacy Law


About two weeks ago KU Leuven University and Vrije Universiteit Brussel in Belgium published a report commissioned by the Belgian Privacy Commission about the tracking behaviour of Facebook on the internet, more specifically how they track their users (and non-users!) through the ‘Like’ buttons and Share buttons that are found on millions of websites across the internet.

Based on this report and the technical report, the Belgian Privacy Commission published a recommendation, which can be found here. A summary article of the findings is also published.


The results of the investigation are depressing. It was found that Facebook disregards European and Belgian privacy law in various ways. In fact, 10 legal issues have been found by the commission. Facebook frequently dismisses its own severe privacy violations as “bugs” that are still on the list of being fixed (ignoring the fact that these “bugs” are a major part of Facebook’s business model). This allows them to let various privacy commissioners think that privacy violations are the result of unintended functionality, while in fact it is, the entire business model of Facebook is based on profiling people.

Which law applies?

Facebook also does not recognise the fact that in this case Belgian law applies, and claims that because they have an office in Ireland, that they are only bound by Irish privacy law. This is simply not the case. In fact, the general rule seems to be that if you focus your site on a specific market, (let’s say for example Germany), as evidenced by having a German translation of your site, your site being accessible through a .de top-level domain, and various other indicators as well (one option could be the type of payment options provided, if your site offers ways to pay for products or services, or maybe marketing materials), then you are bound by German law as well. This is done to protect German customers, in this example case.

The same principle applies to Facebook. They are active world-wide, and so should be prepared to make adjustments to their services such that they comply with the various laws and regulations of all these countries. This is a difficult task, as laws are often incompatible, but it’s necessary to safeguard consumers’ rights. In the case of Facebook, if they would build their Like and Share buttons in such way that they don’t phone home on page load and don’t place cookies without the user’s consent, they would have a lot less legal problems. The easiest way to comply if you run such an international site, is take the strictest legislation, and implement it such that it complies with that.

In fact, the real reason why Facebook is in Ireland is mostly due to tax reasons. This allows them to evade taxes, by means of the Double Irish and Dutch Sandwich financial constructions.

Another problem is that users are not able to prevent Facebook from using the information they post on the social network site for purposes other than the pure social network site functionality. The information people post, and other information that Facebook aggregates and collects from other sources, are used by Facebook for different purposes without the express and knowing consent of the people concerned.

The problem with the ‘Like’ button

Special attention was given to the ‘Like’ and ‘Share’ buttons found on many sites across the internet. It was found that these social sharing plugins, as Facebook calls them, place a uniquely identifying cookie on users’ computers, which allows Facebook to then correlate a large part of their browsing history. Another finding is that Facebook places this uniquely identifying datr cookie on the European Interactive Digital Advertising Alliance opt-out site, where Facebook is listed as one of the participants. It also places an oo cookie (which presumably stands for “opt-out“) once you opt out of the advertising tracking. Of course, when you remove this cookie from your browser, Facebook is free to track you again. Also note that it does not place these cookies on the US or Canadian opt-out sites.

As I’ve written earlier in July 2013, the problem with the ‘Like’ button is that it phones home to Facebook without the user having to interact with the button itself. The very act of it loading on the page means that Facebook gets various information from users’ browsers, such as the current page visited, a unique browser identifying cookie called the datr cookie, and this information allows them to correlate all the pages you visit with your profile that they keep on you. As the Belgian investigators confirmed, this happens even when you don’t have an account with Facebook, when it is deactivated or when you are not logged into Facebook. As you surf the internet, a large part of your browsing history gets shared with Facebook, due to the fact that these buttons are found everywhere, on millions of websites across the world.

The Filter BubblePersonal data points

A major problem of personalisation technology, like used by Facebook, but also Google, and others, is that it limits the information users are exposed to. The algorithm learns what you like, and then subsequently only serves you information that you’re bound to like. The problem with that is, that there’s a lot of information that isn’t likeable. Information that isn’t nice, but still important to know. And by heavily filtering the input stream, these companies influence our way of how we think about the world, what information we’re exposed to, etc. Eli Pariser talks about this effect in his book The Filter Bubble: What the Internet is Hiding From You, where he did a Google search for ‘Egypt’ during the Egyptian revolution, and got information about the revolution, news articles, etc. while his friend only got information about holidays to Egypt, tour operators, flights, hotels, etc. This is a vastly different result for the exact same search term. This is due to the heavy personalisation going on at Google, where algorithms refine what results you’re most likely to be interested in, by analysing your previously-entered search terms.

