Saturday, June 03, 2017

Book Review: The Wealth Paradox by Frank Mols and Jolanda Jetten

The Wealth Paradox: Economic Prosperity and the Hardening of Attitudes [Goodreads] is the right book at the right time. Short, succinct, and with hard data to prove their central thesis, The Wealth Paradox is worthy of a thoughtful read by policy makers, political operatives, academics, and in these troubled times, the general public.

The last few years have seen what Mols and Jetten declare in their preface to be a "perfect storm" in both Western liberal democracies and other countries that pretend to the democratic mantel. A combination of deep economic recessions and global crises have seen 21 million people earn the legal title of refugee and an estimated 65 million people forcibly displaced from their homes. A bit of political turmoil was bound to occur.

Readers might immediately think of Donald Trump's populist rise in the United States in the frantic few months following the British choice to Brexit. Mols was one of very few political scientists to foresee the election of Donald Trump to the presidency of the United States. His rationale forms the central thesis of The Wealth Paradox: The rise of far-right parties and political movements are not simply attributable to the poor and dispossessed but also to middle class voters with some modest degree of wealth to protect.

There are others. News watchers could not have missed the Turkish leader Recep Tayyip Erdoğan's grab for dictatorial powers after transitioning from prime minister to president of that country. In the Philippines, strongman Rodrigo Duterte grabbed the presidency with his promises to murder drug dealers, street children, and, purely as a form of collateral damage, political opponents. Russia's Vladimir Putin, like Erdoğan a former prime minister of his country and now president, went several times better by being prime minister, then president, then prime minister, and now president again. One must give him points for consistency.

All of these leaders were democratically elected. Something to notice is how close these decisions have been. Trump became the second Republican president in a row to lose the popular vote on his way to the White House. Putin won his first presidential bid in 2000 with 53% of the vote. Erdoğan won his presidential bid with in 2014 with 51.79%. Duterte won with a minority 39.1%. The referendum deciding that Britain should leave the European Union was passed with 51.89% voting to leave. In all of these cases and many more, a populist platform was adopted with nearly half of the electorates voting for the opposite.

Invoking [Godwin's Law], it seems an excellent time to recall that at the time Adolph Hitler was appointed Chancellor of Germany, he was head of a political party that had garnered a third of the seats in the German parliament by democratic means.

Why should people elect leaders who so often pursue unarguably unpopular policies, or who hold unpopular ideas? Mols and Jetten argue that enough middle class voters, those with above average incomes, do so in order to protect their own narrow interests. It is this point, and the data behind it, that makes The Wealth Paradox worth reading.

Recent votes in the Netherlands and France rejecting populist parties have left little time to celebrate. The combination of Byzantine political systems and continued strong showings by populist parties clearly show that history is not over. We may yet see a spread of their simplistic mixture of xenophobia and protectionism.

The authors of The Wealth Paradox are not, of course, the first scholars to note the connection between the middle class and populism, nor the odd (to the settled mind) desire to rip and replace an imperfect system with a new one.

The British historian George Dangerfield, writing in the 1930s about the pre-World War I actions of the Tory party then in opposition, made Mols' and Jetten's case for them. Dangerfield's crisis resulted in the partition of Ireland and the mutiny of a portion of the British Army:

The Tory Rebellion was not merely a brutal attack upon an enfeebled opponent - that is to say, political; it was not merely the impassioned defence of impossible privileges - that is to say, economic; it was also, and more profoundly, the unconscious rejection of an established security. For nearly a century men had discovered in the cautious phrase, in the respectable gesture, in the considered display of reasonable emotions, a haven against those irrational storms which threatened to sweep through them, And gradually the haven lost its charms; worst still, it lost it peace. Its waters, no longer unruffled by the wind, ceased to reflect, with complacent ease, the settled skies, the untangled stars of accepted behaviour and sensible conviction; and men, with a defiance they not hope to understand, began to put forth upon little excursions into the vast, the dark, the driven seas beyond.
(George Dangerfield. The Strange Death of Liberal England. Stanford University Press, 1997, pp. 122-3.)

