Lots of folks in China get around the Great Chinese Firewall by using circumvention tools. But at what risk? That’s one of the biggest questions raised by Hal Roberts in this post here.
Seems the Global Internet Freedom Consortium, or GIFC, which offers this laudable PR…
- GIF Offers China-Based Reporters Software to Break Through Internet Blockade(2008-08-02)
- Testimony of GIFC in the US Senate Hearing on Global Internet Freedom (2008-05-20)
- GIF Defeats Another Wave of Internet Censorship (2007-11-11)
- Burmese Found Virtual Underground Railroad to Escape Internet (2007-10-09)
… is also selling users up who-knows-what rivers. At least that’s what Hal finds when he checks the FAQ at the Edoors Ranking Service, which lets you browse the “top anti-censorship sites”. The FAQ begins,
Q: Who is the owner of this service?
A: This service was developed by World’s Gate, Inc. with help from other Global Internet Freedom Consortium (GIFC) partners.Q: Where did you get the raw data for the analysis?
A: The raw data came from the server log of GIFC member companies. Right now, data from three of the five tools of GIFC (DynaWeb, GPass, and FirePhoenix) are included for analysis.
Which sounds okay, so long as the data used is of the aggregate sort. In other words, as long as it’s not personal.
Alas, there is this smoking gun, pointed right at the heads of DynaWeb, GPass and FirePhoenix users:
Q: I am interested in more detailed and in-depth visit data. Are they available?
A: Yes, we can generate custom reports that cover different levels of details for your purposes, based on a fee. But data that can be used to identify a specific user are considered confidential and not shared with third parties unless you pass our strict screening test. Please contact us if you have such a need.
That means they track browsing data of individual users, and sell it. Hal adds,
…the data about circumventing users is much more sensitive than the data about most ISP users. These are the histories of users browsing sites that are not only blocked (and therefore mostly sensitive in one way or another) but blocked by an authoritarian country with an active policy and practice of persecuting dissidents. The mere act of anyone, let alone projects proclaiming themselves for internet freedom, storing this data is very bad practice. Any data that is stored can be potentially be shared or stolen. The best way to make sure that dangerous data like this does not get into the wrong hands is not to store it in the first place.
But these projects are not only storing the data. They are actively offering to sell it. None of the projects has anything like a privacy policy that I can find, and none of them provides any notice anywhere on the site or during the installation process that the project will be tracking and selling user browsing activity.* But all of the sites have deceptive language…
I’m sure what these companies are after is advertising money from companies wanting to “target” individuals personally. That’s what it smells like to me.
We live in a time when personalized advertising is legitimized on the supply side. (It has no demand side, other than the media who get paid to place it.) Worse, there’s a kind of gold rush going on. Even in a crapped economy, a torrent of money is flowing into online advertising of all kinds, including the “personalized” sort. No surprise that companies in the business of fighting great evils rationalize the committing of lesser ones. I’m sure they do it it the usual way: It’s just advertsing! And it’s personalized, so it’s good for you!
Ah, but what happens if one of those advertisers is a front for the Chinese governent, looking for dissidents to jail — or worse? If you’re one of those (or anybody) would you trust the “strict screening test” at Edoors Ranking Service?’
Me either.
