Taylor

@T2

A privacy and open source advocate. Always looking generate discussion about digital privacy to help better define it and spread the word.

6,041 words

Thank
You'll only receive email when Taylor publishes a new post

Pluralistic Privacy - Why I Love Firefox Container Tabs

April 8, 2018

Relative Privacy

In a previous, more lengthy article of mine, I explored in depth why privacy cannot be understood merely as something with a singular essence.  This is an idea which Daniel J. Solove develops extensively, but the difficulties in coherently defining privacy boils down to two main points:

  1. A definition which includes only information you consider 'intimate' can be either too narrow or broad and varies greatly depending on who you ask
  2. A definition which includes 'the right to be left alone' is too broad, and can be extended to an extreme degree where anything and everything is intrusive

In either case our conception is either too broad and vague, or too restrictive. As a result, it is more effective to define privacy as a set of issues with a "family resemblance," meaning that while there are a broad range of definitions for privacy, they are all interconnected with one another. 

For example, you may be ok with the government collecting the individual phone numbers you call, but the way that data is processed and aggregated reveals information about your race, religion or political ideals, which further gets sold (disseminated) to third-parties to target you or others (see: Cambridge Analytica and Facebook) for their own gain. 

You may not find yourself at issue with the collection or even its processing ("I have nothing to hide!"), but many people seem to draw the line at the dissemination of their aggregated data, especially when done without their consent.

Separate Your Online Lives

In comes Firefox Multi-Account Containers, my favourite browser extension for browsing online and enhancing my privacy. On top of other fundamental privacy enhancing browser extensions, these containers help you better lockdown your browser. While a bit more of a hassle to set up, especially due to the fact that it does not sync with your other devices, I find it actually enhances my browsing experience while also being able to remain decently private. 

I can separate my online lives from one another, meaning I can still save the cookies from Amazon for easy login and shopping, but not risk them tracking me away from their site. The cookies for Amazon in this case only exist in the "shopping" category of my browser, and cannot touch my "banking" section or even skim any of my general searches done through DuckDuckGo.

Since everyone can feel so different about what they'd like to keep private, it is important to be flexible to a multitude of needs, and these containers do exactly that. Most people could agree that Amazon has no business in knowing what I search for outside of their website, even though they may claim it is for my benefit to give me better recommendations. 

This is even more true of social media sites such as LinkedIn, that likely track your social media email contacts when you allow their cookies to sit within your browser. Of course, this is all in the name of better connecting you with people you know. Unfortunately, these social media sites likely share and connect data regardless of whether you allow cookies, quarantine them or not. Though, it doesn't hurt to at least make it harder for them.

Separate All The Things - Achieving Privacy and Lockdown Security

On a closing note, to take it to the next level, Qubes OS is likely the next stop for those looking to truly keep online lives separate from one another. It is a linux-based operating system that is free to use and open source.

Qubes allows you to completely separate and compartmentalize the applications and functions of your computer. That means you can quite literally have an application installed multiple times and have each of them used strictly for different purposes. 'Qubes' are like opening separate application windows, except each window is an isolated instance of the whole operating system for your programs to run in, like having a different computer for your work, social and banking (called virtual machines). An overly simplistic explanation, but you get the picture.

This way, if a virus compromises your system, it is really only taking hold of that single qube and not the entire system. You can do your banking and keep it completely separate from your social qube or your work qube and never fear that you are leaking information between them.

The icing on the cake is that it features disposable qubes that completely erase themselves after you close them, so if you're not so sure about an email attachment you have received, you can open it safely in an isolated digital environment.

Convenient? No, but...

The biggest downside of these two things is that they are a bit cumbersome, but they both represent well what privacy is all about, and that is that is the ability to better control your information. 

Technology has quickly crept up on us and provided us with some incredibly convenient services, but it has also made us forget that we all do in fact value our privacy to some degree. The crux of the issue is just that, and while some would like total separation between different parts of their lives, many can agree that at the very least that they value consent and the ability to decide whether they would like to share their information. 

This has increasingly not been the case with convenient technology, consent is not longer required, and many digital services have free reign over aggregating and analyzing our digital lives.

An Easy Guide to Privacy Basics for Browsing Online - Part II

April 8, 2018

Welcome to Part II of this guide, if you missed Part I, you should check that out first.

