DitoMorales.com | /Art







Privacy Policy | How to Block | Select Bibliography





My* Privacy Policy

1. There is no privacy.

2. Nothing is free.

3. By reading this you are generating advertising and other commercial revenue (but not for me). My domain host, Yahoo! (briefly Aabaco; formerly GeoCities), forces me to allow Lexity to track and data mine my visitors with hidden code like this (see below for details):

lotsa code
4. I am sorry.


* By "My" I mean "Our" because the company that hosts DitoMorales.com has been sold and now various Partners and Third Parties collect data on your identity and actions for commercial purposes — by simply reading this statement you are generating revenue for Yahoo!/Oath/Verizon (whoever owns the servers today). These data are very valuable, as the bibliography below should make clear (eg., Data.world's Brett Hurt declares, "Data is the new oil," in a 2017 Forbes interview).

I am trying to find a way to avoid this data mining of my website visitors, but it could take a while. DitoMorales.com has always been a non-commercial site supporting my research and teaching. After a few years as GeoCities sites (.../Athens/Olympuss/3883, Rock Art Research and Art History, and .../Athens/Styx/1116, Art History Forum) DitoMorales.com became part of Yahoo! in 1999 when they acquired GeoCities. Data mining of my visitors (you) accelerated after Yahoo! purchased the e-commerce platform Lexity in 2013. Yahoo!'s web site hosting service was bundled into a new company called "Luminate, from Aabaco Small Business" in preparation for a spin-off of that entire product line — that never happened. On June 13, 2017, Verizon Communications purchased Yahoo and bundled it and AOL into their digital content subsidiary, Oath Inc. After twenty years online I am now trying to find a host for DitoMorales.com who won't spy on my visitors and turn them into Big Data laborers for Third Party lucre. That spying and monetization means, against my intentions, that DitoMorales.com is essentially a commercial web site. That sucks.


Classroom Privacy & Intellectual Property

My lectures and presentations are my intellectual property—they are original or inventive in-and-of themselves — and may not be recorded or otherwise monitored under any circumstances without my written permission. My lectures and presentations may not be documented, reproduced, hosted, stored, modified, used to create derivative works (like translations, adaptations or illustrations), communicated, published, publicly performed, publicly displayed or distributed, under any circumstances without written permission. Students who need special accommodations will receive all necessary materials and assistance.

Your personal class notes, whether typed or handwritten, remain your property and may be used for the purpose of your personal study. However, transmitting my intellectual property to/via any third party, like sending them via web-based email, social media, peer-to-peer, or other online services, or any other unauthorized use of my course content, may violate intellectual property rights and expose persons who participate in such activities to significant legal entanglements.

My course content, in any form, may not be used for or exposed to any commercial exploitation. Digital apps and services like email, messaging and cloud storage include specific legal Terms of Service that explain how they use content for commercial purposes, inlcuding advertising, product improvement, and promotion. Sharing my intellectual property with any app and/or service that exploits that content for any commercial purpose would violate legal rights, and may have very serious consequences. Students who need special accommodations will receive all necessary materials and assistance.

See: American Association of University Professors – Intellectual Property Issues for Faculty


The Privacy Policy for this web site (I think):

The Terms of Service for this web site (I think):



I am told by Yahoo! (TOS§6g) to post My Privacy Policy if I sell or promote products or services (if I have customers):

I do not use DitoMorales.com to sell or promote products or services — you are not my customer — so the light-hearted Privacy Policy I provide at the top of this page shall suffice, even though its dark humor might seem excessively satirical. I think Chris Hoofnagle would get it. His page opens with this (read it):

I don't know what The Company's partners will do with all the data they mine from your visit, although I am provided with some handy dandy numbers and graphs :

I hope to find a host that will allow more privacy. This is the best I can do today. Please feel freet to block any tracking devices, scripts, or code you can block. It should not affect my site's functionality at all.




How to Block Tracking & Data Mining

Privacy Tools: How to Block Online Tracking
by Hanqing Chen, July 3, 2014 (propublica.org)

How to keep data miners from invading your privacy
by Jurica Dujmovic, Mar 25, 2015 (marketwatch.com)

How to disable third-party cookies in all major web browsers
by Mihai-Emilian Blaga, Dec. 1, 2015 (digitalcitizen.life)

How to turn off Cortana and stop personal data gathering in Windows 10
by Mauro Huculak, June 12, 2015 (windowscentral.com)

Disable third-party cookies in IE, Firefox, and Google Chrome (c|net How To)
by Dennis O'Reilly, Mar. 14, 2011 (cnet.com)

The paranoid's guide to the internet: 13 easy ways to make sure you're not hacked or tracked
by Nathan McAlone, Oct. 7, 2015 (businessinsider.com)

Everyone's Trying to Track What You Do on the Web: Here's How to Stop Them
by Alan Henry, Feb. 22, 2012 (lifehacker.com)

Use Their App, Keep Your Data
by David Talbot, June 11, 2012 (technologyreview.com)


Below is a brief sample of the current literature on surreptitious tracking and the significant privacy issues this commercially irresistible and unstoppable trend presents.