Dangerfield could have been writing about today's political challenges. We find ourselves coming off of an unprecedented post-war period of established security that, when buffeted by the "perfect storm", resulted in rejection. It is little wonder that his book became the archetypal modern history.

Worrying, too, is the lesson learned by unrepentant socialist Christopher Hitchens. Visiting his literary superhero Jorge Luis Borges in his unhappy home in Buenos Aires, Hitchens read at Borges' request Rudyard Kipling's "Harp Song of the Dane Women" whose opening verse:

What is a woman that you forsake her
And the hearth fire and the home acre
To go with that old grey widow-maker?

so beautifully gets to the beating heart of the human male's yearning for adventure, and the the acceptance of the accompanying risk. Hitchens was dismayed that his idol "heartily preferred" the "gentlemen" of the brutal and populist regime of Juan Perón who abused both his family and himself. Borges, for all his stunning illumination of human foibles, himself fell in his old age into a sort of populist Stockholm Syndrome.

Herodotus noted millennia ago how to react to those protective of their wealth. "Great wealth can make a man no happier than moderate means, unless he has the luck to continue in prosperity to the end... Now if a man thus favoured died as he has lived, he will be just the one you are looking for: the only sort of person who deserves to be called happy. But mark this: until he is dead, keep the word 'happy' in reserve. Till then, he is not happy, but only lucky." Those voting for populist leaders should carefully note the warning. Pursuit of short term interests must be carefully weighed with longer term consequences.

No, the The Wealth Paradox is not entirely new. It is up to date, well researched, and particularly timely.

The 191 pages of main matter make The Wealth Paradox a respectable size for an audience uncomfortable with lengthy prose. Forget War and Peace: One sometimes wonders how many years will pass before the last undergraduate slogs to the end of Kafka’s The Metamorphosis at 55 pages, or the 64 pages of Robert Louis Stevenson’s The Strange Case of Dr. Jekyll and Mr. Hyde. No time have we in these days of Internet-connected pocket supercomputers for the massive 4,736 pages of Winston Churchill's The Second World War. Even our academics must adjust to doling out words short enough to absorb during a commute or a visit to the toilet. But perhaps I simply suffer from last century's skills. As Kurt Vonnegut so ironically juxtaposed his writing with Abraham Lincoln's Gettysburg Address in his geriatric romp A Man Without a Country, "I am windy".

Sunday, April 23, 2017

The Sorry State of Browser Privacy

Every one of the estimated 3.7 billion Internet users should be concerned that the vast majority of their searches, the contents of their shopping baskets both on and off line,  often their location, and, by careful statistical analysis, their associates are exposed to the corporate desires of the likes of Google, Microsoft, and Facebook. This information, once collected, is available to law enforcement agencies in many international jurisdictions. Some governments additionally collect information directly to spy on their citizens. One might also consider that logs of private information are also ripe for hackers, paid by organized crime or governments, who break into notionally "secure" systems.

Our mobile devices are also directly inspectable by customs agents when we cross international borders, and in some jurisdictions by police on the street.

Those who say that they have no care for privacy on the Internet have seemingly no idea of the abuse to which such information may be put. The Holocaust was perpetrated by a vicious regime primarily on the basis of household religious indications from a century of national census collection. No government of the past has ever had access to the amount of information available about the location and habits of individual citizens.

How can we possibly protect ourselves from a technically savvy authoritarian government that is willing to abuse this treasure trove of data?

Our browsers, those critical tools for our daily lives, are not currently our friends. They are the portal by which our personal information flees to corporate and government interests.

There are two fundamental approaches to securing our personal information in browsers. The first and easiest is to avoid recording your history from your local device. This is the primary tool behind browsers' privacy modes such as Firefox's private mode or Safari's incognito mode. No having local data will provide some level of protection if your phone or computer is seized.