The same happens at Facebook, where they control what you see in your news feed on the Facebook site, based on what you like. Problem is that by doing that a few times, soon you’re only going to see information that you like, and no information that’s important, but not likeable. This massively erodes the eventual value that Facebook is going to have, since eventually, all Facebook will be is an endless stream of information, Facebook posts, images, videos that you like and agree with. It becomes an automatic positive feedback machine. Press a button, and you’ll get a cookie.

What value does Facebook then have as a social network, when you never come in touch with radical ideas, or ideas that you initially do not agree with, but that may alter your thinking when you come in touch with them? By never coming in touch with extraordinary ideas, we never improve. And what a poor world that would be!

Talk at Logan Symposium 2014, London

A few weeks ago, I was in London at the Logan Symposium 2014, which was held at the Barbican Centre in London from 5 to 7 December 2014. During this event, I gave a talk entitled: “Security Dilemmas in Publishing Leaks.” (slides, PDF) The event was organised by the Centre for Investigative Journalism in London.

The audience was a switched-on crowd of journalists and hacktivists, bringing together key figures in the fight against invasive surveillance and secrecy. and it was great to be there and to be able to provide some insights and context from a technological perspective.

The Internet of Privacy-Infringing Things?

Let’s talk a little bit about the rapid proliferation of the so-called Internet of Things (IoT). The Internet of Things is a catch-all term for all sorts of embedded devices that are hooked up to the internet in order to make them “smarter,” able to react to certain circumstances, automate things etcetera. This can include many devices, such as thermostats, autonomous cars, etc. There’s a wide variety of possibilities, and some of them, like smart thermostats are already on the market, with autonomous cars following closely behind.

According to the manufacturers who are peddling this technology, the purpose of hooking these devices up to the internet is to be able to react better and provide more services that were previously impossible to execute. An example would be a thermostat that recognises when you are home, and subsequently raises the temperature of the house. There are also scenarios possible of linking various IoT devices together, like using your autonomous car to recognise when it is (close to) home and then letting the thermostat automatically increase the temperature, for instance.

There are myriad problems with this technology in its current form. Some of the most basic ones in my view are privacy and security considerations. In the case of cars, Ford knows exactly where you are at all times and knows when you are breaking the speed limit by using the highly-accurate GPS that’s built into modern Ford cars. This technology is already active, and if you drive one of these cars, this information (your whereabouts at all times, and certain metrics about the car, like the current speed, mileage, etc.) are stored and sent to Ford’s servers. Many people don’t realise this, but it was confirmed by Ford’s Global VP of Marketing and Sales, Jim Farley at a CES trade show in Las Vegas at the beginning of this year. Farley later retracted his statements after the public outrage, claiming that he left the wrong impression and that Ford does not track the locations of their cars without the owners’ consent.

Google’s $3.2 billion acquisition

google-nest-acquisition-1090406-TwoByOneNest Labs, Inc. used to be a separate company making thermostats and smoke detectors, until Google bought it for a whopping $3.2 billion dollars. The Nest thermostat is a programmable thermostat that has a little artificial intelligence inside of it that enables it to learn what temperatures you like, turns the temperature up when you’re at home and turns it down when you’re away. It can be controlled via WiFi from anywhere in the world via a web interface. Users can log in to their accounts to change temperature, schedules, and see energy usage.

Why did Google pay such an extraordinary large amount for a thermostat company? I think it will be the next battleground for Google to gather more data, the Internet of Things. Things like home automation and cars are markets that Google has recently stepped into. Technologies like Nest and Google’s driver-less car are generating massive amounts of data about users’ whereabouts and things like sleep/wake cycles, patterns of travel and usage of energy, for instance. And this is just for the two technologies that I have chosen to focus my attention on for this article. There are lots of different IoT devices out there, that eventually will all be connected somehow. Via the internet.

Privacy Concerns

One is left to wonder what is happening with all this data? Where is it stored, who has access to it, and most important of all: why is it collected in the first place? In most cases this collecting of data isn’t even necessary. In the case of Ford, we have to rely on Farley’s say-so that they are the only ones that have access to this data. And of course Google and every other company out there has the same defence. I don’t believe that for one second.

