British intel collected random snaps from Yahoo webcams (millions).

[kylie]

           So who uses Yahoo webcam for some adult chatting?  " I hope you're really an exhibitionist. " :P 

           I think this is still from the Snowden files?  Leaked documents show that the British government has a giant archive of still photos randomly snipped from Yahoo webcam streams between 2008 and 2010.

           Of course, a sizeable portion of this was porn chat.  They can't cleanly filter out the porn for the analysts using automatic software.  This is because their facial recognition software only gauges the amount of skin in a picture, and that would eliminate faces too!  And reportedly the point was to dig up documented terrorist faces among Yahoo users everywhere.  So I guess they'll have to keep sifting through all the skin shots manually, huh...  What a job.

            It's wee hours here and I hardly know where to begin with this.  But just perusing the Comments section under this article can be pretty hilarious! (If sometimes icky, given the topic.)

[TaintedAndDelish]

Funny, I used to think that people who believed in all that "New World Order" hype were nuts.

I read this and found it rather disturbing on many levels - the selfie porn part being the least disturbing. I'm not sure how much more invasive this can get.  The fact that this three letter organization just opened the door for another country's spy org to do this in order to circumvent our own laws is what is most bothersome to me. I suppose the second most  disturbing thing to me is the US press's tepid response to this story. There's no mention of it on politico, and even on Yahoo news, the story does not really stand out.

[gaggedLouise]

Yep, really disturbing and a blatant breach of privacy. I haven't been doing video chatting on YIM or Skype yet, though people have suggested it to me sometimes - after this one I'm certainly going to be careful.

[kylie]

         Oh yeah, I didn't think the porn part was the most disturbing...  Just maybe a source of very amusing comments, particularly given British humor on the website (it always sounds a little extra spunky to me, if somewhat bawdy -- wait, are those the same thing? Reaches about for words.) 

        That's just one way to get at it and I'd rather suspect the feds have seen quite a share of adult material already in either country.  Particularly what with the documented undercover operations dating members of activist groups and so on, ahem.  (How many are dating members of SM groups "just to keep an eye on them" because they can't tell SM banter from serious cruelty waiting to happen at some junctures?  Lots of people just can't.  I do wonder, not that I would go so far as to suggest it's a huge number but still 'some' as the answer could be disturbing enough.)

       Of course the whole random sampling everyone just in case they might be someone "of interest" and scooping up all the metadata on who they talk to and whatever else happens to appear in a visual at any given time...  And then, I would assume they would have select files where they didn't stop with a random still photo here and there, but rather got interested and collected much more before deciding whether to get warrants or to press any formal charges.  Wherever privacy, presumption of innocence, Fourth Amendment and due process ever went to.

        I'm also not clear from the article about whether they are still doing it.  Not sure if that is in the leaks anywhere...  (But maybe the papers are still going through all the documents, and will be for quite some time.)

[gaggedLouise]

         Oh yeah, I didn't think the porn part was the most disturbing...  Just maybe a source of very amusing comments, particularly given British humor on the website (it always sounds a little extra spunky to me, if somewhat bawdy -- wait, are those the same thing? Reaches about for words.) 

That side of the affair reminds me of this spy mystery I read, set in the final years of the Soviet Union, where a junior American diplomat and a Russian woman make love on the train from Leningrad to Moscow. The whole journey is taped from a small spy camera on the inside of the compartment by the KGB who proceed to show an edited version to one of their bosses - "since they copulated with the light on, the recording is of top-notch quality".  :D

[Oniya]

So I guess they'll have to keep sifting through all the skin shots manually, huh...  What a job.

Especially when you consider that some of it likely isn't very good porn.

*click* Nope.
*click* Nope.
*click* Nope.
*click* Nope.
*click* OH MY GOD, MY EYES!

[TheGlyphstone]

Funny, I used to think that people who believed in all that "New World Order" hype were nuts.

I read this and found it rather disturbing on many levels - the selfie porn part being the least disturbing. I'm not sure how much more invasive this can get.  The fact that this three letter organization just opened the door for another country's spy org to do this in order to circumvent our own laws is what is most bothersome to me. I suppose the second most  disturbing thing to me is the US press's tepid response to this story. There's no mention of it on politico, and even on Yahoo news, the story does not really stand out.