A Bibliography of Details & Techniques


Abbas Razaghpanah, Rishab Nithyanand, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Mark Allman, Christian Kreibich, and Phillipa Gill, "Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem" (Network and Distributed Systems Security [NDSS] Symposium 2018). dx.doi.org/10.14722/ndss.2018.23353). haystack.mobi/papers/ndss18_ats.pdf
Abstract: Third-party services form an integral part of the mobile ecosystem: they ease application development and enable features such as analytics, social network integration, and app monetization through ads. However, aided by the general opacity of mobile systems, such services are also largely invisible to users. This has negative consequences for user privacy as third-party services can potentially track users without their consent, even across multiple applications. ...


Terrell McSweeny (Commissioner, Federal Trade Commission) and Mignon Clyburn (Commissioner, Federal Communications Commission), "The commissioners of the FTC and FCC are worried about your online privacy," Los Angeles Times, Mar 31, 2017. beta.latimes.com/opinion/op-ed/la-oe-mcsweeny-clyburn-internet-privacy-20170331-story.html (also linked from ftc.gov/public-statements/2017/03/blog-post-commissioners-ftc-fcc-are-worried-about-your-online-privacy).

Jay Coen Gilbert, "Is Data The New Oil? How One Startup Is Rescuing The World's Most Valuable Asset" (Forbes, Social Entrepreneurs, August 23, 2017). forbes.com/sites/jaycoengilbert/2017/08/23/rescuing-the-worlds-most-valuable-stranded-asset-the-company-democratizing-data-the-new-oil

Cross-Device Tracking: A Federal Trade Commission Staff Report (January 2017).


Arthur Baxter, "The Truth About Data Mining: How Online Trackers Gather Your Info and What They See" (The Observer, July 21, 2016). observer.com/2016/07/the-truth-about-data-mining-how-online-trackers-gather-your-info-and-what-they-see

Englehardt, Steven, and Arvind Narayanan. "Online Tracking: A 1-million-site Measurement and Analysis." Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 1388-1401 (New York: Association for Computing Machinery, 2016). ftc.gov/system/files/documents/public_comments/2016/10/00045-129154.pdf
Abstract: We present the largest and most detailed measurement of online tracking conducted to date, based on a crawl of the top 1 million websites. We make 15 types of measurements on each site, including stateful (cookie-based) and stateless (fingerprinting-based) tracking, the effect of browser privacy tools, and the exchange of tracking data between different sites (“cookie syncing”). Our findings include multiple sophisticated fingerprinting techniques never before measured in the wild. ...

Oleksii Starov, Phillipa Gill, and Nick Nikiforakis, "Are You Sure You Want to Contact Us? Quantifying the Leakage of PII via Website Contact Forms" (Proceedings on Privacy Enhancing Technologies, 2016). cyber-investigator.org/wp-content/uploads/2016/02/contactus_pets2016.pdf
Abstract: The majority of commercial websites provide users the ability to contact them via dedicated contact pages. In these pages, users are typically requested to provide their names, email addresses, and reason for contacting the website. This effectively makes contact pages a gateway from being anonymous or pseudonymous, i.e., identified via stateful and stateless identifiers, to being eponymous. As such, the environment where users provide their personally identifiable information (PII) has to be trusted and free from intentional and unintentional information leaks. In this paper, we report on the first large-scale study of PII leakage via contact pages of the 100,000 most popular sites of the web. We develop a reliable methodology for identifying and interacting with contact forms as well as techniques that allow us to discover the leakage of PII towards thirdparties, even when that information is obfuscated. Using these methods, we witness the leakage of PII towards third-parties in a wide range of ways, including the leakage through third-party form submissions, third-party scripts that collect PII information from a first-party page, and unintended leakage through a browser’s Referer header. ...

