Synthesizing…

This is a difficult but useful assignment given Molly Wright Steeson, one of my thesis adviser, to audit the latest position I’m in with my thesis research. The requirement is to list everything I did regarding the thesis on the index cards and to write a question each of them asks in relate to one single message at the very heart of the project. The message in this case being: Designing a social network for the future that affords the creation of the impossible, the improvable, the plausible and the invisible user identity.

The cards. Sorted by research method.

The cards. Grouped by threads of topic

The thesis. Mapped with the threads.

The Map of Privacy

This a map that gives a brief history of privacy in the technological spectrum, with the section of ‘digital age’ expanded intentionally to outlook the future of privacy based on current phenomena. At the end a new interpretation to ‘privacy’ was given and referred to as ‘permission’, addressing the massive explosion of outdated information we will be facing with the aging of the Internet and ‘cloud data’. Following the current mode of online privacy management, the control over the information will become so costly and time consuming that it is even less efficient compared to the opposite way: giving permission of the information to the trusted groups and individuals. The map also provides clues to why it would be necessary to introduce the forgetting mechanics of online data and to rely partially on the human memory again in order to regulate social behaviors for privacy.

By designing the map, I got to think more critically over the research and ideas I came across before and to situate my design proposals for hiding (marked in red) in relation to other facts regarding privacy.

View original size here

Risk vs. Service: Online Privacy Dilemma Never Got Solved?

Another interview I had during the past few weeks is with Saikat Guha, an online privacy expert and engineer. His earlier researches have dealt largely with social network’s privacy service from the benefit for both the user and the advertiser: how to maximize the user experience with least risking of privacy and secrecy on one hand, and to reach the targeted market more efficiently on the other hand. Saikat’s latest research has shifted from the encryption of profile database to that of locative media related information processing. The privacy concern of the latter has outgrown the former with latest shifts in the technology use and more pervasive forms of information sharing.

A DNS tracking experiment in Saikat's paper "Identity Trail: Covert Surveillance Using DNS"

———————–
Me: In your paper “NOYB: Privacy in Online Social Networks” you described the way NOYB encryption model(NOYB standing for “None of Your Business”) works is by replacing one users name and age with another friends’ name and age?

Saikat: Yeah. Or anyone else’s name really. NOYB can loosely be defined as traditional encryption combined with steganography. How the other “atoms” (index of data that kept one type of information of the user) are picked is based on traditional encryption, but on top, the final result is something believable, whereas traditional encryption outputs what appears to be garbage or noise. So basically the benefit is that it’s as secure as traditional encryption, but can’t be easily detected like steganography.

Me: How does it benefit the social network users then?

Saikat: It benefits them in the sense that if Facebook were to start banning users that upload info that’s not real, it’s harder for Facebook to detect the NOYB users, vs. users that are uploading “garbage looking stuff” that traditional encryption produces.

Me: It can then allow one to shares false information about themselves?

Saikat: Well, whether the information is false or not is not where the encryption looks at, but rather by using NOYB, real meaningful information appears to others as false information, and only a select few can extract the real information out of it. So it is about sharing your information only to a specific type of group. The user has the selection of who can see his data, and specifically, he can say no one at Facebook should be able to read his profile, which he cannot do today. Or say that some random third-party facebook application developer or random facebook-connect website cannot read his profile, which he cannot now either.

Me: But in reality, the situation of giving permission can vary from time to time and person to person, that is sometimes you want to use the authenticity of the information to present yourself in a certain way you choose, and sometimes you don’t. and there are people you are not sure if you should give them access or not. So are there also technological solutions that provides a hierarchy of access permission?

Saikat: Giving different people different permissions is doable, for example, the paper by researchers from University of Maryland called Persona in Sigcomm. The problem is what happens when the permissions given to a person changes over time. If they are given greater access, that’s fine. But if their access is curtailed, then you can’t erase from their memory what they’ve already seen. At best you can limit any future content from being seen by them.

Me: Then, in this sense, is eliminating archived data a possible solution for protecting identity and personal information?

Saikat: the problem with that is it can result in people changing history for nefarious means. Privacy is one thing, but propaganda is another, and maybe even more worrying.

Me: I see. And in your other paper “Identity Trail: Covert Surveillance Using DNS” you have experimented different methods of tracking them geographically based on DNS addresses. Can I ask if it is also possible to track someone on 3G networks?

Saikat: Technically it’s very hard problem. There are many papers being written on how to do it. But location from 3G address is the least of people’s concerns if you ask me.  Applications on the phone have your GPS coordinates and they are sending it out willy nilly to strangers. There are a good half of applications on smart devices that had no business knowing your location data (for the purposes of the application) were collecting it nevertheless and sending to random third parties on the web.

Me: Locative media is tricky in terms of the way it gives out your privacy. How can we really hide with GPS data?

Saikat: This is exactly what we are trying to do now with our current research! The way it works basically, is that your location can be hidden in a way that neither the application learns where you are, nor anyone on the web. but they can still offer you location based services-  alerts of who are nearby, or Foursquare-like applications etc. It’s not difficult to do. But the key question is what applications cannot be built using the tricks we use. If there are very few such applications, then the trick we use can become the default and everything is rosy.  But if our proposal doesn’t become the default, then applications – that make money by selling your location – will continue to invade your privacy.

Me: Because locational data does not work in the way profile data works?

Saikat: Right. In profile data you need exact matches. “Soccer” is not the same as “saucer”… But with location data you need proximity “LA” might be the same as “Santa Monica” depending on the application. That extra bit of information you need for proximity can leak more than you bargained for. The reason you need the latitude-longitude data is so you know the distance between two points so you can compute “near” in a technological sense. If you could compute “near” without access to lat-long data, there would be no reason to expose your lat-long while still letting you do proximity, which would be a much safer approach.