Probably because it's not shocking news. We've had so many invasive-spying stories and breach of privacy exposures and pseudo-scandals over the past few years that yet another government spy program leak has just gotten blase. But that is disturbing in its own right, so YMMV.

[gaggedLouise]

Especially when you consider that some of it likely isn't very good porn.

*click* Nope.
*click* Nope.
*click* Nope.
*click* Nope.
*click* OH MY GOD, MY EYES!

"Follow the money shots, guys!"  ::)

[Valthazar]

This shouldn't worry anyone was already okay with the existing privacy policies for these clients.

For example, for Skype:

"... messages are generally stored by Skype for a maximum of between 30 and 90 days unless otherwise permitted or required by law."  "By using this product, you consent to the storage of your IM, Voice messages, and video message communications."  "[Skype] ... may provide personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority lawfully requesting such information." (Source)

Given that the Patriotic Act and FISA Amendments Act of 2008 are legitimate laws passed by Congress, it does not violate their Privacy Policy.

I am not at all concerned about my privacy on AOL, Yahoo, Skype, MSN, etc.  That's because I know the HUGE amount of metadata they are collecting, and since I am obviously not involved with any terror activity nor am I doing anything illegal, I know they couldn't care less about a guy who is roleplaying.

My perspective is that personal privacy should be a greater concern on smaller forums and websites, since they often lack a more robust Privacy Policy.  For example, even here on E, all of our PMs are easily viewable by Veks at any time and reside as plain-text on the server (though the Privacy Policy states it is likely only for rule violations and legal purposes).  Unlike AOL, Yahoo, Skype, and MSN, this isn't metadata.

[kylie]

          While it may be true that material on websites can technically be accessed by administrators and such for various practical purposes, that is not really the heart of the problem.  We tend to assume admins etc. will have a reasonable basis and won't misuse the info or hold onto it for later aggravation.  We don't generally assume that website or corporate owners will regularly and randomly collect quite large stores of data -- including raw content data, and here in the home visuals -- from their users for political or even security reasons and then retain those stores for searching who knows when. 

           If we really believed that most providers were going to push it and behave only up to the very minimum letter of their agreements and take every possible exception they could all the time, then we wouldn't be happy.  In fact, we would probably have to assume the Internet would not even function.  Many of them have agreements specifying if the whole thing shuts off at any time, they are blameless.  But we don't expect them to act completely incompetent or widely contrary to the principles of the Constitution, just because they try to give themselves those rights in service agreements.  And when push comes to shove, those agreements can also get challenged in court.

          It's also widely reported that the Patriot Act has portions that were rarely read by the representatives and pushed through with a great deal of arm wringing and doublespeak.  Saying that just because it passed, people should be used to all of it and accepting by now?  I wouldn't buy that.

[Valthazar]

Assuming that admins will use "common sense" and not misuse information is the main reason why people are negligent about their privacy.  Contrary to what you said, business owners routinely collect and aggregate large stores of data for marketing and revenue purposes.  Why does the Facebook app need permission to read my text messages?  Thankfully, Elliquiy does not do this, which is fantastic.

Private businesses are not bound by many of the provisions of the Constitution - 1st and 4th Amendments do not apply.

The ACA/Obamacare legislation was also not completely read by legislators.  That does not make it any less legitimate.  Until the Patriot Act is repealed, it is as legit as any other piece of legislation.

Bottom line, read the privacy policy before you click "I agree."  Yahoo claiming that this is "a whole new level of violation of our users' privacy" is a flat-out PR stunt.  It should come as no surprise that they have nicely covered their butts with well-written privacy policies.  They knew much of what was going on the whole time.

[alextaylor]

lol, who reads the privacy policies? They're even worded to trick you into thinking that they're not as bad as they are, so squinting my eyes over them is a waste of time. I have tons of fake accounts and sexy stuff people could blackmail me with, but I'm not really bothered. Everyone sins. Even if I became a cleric of some religious group, nobody can really blackmail me with stuff I did when I was 20.

I actually did a packet sniffing experiment back in uni with my roomates and proved clearly that it's damn easy to "hack" and look at things from YIM, IRC, Facebook without the https. IIRC with a little hacking you can even figure out if people are online on YIM but are being invisible. I've even got this prototype on my computer that does half of those hacks with a regular Android phone.

I'm glad that E is moving to https. It's really ridiculously easy to hack anyone without it.

