#rC3 talk notes continued

Julian Fietkau delivered a wonderful talk on their research which started one year ago. They want to evaluate the spread of fingerprinting technology on websites. The first step was evaluating the functionalities used for fingerprinting. They take a quantative approach, where they observe which kind of functionalities are requested in-order. If many features are requested one after another, it is considered as fingerprinting technology.

Their result is that they identified 115 Javascript functions and classified them into 40 fingerprinting features. They implemented the quantitative fingerprinting model in a Google Chrome browser extension called “FPMON”. Then they looked at the data fetched from websites. For example, wikileaks.org uses 0 features but metacafe.com uses 95 of 115 JS functions, 38 of 40 features, and 17 of 18 aggressive features have been used. A 50% score was identified as an estimated baseline. They continued to evaluate the alexa.com 10,000 most popular websites (by visiting the landing page for 60sec). 500 pages don’t use any features and 38 of 40 features have been the maximum attained by {breitbart.com, foursquare.com, and politifact.com}. 57% of pages use 11 plus/minus 4 features. Part of their research was to identify the major networks used. Here, Moatads is pointed out as particularly aggressive.

They conclude that in 7 years, the growth of font fingerprinting has grown by a factor of 10. The tools EFF Privacy Badger, DuckDuckGo PE, Firefox Strict, and Apple Safari were looked at as well. The first three simply use blacklisting strategies to block fingerprinting networks. However, this might break some website functionality. In contrast, Safari uses a different approach with unification and herd immunity. They unified the values of those features and thus users cannot be easily distinguished. The Safari was presented as much more effective than the others.

I expected this talk to be a boring talk about fingerprinting theory. But it was well-delivered, the browser extension is very useful for research and the research output is very interesting to me.

keinfilterfuerrechts.de is a journalist project by collectiv to evaluate the network of right-wing users on social platforms. Specifically, instagram was analyzed such that users and posts are taken into account, but user stories are only stored for 24h and thus have not been accessible to the journalists. First of all, they evaluated four dimensions that contributed data points per user:

Then they tried to find a proper sampling method for their purpose (because just following all followers of some person would yield unmanagable exponential growth quickly). They used a variant of exponential discriminative snowball sampling. They created a fake account which followed other right-wing accounts to build up a network. 86 non-right-wing complementary accounts were followed too. 281 origin accounts established the network analyzed:

Then, they analyzed the distribution of topics and generated nice colorful images of the network.

Furthermore they wanted to visualize the network by defining accounts as vertices and edges as interactions. The edge weights are defined by {mutually following, following the same accounts, mutually used hashtags, tagging in images, comments in posts of other accounts}. Two web science features, they looked at, are:

gephi was used for data analysis. In general, the images of the journalistic work summarize the goal of this work. It allows you to get a rough idea how the right-wing network works and which topics relate to each other in which way.

Carola and Robert Köpferl discuss accessibility in German in Germany and in documents.

First, Carola defines digital participation:

There are many norms including EN 301 549, DIN EN ISO 9241 and Web Accessibility guidelines 2016/2012. In the end, it would be a good approach to once use a device like a screenreader. A Braille keyboard is of interest as well as the Jabbla Zingui plus as a speech generating device.

Then they provide a table:

Screen readers are very popular. As a result, tab orders and proper declaration of the navigation menu is required. One important aspect is also that in talks the content of a slide is also recognizable without video channel. One example is that the main parts of a figure need to be explained orally in order to support people with visual impairments. Norm “Barrierefreie Informationstechnik-Verordnung 2.0” lists the following desirable aspects:

PDF has a separate PDF standard PDF/UA (ISO 14289-1) which covers:

See also WAI standard by W3C:

In order to implement the guidelines, a persona concept of design thinking, interviews, and reflection on your own assumptions is useful. Robert points out the significance of the accessibility tree. The accessibility tree of GUI toolkits allows navigation for many people. The continues to discuss HTML as exemplary topic. The ARIA standard still exists, but lost significance in HTML5, because many aspects got integrated into the new HTML5 elements. Input validation should done as early as possible and illustration by red color might now suffice for blind people. Also <label> is important for input field.

Some (sadly many German) links are provided:

In conclusion, a quite good talk about accessibility, but rather introductory.

sveckert is a journalist talking about Amazon’s Alexa. She installed the device for half a year until April 2020. Then she asked Amazon for the data (as part of the GDPR). She described access/download as smooth and easy. She showed several samples which random situations were recorded which happened due to accidental triggers (i.e. not just “Alexa”). Then she included the research of a German research team in her talk.