The data is being collected to support a business model that we see often in the tech industry, where profiles and sensitive data about the users of a service are valuable and either used to better target ads or directly sold on to other companies. There seems to be this conception that the modern internet user is used to not paying for services online, and this has caused many companies to implement the default ads-based and data and profiling-based business model. However, other business models, like the Humble Bundle in the gaming industry for instance, or online crowd-funding campaigns on Kickstarter or Indiegogo have shown that the internet user is perfectly willing to spend a little money or give a little donation if it’s a service or device that they care about. The problem with the default ads-based business model discussed above is that it leaves the users’ data to be vulnerable to exposure to third parties and others that have no business knowing it, and also causes companies to collect too much information about their users by default. It’s like there is some kind of recipe out there called “How to start a Silicon Valley start-up,” that has profiling and tracking of users and basically not caring about the users’ privacy as its central tenet. It doesn’t have to be this way.

Currently, a lot of this technology is developed and then brought to market without any consideration whatsoever about privacy of the customer or security and integrity of the data. Central questions that in my opinion should be answered immediately and during the initial design process of any technology impacting on privacy are left unanswered. First, if and what data should we collect? How easy is it to access this data? I’m sure it would be conceivable that unauthorized people would also be able to quite easily gain access to this data. What if it falls into the wrong hands? A smart thermostat like Google Nest is able to know when you’re home and knows all about your sleep/wake cycle. This is information that could be of interest to burglars, for instance. What if someone accesses your car’s firmware and changes it? What happens when driver-less cars mix with the regular cars on the road, controlled by people? This could lead to accidents.


And what to think of all those “convenient” dashboards and other web-based interfaces that are enabled and exposed to the world on all those “smart” IoT devices? I suspect that there will be a lot of security vulnerabilities to be found in that software. It’s all closed-source and not exposed to external code review. The budgets for the software development probably aren’t large enough to accommodate looking at the security and privacy implications of the software and implementing proper safeguards to protect users’ data. This is a recipe for disaster. Only when using free and open source software can proper code-review be implemented and code inspected for back-doors and other unwanted behaviour. And it generally leads to better quality software, since more people are able to see the code and have the incentives to fix bugs, etc. in an open and welcoming community.

Do we really want to live in a world where we can’t have privacy any more, where your whereabouts are at all times stored and analysed by god-knows who, and all technology is hooked up to each other, without privacy and security considerations? Look, I like technology. But I like technology to be open, so that smart people can look at the insides and determine whether what the tech is doing is really what it says on the tin, with no nasty side-effects. So that the community of users can expand upon the technology. It is about respecting the users’ freedom and rights, that’s what counts. Not enslaving them to closed-source technology that is controlled by commercial parties.

Killing Counterfeit Chips: Parallels with DRM

Last week, The Scottish chip manufacturer FTDI pushed out an update to their Windows driver that deliberately killed counterfeit FT232 chips. The FTDI FT232 is a very popular chip, found in thousands of different electronic appliances, from Arduinos to consumer electronics. The FT232 converts USB to serial port, which is very useful, and this chip probably is the most cloned chip on the planet.

Of course, not supporting counterfeit chips is any chip manufacturer’s right, since they cannot guarantee that their products work when used in conjunction with counterfeit hardware, and because it is a strain on customer support to provide support for devices not made by the company. This case however, is slightly different in that the update contains code that is deliberately written to (soft)brick all counterfeit versions of the FT232. By doing this, FTDI was deliberately destroying other people’s equipment.

One could simply say: don’t use counterfeit chips, but in many cases you simply don’t know that some consumer electronic device you use contains a counterfeit FT232. Deliberately destroying other people’s equipment is a bad move, especially since FTDI doesn’t know what device that fake chip is used in. It could for instance be a medical device, on which flawless operation people’s lives depend.

Hard to tell the difference

FTDI Real vs FakeIn the case of FTDI, one cannot easily tell an original chip from a counterfeit one, only by actually closely looking at the silicon are the differences between a real or a fake chip revealed. In the image above, the left one is a genuine FTDI FT232 chip; the right one is counterfeit. Can you tell the difference?

Even though they look very similar on the surface, the inner workings differ between the original chips and counterfeit ones. The driver update written by FTDI exploits these differences to create a driver that works as expected on original devices, but for counterfeit chips reprograms the USB PID to 0, which is a technical trick that Windows, OS X and GNU/Linux don’t like.

Parallels with Digital Rights Management (DRM)

Defective by Design I see some parallels with software DRM, which is aptly named Digital Restrictions Management by the Free Software Foundation. Because that is what it is. It isn’t about protecting rights of copyright holders, but restricting what people have always done since the early beginnings of humanity.