“500 million people are now doing the same thing I’ve been doing for 7 years.” – An Interview with Hasan Elahi

Last week I got a chance to talk to Hasan Elahi, an interdisciplinary media artist known for his 7-year-long self-tracking project that helped him escape from the terrorist watch list of U.S government. The conversation with Hasan Elahi is a fruitful one, as it deepened my understanding towards identity and data sharing, and opened up new directions for my thesis investigation.

———-

Me: I really admire and appreciate the rule you have set up for yourself, and it is a very powerful statement you have made. But for me, I can’t stop thinking if there is any push-n-pull between the fact and information shared about you. How high would be the stake if you were to lie one thing about yourself with the data? And what might be the safest way to do so?

Hasan: My motivation behind the project is to create an alibi and to protect my own safety. In my case, the stake of lying can be really high. Because the data is not just my geographic location and the photos of the places I have been to, but also the account statement of every transactions I make, the ATM machine activities, the flight ticket I booked… it’s easy for someone to verify and supervise the data at any point. What I am doing, I think, should not be described as “deception”, but “hiding”.

Me: So How did you hide?

Hasan: It is about how the data is presented. You know, I could have made a stream line of the data, but instead of doing that, I made them in points and segments. The photos are displayed in a non lineage way and gathered according to the type of the activity. This makes it difficult to dig out any data in the past and piece together the actual story, because there are gaps everywhere, between each frames and that’s why the time has become extremely important for someone to study the data.

Me: How often is the tracking data updated?

Hasan:The updates happen automatically everytime it detects a change in the location, But moving around my own apartment will not result in the change of location. But if leave my place and go to the grocery store, it will interpret it as a change and logs it.

Hasan: If you think about it, you’ll find my data is exactly what trial lawyers have to deal with for years. There are, say, 1,500 pages of evidences but only 2 paragraphs of the text is valuable to the case. Most people don’t have the patience to go through all of the data, or they can’t tell the valuable data from the useless one. The sheer amount of info is valuable on one hand, but on the other hand if one does not know how to approach and use this value, much is of little for them.

Me: Is it also a statement about how little we know how to use the data being collected?

Hasan: Absolutely. When we don’t have the proper strategy of analyze the data, and we don’t understand what is meaningful and what comes out of that data, the access to the information becomes something useless. We are now in a culture of information gathering where we don’t equally understand information analysis. The more you look at the data on my tracking site, the more anonymous you’ll find I am. I have created so much noise about me that you couldn’t really tell which data points are most closely linked to me and my activities.

Me: Do you think tracking one’s own life can also be viewed as an act for privacy defense?

Hasan: In my case, it is not exactly a privacy defense, as basically, I have no privacy. But what I did is something you can call self-identification. It usually comes out of something bad said about you in the past, and you have to reconstruct your image. For example, when you Google your name and found the first result being listed is something shady. Google will not help you filter the search result and you have to do it yourself. What you can do is you create a whole bunch of new information about yourself and make that the top results of Google search. It is a process of generating information you want others to perceive who you are.

Me: I found a new application on iPhone called Path, which, actually allows people to exactly what you have been doing for 7 years. You can tag things in a picture and share them, while the software will also keep a path of the places you have been.

Hasan: That is very interesting. It reminds me of the very first day when I started the project. When I told people that I wanted to track myself, they thought I was a psycho. (One personal called me creep.) Years later, one may find that I was actually doing a pre-twitter and pre-facebook project and now there are 500,000 people who are doing the same thing.

How to both benefit and hide away from on-line search engine

Everyone has their own little strategies of using on-line search engine to find an answer. We know that tweaking the spelling or the order of the keywords can help us gain faster and more precise answer with Google search. And we more or less have a sense of the patterns of the search tools, though we don’t know exactly the algorithms they are based upon. But how about hiding from it? Using the search engine to figure out where you can hide and make the answer “difficult for other to find” is totally another type of intelligence.

To learn about how people deal with the issue of using on-line search as a “double folded weapon”, benefiting oneself and incapacitating others, I designed a game where the participants used on-line searches to both raise questions to and answer questions from their opponents.

This is how it works

It was found that as the game continued, the participants started to have more concern towards how the answer to their question can be accessed through search engines by the other team, thus adjusted their way of speaking accordingly to avoid the expressions most likely to be sought out. The result was that they started to play “trick” by using misleading and ambiguous information in their questions so that their opponents would have no way to obtain the most efficient keywords to filter through the information, or did not even know where to start.

It fascinates me to find through the experiment, how fast people adjust their way of expressing to their condition, with high awareness of the pros and cons of the media they use. The result was that people tended to hide “literally” by giving misleading and even deceptive information, probably because of the limited time they were given to design the questions and it was the fastest technique they can utilize as a reaction of defending.

After documenting the whole process, I watched closely at the footage and highlighted the moments where such behaviors occurred, and analyzed the language used by the participants at those moments. The tactics of “making tricks” fell into several categories, such as omission, misleading, ambiguity, paradox and concepts exchange. The process of analysis found here.

Work-in-Progress Exhibition at Art Center

Can repeating the same things 14 times to 14 people help creating a better thesis?

I still need to figure why Art Center adopts such way of getting your work critiqued, but… as a result, I did kill my thesis in some way, as I realized the inconsistency between my projects is so huge that I struggled to state them across a single message.

But right after, a new thesis was born on top of the big mess I made…

Good bad news.