Okay, So Some Assembly is Required

The following suggestions require some effort, although minimal, and require no upkeep once you get them going. As a result, these tools are a bit more powerful in locking things down.

Firefox Profile Maker

If you are using Firefox (you should), then the FF profile maker allows you to easily adjust your browser's about:config file with pre-set privacy oriented settings and explains what each of them do. These settings include; disabling webRTC, disabling malware scans, disabling browser pings, and even installing many of the extensions mentioned here and in Part I.

Firefox Multi-Account Containers

Probably my favourite extension of the bunch because of the power it puts into your hands, though it is often overlooked and underrated. This extension allows you to carve out a separate 'box' for each of your online lives, meaning you can effectively quarantine certain sites into their own separate instances. It's like opening a new browser for particular sites (while only having one browser open), this way you don't need to worry about Google or Facebook taking a look at your activity and track you in other tabs.

(In fact, Mozilla released a version of this set up just to quarantine Facebook. If you really do not want to take the time to set up categories for all of your frequent sites. Or if you're still using Chrome...)

It requires some setup, and how tedious it is depends on how much you want to separate things. For example, I have separate categories for every website I frequent (i.e. Google, Facebook, Shopping, Reddit/Twitter/news, banking, etc.) I keep all of my shopping sites together in their own container, because I don't really care if Amazon knows if I'm on Ebay or to Newegg, but it sure as hell does not need to know what's going on with my financial windows. I keep LinkedIn away from my email and social accounts (even though it is a bit futile), and much more.

The worst part of this extension though is that your settings don't sync between devices! (Mozilla please change this!) So you'll need to set it up for each one.

Cookie Auto-Delete

My second favourite extension. A perfect match with Firefox containers, this extension does exactly what it says on the box.You can protect yourself from cookies by having them automatically removed, and only save the cookies you want for the sites you would like to stay logged into (they are useful for something!). It comes with the ability to only save cookies for particular Firefox containers, meaning you can save your login cookies for Google, while also keeping Google quarantined in its own container away from any other sites you visit!

(Although this extension also suffers from the Firefox containers sync problem!)

Obviously requires some setup, as you need to pick each and every site you want to save cookies on (if any), which is important if you'd like to stay logged in anywhere.

A VPN

There are an overwhelming amount of VPN's to pick from, but I'm not here to make a particular recommendation. What I do recommend is checking out ThatOnePrivacySite to make your own choice on a VPN that's right for you. It has an extensive catalogue of VPN services and ratings on various aspects of them. 

VPN's allow you to route your internet traffic through encrypted channels, which is especially important if you ever connect to public wifi networks. VPN's are not free, and many of their advertising strategies are sketchy to say the least (be wary of online recommendations from web publications, they are mostly paid for). Remember, with a VPN you are routing your internet traffic through someone else's server, so be sure to find a VPN service that claims not to keep logs of users browsing history.

VPNs are easy to use, but are not free and do not guarantee privacy, so you should do your own research here

(WARNING: NEVER use a free VPN service, please! You are routing your traffic through someone else's machine, they are likely profiting from your data and/or keeping logs of your internet traffic.)

-- free trials of paid services are fine though

DuckDuckGoSearX and many others

Although these search engine recommendations here don't require any 'assembly,' they are no doubt larger undertakings for some people and sacrifice some of the supreme convenience of Google. DuckDuckGo (DDG) claims not to collect any data on you or your searches or save your search history. They use no cookies on their sites, except when you make settings changes and want to save them (not used to identify you). They do not target ads towards you based on your search history, like Google is so famous for. Instead, they feed you ads (if you allow them) only based on what you search (e.g. if you search for 'car' you will likely see a car ad)

(I emphasize 'claim' because that is frankly all they can offer us, and for some that won't be enough, though there are some tradeoffs to be made when it comes to search engines and their features.)

DuckDuckGo has a fantastic feature called 'bangs,' which allows you to turn your Firefox search bar into the ultimate search tool. It allows you to search hundreds of websites in a single place with simple prefixes such as !g (for Google search, if you dare), !maps (Google Maps), !w (Wikipedia), !a (for Amazon) and much more. You can make DDG your default search in Firefox by going into hamburger menu (top right of browser) > Options > Search > Default Search Engine.

SearX is unlike DDG in that it actually mixes your search queries on other search platforms without storing the data, meaning there are no logs on their end or in your browser. Despite being best option for privacy of my two recommendations, I am personally not a fan due to its severe lack of features.