We copy. We get inspired by, modify and build upon other work, standing on the shoulders of the giants that came before us. That’s in our nature. Children copy and modify, which is  great for their creativity, artists copy and modify culture to make new culture, authors read books and articles and use the ideas and insights they gain to write new books and articles,  providing new insights which brings humanity as a whole forward. Musicians build upon foundations of others to make new music. Some, like the mashup-artists, even outright copy other people’s music and use them in their compositions as-is, making fresh and new compositions out of it. Copying and modifying is essential for human culture to thrive and survive and adapt.

According to the FSF definition, DRM is the practice to use technological restrictions to control what users can do with digital media, software, et cetera. Programs that prevent you from sharing songs, copying, reading ebooks on more than one device, etcetera, are forms of DRM. DRM is defective by design, as it damages the product you bought and has only one purpose: prevent what would be possible to do with the product or software had there not been a form of DRM imposed on you.

DRM serves no other purpose but to restrict possibilities in the interest of making you dependent on the publisher, creator or distributor (vendor lock-in), who, confronted with a rapidly changing market, chooses not to innovate and think of new business models and new ways of making money, and instead try to impose restrictions on you in an effort to cling on to outdated business models.

In the case of DRM, technical measures are put in place to prevent users from using software and media in a certain way. In the case of FTDI, technical measures are put in place to prevent users from using their own, legally-purchased hardware, effectively crippling it. One often does not know whether the FT232 chip that is embedded in a device is genuine or counterfeit, as you can see in the image near the top of this article, the differences are very tiny and hard to spot on the surface. FTDI wanted to protect their intellectual property, but doing so by sneakily exploiting differences between real and counterfeit chips and thereby deliberately damaging people’s equipment is not the way to go.

Luckily, a USB-to-serial-UART chip is easily replaced, but one is left to wonder what happens when other chip manufacturers, making chips that are not so easily replaced, start pulling tricks like these?

The Rising Trend of Criminalizing Hackers & Tinkerers

Note: This article is also available in Portuguese, translated by Anders Bateva.

There seems to be a rising trend of criminalizing hackers & tinkerers. More and more, people who explore the limits of the equipment, hardware and software they own and use, whether they tinker with it, re-purpose it, or expand its functionalities, are met with unrelenting persecution by authorities. In the last couple of years, the trend seems to be that these things, or things which humans have done for thousands of years, like sharing, expanding and improving upon culture, are persecuted. An example is the recent possibility of making violations of Terms of Service, Terms of Use and other Terms put forward by service providers a crime under the Computer Fraud and Abuse Act (CFAA). The companies that are now (for the most part) in control of our collective culture are limiting the methods of sharing more and more, often through judicial and/or technical means. The technical means for the most part don’t work, thankfully. DRM is still a big failure and never got off the ground, although the content industry is still trying to cling onto it. The judicial means, however, can be very effective at crushing someone, especially in the litigious United States of America. In the U.S., about 95% of all criminal cases end in a plea bargain, because that’s cheaper than trial by jury. These people are forced by financial pressure to enter a plea bargain, even if they didn’t commit the crimes of which they are accused.

Aaron SwartzAaron Swartz

The late Aaron Swartz was persecuted heavily by the U.S. government for downloading millions of scientific articles from JSTOR at MIT, JSTOR being the closed-source library of scientific articles, access to which is commercially exploited by ITHAKA, the entity that runs it. Aaron believed that scientific research paid for by the public, should be available to the public for free. It’s completely logical that research paid for by the public belongs to the public, and not to some company which basically is saying: “Thank you very much, we’ll have that, now we are going to charge for access to the scientific results, and reap the financial benefits.” It is sad that the world lost a great hacker and tinkerer, committing suicide, only 26 years old, unable to bear the pressure brought down upon him any longer, when in the end, according to his lawyer Elliot Peters, he probably would have won the case due to the fact that the U.S. Secret Service failed to get a search warrant for Swartz’s laptop until 34 days after they seized it.

