Hi all,
I don’t really know how to ask this question. On one of my devices, I downloaded a web browser (Opera) and one of my friends made fun of me, saying that “you better like China knowing all the stuff you do online”.
I read the Opera website and it says it’s a Norwegian company, but on Wikipedia it does say it was bought by a Chinese company.
My question is: what does “China” do with my personal browsing data? Why is it useful for them? (and who are we referring to here, is that the Chinese government, a private company, who?)
I’m looking forward to learn more about digital privacy, but I don’t currently understand the “obviousness” of how it is wrong to use Opera.
I’m a tech enthusiast (hence why I’m here), but I’m cognizant that I have large knowledge gaps in some of these topics.
Thank you in advance.
Like, I go to a website and research clown outfits or biscuit preparation, what the hell is China going to do with this information? Banking info I would be concerned. Any more specific examples of foul play come hitherdom? The question really isn’t being answered.
If they control the browser they can potentially intercept everything you see and do. Banking info, whether you looked up Tianmen square, who you talk to, who you trust… They can also infer personality from your browsing history. Looked at clown outfits just before watching porn? Maybe you’ll get a letter blackmailing you or else they’ll divulge your fetish to your family and loved ones. This is not fiction - China has been caught doing this to political personalities, and those are only the ones that failed.
The browser can also serve as a gateway for them to install persistent monitoring software on your OS, or turning your machine into part of a botnet.
They can correlate that information with your other browsing habits and start to form a picture about the sort of person who shares your interests, regardless of how bizarre those might be.
It’s not an exact science because everyone is different, but once they have that picture they can start pushing the buttons of one person like and derive some conclusions about how the rest of that cohort, including you, will react.
They don’t even have to be successful all of the time. Just more than would be expected from random chance.
A stone in the right place can divert the mightiest of rivers.
I think concerns about China in specific are overblown.
That being said, what we’ve learned about the topic from US tracking programs (slight chuckle at China having scope or abilities beyond anyone else in that regard) is that all information can be fed into what is essentially a statistical model of interests, behaviors, expressed opinions, and contacts.
From that, you can determine a few things that are specifically “useful”.
The first useful thing is the ability to tell if someone’s behavior has changed in an unexpected way. If someone starts talking to someone new via text message and they “shouldn’t” know each other (no common acquaintances, never at the same place at the same time, no shared interests) you have an anomaly that can be processed further.
The next useful thing is once you have this model of expected behavior you can start modeling stuff like “A talked to B, B to C and then C changed behavior. A talked to D and D talked to E, and E changed behavior”, and more or less direct chains.
This effectively tells you that A is influencing the behaviors of C and D. By tracking how influence (and money and stuff) flows through a network of people, you can extrapolate things like leadership, communication pathways, and material support pipelines. If you’re the US, you can then send a seal team to shoot someone.
If you’re, supposedly, anyone doing this you can more selectively target people for influence based on the reach that it’ll have, use your models to target them better, and generally improve the quality of your attempted influence.
I personally have my doubts it’s being used that way because it’s just as effective and far cheaper to hire a public opinion research group to pay a significant sample of people $5 to figure out how to make better propaganda, and then like 75¢ each to get Facebook to target the right people.
It’s really only valuable if you eventually care about an individual. Most unfortunate privacy violations are aggregates.
Even if it’s not directly actionable or a threat, you should still be wary about letting your browsing habits leak because the information can much more plausibly be used for phishing purposes.
If you just bought some clown outfits and get an email about your clown plants being held at customs you’re a lot more likely to click to figure out what’s going on.
Personally I think this approach is used to rewind history for an investigation. If soemeone falls under suspicion for whatever reason, investigators can rewind history to find all their movements, all their connections, all their calls and posts and everyone who looked at them. Even in the absence of abuses of authority, that casts a pretty wide net.
Am I comfortable that whoever has access to all that collected data will never abuse their authority? Am I comfortable that when I get caught in such a big net, they’ll quickly realize I’m not a valid catch and throw me back without harm? Even if they have the best intentions, this is for all time: do you really think the world will always go perfectly? I’d rather not be in that net in the first place, even if it makes life harder for national security investigators
It’s also thought but not confirmed to be used for parallel construction. If the information is collected through illegal or inadmissible means, the NSA can inform the relevant agency that they have reason to believe that the individual is doing “illegal activity in question” and relevant details. The agency, now knowing the conclusion, can use legal means to gather the needed evidence for something they otherwise would never have even looked at.
The NSA isn’t supposed to monitor anything on US soil that doesn’t involve both terrorism connections and communication with foreign parties, but due to “reasons” they regularly collect a lot of stuff that isn’t that, and they’ll (likely) inform the DEA.
It’s a preposterous violation of the 4th amendment, but it’s also nearly impossible to prove.