Hi all,
I don’t really know how to ask this question. On one of my devices, I downloaded a web browser (Opera) and one of my friends made fun of me, saying that “you better like China knowing all the stuff you do online”.
I read the Opera website and it says it’s a Norwegian company, but on Wikipedia it does say it was bought by a Chinese company.
My question is: what does “China” do with my personal browsing data? Why is it useful for them? (and who are we referring to here, is that the Chinese government, a private company, who?)
I’m looking forward to learn more about digital privacy, but I don’t currently understand the “obviousness” of how it is wrong to use Opera.
I’m a tech enthusiast (hence why I’m here), but I’m cognizant that I have large knowledge gaps in some of these topics.
Thank you in advance.
I think concerns about China in specific are overblown.
That being said, what we’ve learned about the topic from US tracking programs (slight chuckle at China having scope or abilities beyond anyone else in that regard) is that all information can be fed into what is essentially a statistical model of interests, behaviors, expressed opinions, and contacts.
From that, you can determine a few things that are specifically “useful”.
The first useful thing is the ability to tell if someone’s behavior has changed in an unexpected way. If someone starts talking to someone new via text message and they “shouldn’t” know each other (no common acquaintances, never at the same place at the same time, no shared interests) you have an anomaly that can be processed further.
The next useful thing is once you have this model of expected behavior you can start modeling stuff like “A talked to B, B to C and then C changed behavior. A talked to D and D talked to E, and E changed behavior”, and more or less direct chains.
This effectively tells you that A is influencing the behaviors of C and D. By tracking how influence (and money and stuff) flows through a network of people, you can extrapolate things like leadership, communication pathways, and material support pipelines. If you’re the US, you can then send a seal team to shoot someone.
If you’re, supposedly, anyone doing this you can more selectively target people for influence based on the reach that it’ll have, use your models to target them better, and generally improve the quality of your attempted influence.
I personally have my doubts it’s being used that way because it’s just as effective and far cheaper to hire a public opinion research group to pay a significant sample of people $5 to figure out how to make better propaganda, and then like 75¢ each to get Facebook to target the right people.
It’s really only valuable if you eventually care about an individual. Most unfortunate privacy violations are aggregates.
Even if it’s not directly actionable or a threat, you should still be wary about letting your browsing habits leak because the information can much more plausibly be used for phishing purposes.
If you just bought some clown outfits and get an email about your clown plants being held at customs you’re a lot more likely to click to figure out what’s going on.
Personally I think this approach is used to rewind history for an investigation. If soemeone falls under suspicion for whatever reason, investigators can rewind history to find all their movements, all their connections, all their calls and posts and everyone who looked at them. Even in the absence of abuses of authority, that casts a pretty wide net.
Am I comfortable that whoever has access to all that collected data will never abuse their authority? Am I comfortable that when I get caught in such a big net, they’ll quickly realize I’m not a valid catch and throw me back without harm? Even if they have the best intentions, this is for all time: do you really think the world will always go perfectly? I’d rather not be in that net in the first place, even if it makes life harder for national security investigators
It’s also thought but not confirmed to be used for parallel construction. If the information is collected through illegal or inadmissible means, the NSA can inform the relevant agency that they have reason to believe that the individual is doing “illegal activity in question” and relevant details. The agency, now knowing the conclusion, can use legal means to gather the needed evidence for something they otherwise would never have even looked at.
The NSA isn’t supposed to monitor anything on US soil that doesn’t involve both terrorism connections and communication with foreign parties, but due to “reasons” they regularly collect a lot of stuff that isn’t that, and they’ll (likely) inform the DEA.
It’s a preposterous violation of the 4th amendment, but it’s also nearly impossible to prove.