Beyond Privacy

For most people, it is more than reasonable to take it upon themselves to at least install the basic 'out-of-the-box' extensions from Part I. There really is no good reason not to, they do not slow your browsers performance (and in fact actually reduce loading times of sites) and protect you from data harvesting advertisers, websites, cookies and even your own Internet Service Provider (ISP).

The extensions here in Part II require a little fiddling around with, so they don't warrant the same 'no excuses' attitude. Though more savvy users will notice I have left out some crucial things. This is on purpose, mostly because this was meant to be a simple, comprehensive look into basic and convenient privacy

I'll finish this off with a mention of some of the more advanced tools. I admit I do not use the following extensions and tools, mostly because I also value convenience and ease-of-use. These following extensions will break some websites, though they are the undisputed champions of protecting your online privacy (in conjunction with the extensions in this guide), security and even granting anonymity (e.g. Tor Browser). 

NoScript

Completely cuts out the use of Javascript from websites, which can leak your information. This breaks most websites functionality, since many rely on JS for many of their features. You can add exceptions to sites you trust, though this is requires more fiddling than many people like to do. 

DuckDuckGo has a non-JS version of their site, though you lose some features.

uMatrix

This extension gives you a crazy amount of control over your browser, from where it is allowed to connect, what type of data is allowed to download, and what kinds of tasks it is allowed to execute. By default this extension operates like NoScript and blocks all 3rd party scripts, and you must create exceptions to allow sites to use them. 

Tor Browser

A fork of the Firefox browser that protects you by bouncing your communications to the internet around a distributed network of 'relays' all around the world. This stops sites from learning your physical location and stops anyone from watching your connection to the internet, as it hides you among the other users who use the network. Unfortunately, some sites do block access to them if you use Tor, and it is markedly slower than your average browser due to how it functions. This browser achieves a degree of anonymity, but still is not perfect.

An Easy Guide to Privacy Basics for Browsing Online - Part I

April 8, 2018

It used to be the case that you had to sacrifice quite a bit of your time in order to properly consider your privacy online. Once Google Chrome took the internet browser scene by storm, it was hard to justify using anything else to browse the web considering the performance and convenience that you had to give up in order to use an alternative.

Today, many people are wary about just how much Google and Facebook know about you and how much they track you, most recently with the Cambridge Analytica scandal and  the discovery of Google Chrome scanning your computers files for viruses, taking analytics from the results. The problem in both these cases is a lack of user control and consent, neither Google or Facebook do well to notify their users that their data is being scraped (especially egregious in the case of Facebook). 

The problem is, too many people don't know where to start with protecting themselves, as there exist a lot of options for doing so, it can be overwhelming and difficult to understand for the casual user. (If you know someone who is  is interested, but overwhelmed, lead them here!).

Until recently, alternatives such as Firefox paled in comparison to Chrome's speed and feature set, which included integration with their omnipresent Google services (search, maps, etc.) which have become an increasingly essential tool in our lives. Though with the latest release of Firefox Quantum, you no longer have to sacrifice having a fast browser to have one that does not scrape your data without your consent.

I won't spend any more time on what has already been beaten to death online already regarding these privacy issues, and even though there are a plethora of resources regarding how to defend yourself, many do not stress just how easy and convenient this is to do. 

There are no more excuses. Taking at least a minimal amount of consideration for your privacy (and security) is now easy, as the majority of these tools are free, open source (auditable by the public), and work 'out-of-the-box.' Download Firefox and get started.

No Assembly Required

The following set of suggestions require zero set-up and low technical knowledge. Still, many of them are feature rich and can be tooled with to give you even better protections. Seriously, all you need to do is download them through your browser's add-on store (just click the links below if on Firefox).

HTTPS Everywhere

To be fair, most major websites default to HTTPS today, but it still doesn't hurt to have this extension. It ensures you are always using a secure and encrypted connection to websites by rewriting the request when you access it, so even if you intentionally typed http://, it would still direct you to https://. Though this does not protect you from third-party or external content which websites may use and implement (e.g. externally hosted images, advertisements and the like - leave that to our next extension).

uBlock Origin

Although this adblocker works as intended straight out of the box, there is more than meets the eye here. It allows you to block 3rd-party scripts, add additional filters for certain domains, and whitelist sites you wish to support by viewing  their ads (e.g. specific Youtube channels). It is quite powerful, but is a great low-profile ad and tracker blocker with no setup needed.

