Domain: reputationdefenderblog.com
Stories and comments across the archive that link to reputationdefenderblog.com.
Comments · 15
-
Arms race?
It's true that this could backfire, but it could also cause a massive arms race. If politics weren't messy and dirty enough already, imagine if both campaigns were spending massive amounts of time and energy to control the other side's Google results. McCain supporters would link to dirty articles about Obama, Obama supporters would link to dirty articles about McCain, and the whole Internet would be filled with even more political links than it already is.
Heck, a really smart campaigner would just outsource the whole thing to India and have thousands of staffers constantly building links to positive and negative results.
Politics might be the one thing strong enough to overcome all of Google's attempts to stop Googlebombs.
-
Re:Why would they need basic auth?When it becomes "mostly common" knowledge that there are servers stuffed with stolen information, a second part of the criminal chain opens. Just what we need -- thieves stealing from thieves. Except here the problem is that the information (your name, address, social security number, bank account numbers) is all digital and can be copied an infinite number of times. If a thief steals from a drug dealer ("rip and run") then the drug dealer knows he's been hit and is likely to take security measures. If thief steals from an identity thief, it might not even be obvious that anything was taken until it's already too late.
This is why it's VERY important to lock down your info in the first place. There are too many leaks in the identity chain already. There's no need to give thieves information, especially if it can be stolen from one thief by another and copied yet further.
On the other hand, maybe there will be online gang wars one day between competing criminal identity theft enterprises? -
Re:yes but what's the valueWhy would someone steal the tapes? What is there value. From TFA: The stolen backup tapes hold names, addresses, Social Security numbers and health information
On the black market these days, a full identity (name, SSN, address, bank information, etc) can go for $14 each. If the tapes had full identities, that's 2 million x $14 = $28 million payday for a bunch of crooks. Even assume a "volume discount" for these guys and they're still in the many million dollar range. Even if it's just name, address, and SSN there's some value on the black market for these tapes.
When you're breaking into a vehicle filled with stuff that looks like computer equipment, it's hard to know whether the data is going to be social security numbers (valuable), credit card numbers (valuable), medical records (valuable if there's addresses and SSNs), or routine corporate records (not all that valuable). Enough data brokers are sloppy enough with their security that there's a good chance to get some identity information that has value.
These guys were either extremely lucky or knew exactly what they were doing. Or they're complete idiots who are wondering why these tapes won't play on their 8-track player. -
Re:State-wide data theft
Economists would call this a a classic "externalities" problem. It costs a company next to nothing to store vast amounts of data about you, but they don't pay the cost when your data gets spread around.
Right now, there's no reason why a company (or a state government) wouldn't keep as much data about you as it can. Hard drive space is all but free (especially relative to these types of transactional data) and big database engines can rapidly sort through the data when it's needed.
But, the problem is that you personally pay the price when a thief takes off with your name, address, social security number, mother maiden's name, etc. You are the one who has to go and call your credit card companies and pay people to remove your name from databases to clean up the mess.
I'm no fan of government regulation generally, but this seems to be the sort of problem that there's no easy market solution for. I'm quite sure that companies (and governments) would be a lot more careful with personal data if they had to personally call each victim's credit card companies and personally investigate every claim of identity theft. We probably don't need to go that far, but it makes the point. -
Re:Privacy
Even if Google were covered by HIPPA, there are still problems. HIPPA is far from a complete solution, and it's even worse when the data is in Google's hands. I've said it before and I'll say it again, Google knows too much already.
The problem isn't necessarily that Google would misuse any healthcare data -- Google has too much at stake to do anything stupid like sell personal data to the highest bidder. The problem is that any concentration of that much data in one company's hands--from email to search history to medical records--makes a very inviting target for prying government eyes and malicious hackers/crackers.
Think about it -- Google is a multinational business and Yahoo! has shown that the pressure to bow to local demands is often overwhelming (see the Yahoo!-China debacle). Even if the US passed the most privacy-protective laws, there's nothing that would stop China from leaning very hard on Google to give up records for political activists that traveled between the US and China, or even for politicians or others.
Having that much data in one set of hands is mighty dangerous, even if Google itself isn't going to misuse it. -
Re:Oddly enough...
Most Americans don't learn much about these skirmishes in school . . . . That's a pity, because the fight against the Barbary pirates was a big part of shaping the U.S. military into what it is today.
There's just not enough time in most school history classes to teach the kids something meaningful about all of the very major wars (Revolution, Civil War, WWI, WWII, Vietnam) that even some of the medium-sized wars (French and Indian, 1812, Korea) get short shrift. It's not a coincidence that Korea is called the "forgotten war." It'd be great if every high school kid had as much curiosity and interest about history as you clearly do, but it's just not the case. One survey, admittedly not very scientific, found that 57% of high school students didn't know that the Civil War was in the last half of the 19th century.
That's pretty bad. I'd much rather fix that than worry about teaching them about Barbary pirates. Maybe the right solution is more edu-tainment programming; it seems that your lesson to be taken from the Barbaray pirates is not dates and places, but more of a zeitgeist about the forces that were acting on the US in the early days. Some of that can be captured in a good period piece--think Pirates of the Caribbean, except not entirely fictionalized.
Similarly, it looks some somebody has already made silly videos about " protecting web booty" to riff on the pirate/cybersecurity theme. -
Re:So, explain ...
This isn't about spam and Google groups. It's about preventing a malicious cracker from accessing the vast quantities of data that Google has about every single Google user. These days, a full identity (SSN + bank account) sells on the black market for $14-$18, depending. Google has tens of millions of users. Not all of them have their SSNs in their Gmail, but I'll bet that a fair bit have at least one credit card number or bank password in their email archives, their search history, or elsewhere within Google's control. Plus, think of the blackmail possibilities if there were a full-scale data breach? Remember the AOL search history breach? A full-scale crack of Google's security would be several times worse.