On the other hand, I'm not sure why any govt would be doing this. Terrorists are probably too paranoid to use IMs for communication. I remember a terrorist trick where they sent messages by adding attachments and messages in drafts and sharing the login rather than emailing each other. But that's probably a trick that only works in Hollywood. Google seems to monitor shared emails.

[Valthazar]

This has nothing to do with individual morality or "sins."

Would you sign a loan contract without understanding the terms and conditions?  Many don't read it, and luckily, they have no issues with repayment.  But every once in a while, there might be interest rate shifts that catch the person completely off-guard.  When they go to inquire, they are informed that they agreed to those terms in the contract.

It's the same thing for privacy policies.

[alextaylor]

The worst that can happen in a breach of privacy is personal info in the hands of people I don't like. The worst that can handle in a loan contract is losing a hell lot of money. These are very different things. It's easier to recover from one than the other.

Privacy policies apply to everyone. Loan contracts are individual. If I fail to understand one clause in a loan contract, it's my own fault. If someone abuses dodgy wording in a privacy policy, I can bring it up to the media and people will freak out and correct it (as in this case).

Legality doesn't really matter here anyway. Most privacy policies are designed such that they can't give your information to other people. They often say little about their employees abusing that information. A stalker could and has used my private information to find out where I live, my personal identification numbers, who I voted for, what car I drive, all my contact details. It's all legal and without my consent as long as they don't give it to poeple. In this case it looks like many governments tap conversations without consent of those companies, so privacy laws and policies have little say in these things.

Most of the time, I'm pretty willing to accept whatever's in the privacy policy. Google wants to give out the numbers of every guy I flirted with, every sick porn I search up, and every fake account I have? Sure. I can't live without Chrome/Android/Google. I'll be annoyed for sure, but I'd accept it anyway. Better than no Google or no Facebook. So far, Linked In does the worst privacy invasions. LI's app actually looks up who you called recently and sends you recommendations based on that. I fight it by dumping sarcastic data all over Linked In's data aggregators.

tldr: privacy policies are ok, but not worth the time reading.

[kylie]

Assuming that admins will use "common sense" and not misuse information is the main reason why people are negligent about their privacy. 

Hmph.  Putting it all together sounds like you're saying you can't use the web at all without surrendering all sorts of privacy...  How very NSA logic of you.  And you manage to hide it all under basically, didn't you know this was necessary for any business to agree to host you.  Brilliant. 

          Whether one is negligent or not in a matter of privacy, is often a question decided after the fact when people find out what is actually going on and whether it reasonably stretches generally accepted community notions of umm, privacy.  Policies don't tend to cover such scenarios as these exactly, or they may cover it in ways that are either not in keeping with the spirit of the laws they claim to cite, or with more fundamental parts of the Constitution etc.

Contrary to what you said, business owners routinely collect and aggregate large stores of data for marketing and revenue purposes.  Why does the Facebook app need permission to read my text messages?

You're saying aggregate data, not personal data there.  The Brits and where applicable, quite possibly the NSA, have been concerned with locating individual identity data for purposes of policing.

Private businesses are not bound by many of the provisions of the Constitution - 1st and 4th Amendments do not apply.

Sounds like a very broad, sweeping statement.  Could you provide some documentation to elaborate on just what you mean there?  I would be very surprised if none of it applies.  I google and see some pages that say things like on an internal corporate network one might not expect the same 4th Amendment protections that apply to say, your home.  But I have no idea really what the scope of what you are trying to say there would be. 

          Even if you were right, there may come a point -- as there has, to a limited extent -- where even politicians begin to acknowledge that the existing laws may have failed to anticipate the relationships that technology has enabled.  When those relationships have moved beyond the original spirit of the law and we sense likely violations of that spirit, it's time to amend stuff and update the technicalities of the law. 

And no amount of saying something was "legit" under some technical disclaimer will make people believe it was ethically acceptable.  Particularly when you have the organizations in power blaring on in their own internal documents about how powerful they have made themselves and how activists, citizens and techies are to be treated in the process as opposition and with contempt.

The ACA/Obamacare legislation was also not completely read by legislators.  That does not make it any less legitimate.  [Until the Patriot Act is repealed, it is as legit as any other piece of legislation.

