Tracking is Free on the Blockchain, the Blockchain is NOT Tracking-free

in #technology3 years ago

Yesterday @liberosist had an excellent post about the GDPR compliance of the Steem blockchain. While that post is mostly a topic for the witnesses since many use servers hosted in the EU, I wish to reiterated and emphasize another point liberosist made.

Something all Steemians should be aware, especially when they think that Steem is Social media done right. Not only Steemians should think about this though, this applies to any public blockchain.


Photo credit: Matthew Henry on Unsplash

The Blockchain is NOT Tracking-Free

We often see the claim that the (Steem) blockchain doesn’t track its users, but while that MAY be true that claim often relies on a poor understanding of the blockchain technology.

In its most simplified explanation most blockchain, and that includes the Steem blockchain, are open for people to set up so-called nodes and help hosting the blockchain. The core of the blockchain’s decentralized element.

What does this involve?

Setting up a node, or a witness, means that somebody has a server and syncs their server with the blockchain. They can do that because the blockchain is public, the blockchain is a transparent ledger and most blockchains are configured to be decentralized.

When somebody spins up a node, or a Steem witness, they gain access to ALL data (all blocks) in the blockchain and often even host these blocks too on their node (server). At that point they basically have all your data, all your posts, comments, votes and whatnots on their computer.

From here on it doesn’t take much imagination anymore to think that anybody can start to mine all that data and build profiles for each account. Pretty much like Cambridge Analytica did, like many advertising agencies do when building Facebook and mobile apps for their clients(*), and like many a startup can do when they offer account signup with Facebook.

Now the Steem blockchain may not hold that much data about you but who says that is to stay? Who says that one of the dApps built on the Steem blockchain won’t have scripts integrated in their code which request your location via browser, read out your IP, your ISP, your modem’s MAC address and even fingerprint your device? Pretty much like Facebook does. And the BBC.

If you follow me you know that I care about my privacy and your privacy. I regularly promote privacy aware apps, news and more.


Privacy rating for within DuckDuckGo Mobile: Improved from D to C)

I use DuckDuckGo Mobile browser, I use Signal Messenger for encrypted messaging, I use ublock Origin adblocker when I for whichever reason need to use Google’s Chrome browser, my connection uses a private VPN which doesn’t log the sites I visit (unlike your ISP does).

Am I paranoid? No, I’m not but I just don’t like to be THE PRODUCT... and nor should you.

The reason why I resort to those tools is because I know what any webmaster, server admin can achieve. You may think that you blocked your browser access to your location but anybody can still request your (estimated) location via other ways and I am aware of that. Ever wondered why the Guardian shows the weather forecast for your location on its homepage despite you having blocked location access for your browser? BINGO!

Things aren’t different on the blockchain. On the blockchain everyone can become a Cambridge Analytica. On the blockchain professional data resellers like Nielsen, and its ilk, can spin up their own node and mine all that data for the mere sake of profiling everyone. Anything you post to the blockchain, or Steem, will be put in siloes which subsequently can be targeted by advertisers.

Ever linked from your Steem to your Facebook account? Sorry, your Steem account is now linked to your Facebook profile. Your anonymous profile is no more.

Did you know that currently almost every Steem interface, this includes Steemit and, uses Google Analytics and thus indirectly contributes to the revenue of Google AdWords and Doubleclick? Google Analytics registers and logs your IP, your location, your estimated age and estimated earnings. If you happen to be logged in to your main Google Account, Google AdWords’ CFO thanks you. Google Analytics can also track you across devices.

Google’s Analytics tracker is basically as creepy as Facebook’s tracking.

And on the blockchain things are even worse. Because anybody has access to ALL data hosted on the blockchain. On the Steem blockchain you even don’t need to spin up a public node: you can just grab @gtg’s always “up-to-date” file. This isn’t unique to Steem either, many blockchains will have node operators who offer an (almost) up-to-date file/dump for faster download and setup when configuring a new node/witness.


Why Does It Matter?

All this doesn’t matter as long as you are aware of that possibility and post accordingly. If you wish to feed companies all data they can use, be free. If you care about your privacy... think what you post. The blockchain is immutable and on the blockchain there’s no right to forget, unlike EU citizens benefit.

Your stupidity is immortalized (after 7 days) on the Steem blockchain.

And that stupidity, as @liberosist correctly highlighted in a response to a comment by me, that stupidity is available to anybody:

But it goes deeper than just some data mining company. All governments, all corporations, all advertisers, all underworld, all stalkers, serial killers, sexual predators - everyone has all access to all your data. And there's not a damn thing you can do about it.

Even Orwell didn't see this coming.

Indeed, even George Orwell’s 1984 is child’s play compared with the access to data anybody has on the blockchain.

The other side of the transparency coin.

Remember this each time you post to ANY blockchain. The blockchain isn’t tracking-free... tracking is FREE TO ANYBODY on the blockchain.

Don’t be paranoid but use that highly efficient body item we have and which sets us apart from other beings: your brain.


(*) Around half a decade ago I worked for a top 10 worldwide advertising agency as Entrepreneur in Residence and you bet that data mining and tracking was a central point as CRM programs and program development were top of the agenda in that era.