The corporate world is seizing control of content creation

This trend is seen more and more lately. The companies in control of most of our content production, devices and systems don’t want you to tinker with them, not even if you own them. Apple is closing their systems by soon preventing you from installing your own software on OS X. Software installs will soon only be permitted through the Apple-curated App Store. Already there’s software in OS X, called Gatekeeper that’s meant to prevent you from installing apps that might contain malware. If you read between the lines in that previous link you’ll see that it’s only a matter of time before they’re going to tighten the reins, and make Gatekeeper more oppressive. Google is rapidly closing Android, and moving more and more parts of the once open-source system to its own Google Play Services app. Check the permissions on that app; it’s incredibly scary just how much of the system is now locked up in this closed-source binary blob, and how little the actual android system now handles. Recently, text messaging functionality was moved from the Android OS to the Google Hangouts app, so texting with an Android 4.4 (KitKat)-equipped phone is no longer possible without a Google account and being logged into that. Of course, Google will store all your text messages, for easy access by American intelligence and law enforcement agencies. If you now were to install Android, and remove the Google Play Services app, you might be surprised at how much stuff depends on that app nowadays. When you remove Google Play Services, your phone basically becomes a non-functional plastic brick. These companies fail to see that any invention is made by standing on the shoulders of giants and working upon other people’s work, making it better, tinkering and modifying it, using it for other purposes not envisioned by the original author et cetera. This is what makes culture, this is what makes us. We are fundamentally social creatures, we share. The same implementation of control systems happens with e-books as well. The devices used to read them usually aren’t open, like the Amazon Kindle for example, so that is a problem. We humans have been sharing culture for millions of years and sharing books for thousands of years, basically since writing was invented in Mesopotamia. It is as natural to human development as breathing. We are social creatures, and we thrive on feedback from our peers. But there’s something worse going on in e-book land. In the Netherlands, all e-book purchases now have to be stored in a database called Centraal Boekhuis, which details all buyer information, and this central database will be easily accessible by Stichting BREIN, the country’s main anti-piracy & content industry lobby club. This was ostensibly done to prevent e-book piracy, but I would imagine that this database soon will be of interest to intelligence agencies. Think of it: a centralized database containing almost all books and which people read which books. You can learn a lot about a person just from the books they read. Joseph Stalin and Erich Honecker would be proud. We reached a high water mark of society after the adoption of the Universal Declaration of Human Rights at the UN General Assembly on 10 December 1948, but it’s sad to see that here in the Western world, we’ve been slipping from that high pillar of decency and humanity ever since. To quote V from V for Vendetta:

“Where once you had the freedom to object, to think and speak as you saw fit, we now have censors and systems of surveillance coercing your conformity and soliciting your submission.”

The surveillance is now far worse than what George Orwell could have possibly imagined. We need to remind the spooks and control freaks in governments around the world that Nineteen Eighty-Four is not an instruction manual. It was a warning. And we’ve ignored it so far.

Facebook records self-censorship

Recently I came across an article about Facebook, more specifically, that Facebook wants to know why you self-censor, in other words, why you didn’t click Publish on that status update you just wrote, but decided not to publish instead. It turns out Facebook is sending everything you type in the Post textarea box (the one with the “What’s on your mind?” placeholder), to Facebook servers. According to two Facebook scientists quoted in the article: Sauvik Das, PhD student at Carnegie Mellon and summer software engineer intern, and Adam Kramer, a data scientist, they only send back information to Facebook’s servers that indicate whether you self-censored, not the actual text you typed. They wrote an article entitled Self-Censorship on Facebook (PDF, copy here) in which they explain the technicalities.

It turns out this claim that they only send metadata back, not the actual text you type is not entirely true. I wanted to confirm whether they really don’t send what you type to Facebook before you hit Publish, so I fired up Facebook and logged in. I opened up my web inspector and started monitoring requests to/from my browser. When I typed a few letters I noticed that the site makes a GET request to the URL /ajax/typeahead/search.php with parameters value=[your search string]&__user=[your Facebook user id] (there are more parameters, but these are the most important for the purposes of this article). The search.php script probably parses what you typed in order to find contacts that it can then show to you as autocomplete options (for tagging purposes).Facebook sends data

Now, the authors of the article actually gathered their data in a slightly different way. They monitored the Post textarea box, and the comment box, and if more than 5 characters were typed in, it would say you self-censored if you didn’t publish that post or comment in the next 10 minutes. So in their methodology, no actual textual content was needed. But it turns out, as my quick research shows above, that your comments and posts actually do get send to Facebook before you click Publish, and even before 5 characters are typed. This is done with a different purpose (searching matches in your contacts for tagging etc.), but clearly this data is received by Facebook. What they subsequently do with it besides providing autocomplete functionality is anyone’s guess. Given that the user ID is actually sent together with the typed in text to the search.php script may suggest that they associate your profile with the typed in text, but there’s no way to definitively prove that.

