There’s a new consumer crimefighter in town and his name is David Connolly. His mission? To blackmail Virgin Media and stick it to ‘clinically psychotic’ Richard Branson. Connolly has emailed Branson (and cc’d various newspapers and websites) to make his demands – £5,000 in compensation which may increase ‘to High Court levels depending on how much interest the national media takes’.

So what’s this all about, then? In his email, Connolly claims to have suffered an exhaustive list of problems with Virgin Media; some of them appear to be legitimate – failure to deliver services, breach of contract, incorrect charges – and some of them less so – ‘been arrogant and rude on the telephone’, ‘refused to escalate the problem past the level of general dogsbodies at head office’ and so on. Connolly’s ace in the hole is an alleged gaffe which saw a database containing ‘40,000 pieces of information about Virgin Media customers including listing rude/insulting nicknames… such as “a common woman” and “a prick”‘ dumped in his wheelie bin.

Because of these alleged grievances, Connolly has started his Virgin Media Watch email – ‘information on Virgin Media customers [sent] to national and local media every week adding new customer info, Virgin Media insults and adding more and more media/watchdog sources until they pay up what is rightfully mine’. In other words, Connolly is attempting to blackmail Richard Branson.

But who is this heroic consumer champ? His return email address identifies him as the sales manager of NWS Media which publishes the Bolton Directory, a free paper in the town. In addition, Connolly is also a ‘former England chess squad member, IQ 185 and former student of Intelligence’.

As emails go, it’s a little confused. He opens by plugging his upcoming book to Branson, then invites the tycoon to sue him because he’s already in court anyway, then attempts extortion and all the way through is undecided whether to refer to himself in the first or third person. Since the email was distributed for publication, you can read it for yourself here.

Intriguingly, there are several examples of customer accounts and details attached to the email (we haven’t published that bit). It’s possible that for all his bluster, he does in fact have a comprehensive database of Virgin Media customers. What happens next? Stay tuned for next week’s exciting installment of Virgin Media Watch!

Every day we fill in forms, on paper or online, that provide the option of keeping our personal data private, or allowing it to be shared with third parties. Most of us never think of the implications these decisions have, beyond more direct mail shoveled through the letterbox. For example, do we ever consider there are companies that aggregate our information in order to profile us? And what these profiles could be used for?

All very sinister and paranoid, but then Sky isn’t making any bones about what they’re up to. Yesterday customers received an email about changes to the Sky Player terms and conditions; the changes primarily focused on a new contextual advertising system called AdSmart, which was announced in September with little fanfare. AdSmart will allow Sky to target customers watching on-demand Sky programmes with advertising tailored to the viewer, beginning with online services and subsequently rolling out to HD customers:

We are writing to let you know about some changes we are making to the Sky Player terms and conditions, including the way we provide advertising on Sky Player.

In future [sic], the advertising you see on Sky Player may be better tailored to your interests. The new system, which is called Sky AdSmart, uses customer information to replace some general adverts with ones which we believe to be more relevant to viewers’ potential preferences and interests.

We will take information that you have provided to us as a Sky customer (for example, your post code or TV package), in combination with data provided by other companies who have your permission to share information about you, to build up a picture of what types of products and services might be of interest to you. We then substitute standard adverts with ones we believe are more tailored to your interests.

Have a read through about how Sky is sourcing this information about you; it’s not only personal data you supply to them, but information Sky has bought from other companies, plus your browsing habits too. It might be data you gave permission to be shared, but did you expect it to be stored and combined with other sets of information in order to profile your personality? When we sign our personal information away, we not only relinquish the data but also any say in how a third party might use it or who they provide it to. But what can Sky do with our data? Beam dazzlingly relevant adverts into our brains? And the rest:

Sky may also use your information for the following purposes:

· to enable us to comply with any legal requirements, in the detection and prevention of fraud and other crimes, and for the purpose of safeguarding national security;

Preventing fraud is not unreasonable – you’re involved in financial transactions with a business, after all. But Sky is also aggregating data that can be used to “safeguard national security”. Everybody is happy with where this is leading, right? Far from simply handing over your name and address, Sky can supply in-depth customer profiles to the police and other security bodies with impunity.