You make some very good points about data mining I had not considered. I'm glad I have always been very privacy oriented. I also use Duck Duck Go, rarely use google products if I can avoid it, and I NEVER sign into anything through facebook. I also always try to keep in mind that everything I post is going to be written in stone on the blockchain.

I really this this point needs to be made when someone registers and signs up for steemit or any platform. It's so important. People are accustomed to thinking if they delete something - it's gone. I can see this being used for blackmail too like "if you don't do what I say I'm going to put that picture of us doing (whatever naughty thing) on the blockchain."

People are accustomed to thinking if they delete something - it's gone

This is a huge problem though. They should be accustomed to thinking the opposite.

Data, once created and disseminated, is extremely difficult to destroy. Instead of attempting to legislate around reality (like that time a US state tried to legally redefine a mathematical constant), the EU should have focused on education initiatives. If someone wants to collect data on you, your only defence is to refuse to create that data.

Does that mean you have to think before you hit the "post" button? Yes! Should your failure to think before clicking become a burden upon the rest of the world? Hell no.

GDPR has a lot of feel-good motives behind it, but it's a flawed concept at its core.

You make a really great point here about the misconceptions some folks have. There is no privacy on Steem! None! There is actually no privacy on Facebook, either, from an information-theoretic standpoint. Unfortunately, people like to deal in terms of trust.

Sure, if you trust Facebook to delete what you ask them to, or if you trust that they won't risk being fined/jailed for non-compliance with regulations... Steem's mechanisms become a bit scary to you. I never trusted any of these entities in the first place (and for good reason, we've since found out), so Steem doesn't bother me one bit.

The most annoying thing about it for me is that there are a few embarrassing typos I've made that I can't actually erase... which leads me to my next point. Just a small correction on one of your points:

Your stupidity is immortalized (after 7 days) on the Steem blockchain.

Your stupidity is actually set in stone the second you sign and broadcast the transaction. Even an edit won't delete the prior content of your post from the blockchain.

Editing is still useful for some good-faith damage control (nobody is going to care if you made a typo), but I myself have looked into the blockchain data numerous times to find out what someone said before they "deleted" their post.

I think from now on I will just edit each post 40-70 times. Just for you, @lemony-cricket.

good points made. as a saving grace, i dont see much information worth their while. facebook has lots more valuable stuff because of your personal interaction which is more social. here on steemit, it seems a lot more impersonal. i could be wrong but it seems that way.

On steemit most personal interactions seem to be about the platform and not about each other. is that valuable?

On Facebook most of the value comes because of the demographic profiling thanks to MAC address, router MAC address (for each wifi you log in too)... basically location.

Why do you think Facebook’s more recent free WiFi feature requires 24/7 location.

Then combine location with interests. That leads to the following possible situation (also keeping in mind that Facebook has admitted it buys data from other offline profilers like Nielsen):
A user has liked cruise ship pages.

  • User lives in an affluent location -> is shown $5k for 2 weeks cruise ship holiday
  • user lives in a less affluent location/country -> is shown ads to work on a cruise ship.

Of course it isn’t just area. The ability to track wherever you go is $$$.

Combined with years of data and likes that is a treasure.

But even on steem you can notice basic availability of such: upvotes checked against tags. Combined with time spent on each tag.

Right now there isn’t a Steem app yet tracking location or doing device fingerprinting. But who says that is meant to stay?

Who says no Steem dApp will integrate Facebook’s Pixel to monitor conversion from ad campaigns on Facebook.

Important to remember: the basic raw data is available to anybody. You can use SteemSQL for a fee or you can just spin up your node and mine it all yourself. Upvotes, transfers, user interaction (through upvotes, comments, and even transfers). Also what dApp each user uses and how often they post to that dApp. It’s all in the blockchain and available to anybody.

But you’re right, the dataset isn’t as rich as all sneaky tricks Facebook employs. Did you know that Facebook uses your phone’s barometer to verify what floor you are on? Thanks to that and reading out the router’s MAC address Facebook will decide whether you share a flat with housemates or with family (also defined by your relationships of course but it starts all with the router’s MAC address and altitude). That’s sneaky and you can not really block that.

The only way to block that is to give your modem/router a new MAC address and log it in via a VPN first few times you go online. Make sure to use the same location for your VPN each time as the system will lock the router to that location after few logins. Nobody knows this happens but for Facebook it all adds to the demographic profiling via much sneakier stuff than interaction. ;)

Congratulations! Your post has been selected as a daily Steemit truffle! It is listed on rank 23 of all contributions awarded today. You can find the TOP DAILY TRUFFLE PICKS HERE.

I upvoted your contribution because to my mind your post is at least 32 SBD worth and should receive 103 votes. It's now up to the lovely Steemit community to make this come true.

I am TrufflePig, an Artificial Intelligence Bot that helps minnows and content curators using Machine Learning. If you are curious how I select content, you can find an explanation here!

Have a nice day and sincerely yours,

Coin Marketplace

STEEM 1.23
TRX 0.15
JST 0.138
BTC 58643.55
ETH 3891.50
BNB 643.53
SBD 7.74