When I read through the article, one particular sentence in the introduction stood out to me as bone-chilling:

“(…) Last-minute self-censorship is of particular interest to SNSs [social networking sites] as this filtering can be both helpful and hurtful. Users and their audience could fail to achieve potential social value from not sharing certain content, and the SNS [social networking site] loses value from the lack of content generation. (…)”

“loses value from the lack of content generation.” Let that sink in. When you stop from posting something on Facebook, or re-write it, Facebook considers that a bad thing, as something that removes value from Facebook. The goal of Facebook is to sell detailed profiling information on all of us, even those of us wise enough not to have a Facebook account (through tagging and e-mail friend-finder functionality).

Big Data and Big Brother

And it isn’t just Facebook, it’s basically every social network and ad provider. There’s an entire industry of big data brokers, with companies most of us have never heard of, like Axciom for instance, but there are many others like it, who thrive on selling profiles and associated services. Advertising works best if it is specific, and plays into users’ desires and interests. This is also the reason why, for this to be successful, companies like Facebook need as much information on people as possible, to better target their clients’ ads. And the best way is to provide a free service, like a social network, enticing people to share their lives through this service, and then you can provide really specific targeting to your clients. This is what these companies thrive on.

The bigger problem is that we have no influence on how our data gets used. People claiming they have nothing to hide, and do nothing wrong, forget that they don’t decide on what constitutes criminal behavior, it’s the state making that decision for them. And what will happen when you are suddenly faced with a brutal regime that abuses all the information and data they got on you? Surely we want to prevent this.

This isn’t just a problem in the technology industry, and business, but a problem with governments as well. The NSA and GCHQ, in cooperation with other intelligence agencies around the world are collecting data on all of us, but without providing us, the people, the possibility of appeal, and correction of erroneous data. We have no influence on how this data gets used, who will be seeing it, how it might get interpreted by others, et cetera. The NSA is currently experiencing the same uneasiness as the rest of us, as they have no clue how much or what information Edward Snowden might have taken with him, and how it might be interpreted by others. It’s curious that they now complain about this same problem that the rest of us have been experiencing for years; a problem that NSA partly created by overclassifying information that didn’t need to be kept secret. Of course there is information that needs to be kept secret, but the vast majority of information that now gets rubber stamped with the TOP SECRET marking, is information that is of no threat to national security if it were known to the public, but more likely information that might embarrass top officials.

We need to start implementing proper oversight to the secret surveillance states we are currently subjected to in a myriad of countries around the world, and take back powers that were granted to them, and subsequently abused by them, if we want to continue to live in a free world. For I don’t want to live in a Big Brother state, do you?

Economic Consequences of NSA Surveillance

Note: This article is also available in Portuguese, translated by Anders Bateva.

(Note: A version of this article also got published on Consortium News) In the last 6 months or so, Edward Snowden, former NSA contractor, came forward with revelations about the NSA, disclosing quite a few of the agency’s surveillance programs, and revealing that the agency has the most blatant disrespect for civil rights and spies on everything and everyone, all over the world, in a Pokémon-style “Gotta catch ’em all!” fashion. The actions of the NSA are also having a real effect on the United States economy. Let’s talk about the economic consequences the NSA’s surveillance programs will have on the United States economy, and, more specifically, its tech industry. The actions of the US administration, and more specifically what the NSA is doing with their surveillance programs, are having a big impact on the US economy, especially in Silicon Valley. Why would I store my data on servers in the United States, where this data is easily accessible by the NSA, among others, if I can just as easily store it in Europe or some other, more secure place?

A Positive Investment Climate

To understand the US hegemony when it comes to IT companies and services, it is good to have a look at the history of the investment climate. Why did these companies pop up in the United States? Why wasn’t Google invented in, say, Germany, or Finland? The reason many of these cloud storage services and internet companies popped up in Silicon Valley as opposed to Europe, say, is because of the investment climate in the United States, which made it much easier to start an internet company in the United States. Large institutional investors, venture capitalists, are less likely to invest in a start-up in Europe. Also, bankruptcy laws are much more relaxed in the US as opposed to Europe. Whereas in the US, you can be back on your feet in a year or so after going bankrupt, in Europe, this is generally a much longer process. According to the Economist, it takes a minimum of 2 years in Spain, 6 years in Germany, and a whopping 9 years in France. In my own country, The Netherlands, it takes 3 years to be debt-free again after a bankruptcy, but if you go bankrupt in Paris, good luck, you’ve just ruined your future. This makes it far more risky to try new things and set up shop in Europe, because the consequences if things go bad are so much worse. Unfortunately, this has left us Europeans in the position that we currently don’t really have a European ‘Silicon Valley’, we don’t have a lot of viable, easy to use alternatives, and these desperately need to get developed. We depend too much on American companies right now, and I think it’s good if we diversified more, so that we will get a healthy market with plenty of good alternatives, instead of what we have now, which is a US monopoly on web-mail (Gmail/Hotmail etc.), social networks (Facebook, Twitter, LinkedIn, Foursquare, etc.), internet search (Google), cloud storage (Dropbox, Microsoft, Amazon), and other things. Already, cloud storage providers in Silicon Valley currently see big drops in their revenues because of the disclosures of Snowden. Why would we store our data across the pond? This is the central question and this is having real economic consequences for the United States.