Can you opt out of Sky collecting all this information about you? Seemingly not. Out of AdSmart? Yes, but as Bitterwallet reader Billy pointed out to us, it’s an almost entirely useless way of doing so:

The Audience Science cookie enables behavioural advertising. Audience Science uses the cookie to place your device in certain advertising segments (e.g. sports segment) based on the content you view on Sky online services and websites and selected third party websites.

[To opt-out of the cookie] Audience Science will send an “opt-out cookie” to your device: please note that if you subsequently delete all of your cookies, you will also delete the Audience Science opt-out cookie.

So Sky will automatically drop a cookie into your browser as part of their terms, but to opt out you have to accept a second cookie which will be deleted if clear them? Foolproof. And this cookie only disables the AdSmart service; it certainly doesn’t prevent Sky gathering the information.

For plenty of people these sort of terms won’t matter and they’ll be perfectly acceptable in exchange for using Sky Player. But Phorm snooped on online users habits and were ran out the country; Sky is warehousing user data from multiple sources and it’s perfectly acceptable. What do Sky know about you?

Alright wankers? Yeah, you heard. Say what you like, we don’t care anymore. Not enough iPhone stories for you? Screw off. You want more photographs of price labels in supermarkets? Go take your own. We slaved over this website for more than a year, and finally our day has come. Andy and I have cleared out our desks, told the boss to do one and made enquiries about purchasing a small fishing boat in Estartit.

We’ll soon be living the dream baby, because this mail arrived earlier in our inbox – tell us, how can we not make millions once we take advantage of our new friend Hackers Online? There is no conceivable way in which we could possibly lose money:

I am selling Bulk Email addresses with special updated Address Links.Ams 4.3 registration code and SMTPS.Cpanel and Php Mailer for spamming Bulk mails.

I am selling BANK logins,Equity line of credit and chase transfers,CC top up,ATM cash outs like TRACK 1 and 2 DUMPS with pin,Employment Logins,Online banking involves also Online Cheque deals.

I am selling Western union MTCNS.On another receivers name and also make on Western union Admin with your name by Credit card Full information and you cash within 20mins of placement online.
MONEY GRAMME database but MG for South africa and Usa Alone.Percentages after 1 or 2 deals.

Identity theft – it’s all the rage these days. Everyone’s at it like rabbits, although rabbits are rarely the culprits, or the victims. That’s why banks are taking super duper precautions to keep all of your valuable personal data safe. Like Barclaycard, for example.

Bitterwallet reader Stuart applied for a credit card with Barclaycard, to take advantage of their offer of 0% interest on balance transfers. Barclaycard obviously believe that personal data is best hidden away in plain sight, because they printed all of Stuart’s information on the back of an agreement form – after Stuart had already securely supplied the information online – and posted it to him. Everything is there, including his security word for the account. To ensure the maximum possibility of the information going astray, Stuart then had to post his personal data for the second time, since it was printed on the agreement form:

It’s standard operating practise, say Barclaycard. We’re sure it is – agreement forms are nothing new and the banks like hard copies with real signatures – but sending all that information together, including passwords, in the post? Twice? Why can’t customers be prompted to check their details are correct through the secure website they applied on?

Not to worry, we’re sure they know what they’re doing. After all, they’re a bank.

So it’s true. The government’s scheme to fit smart meters in every home by 2020 is part of a grand conspiracy to plunge the nation into anarchy. They’re telling you these electronic beasties are to help reduce energy consumption and send real-time usage data direct to utility companies. According to professional scaremongerers however, these meters could be hacked or used to cripple the country.

There are 17,500 of the meters being trialled in the UK right now, but there are around 40 million smart meters in use worldwide. There have already been a number of security breaches, including hacking of customer details, denial of service attacks and “suspected infiltration by foreign intelligence services”. Why would Mossad want to know when you’re popping the kettle on? They don’t – they want to control your kettle, or at least ensure you can’t switch it on.

Security firms in the US have already proved their vulnerability by developing worms that can simultaneously switch off hundreds of meters. A security boffin told the Telegraph: “The utilities network has been defined by the Government as a key part of the Critical National Infrastructure. The impact of any large-scale power cut could not only put lives at risk but be potentially paralysing for the economy. Whilst there are many potential benefits of smart meters that justify their introduction, we must be aware it also brings new risks and should therefore design in security from the outset to guard against this.”