Removing or avoiding local data storage does nothing to protect you from Web analytics companies who use data your browser happily sends to them during an online session. Advertising companies install trackers into their ads that are implemented in the JavaScript language understood by each browser. That computer code can and does read as much information as it can find, and combine it into a full picture of your individual browser through a process known as browser fingerprinting. It is this fingerprint, good perhaps to identify one person in tens of millions, that your browser happily passes back to the companies that asked for it.

The Electronic Frontier Foundation (EFF) has made a useful tool called Panopticlick to test browsers vulnerability to online tracking. The odd but fitting name is a reference to the Panopticon, a type of jail designed in 1787 by English philosopher Jeremy Bentham. A single jailer could see a large number of prisoners in the Panopticon.

This post reports on a series of Panopticlick tests on a variety of browsers. Desktop browsers were tested on a MacBook Pro. Mobile browsers were tested on an Apple iPhone 6 and a Sony tablet running Android Marshmallow.

Panopticlick asks four questions of browsers:
  • Is your browser blocking tracking ads?
  • Is your browser blocking invisible trackers?
  • Does your browser unblock 3rd parties that promise to honor Do Not Track?
  • Does your browser protect from fingerprinting?
A perfect browser would respond in the affirmative to each question, and a report might look like this:

Ads Trackers DNT Fingerprints
My good browser yes yes yes yes

A browser that failed all four tests would have a negative report. The last question would be answered by noting that a unique fingerprint could be calculated:

Ads Trackers DNT Fingerprints
A terrible browser no no no unique

It is naturally possible for some browsers to provide partial implementations to block tracking ads or other trackers. Partial implementations are marked in yellow.

Desktop Browser Tests

Tests were performed on an Apple MacBook Pro, running MacOS Sierra version 10.12.4.

Safari version 10.1 (12603.1.30.0.34)

Ads Trackers DNT Fingerprints
Safari (Mac, default) partial partial no unique
Safari (Mac, private browsing, default) partial partial no unique
Safari (Mac, private browsing, block cookies and website data) partial partial no unique

Chrome version 57.0.2987.133 (64-bit)

Ads Trackers DNT Fingerprints
Chrome (Mac, default) yes no no unique
Chrome (Mac, EFF Privacy Badger installed) yes yes no unique
Chrome (Mac, incognito mode, default) partial partial no unique
Chrome (Mac, incognito mode, block cookies and website data) yes yes no unique

Blocking all sites entirely using manual control of Privacy Badger yielded the same results as having Privacy Badger installed.

Safari’s incognito mode blocks plugins including Privacy Badger, so using plugins is ineffective to increase privacy on Safari.

Firefox version 52.0.2

Ads Trackers DNT Fingerprints
Firefox (Mac, default) no no no unique
Firefox (Mac, EFF Privacy Badger installed) yes yes yes unique
Firefox (Mac, NoScript installed) yes yes yes yes
Firefox (Mac, private mode, EFF Privacy Badger installed) yes yes yes unique
Firefox (Mac, private mode, NoScript installed) yes yes yes yes

Firefox’s private mode does not block plugins, so Privacy Badger could be used with private mode. 

NB: JavaScript was disallowed for panopticlick.eff.org with NoScript; disabling JavaScript is a key way to avoid trackers. Unfortunately, it is also a key way to break modern Web pages.

NoScript maintains a white list of common sites to minimize the breakage of legitimate JavaScript functionality. It blocks all others, but gives a useful user interface to allow exceptions. As shown in Figure 1 below, most sites are analytics trackers such as Google Analytics, Facebook, and Doubleclick.

Figure 1. NoScript's list of recently blocked sites

Mobile Browser Tests on iOS

Tests on iOS were performed on an Apple iPhone 6, running iOS version 10.3.1.

