EFF to Comic-Con: protect our secret identities!




"an anonymity built into the culture of cons" -- Not a particularly strong assumption of any con I've gone to, outside of the simple fact that it is a large group of people, many of whom have not met each other yet. Hell, a large part of the point of going to cons is specifically to know and be known to people who share your enthusiasms.

They're making a decent point about the fact that information may be gathered, but they're expressing it very, very badly.


Being a face in a crowd is far more anonymous than being an electronically trackable ID tag with your name and other personal information associated with it.

Unless other people know who you are beforehand, their being able to see your face doesn't tell them much about you - and that doesn't even take into account the common practice of costumery and mask wearing at cons. Meanwhile, an electronic badge can be read by anyone with the proper gear, and any relevant information on that badge becomes available to them. Unlike your face, the badge could easily contain your name and other information which is easily accessed without your consent. You could not choose to withold your identity, as you can in person.

I'm not sure how this should be handled. Short of making sure the electronic badges possess no identifying personal information to snoop on, the only option that comes to mind is personal area jammers, making it impossible to read to the RFID at anything except extremely close range.


Using tinfoil to prevent spying on you, all of a sudden not so crazy?! stuck_out_tongue


In my (admittedly finite) experience, I've never encountered and RFID/QR-code/whatever system that served the logistical interests of people who were looking to get to know some of one another. Having to scribble things on napkins with the one dodgy pen the group has isn't ideal; but the suits have their business cards and everybody has at least a dumbphone (and if you don't, or rock it old school, you can bring a small notebook).

This always leads me to the suspicion that such high-tech solutions (especially the ones that cross over so directly with the material culture of the access control systems sector) are, at best, somebody indulging their onanistic technophilia without any user experience improvement. At worse, they fall under very strong suspicion of being in place for the benefit of 'audience engagement metrics' rather than the attendees.

And, given the level of punch that some of the larger cons possess as marketing vehicles for their genres, I'm sure more than a few people would love to get some good audience tracking data.

Obviously, as demonstrated by any suitably plucky stalker, even pre-digital crowds offer less anonymity than they appear to; but I always get a trifle nervous when somebody adds a fancy tech feature that is either largely useless and overengineered (eg. "If two people who both have NFC-compatible smartphones and the SomethingCon-2013 app meet they can exchange information just by tapping their badges! It'll be just like exchanging contact information, only with high system requirements and incompatiblity! Too bad that the SomethingCon-2013 app is for iOS and the only NFC handsets are Android, huh?") or explicitly about allowing entities who were previously poorly placed to gather data to gather data easily and automatically.


I don't tweet, so I'm not sure, but wouldn't using some else Twitter account violate some sort of TOS?


[quote/]How many fans would steer clear of controversial graphic novels or manga tables (or even cheesy guilty childhood pleasures) if they knew someone was creating a log of every booth where they lingered? [/quote]

The only people interested in which graphic novels you look at would be the companies trying to sell you the novels or associated materials.


Ha ha a new product springs to mind; Aluminum Con-Badge Cozies


I'm quibbling specifically with the wording of EFF's complaint. I think their appeal to expectation of anonymity is just a bit overstated and weakens their argument rather than strengthening it, and I'm disappointed thereby since the basic point about the potential for abuse is a reasonable one.

I think some copy-writer got a bit too attached to the cute "secret identity" analogy. It's a great headline and capsule summary, but doesn't work as well if taken too literally.


I won't disagree with you there (honestly, the whole genre of "Yes, I know that I don't have an 'expectation of privacy' in public; but that doesn't mean that I have an expectation of a 24/7 facial-recognition-camera-network-panopticon-hell" is unfortunately riddled with poorly phrased statements that invite stupid, mostly off-topic retorts...); but I was largely having a stab at trying to articulate the issue they bring up to my satisfaction.

As best I can tell, it comes down to the fact that most of our 'expectation of privacy/no expectation of privacy' dichotomies were laid down when 'no privacy' meant "If you draw enough attention, or somebody who cares is nearby, it might later be remembered that you were there and did X, Y, and Z; but unless it was really good, most people will probably forget pretty quickly or never consciously register you in the first place." The notion of 'no expectation of privacy' as in "There is a stenographer producing a record of everything happening in this room, presumptively the authoritative one, to be kept on file indefinitely" was pretty much confined to the courtroom, and maybe Super Important Negotiations with minutes being kept.

With technology, there has been a broad attempt to apply the (relatively loose) restrictions of the weak, fallible, human 'no expectation of privacy' to systems that offer scrutiny as precise, as long-term, and often a great deal more searchable, than anything in past systems. This produces no end of dubious outcomes (in the same way that the dodgy idea that, just because you use a webmail provider, and thus your email is technically offsite, it isn't among your 'person, papers, or effects', despite being essentially identical in use-case to 'papers'.)

Just to add to the fun, I suspect that there's a little added tension between the fact that "Cons" are a thing that many in the relevant geek communities view with some possessiveness; but the bigger ones are easily large enough, and influential enough, to attract significant outside money looking to do promotion, market research, etc. That flavor of incursion is always a rather tense affair.


Every now and then the EFF reminds why I no longer support them because they take their arguments to silly extremes.


I dunno. I've always been very aware that the commercially-run (as opposed to fan-run) cons were always very much marketing businesses, so for me this particular case feels like, in the words of Super Chicken to his sidekick, "You knew the job was dangerous when you took it!" Certainly industrial/manufacturer conventions, which is what the commercial conventions are to some degree modelled on, track every bit of data they can get their hands on because that data is part of what their exhibitors are paying for.

But, yes, if they're going to do this it should be made pluperfectly clear to people before they register, so they have the option of rejecting it and going elsewhere.


I'm quibbling

You said it. smile


Oh really? So no one would have any interest in using information about another person's personal tastes for any other purpose than making money? No one would consider defamation or mudslinging? No one would seek to use a person's private interests against their public or social image?

You don't have to be a politician who plays World of Warcraft to have people try to drag your personal life and interests into public scrutiny for some ulterior motive. A closeted homosexual might have their life thrown into turmoil being outted by some slimeball with an RFID scanner who catches them lingering at a yaoi panel. "Why would anyone want to do that?" you may ask. Any number of reasons. Personal rivalry, professional rivalry, random malice, political agendas...


This topic was automatically closed after 5 days. New replies are no longer allowed.