Carumba. And it’s not just those who are paid to be paranoid that are being paranoid; Consumer Focus is worried about the privacy implications of the meters, which will collect data on energy consumption to help households identify which appliances are most expensive at which times of day. Another in-depth database to stick on a laptop and leave on a train, right there.

[The Telegraph]

If you’ve had a facebook account any time in the past three or four years, you’ve no doubt shared all manner of quizzes and games asking “what’s your Hobbit name?” and “who is your celebrity twin?”, etc.

But here’s the thing. When someone puts up a trending topic on twitter to make up, say, your porn star name, the game should make you paranoid. Combining your mother’s maiden name and the name of your first pet, or some such combination, can often reveal your secret answers to your online email and bank accounts.

Mashable therefore raises the question: did someone start this to gather information with less than honest motives? Who knows? It could just be a 14-year-old with too much time on their hands (and the rest of us, who have too much time to play). But keep in mind that personal data – even the seemingly innocuous – can be one of the many puzzle pieces that when put together add up to your identity in someone else’s hands. This is one of those situations where it’s perfectly OK to make up answers. We won’t tell.

[Mashable via PCWorld.com]

If you have any interest in the current state of privacy and liberty in the UK please get your ass down to one of the events tomorrow happening under the banner of The Convention on Modern Liberty. There are events happening in Belfast, Birmingham, Bristol, Cambridge, Cardiff, Glasgow and London.

The increase of surveillance and erosion of personal privacy is becoming the norm in the UK. There is an attempt to shift the thoughts of our society away from respecting personal privacy to questioning those who fight against the erosion of personal liberty. I cannot put it more eloquently than Phillip Pullman’s strongly worded article in the Times today – Malevolent voices that despise our freedoms:

Are we conscious of being watched, as we sleep? Are we aware of an ever-open eye at the corner of every street, of a watching presence in the very keyboards we type our messages on? The new laws don’t mind if we are. They don’t think we care about it.

We want to watch you day and night

We think you are abject enough to feel safe when we watch you

We can see you have lost all sense of what is proper to a free people

We can see you have abandoned modesty

Some of our friends have seen to that

They have arranged for you to find modesty contemptible

In a thousand ways they have led you to think that whoever does not want to be watched must have something shameful to hide

We want you to feel that solitude is frightening and unnatural

We want you to feel that being watched is the natural state of things

Pullman can be hyperbolic at times but the essential points carry through. There needs to be more debate and discussion about where the UK is heading in respect to privacy and liberty which is not happening in our streets nor our Parliament.

The Convention on Modern Liberty via BoingBoing

The furrow-browed investigative types at Which? Computing magazine have got nothing better to do with their time than to buy old computers off of eBay and go snooping around in the hard drives for the personal information of the machine’s former owners.

We say ‘Good for them!’ – we certainly couldn’t be arsed with carrying out such a laborious task in an effort to highlight just how hard it is to completely wipe clean your hard drive before you flog your old PC.

The report reveals that second hand or dumped computers are an increasingly popular source of classified info by tech-savvy fraudsters as well as those who just fancy snooping around in search of a massive cache of free bongo pics.

It seems that the ultimate method of data-wipeage is the good old-fashioned hammer. Removing your hard drive before smashing it to buggery is one guaranteed way of erasing all those passwords and bank account details.

Which got us thinking… what if every single person in Britain got together at a fixed time, armed with a hammer, and started smacking the shitting life out of almost 60 million hard drives? Some rudimentary calculations that we did on the back of a scratch card show that the smithereen-generating vibrations that would shudder through the country would probably freeze time itself for at least a few seconds.

Well… whaddaya say? We’ll pencil it in for July 12th (my birthday) so tell your friends and start rounding up hammers and hard drives. Mind you, it’s got to be EVERY SINGLE PERSON IN BRITAIN or it’s not worth doing.

See you on July 12th!!!

Ireland’s appeal objections to the Data Retention Directive have been rejected by the European Court of Justice. The Data Retention Directive mandated that all EU states must pass laws forcing telecoms companies to keep phone and internet usage records for six to 24 months. Ireland’s appeal was not against the directive itself but rather that it is not within the EU’s remit to pass Directives in the area of crime and security.

Civil rights groups have been fighting this Directive on its substance but there is no word whether these appeals have gained any traction. Considering the response to Ireland’s appeal it is doubtful they will find a sympathetic ear.