Safari iOS version 10.3.1

Ads Trackers DNT Fingerprints
Safari (iOS, default) partial partial no unique
Safari (iOS, private browsing, default) partial partial no unique
Safari (iOS, private browsing, block cookies and website data) partial partial no unique
Safari (iOS, Disconnect Privacy Pro installed and VPN active) yes yes no unique

Firefox iOS version 7.1 (2565)

Ads Trackers DNT Fingerprints
Firefox (iOS, default) no no no unique
Firefox (iOS, private mode, default) partial partial no unique
Firefox (iOS, Disconnect Privacy Pro installed and VPN active) yes yes no unique

Firefox Focus iOS version (current as of 17 April 2017)

Ads Trackers DNT Fingerprints
Firefox Focus (iOS, default) yes yes no unique
Firefox Focus (iOS, “Block other content trackers” option on) yes yes no unique
Firefox Focus (iOS, Disconnect Privacy Pro installed and VPN active) yes yes no unique

The motto for Firefox Focus is “Browse, erase, repeat”, which shows its focus on erasing local history.

Chrome iOS version 57.0.2987.137

Ads Trackers DNT Fingerprints
Chrome (iOS, default) no no no unique
Chrome (iOS, incognito mode, default) no no no unique
Chrome (iOS, Disconnect Privacy Pro installed and VPN active) yes yes no unique

Opera Mini iOS version 14.0.0.104835

Ads Trackers DNT Fingerprints
Opera Mini (iOS, default) no no no unique
Opera Mini (iOS, “Accept Cookies” turned off and “Block Pop-ups” turned on) no no no unique

EFF suggests rather concerningly, “switching to another browser or OS that offers better protections.”

Mobile Browser Tests on Android

Tests on Android were performed on a Sony Xperia Z2 Tablet SGP511, Android version 6.0.1 (Marshmallow), kernel 3.4.0-perf-gc14c2d5

Chrome Android version 57.0.2987.132

Ads Trackers DNT Fingerprints
Chrome (Android, default) no no no unique
Chrome (Android, incognito mode, default) no no no unique

Firefox Android version 52.2

Ads Trackers DNT Fingerprints
Firefox (Android, default) no no no unique
Firefox (Android, private mode, default) yes yes no unique

Opera Mini Android version 24.0.2254.115784

Ads Trackers DNT Fingerprints
Opera Mini (Android, default) yes yes no unique
Opera Mini (Android, private tab, default) yes yes no unique

NB: Opera Mini tested “no” in all categories last week, but Opera seems to be adding an effective ad blocking technology, which seems to have come to Android before iOS.

Disconnect free edition for Android (no version number, as of 23 April 2017)

Ads Trackers DNT Fingerprints
Disconnect in-app browser(Android, default) partial partial no unique

NB: Disconnect Pro/Premium versions were not tested on Android because I was borrowing the device and didn't want to buy my friend a $50 subscription.

Conclusions

One clearly needs to shop around to find a browser that will protect your privacy. That is easier on a computer than on a mobile device.

The combination of Firefox and the NoScript plugin was the only way discovered to pass all EFF tests, and that combination is only available on desktop and laptop computers. That is a shame given the power performance of Safari, or the Google app integration with Chrome.

There is no apparent way to avoid browser fingerprinting on iOS or Android.

Apple users seem to have a choice between the new Firefox Focus and installing (and using!) Disconnect Privacy Pro. It is easy to forget to turn on Disconnect's VPN. There is a cost, of course, but that should be nothing new to Apple users. Better privacy is part of what we pay for with Apple. It is surprising that Apple hasn't done with browser privacy what they have done with server-side encryption of user data.

Android users fare reasonably well using either Firefox's private mode or (surprise!) the new Opera Mini. Both browsers have decent blockers for ad trackers and other online trackers. Unfortunately, neither option does a thing to stop browser fingerprinting. In 2017 and beyond, blocking direct tracking is just not good enough. One cannot help but wonder why one needs to use Firefox's private mode to access apparently built-in functionality.

In summary, be careful. Practice safe computing to avoid infections of one form or another. It might be wise to both use a browser with good privacy support and also to check the status of updates once in a while.

We remain with poor tradeoffs. Should we increase privacy and suffer inconvenience, or opt for convenience? Unfortunately, I am sure I know what most people will do. Browser vendors, especially the Mozilla Foundation, should ensure that privacy protection is enabled by default. Action against browser fingerprinting is urgently needed.

Your privacy is in your hands.