US Cloud Service Providers Face Economic Consequences

US Cloud Service Providers Face Economic Consequences Because Of NSA SurveillanceCloud providers based in the US were experiencing significant profit drops when the NSA revelations were made public. People outside the United States suddenly began to question whether their sensitive data was safe on American soil. All these companies are subject to the  PATRIOT Act, which requires them to hand over any information and data they have on their customers, and they are prohibited by the US government to tell their customers about it. So the conclusion can quite definitively be that no, your data cannot be trusted to stay secure if you send it over to the United States, by using ‘convenient’ cloud services like Dropbox, or Amazon, among others.

This is the critical criterion. It doesn’t matter that the company tells you that they use the most high-end military-grade encryption, it doesn’t matter that they thought of an interesting technical solution to try and circumvent surveillance, it doesn’t matter that they write glowing blog posts solemnly promising not to hand over your data, all that matters is that it is a US company, required to obey US law, and required to hand over your data. Few companies will be able to resist the pressure and forfeit their entire business model to protect your privacy. This is also what strikes me as funny when I read about major US tech companies, like Google, Apple and Microsoft, who found out that their server-to-server connections were being intercepted by NSA. These intra-server connections were not encrypted, sent in the clear, probably on some private fibre optic cable. Of course this could be intercepted given the NSA’s technical competence. So now these companies are trying really hard to sell the story to their overseas customers that their intra-server communications are now fully encrypted. This is a feeble attempt to keep some of their customers from switching to alternatives (of which there are not many, unfortunately), as these companies are still US companies, with offices and infrastructure in the US, and the need to obey the laws over there. So it’s totally irrelevant that these tech companies are now encrypting their intra-server communications, as the US government can simply request the data via other, more official means. But these companies aren’t just promoting irrelevant measures, they actively act against our interests. After the revelations done by Edward Snowden, Facebook is making data hand-offs to US authorities easier (fully automated, without judicial oversight). Facebook is also partnering with police to make protests harder to organise. And still we insist in using its social network. These are instruments of control and surveillance. We’re not their customers, we’re the product being sold. We have a distinct lack of viable alternatives which aren’t based in the US, and it’s important to remember that social networks have a social aspect. It isn’t enough for you to change over to a competitor, you have to convince your friends to switch as well. This is what keeps social networks afloat for so long, because this is indeed very hard to do.

March to Irrelevance

In October 2013, Congress raised the debt ceiling again, which will buy some time until January 2014. Then they will have the exact same problem. The United States is structurally spending more money than they have available, and current US national debt ($17 trillion dollars) can never be repaid. They are pretty much already in default. But since the financial system is based on trust and hearsay, smoke and mirrors, it takes a while for people to face the reality, wake up and smell the coffee. At which point the United States will be an irrelevant relic from the past. Here in Europe, we need to protect our own citizens’ interests, and start developing viable alternatives for the US hegemony, because the US hegemony will be over one day.

Choose Your Friends Wisely: Tracking & Profiling on the Web

Note: This article is also available in Portuguese, translated by Anders Bateva.

A lot of data about you and your Internet behavior gets collected when you simply surf the Internet ‘unprotected’. We are currently living in a time when data profiling and getting to know your customers is getting more and more important. In this article I will explore the consequences of data sharing, browser tracking and profiling on the Internet, why it isn’t a good idea to share too much data about yourself, and some of the things we can do as a community.

Data Collection: What Is It?