Ireland has implemented stricter laws than those required by the Directive, ordering telecoms companies to keep data for three years.

In the UK parts of the Data Retention Directive have been implemented with the retention of non-internet data coming into force October 1st 2007. The extension to internet data is expected to arrive March 15th, 2009.

[Out-Law.com]

At a time when everyone is screaming at us to keep our personal information secure, you have to wonder why PC World expects us to share our details within earshot of a queue of customers.

Why do they need to know whether your purchase is for personal use or business? Why are you asked for your name and address regardless? And what happens if you tell the pimpled 18-year-old trainee on the till to politely do one?

You’d like to know too, right? Good. I fired off an email to parent company DGSi and asked just that. Here’s the reply I received back and I think you’ll agree, it’s a doozy: (more…)

The Register has reported today that the Home Office denies they have finalised any plan for requiring ID when purchasing a prepaid mobile. The information would be used to build a database on mobile users under the auspices of preventing terrorism. The Home Office says they need to consult in order to build a consensus:

Of course there is a balance between privacy and our liberty which is why we have said we will be consulting on this and seeking a political consensus. No decisions have been taken and we will be consulting in the New Year.

This smells like typical gov speak for “This is going forward but we’re happy to start a few more committees in the meantime.”

Vodafone deserves some credit for their stance, although one suspects it is motivated by fear of seeing PAYG sales plummet rather than their support for personal privacy. 72% of Vodafone’s 18.5m UK customers are on prepaid plans.

Vodafone does not support mandatory registration for its pre-pay customers and has not made any ‘contingency plans’ to start requiring registration for the purposes of a Government data collection scheme.

PAYG services hold an important role in terms of preventing a digital divide in communications. There is no need for a credit check and if customers do not have a permanent base, or a passport, they are not excluded from using these services.

In yet another confirmation that the UK is carefully shuffling its way to an Orwellian manifest destiny it has been announced passports or other offical identification will be required when purchasing pre-paid mobiles. Presumably your national ID card would suffice.

The purpose of this new national register is to add the info into the existing terrorism and surveillance database. Apparently pre-paid mobiles are used in terrorist attacks and god damn it we aren’t tracing those 40m prepaid mobiles. The Times Online article nails it:

The pay-as-you-go phones are popular with criminals and terrorists because their anonymity shields their activities from the authorities. But they are also used by thousands of law-abiding citizens who wish to communicate in private.

Imagine – prepaid mobiles are also used by law abiding citizens wishing to communicate in private! So by default they are used by criminals and terrorists but a few people also use them to talk about Heroes, when their train is coming in and where to meet for a pint.

The loopholes in the scheme appear to be obvious. We give up our data and our privacy and the terrorists simply do their nefarious prepaid mobile shopping on eBay.

via therawfeed

The Open Knowledge Foundation is running a workshop on November 1st in London titled, “Finding and Re-using Public Information.”

The UK Government produces and distributes a vast amount of documents and datasets – from national statistics to environmental information, from socio-economic data to legal material. Recent technologies allow this information to be explored, built upon and made accessible in new ways – whether through visual representation, semantic interlinking, or through social media applications.

This informal, hands-on workshop will bring government information experts together with those who are interested in finding and re-using government information. In addition to focused discussions about legal and technological aspects of re-use, government information assets will be documented and tagged on CKAN, a registry of knowledge resources.

Why is this important to Bitterwallet? We tend to invest our government with an absurd amount of data as well as the right for them to collect and store that data. What we tend not to do is exploit it to the degree we should or hold the gov accountable on giving us access to the data which we have paid to produce. Learning how to access and re-use these rich sources opens up a lot of doors into building hacks and tools that re-mash this data into something useful. We should be consumers of our own information!

Thanks to yishaym

If you want to keep your personal data safe, then you need to be either a) dead (beyond caring), b) not born (have no personal data to concern yourself with) or c) Stig of the Dump. Otherwise, you’re fair game.

In the last 12 months, nearly 31 million people – barring duplication, that’d be over one in two of us, folks – have had personal data lost by the kack-handed government officials and contractors who shuttle our digital lives around on laptops and CDs, oblivious to the fact that leaving them on trains and selling them on auction sites might be generally considered a bad move.

Couldn’t give a toss? Wait until you read about the bozos who’ve been trusted with your data and what they’ve done with it. (more…)