Since you're bringing it up, you know full well there is a whole bevy of people who disagree with that.  But much as Alex has discussed, I'm not really hanging my hat simply on what has passed a court or not -- but on what, if people were consistent with first principles, I think should.  But then many of the people who think ACA has not been properly discussed, seem to overlap with those who think "a well regulated militia" means owning paramilitary hardware in private homes with no organizational control whatsoever.  So I'm a little skeptical about how pertinent their arguments would be, even by analogy.  Surely you've already covered your view of those details in some other thread(s!). 

         Really...  I know you love to say in effect, only deal with what is immediately practical to change and it's "naive" to complain about anything without a magic bullet.  Therefore anyone who is not a dictator is rather naive to expect any social justice that hasn't already been accomplished, isn't it.  And you often seem to think it's much more important to protect business from all sorts of inconvenience than to be well imo, fair to everyone trying to survive.  But trying to draw an equivalence here is still kind of a cheap shot imo.  Maybe the Clean Air Act should be taken more seriously and not diluted, too.  But I don't need to argue that in this thread to make the point.  Or umpteen other things.

Bottom line, read the privacy policy before you click "I agree."  Yahoo claiming that this is "a whole new level of violation of our users' privacy" is a flat-out PR stunt.  It should come as no surprise that they have nicely covered their butts with well-written privacy policies.  They knew much of what was going on the whole time.

I really wasn't saying anything about Yahoo saying that.  It shows that they are aware enough of the potential political and perhaps even  legal backlash to attempt to remove themselves from possible blame.  It shows that they know someone may soon rule that was against first principles, no matter how many neat little disclaimers they may have had which you like to focus on so much.   

        Yes, yes I do know Yahoo and Facebook and whoever collect oodles of generalized networking patterns and aggregate marketing data.   But unless they actively assisted the government in means to select individual data without being forced to, I am much more concerned that governments are doing that themselves for clearly political and punitive aims, and now increasingly reaching into private visuals (people thought phone calls were bad?) without having to show real cause.  There may be some cases where it's questionable whether the tech companies should have forwarded "threat" info to the government at all -- but in this article, it's really about a government agency starting from scratch with the notion of finding pictures of individuals and what happens when you start to actually attempt to search through troves looking for particular people. 

         Maybe you got a little too distracted by my amusement at all the porn they can't extricate themselves from.  A fun opener but...  If you really think that's all I cared about, you didn't catch it all.

[TaintedAndDelish]

I think there's a big difference here between a massive company like google or yahoo that profiles you and sells that info to advertisers (which we sort of expect),  and a free, democratic government that is at risk of becoming a police state or totalitarian government. The big kick in the ass here is that other countries are part of this decision making process. It seems the power has secretly shifted form the United States to this Five Eyes alliance.

[Valthazar]

I am 100% against unwarranted government surveillance.  I think these acts are in violation of 4th amendment. 

The only point I was trying to make (for the sake of brevity) is that the NSA is permitted to act in this manner due to the Patriot Act and FISA 2008 laws.  I am not a fan of this either.  As a country that prides itself on the Rule of Law, if we want to end government surveillance, this legislation needs to be revised and/or repealed through the courts.  Otherwise, the NSA's actions are legally justifiable – albeit ethically questionable.

As I said earlier, the privacy policies for many of these companies justify/permit them to supply information to government agencies when it comes to legally-backed requests.  Many of these corporations are very clear in stating that they will oblige with a legal or government request for specific user information.  As such, I strongly believe that many of these companies are colluding with the government and providing our information due to pressure via the Patriot Act and FISA 2008.

I recently had the "fun" ordeal of writing up the privacy policy for my start-up, and let me tell you, the most important aspect for me is ensuring that my clients are informed about the various provisions.  I say this, because if I do need to go to court at some point, I know that they will claim to not have understood the provisions, or been unable to access it.  As such, I was very careful with my wording, and even had an attorney validate it.  If anything, Yahoo and Skype should be doing more to ensure that their customers are aware of their permissiveness of government-corporate interaction in their privacy policy (since it is clear that many people are not bothering to understand the clauses of their policy).

There are many inaccurate statements in the above posts regarding contract law, and depending on the policy's presentation, it can be a legally-binding.  One cannot retroactively claim to not agree with a more formally-drafted privacy policy after previously agreeing to it - within the time span of membership (given that it was consented by someone in a stable mindset, and that it was easily accessible, clear, and specific in its description - as determined by the judge in the case).  When you hear about privacy policies being taken to court, it is more often than not regarding misleading/vague statements, or being cumbersome to access.