There are companies out there, like Acxiom (link to Wikipedia) for example, who live on nothing else but to sell your information to other companies who may find use for it. These companies get their data from you. Your browser, or the social networks you’re a part of. Your movements across the Internet are tracked and recorded as well. One of the most ubiquitous form of tracking on the Internet, next to ad networks, is the tracking done by social networks. These networks have convenient ‘share’ or ‘like’ buttons which Personal data pointscan be found on millions of websites across the Internet. Simply by visiting these websites with an unprotected web browser, data gets sent to these social network sites. Data about your browser brand/make/version, the OS you use, the country you’re from, sometimes even down to the actual locality, but also your IP address and the URL of the site you visited. So they know your actual surfing behavior, since these buttons are found on many sites.  Nearly a quarter of the top 10,000 websites have Facebook integration, for instance.  And this is data from last year, I’m sure the number is higher today. Another way of profiling is done via ad networks. Because it is inconvenient to manage your own advertising when you are just looking to make some money out of your website, this often gets outsourced to companies who specialize in advertising. And these companies will then serve you ads from their servers when you visit a site that is using it. Because this is all a single point where this data gets collected and indexed, you can imagine that these companies know quite a lot about peoples’ surfing behavior. And this collecting of data, the profiling and tracking of people across the Internet gets done without your knowledge or consent. Now, of course they claim that this is done to better target their ads, so you get served ads aimed specifically at your current interests and your geographic location or linguistic background. And this is true, the more they know about you, the better they can target ads. But this information is worth a lot of money to marketers, who are always on the lookout for ways to target and market their products to just the right audiences, because this will increase the likelihood people will click on their ads and buy their stuff. And this information gets collected centrally, at only a few companies who specialize in this. Most of us make use of content delivery networks hosted in the United States, implement social media integration et cetera and are thereby facilitating easy data collection by these companies. This centralization means that there are only a few companies out there that own a majority of the market share in this business. You can imagine that the amount of data they collect about a single person is quite substantial indeed. And of course, intelligence agencies like the NSA have access too, as seen by the revelations done by Edward Snowden in recent months. Many people don’t know the sheer extent of the data collection done, and the potential consequences that it can have if it’s misinterpreted.

Consequences of Overzealous Data Collection

HAL9000The main problem with data collection is that data is often misinterpreted, interpreted without context, and there can be serious consequences if this happens to you. The companies using your data infer certain things about you and your behavior based on this data alone. They profile you. However, their assessment is often wrong. The more data you share, the more problematic this can be eventually. A recent example of a serious consequence is that having certain friends on Facebook can actually change your credit score. These companies base this credit score correction on your friends on Facebook. So if you have a lot of friends with questionable credit histories, you may be denied a mortgage or a credit card. Even when you always make sure you never miss a payment. Search engines knowing your search history have access to something very private indeed: you are revealing what you think at that very moment. What things you are likely interested in. This is exactly the reason why this information is so valuable in the hands of advertising companies, so they can adjust their campaigns to make it more likely that they’ll persuade you to click one of their ads. Insurance PremiumSearch engine history also shares your mental state at that very moment, which, together with information on the groceries you buy at the supermarket for instance, can be very valuable information to your health insurance company. It is not inconceivable that insurance companies will be adjusting your premiums based on the food you eat, whether you have a gym membership, whether you smoke or drink alcohol, or whether your search engine history shows that you have an increased risk of depression. Do we really want that? This can potentially lead to some very bad consequences indeed, not just financially. You can also imagine health insurance companies rejecting you for insurance because of your unhealthy lifestyle, car rental companies rejecting you because of the recent fines you received, et cetera. These conclusions get drawn without our knowledge or consent; usually we don’t even know where these companies get the data on which they base their decisions from, and there’s not much we can do about it. The only way to prevent this is by starting to become more aware of what your data is worth to someone else, why it is in their interest to have access to this data, and whether you really want to give them access. And, on the other hand, by starting to think what we as programmers and hackers can do ourselves, by starting to build systems with privacy in mind from the start.

Privacy By Design

What we need to better protect our privacy on the Internet, next to browser add-ons like Ghostery and NoScript, is a change in mentality. We need systems that are built from the ground up with privacy in mind: privacy by design. Think about how much data you really need in order to complete the task at hand. When you’re building forms for your users to fill in, don’t require them to fill in data that isn’t absolutely necessary to complete the current task. So don’t ask your customers for a phone number when an e-mail address will do. Don’t ask them to put in their mail address when you don’t need it to send packages etc. Don’t ask them for their real name either when this isn’t necessary (and usually it isn’t). The reason why we want to limit available data is because this data can come back to bite you later on, as I’ve explained above. This will also protect your business more against cybercriminals looking for personal data to steal, as they cannot steal what isn’t there. Identity theft will also be harder when you’re very selective with who you share your data. If we teach people how to protect their data on the Internet, how to be ‘street smart’ on the Internet so to speak, we will increase their overall security on the Internet, and this is something that is very much necessary nowadays.