Privacy Badger

Plain and simple, the extension automatically sends the 'Do Not Track' header with each website request and evaluates the likelihood that you are still being tracked afterwards. If it determines you may still be being tracked by certain aspects of a site, it will automatically block them. I have yet to see this break any sites I use.

Decentraleyes

Blocking 3rd party content delivery has been a theme here so far, though actually blocking the content and stopping sites from making you load files through large third-party services like Google Hosted Libraries can be difficult and break sites. Websites rely on 3rd-party content hosts to lower upkeep costs of their sites, so they do not need to locally store the content themselves.

This extension comes bundled with a bunch of commonly used files and serves them locally (from your computers storage), stopping sites whenever they try to fetch them from somewhere else. It stops you from potentially being tracked by making such requests to networks for these files.

Don't touch my tabs! (rel=noopener)

In short, this extension adds the attribute rel=noopener to hyperlinks which open a new window or tab. In English, this means that it prevents any new windows/tabs from accessing the previous window. This stops advertisers from accessing information from other tabs and from potential hackers producing fake login page from the service you navigate away from.

(e.g. say you clicked a link on Twitter and it opens a new tab, the site you opened won't be able to touch the old Twitter tab in any way)

CanvasBlocker

This extension prevents website from using the Javascript canvas API to 'fingerprint' (identify your computer, OS, browser) you and be used for further tracking purposes. Many sites use Javascript to display content and images, though every computer generates this content differently, so you may be tracked and identified this way. By default, it is set to fake the readout of the API, meaning a different readout is given every time, so a site can't assign one unique fingerprint to you.

There's More to Be Said

With these extensions you can be reasonably private, as you will halt many trackers and stifle fingerprinting. Though there are other ways in which you can be tracked and profiled, namely your IP address/internet traffic, search engine (Google) and cookies.

It is also important to note that none of these extensions grant anonymity, these extensions just make it a little harder than usual to identify you and 'connect the dots' with your activity.

If you'd like to find out how to enjoy even more privacy, and get a sense of what it takes to become anonymous, then continue on to Part II.

Pitting Privacy Against Security: Do You Have Something to Hide?

April 8, 2018

Seeing Both Sides

The internet is a place ripe with extreme reactions to just about anything. A short browse on almost any social space will be full of vitriol regarding some topic or another. It is a hotbed for extremism, and too often people do not practice critical thinking, which is incredibly dangerous in a place that is such a firehose of information that can be easily manipulated, poorly reasoned or sourced. 

A majority of the arguments you see on the internet involve the act of both sides 'talking past each other,' with neither side really coming to any sound resolution. This is also in part due to neither side presenting arguments which engage with one another, merely using the large talking points of their position to 'talk down' or patronize the other.

This also sums up partially how I regard the 'debate' of digital privacy and security online. For many of those who are tech enthusiasts, especially in the realm of the Free/Libre and Open Source community (FLOSS), the 'other side of the coin' in the debate about privacy is not a debate at all, merely dogma. While I find myself in strong agreement with most of the community about the importance of digital privacy and security, I am extremely wary of echo-chambers and always remain open-minded and cautious of opposing thoughts and arguments. In fact, I enjoy seeking out such opposition, if only to stir the pot an get people thinking critically about their values.

In this article my aim is to examine a counterargument for privacy, and an interesting one at that. What I hope to achieve here is to actually strengthen the argument for privacy by giving a charitable look at such an alternative. Also, to get people thinking about these alternatives in order to stir up more enriching discussions.

An Argument to Expand State Surveillance Powers

Philosopher James Stacey Taylor in his paper, In Praise of Big Brother: Why We Should Learn to Stop Worrying and Love Government Surveillance, pits privacy against security. His argument will make every privacy advocate recoil, as he argues that we should encourage the expansion of surveillance powers in the public and private domain.

Any worries about this alarming proposal can be quickly dispelled by Taylor when we consider the widely held view that, in certain circumstances, it is morally permissible for the State to secure information about past events. For example, it is morally permissible for the State to acquire information by compelling witnesses to testify on past events in criminal trials (i.e. subpoenaing witness to disclose info, installing surveillance devices to monitor those suspected of crimes, etc.). Though, the State may only use hindsight to determine what info is morally permissible to have access to (determining what info is relevant to collect for a case). Given this, the state is in principle morally permitted to place citizens under constant surveillance. (!)