Narseo Vallina-Rodriguez, Srikanth Sundaresan, Abbas Razaghpanah, Rishab Nithyanand, Mark Allman, Christian Kreibich, Phillipa Gill, "Tracking the Trackers: Towards Understanding the Mobile Advertising and Tracking Ecosystem" (FTC Public Comments, Consumer Privacy and Security Issues #38) ftc.gov/system/files/documents/public_comments/2016/10/00038-129143.pdf
Abstract: Third-party services form an integral part of the mobile ecosystem: they allow app developers to add features such as performance analytics and social network integration, and to monetize their apps by enabling user tracking and targeted ad delivery. At present users, researchers, and regulators all have at best limited understanding of this third-party ecosystem. In this paper we seek to shrink this gap. ...

Lisa Weintraub Schifferle, "Online tracking – more than cookies" (Federal Trade Commission, Division of Consumer & Business Education, June 23, 2016). consumer.ftc.gov/blog/2016/06/online-tracking-more-cookies

Amy Hebert, "Getting tracked online even after you try to stop it" (Federal Trade Commission, December 20, 2016). consumer.ftc.gov/blog/2016/12/getting-tracked-online-even-after-you-try-stop-it

General Online Tracking info from the FTC: consumer.ftc.gov/articles/0042-online-tracking


Chris Jay Hoofnagle, Ashkan Soltani, Nathaniel Good, Dietrich J. Wambach, and Mika D. Ayenson, "Behavioral Advertising: The Offer You Cannot Refuse" (Public Comment, FTC Workshop on Cross-Device Tracking Nov. 16, 2015, Submission #00048). ftc.gov/system/files/documents/public_comments/2015/10/00048-97807.pdf (FTC landing page: ftc.gov/policy/public-comments/2015/10/07/comment-00048)
Intro: At UC Berkeley, we are informing political debates surrounding online privacy through empirical study of website behaviors. In 2009 and 2011, we surveyed top websites to determine how they were tracking consumers. We found that advertisers were using persistent tracking technologies that were relatively unknown to consumers. Two years later, we found that the number of tracking cookies expanded dramatically and that advertisers had developed new, previously unobserved tracking mechanisms that users cannot avoid even with the strongest privacy settings. These empirical observations are valuable for the political debate surrounding online privacy because they inform the framing and assumptions surrounding the merits of privacy law. Our work demonstrates that advertisers use new, relatively unknown technologies to track people, specifically because consumers have not heard of these techniques. Furthermore, these technologies obviate choice mechanisms that consumers exercise. ...

Public Comments #603: FTC Workshop on Cross-Device Tracking; Matter Number: P155403. ftc.gov/policy/public-comments/2015/03/initiative-603
Cross-Device Tracking: An FTC Workshop. ftc.gov/news-events/events-calendar/2015/11/cross-device-tracking

Amit Datta, Michael Carl Tschantz, and Anupam Datta, "Automated Experiments on Ad Privacy Settings" (Privacy Enhancing Technologies 2015, 1 [2015]: 92-112). andrew.cmu.edu/user/danupam/dtd-pets15.pdf
Abstract: To partly address people’s concerns over web tracking, Google has created the Ad Settings webpage to provide information about and some choice over the profiles Google creates on users. We present AdFisher, an automated tool that explores how user behaviors, Google’s ads, and Ad Settings interact. AdFisher can run browser-based experiments and analyze data using machine learning and significance tests. Our tool uses a rigorous experimental design and statistical analysis to ensure the statistical soundness of our results. We use AdFisher to find that the Ad Settings was opaque about some features of a user’s profile, that it does provide some choice on ads, and that these choices can lead to seemingly discriminatory ads. ...
More from Prof. Datta: andrew.cmu.edu/user/danupam/

Andreas Kuehn, "Cookies versus Clams: Clashing Tracking Technologies and Online Privacy" (info 15, no. 6 [2013], 19-31, DOI 10.1108/info-04-2013-0013).
Abstract: This article compares the use of deep packet inspection (DPI) technology to the use of cookies for online behavioral advertising (OBA), in the form of two competing paradigms. It seeks to explain why DPI was eliminated as a viable option due to political and regulatory reactions whereas cookies technology was not, even though it raises some of the same privacy issues. ... Comparing the two cases from a technological, economic, and institutional perspective, the article argues that both paradigms were equally privacy intrusive. Thus, it rejects the generally held view that privacy issues can explain the outcome of the battle. Politics and regulatory legacy tilted the playing field towards the cookies paradigm, impeding a competing technology. ...
Also available as a symposium paper: papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID2809792_code2291099.pdf?abstractid=2809792&mirid=1

Natasha Singer, "Sharing Data, but Not Happily" (New York Times, Technology, June 4, 2015). nytimes.com/2015/06/05/technology/consumers-conflicted-over-data-mining-policies-report-finds.html