-
Re:This isn't SE-exclusive
Even just looking at search engine queries it's possible to put QUITE a bit of data together. And Google is a natural starting point for a government to start looking for dirt on an individual. If a totalitarian government suspects that an individual is up to no good, then it just has to force Google (one company) to open up its books to figure out some good leads. Maybe he's searching for bomb-making materials, or maybe he's just searching for information about Tianamen Square. Either way, Google knows what's up and can lead the government to the next steps. Or Google can reveal if the victim has some weakness, like an embarassing disease or secret lover.
Good luck trying to figure it out without a search engine--the government would have to randomly go after sites until it happened across a match. Google is one of the key starting point for government abuse of its citizens, short of installing the Great Firewall. -
Re:This is great but...
You're right that a lot of this overlaps with the "use common sense" lessons from other contexts. But the thing is that kids really don't all have a ton of common sense. In fact, a lot of kids demonstrate shockingly little of it at times. Maybe they have it and choose not to use it, or maybe it's just not fully developed.
It's one thing to say "don't meet strange people handing out candy." It's a good lesson and one that schools should mention since a lot of parents don't remember to. Heck, when I was in elementary school (pre-Internet) they taught us that kind of basic safety lesson.
But not all 3rd graders will extrapolate from "don't take candy from strangers" to "don't expose yourself on a webcam for a 'girl' in another state." I'm sure that any future-slashdotter would figure that one out without any help, but not all kids are above average.
If this is really just adding lessons about Internet common-sense to lessons about real-world common-sense then it's probably on the net a good thing. Kids haven't developed their common sense yet and can easily get hurt by it. -
Re:Double Edged Sword
Keeping the information is the hardest part. If U-Was keeps the info then it has every incentive in the world to protect the privacy of its employees: Angry employees make bad employees and tend to leave their jobs. But, if an identity data broker keeps the information then they have every incentive to sell the data to the highest bidder, AND they are nothing but a giant target for dedicated identity thieves.
To address your other point, most (if not all) cell phones are truly "off" when they are off -- the cell company knows the last place where you connected to the network, but if you turn the phone off then you aren't tracked. The easy way to verify this is to put any SIM-based phone near your car radio and drive around a little bit. Every time you leave a cell tower's range you'll hear a burst of interference as the phone communicates with the new tower. If you turn the phone off, no bursts of interference. -
Re:This one is not.
Banks aren't the only problems. All of the giant database companies (like ChoicePoint) have giant bullseyes on their databases for hackers. They can implement all of the security measures in the world, but the data will still leak out with all of the negative consequences.
Each data broker intentionally has all of the information that's required to open any kind of loan account, from a credit card to a car loan to a marker at a casino. And so all it takes is one clever hacker to get that data out for a few thousand (or a few tens of thousands) of customers and *poof* he's able to create tens of thousands of fake loans by impersonating the customers whose information he just stole.
Until we see some legislation regulating security for data brokers we'll never see the end of identity theft. -
Re:Is it possible...
There are plenty of people outside Redmond who still hate Google.
Some people are upset with the recent Google-Youtube-China situation. It's obviously not entirely Google's fault, but it's not a comfortable situation.
Lots of people think that Google has serious privacy problems. Not everyone thinks these are limited to its own data collection either--sometimes Google knows too much.
Some people think Google mis-manages its Adsense platform and hurts small publishers.
And lots of people are upset about PageRank -- from those who get a zero PR for no clear reason, to sites that get dropped, to anti-hate groups that dislike it when pro-hate groups get high rankings.
I don't know if any of those are GOOD reasons to hate Google, but plenty of people DO. -
Re:Basic hosting.
There's nothing inherently private about posting on the open Internet. If anything, Facebook provides at least a plausible privacy shield against employers finding embarrassing photos: Don't join networks and set your privacy settings high. Something on the open Internet is out there for Google to find and the world to know. Of course you could robots.txt, but then you lose the "personal brand" aspect above. Or you could give out usernames/passwords to your friends, but that's a giant pain and doesn't scale well. There are some benefits.
-
Room to shape personal brand
The thing about Facebook is that it only knows the information you tell it. If you want to shape your "personal brand" (to use the author's term) on Facebook so you appear to be a sophisticated scholar of the finer things in life, then you're free to do so. Similarly, you're free to make yourself appear to be a slacker, an emo kid, an anarchist, or whatever other image you can come up with.
The commercialization is to some degree inevitable--after all, it's unlikely that Facebook would have ever been launched but for the hopes of striking it rich--but as long as the data is limited to what YOU provide then it's hard to complain about Facebook doing exactly what it promised it would do (namely, using that data to support the servers, coders, tech support, etc).
I don't see why it has to be zero-sum. The author suggests that we need to avoid the personal value of the data being "eclipsed" by the commercial data, but they seem totally synergistic: If Facebook can afford to hire more coders to come up with more innovative new ways to connect to each other, then it doesn't matter to me if they make more use of my data for commercial purposes, so long as EACH commercial use is not harmful. This is like the debate over ad targeting all over again -- a lot of people prefer targeted ads ("commercial value") over broadcast ads because sites can recoup their costs with fewer and less intrusive targeted ads, and targeted ads are far less annoying than the v--gra sp-m that we all get by email.
In sum -- there's no reason why commercial and personal uses are in opposition to each other. If each commercial use is not harmful (i.e., my data isn't revealed or mis used) then it supports the personal use. Synergy, not parasitism. -
But will it blog?
Looks like one of the subjects of the article has addressed the question on its blog: Reputation Defender Blog.
I'd be curious to see if AutoAdmit posts an official response.