It doesn't stop here, Taylor also wants to argue that a State using such surveillance would actually be morally preferable to one where it did not. As such a State would have reduced crime, justice would be better served, and fewer costs would be imposed on witnesses. If we can accept that the state may perform surveillance if they have sufficient suspicions of criminal activity, then there should be no moral bar to their gaining records of past events that may have been generated via pre-existing surveillance devices.

Again, it is important to note that the State would be restricted on their ability to access the data on pre-existing surveillance devices and would also need subpoenas to review it. Thus agents of the State may only use hindsight to determine if it is appropriate to access such data. This means that the State does not have easy access to all the data that it collects, only what it may determine is morally justified to access. Furthermore, that the State may only secure the minimum amount of information that it needs for its legitimate purposes (i.e. only enough to provide sufficient evidence).

This argument supports the notion that the State may find justifiable reasons to place surveillance devices inside someone's home, though it does not support doing so without their consent (unless they have probable cause to do so). The idea is that it could be beneficial to your own safety and that your privacy would be respected (no one is unnecessarily watching). It attempts to place reasonable limits on surveillance when it ceases to be morally justifiable.

The advantages of such surveillance are plenty, witnesses would no longer be required for cases, and better justice could be served by eliminating the need to rely on potentially unreliable human witnesses. Judges would not need to further make judgements on the reliability of witness testimony, as the facts of events could be laid out and taken at face value, free from the potential biases of the judges themselves or the influence of a lawyers cross-examination.

Unlike in Orwell's 1984, people would not be under constant surveillance, because no one would be actively watching. So crime would not be deterred by the fact that they may be caught while in the act, but rather by the likelihood of being identified for committing the crime because it was previously recorded. This would be beneficial because it would also deter police officers from extending the limits of their authority to catch criminals or suspects.

The Human Variable - The Abuse of Power and Information

Taylor is well aware of this objection and addresses it in this same paper. As has been stated, the State would be restricted from abusing state surveillance to actively watch people. Though he claims that what we object to is the abuse of state surveillance, which is quite different from objecting to State surveillance itself. He believes that the risk for abuse is outweighed by the potential benefits of such a system to society.

Importantly, he notes that if the state were prone to abuse its citizens in this way prior to the installations of such a system, then there is cause for concern for the consequentialist who weighs these pros and cons. It is equally important, that the consequentialist must also realize that the state does not even require such a surveillance system of surveillance to persecute and oppress its citizens.

Do You Have Something to Hide?

The final two objections are that such a system of surveillance would violate the privacy of the people subjected to it and that it would compromise their freedom and autonomy.

Neither of these are sound objections according to Taylor.

The first objection misunderstands the limits of this surveillance, since the State would only have access to the information surveillance devices gather when it is morally permissible to do so. Also, that the argument rests upon the fact that there are no new introductions of privacy violations that do not already exist.

He also argues that privacy is a relative notion, that things are private relative to certain people. Crucially, That there are times when private information must legitimately be disclosed.

(e.g. the chequing account you have with your significant other is not private relative to them, but is private from your colleagues) 

Furthermore, it would not threaten the autonomy of citizens because they are not being constantly watched or judged. If they are law-abiding, then they should recognize that the State has no cause for access to such surveillance. Therefore there is nothing to hide, especially if you are not breaking the law.

Why it Doesn't Matter Whether 'You Have Something to Hide' - Pinning Down What Privacy Means

The argument that 'you have nothing to hide' is a common one, and frequently made in defence of such arguments for government surveillance. Of course, 'I have nothing to hide' because I have done nothing illegal, but this really only tackles a small aspect of privacy. Much of Taylor's argument still rests on this notion. We should have nothing to fear if we do nothing illegal, especially if no one is really watching.

There is an endless amount of variations to such arguments, many of which can be found in detail in Daniel J. Solove's paper "I've Got Nothing to Hide" and Other Misunderstandings of Privacy. 

One of the most important points from Solove's article is that arguments such as those made by Taylor mischaracterize privacy. Namely, claiming that privacy is something which is only important to people if the information kept secret would somehow be detrimental to the person if revealed. 

