In seriousness
-
In seriousness:
I'm not sure what the advocacy to "download a menstrual tracking app and put nonsense data in it" is supposed to accomplish, exactly. What's the mental model of how this works?
Spotting _chaos_ in data is relatively easy and filtering out that kind of thing is like an extra few minutes of friction. It's not nothing, but unless you actually know what you are doing I don't see how it is supposed to accomplish much.
-
This goes back to something I've talked about before—along with others who work with data—filtering out data that is simply weird or busy is straightforward. Filtering out _fake reports_ that look legitimate is much, much harder.
Having a few thousand people put in the text of the Bee Movie or whatever into a report form might bring down a server in a DDoS (which is a different goal), but you aren't going to cause more than a minute of frustration for an analyst and probably not even that.
-
It's also worth reflecting what _exactly_ you are trying to protect against.
Because protecting against mass surveillance is different from protecting against individual targeting. Protecting against the federal government is different than protecting against a state government. Dealing with this when you live in Colorado is different than when you live in Alabama.
I know it is hard and people are scared, and also that means some clarity in goals is really, really important.
-
Like, let's break down a threat model here a few steps.
1. If the government is going after you personally, others doing this won't matter in the slightest even if the data looks legitimate.
2. If the government is going after a broad sweeping scan then they are going to be looking for patterns and are thus likely to have an analyst. That analyst is going to see your "men inserting chaos" and be able to identify those records in 2.3 seconds. Especially if there's something geolocated attached
-
smallcircles (Humanity Now 🕊)replied to Hrefna (DHC) last edited by
Reminds me of similar 'defenses' that are more likely to backfire than help.
Like using some tool that tweaks your browser fingerprint to make you less indentifiable. But do it wrong and it has opposite effect.
Or the Adnauseum browser extention that clicks all ads in the background "so you can't be profiled" and also inject chaos in data, supposedly to detriment of the ad companies. Here I can only think "Please don't do this".
-
smallcircles (Humanity Now 🕊)replied to Hrefna (DHC) last edited by
Reminds me of similar 'defenses' that are more likely to backfire than help.
Like using some tool that tweaks your browser fingerprint to make you less indentifiable. But do it wrong and it has opposite effect.
Or the Adnauseum browser extension that clicks all ads in the background "so you can't be profiled" and also inject chaos in data, supposedly to detriment of the ad companies. Here I can only think "Please don't do this".
-
Dave "Wear A Goddamn Mask" Cochran :donor:replied to Hrefna (DHC) last edited by
@hrefna yeah, but consider:
fuck 'em
-
@hrefna The threat model would have to be an ignorant cop who gets a warrant to demand a list of all the people in Texas (say) who had a gap n their menstrual cycle. It enables malicious compliance from the app developers.
-
Hrefna (DHC)replied to Dave "Wear A Goddamn Mask" Cochran :donor: last edited by [email protected]
@dave_cochran k. can you channel your "fuck 'em" to something that is useful, or at least that has _some_ benefit, any benefit?
-
@Virginicus That's not how literally any of this works.
That's not how search warrants work, that's not how subpoenas work, that's not how the SCA or ECPA work, and that's not how the data from those is processed for a prosecution or even an arrest. It's not even targeting the right group since "malicious compliance from the app developers" won't even cost them a cup of coffee.
-
Dave "Wear A Goddamn Mask" Cochran :donor:replied to Hrefna (DHC) last edited by
@hrefna 1) wouldn't have been doing it if i'd thought it was a net-zero-or-below benefit. grasping at straws means sometimes you come up short.
spoken plainly: thought i was; open to suggestions.
2) in writing this I came up with a useful response to the original question that isn't nearly as glib or off-the-cuff: fucking with data in an app is something that a) is REALLY easy to do (i.e. passes the hassle hurdle), b) SOUNDS, at least, like it's got a non-zero impact, and c) tickles the part of the brain that takes delight in being a puckish rogue.
-
Jenniferplusplusreplied to Dave "Wear A Goddamn Mask" Cochran :donor: last edited by
@dave_cochran @hrefna So then you can see how it's actually a net negative. It has approximately zero material impact, and it distracts and soothes people who otherwise were activated enough to do something that might have been useful.