Jennifer M. Urban, Chris Jay Hoofnagle, and Su Li, "Mobile Phones and Privacy" (Public Comment, FTC Workshop on Mobile Device Tracking, February 19, 2014, Submission #00048) ftc.gov/system/files/documents/public_comments/2013/12/00007-89101.pdf
Intro: Mobile phones are a rich source of personal information about individuals. Both private and public sector actors seek to collect this information. Many mobile applications seek identification information, location data, and other user information. Facebook, among other companies, recently ignited a controversy by collecting address book information from users’ mobile phones via its mobile app. And a recent Congressional investigation found that law enforcement agencies sought access to wireless phone records over one million times in 2011. As these developments receive greater attention in the media, a public policy debate has started concerning the collection and use of information by private and public actors. To inform this debate and to better understand Americans’ attitudes towards privacy in data generated by or stored on mobile phones, we commissioned a nationwide, telephonic (both wireline and wireless) survey of 1,200 households. The survey questions covered in this paper focused on known ways that mobile phones and service providers are likely to store data, and on likely scenarios under which service providers—including mobile “app” providers—are likely to collect and share information about consumers. ...

Public Comments #516: FTC Workshop on Mobile Device Tracking; Matter Number: P145401


Claude Castelluccia, "Behavioural Tracking on the Internet: A Technical Perspective," in European Data Protection in Good Health, edited by Serge Gutwirth, Ronald Leenes, Paul de Hert, Yves Poullet, 21-33 (Dordrecht: Springer Netherlands, 2012).
Intro: The concept of Behavioural Profiling (also known as “targeting”) consists of collecting and analysing several events, each attributable to a single originating entity, in order to gain information relating to the originating entity. It consists of, in other words, transforming data into knowledge (Hildebrandt 2006). Behavioural profiling involves collecting data (recording, storing and tracking) and searching it for identifying patterns (with the help of data mining algorithms). The data collection phase is often referred to as Behavioural Tracking. ...

Jonathan R. Mayer and John C. Mitchell, "Third-Party Web Tracking: Policy and Technology" (IEEE Symposium on Security and Privacy, 2012). jonathanmayer.org/papers_data/trackingsurvey12.pdf
Abstract: In the early days of the web, content was designed and hosted by a single person, group, or organization. No longer. Webpages are increasingly composed of content from myriad unrelated “third-party” websites in the business of advertising, analytics, social networking, and more. Thirdparty services have tremendous value: they support free content and facilitate web innovation. But third-party services come at a privacy cost: researchers, civil society organizations, and policymakers have increasingly called attention to how third parties can track a user’s browsing activities across websites. This paper surveys the current policy debate surrounding third-party web tracking and explains the relevant technology. ...
Other great papers form Jonathan Mayer: jonathanmayer.org/papers

Franziska Roesner, Tadayoshi Kohno, and David Wetherall, "Detecting and Defending Against Third-Party Tracking on the Web" (9th USENIX Symposium on Networked Systems Design and Implementation, 2012). usenix.org/system/files/conference/nsdi12/nsdi12-final17.pdf
Abstract: While third-party tracking on the web has garnered much attention, its workings remain poorly understood. Our goal is to dissect how mainstream web tracking occurs in the wild. We develop a client-side method for detecting and classifying five kinds of third-party trackers based on how they manipulate browser state. We run our detection system while browsing the web and observe a rich ecosystem, with over 500 unique trackers in our measurements alone. We find that most commercial pages are tracked by multiple parties, trackers vary widely in their coverage with a small number being widely deployed, and many trackers exhibit a combination of tracking behaviors. ...
More, including video of the presentation: usenix.org/conference/nsdi12/technical-sessions/presentation/roesner

Stephen Cobb, "Google's data mining bonanza and your privacy: an infographic" (welivesecurity.com, 2012).
[GREAT infographic]


Dongseok Jang, Ranjit Jhala, Sorin Lerner, Hovav Shacham, "An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications" (CCS '10, Proceedings of the 17th ACM Conference on Computer and Communications Security, New York: ACM, 2010). dl.acm.org/ft_gateway.cfm?id=1866339&ftid=849805&dwn=1&CFID=847363526&CFTOKEN=38377694 (also at: goto.ucsd.edu/~rjhala/papers/an_empirical_study_of_privacy_violating_flows_in_javascript_web_applications.ps and via the Table of Contents tab at dl.acm.org/citation.cfm?id=1866307)


Mireille Hildebrandt, "Profiling: From Data to Knowledge" (DuD: Datenschutz und Datensicherheit 30, no. 9 [2012]: 548-552).





I hope this helps.

DitoMorales.com | /Art