A major part of the defence of privacy comes with its definition, which as Taylor noted, can be highly relative. What we consider strictly 'intimate' information can change from person to person, so this can be either too narrow or broad a definition. Conversely, we cannot conceptualize privacy as 'the right to be left alone,' because what that may entail is far too broad. We are once again thwarted by relativity. 

But there is a solution, Solove points out, that we should accept that privacy is not reducible to some singular essence; but rather a plurality of different things that do not share one element in common, but bear a 'family resemblance' from one another. 

(i.e. the differences between, but very connected nature of: information collection, processing, dissemination and privacy invasions)

For example, you may be ok with the government collecting the individual phone numbers you call, but the way that data is processed and aggregated reveals information about your race, religion or political ideals, which further gets sold (disseminated) to third-parties to target you or others (see: Cambridge Analytica and Facebook) for their own gain. You may not have anything to hide about your likes on Facebook, or even how those like can be aggregated to identify you, but how that data is further spread to profile you could be where you draw the line (and many have, with Facebook).

Taylor is assuming in his article that privacy is for hiding bad things. This is a misconception about privacy, as privacy is rather a plurality of related problems. These problems are so widespread that it doesn't even matter if no information people want to hide is uncovered. Solove notes that surveillance produces a suffocating powerlessness and vulnerability, and even though the examples I have given do not involve the State, it is easy to simply swap 'Facebook' for any government agency collecting large swaths of data. Information can be processed in a number of ways which can in fact reveal things about a person which they may have preferred stayed hidden.

Privacy is Relative

The takeaway here is that it doesn't really matter whether or not you do have something illegal to hide, rather, that there is likely some area of your life which you likely rather not have unnecessarily revealed, taken out of context, or collected at all. Each of these issues is unique, as some people haven no issue with a bank collecting their info, for example, but will change their attitude if the bank spreads that info that had is separate from the initial collection. These kinds of examples can be given endlessly. 

Further, with no limit on government surveillance and the willingness of many people to simply concede that they 'have noting to hide,' they leave themselves without any reasonable expectation of privacy from their government. Meaning that anything you say or do will likely be used against you, leaving you overwhelming vulnerable to the State's will.

The potential effects on free speech and free association are plentiful and chilling to consider. Though, one of the more powerful points to consider is that you having 'nothing to hide' also assumes that everything you have done (since you may be being watched) or will do will always be 'kosher' with your government. With such a concession you admit that you are sufficiently boring to be left alone, and there's nothing wrong with that, but realize that that point alone reveals that our actions, words and associations should always fall in line with those in power.

Privacy being as relative as it is highlights the need for varied discussion on the topic. However, notice that in this discussion so far, I have not properly refuted Taylor's point regarding the fact that surveillance could be morally permissible if the State only ever had 'hindsight' access to it. In order to refute this point, we also must raise issue with the State's ability to obtain information for cases, which is problematic, as I imagine this only obstructs justice and makes it more difficult to carry out the law. It is at this point that some bite the libertarian bullet and advocate for total freedom from the State, though I will not touch on that here, as it brings forth a multitude of further political baggage that needs airing out.

The primary retort to this point would likely be that even if no one is really watching, people would still be wary of their behaviour generally. Since privacy is so pluralistic in nature, it would be difficult to justify the extension of surveillance powers because we would never have any reasonable grounds for privacy in a court of law. The aggregation of even innocuous data can be revealing and used in potentially misleading and damaging ways. Though if the restriction to the access of this data were strong enough, it definitely seems like pro-surveillance drives a hard bargain, despite the disbelief we may have in the ability for such a system to be realistically applied.

With all these difficulties set before us, it potentially brings to light the need for a reasonable degree of privacy to be the default stance, meaning that unless we give explicit consent, there must be the expectation that what we do is private unless clearly stated otherwise. Without such a stance we are left too vulnerable, and granting the State so much power may be setting our expectations impossibly high for their ability to always act with the best interests of the people in mind.

I hope this discussion gets people thinking. Privacy is a much more complicated and varied issue than it seems, there needs to be a pluralism in the discussion itself, rather than strict dogma.


I encourage people to give a read to the two papers referenced here: James Taylor (free, but need a JSTOR account, not downloadable) and Daniel J. Solove (free download access). Also, this TED talk by Glenn Greenwald, which some of my own response is inspired by.