Lea Schönherr, Maximilian Golla, Thorsten Eisenhofer, Jan Wiele, Dorothea Kolossa, Thorsten Holz: “Unacceptable, where is my privacy? Exploring Accidental Triggers of Smart Speakers.” CoRR abs/2008.00508 (2020).

The research team faked some living room and put some Alexa device inside. Then they played famous TV series like “Game of Thrones” the entire day. Followingly they downloaded (due to GDPR it is possible to fetch all data easily) all recordings and looked into the accidential triggers. As pointed out on their research webpage, Alexa reacts to the words “unacceptable” and “election”, while Google often triggers to "OK, cool”. Siri can be fooled by "a city", Cortana by “Montana”, Computer by “Peter”, Amazon by "and the zone" and Echo by "tobacco".

Some interesting implementation detail: The LED indicator shows when Alexa is uploading data, but without user’s knowledge Alexa also submits metadata. For example, Alexa has a fingerprint database such that Alexa is not triggered by an Alexa commercial on TV. The database is updated once a week and uploads information how many times a fingerprint matched. So in theory, Amazon could collect information how often you have watched a certain commercial.

In conclusion, Alexa is presented as a surveillance tool recording your daily life with justified arguments. It has some fundamental privacy issues which it shares with other speech assistants.

At Datenkanal, this German podcast with moderator Jens Kubieziel discusses the IT at the German police.

“Good police work requires good IT” is a statement published by Polizei Thüringen on Twitter and Andreas Ufert replied. Then Jens contacted Andreas and asked him about the German police in the Datenkanal podcast. Andreas worked at the Thüringer LKA between 2002 and 2013. He maintained the systems and Oracle databases to run the INPOL-neu and INPOL-Land information systems. Thus, the system handled the entire information infrastructure of Thüringen. Essentially, these systems store all data about people and their crimes. As a result, you can make queries like asking for warrants of a person.

This podcast lasts for 2 hours 15 minutes and goes into depth of the technologies involved. He explains the system architecture, formal procedures and the work environment. I don’t think it is particular interesting for people outside the law enforcement field or that particular area of Germany.

André Igler, Philipp Schaumann, and telegnom looked into the topic of electric mobility. André started with a few facts, I want to translate/recite his first slide:

Then André talks about the cars. An electric car is a different product. It contains more software and can be updated. At the same time, more electronics also means there are more security incidents. For example, Jeep Cherokee was taken over in 2015 via a GSM module.

telegnom then covers the current situation in Germany. There are 47.7 mio. cars and in average, cars cover 13 602 km per year. Now, telegnom estimates that 130 TWh per year are required (assuming 20 kWh per 100 km) to run all cars in an electric manner. With respect to charging, the assumption is that charging can be done at night and your personal charging wire can be connected by an electrician in your home. However, it becomes increasingly more difficult if there are more parties in one large house.

Philipp Schaumann (CCC Wien) talks about opinions which he considers incomplete/impractical. Philipp argues in favor of multi-modality, because issues with mobility won’t be solved by the electric car.

In conclusion, the talk summed up some generic arguments pro/contra electric mobility. In the end, they pointed out that their main message was “there is no single solution for the mobility problem in opposition what some politicians claim”. They somehow succeeded, but the arguments were very rough. They did not follow a scientific approach and just collected some arguments which can be found at your next regular’s table. I think it is worth watching, if you are not into the topic, but neglectible if you follow the debate in recent years more carefully.

In this English talk, “Manuel (EEL) Manhard” explains how games are used to push fascist ideology. Essentially, including Nazism content must be done very careful for moral & ethical reasons. In particular, Shoah is difficult to integrate into game play. Awareness itself is not enough. He explains the concept in general first: more people, who play Assassin’s Creed, believed the Boston Tea Party was a violent event (which it wasn’t). As such, the game defines the perception of historical facts.

In general, he discussed the following games:

Then, he shifted the discussion towards community topics:

In the end, you can find profiles in Nazi style on Steam. Also, you can find Nazi symbols whenever people can customize cars or flowers on a field.

Manuel gives the general advice to game developers that one can prevent glorification of Nazi Germany. For example, one can remove potential trophies for Nazis. One can build a storyline around WWII shooters, but remove achievements that might be abused for glorification. One interesting and specific ruleset in the one by CoQ on Discord:

In the end, one needs to take care of community management:

A quite good talk. I didn’t like the fact that the questions “in which ways does Nazi content occur in games?” and “what is Nazi content” is kept under such vague terms. I would love to see a more rigorous approach. In the end, I think the talk addresses people in the gaming community (developers and players) who need to deal with community content and can/should reflect about the story line.