PabloBM

Browser privacy

For some time now, I have been using the private browsing mode (or “incognito mode” or “porn mode”) of my browsers for casual usage. I feel wary of the incredible amount of information that I can let out about myself if I do otherwise.

Real-world cases

I had been aware of this for some time, and we have had some real world examples. For example, in 2006 AOL released search data for research purposes. All published records were anonymised, by means of showing user IDs instead of real names. But it was still easy to recognise many people by the things they were looking for, as well as group up their searches and know more about them.

Something similar happened to Netflix in 2008. As part of a data mining competition, they published their logs of film viewing. Then somebody thought of cross referencing them with rating data posted by users on IMDB. They were able to find matches for many of those.

Revelation

But anyway, thing is, this really struck me this day when I was using Google Chrome and I entered a URL on the address bar (the Omnibox as they call it). It was then that I realised that Chrome was trying to autocomplete what I entered.

Autocomplete a URL. Think about it. It was not even an attempt to search, but a URL. Chrome was asking Google for candidates to autocomplete what I was entering. As part of the process, Chrome was telling Google exactly what I was entering on the address bar, real time. This meant that I didn’t even have to explicitly perform a search on Google for them to know what was the next website I was going to visit.

By the way, just in case it was autocompleting from the browser’s own history or something like that, I checked. The following screenshot shows the requests that my browser fired when I was entering a URL on the address bar. (By the way, I used Charles Web Debugging Proxy for this. Pretty nifty tool).

Of course I could turn this specific feature off, but that’s not really the point and you know it. People don’t change their defaults, and I mean the average user of the web, not you and not me [1]. Oh, and of course this doesn’t save me from the Netflix scenario. There’s not really much helping against that.

Indirect consequences: The Filter Bubble

Some will still say “Well, I don’t care about my personal data, blah, blah, doesn’t affect me, blah, blah”. Well, it affects you in more ways than the evident. In fact: it is already affecting you in a very subtle, yet dramatic way.

Some time in 2011, I saw this short TED talk were Eli Pariser introduced (at least to me) the term “The Filter Bubble”. Go have a look, it’ll take only 9 minutes of your time and is very enlightening:

If you didn’t have 9 minutes, don’t worry, this is the skinny of it:

• Google, Facebook, Yahoo, etc… They keep a history of what contents you prefer.
• Since they know what you normally go for, they’ll feed you more of it.
• Eventually, things that you didn’t show interest on will be removed from your search results, news feeds, etc.

Initially, that’s all good and well but: what about things that are important, but you just don’t check that often? Or what about challenging opinions? Will I just be told what I want to hear instead of what is actually true, or at least unbiased or just from a different point of view?

In one of the examples in the talk, conservatives were being given only conservative links, and similarly with progressives. All this based in data such as search history, links clicked on Facebook or what have you. At the end of the day, people would believe that this information bubble they live is a reflection of the world as it is. However, it’ll be only a reflection of the world as they would like it to be. Wishful thinking.

Solutions

I don’t think there’s much of a solution, no. Logging of habits that takes place while you are not logged into a site, those can be solved to an extent by browsing anonymously, in incognito mode. However, for browsing that happens while you are logged into Facebook, GMail… there’s no easy way out.

Only thing you can do is keep all this in mind when you use the Internet. And by the way: is really Facebook the best way to use your time? Just sayin’.

32

• 2⁵
• Germanium
• Space
• Beethoven Piano sonatas
• Kabbalistic Paths of Wisdom
• Magic Johnson
• Me

ActiveRecord: getting a backtrace of your SQL queries

The other day I had some strange database queries in my Rails log. I didn’t know what was originating them, so I set out to track down their origin.

Thus I found out about ActiveSupport::Notifications. It is used by Rails to notify about events ocurring inside the framework, and is used to generate the standard logs that we see in our applications. We can turn them to our advantage to solve the problem at hand.

We can tap into these notifications to find out what is generating those DB queries. To do this, we print out the backtrace of the program when we get notified of an SQL query happening. Like this:

# lib/query_tracer.rb
module QueryTracer

  # Borrowed some ANSI color sequences from elsewere
  CLEAR = ActiveSupport::LogSubscriber::CLEAR
  BOLD = ActiveSupport::LogSubscriber::BOLD

  def self.start!
    # Tap into notifications framework. Subscribe to sql.active_record messages
    ActiveSupport::Notifications.subscribe('sql.active_record') do |*args|
      QueryTracer.publish(*args)
    end
  end

  # Notice the 5 arguments that we can expect
  def self.publish(name, started, ended, id, payload)
    name = payload[:name]
    sql = payload[:sql]

    # Print out to logs
    ActiveRecord::Base.logger.debug "#{BOLD} TRACE: #{sql}#{CLEAR}"
    clean_trace.each do |line|
      ActiveRecord::Base.logger.debug "  #{line}"
    end
  end

  def self.clean_trace
    Rails.backtrace_cleaner.clean(caller[2..-1])
  end

end

QueryTracer.start!

To make this work, we only need to require the module from anywhere appropriate. An initializer would be a good place, for example:

# config/initializers/query_tracer.rb
require 'query_tracer'

Now, for each SQL query generated within ActiveRecord, we will get the following output in the logs:

 TRACE: INSERT INTO `user_words` (`created_at`, `updated_at`, `user_id`, `word_id`) VALUES ('2011-11-27 18:33:53', '2011-11-27 18:33:53', 2, 2)
  app/models/user.rb:18:in `block in add_word'
  app/models/user.rb:12:in `tap'
  app/models/user.rb:12:in `add_word'
  app/controllers/words_controller.rb:6:in `create'

And that’s it!

Amazon’s Kindle customer service

Two weeks ago, I lost my Kindle. I had it at my brother’s place, but then I didn’t have it on the tube. No clue of what could have happened in the middle.

I was already thinking of buying a new one, when I got a call on my phone. It was an Amazon customer services rep. They had my Kindle. Somebody had returned it to them.

Oh, and they were shipping it back to me for free. It’s back with me now.

Another related story. This is actually my second Kindle. The first one had a problem, half the screen was dead. I called Amazon at 6pm, and I got a replacement by 10am the next morning. For free again. They also arranged for a courier to collect the broken one any time that suited me.

Honestly, it makes me feel a bit bad that I have only bought one Kindle book from them since I first purchased the device. The rest have been books I downloaded from Project Gutenberg and such.

It’s just that I hate DRM. Please publishers, sell more DRM-free books :-(

Everyone else: buy the Amazon Kindle. It’s an awesome device.

Eclipse doesn’t let me to findViewById

Yesterday I did my first bit of Android development ever. I created a very simple program that simply updated some text on screen.

I had a problem though. On my Activity, I had the following piece of code:

public void updateText(View view) {
    TextView t = (TextView)findViewById(R.id.button);
    t.setText("Updated!");
}

And the following bit ox XML in my layout (inside a LinearLayout):

<Button
    android:id="@+id/button"
    android:layout_width="wrap_content"
    android:layout_height="wrap_content"
    android:text="@string/button"
    android:onClick="updateText"
 />

Eclipse insisted that R.id was illegal. Specifically, the error was id cannot be resolved or is not a field, even though the button did exist in the view.

The problem was that I had not yet defined the string “button” in my strings.xml file:

<string name="button">Click me!</string>

Not sure of the exact internals, but I guess that Eclipse was trying to compile the layout, and it failed because the string was missing. In turn, this showed an error in the activity, because it was using a broken layout.