Just How Much Privacy Do We Have?

stuffman64 writes: "Popular Science is running an excellent article on just how private our daily lives are. The article chronicles a typical day of a make-believe Graphics Designer from Chicago. Throughout his day, he unwittingly supplies companies with information that can potentially be used against him. And with GPS-enabled cell phones just starting to hit the market, our privacy can only continue to deteriorate from here. A must read."

Privacy is a legitimate concern....but

[Em+Emalb]

For Mark, he has other issues:

9:14 am: Instant messaging
Mark IMs his girlfriend: "Don't worry about last night. I'll get tested. Love you."

I'd say privacy should be the least of his concerns.

Ya tell me about it

[El_Nofx]

In North Dakota where, we had a total of 5 murders last year, they are installing cameras all over, privacy is gone in public. Noone really even put up a fuss either, strange. On a good note we just approved a law preventing all banks from selling any of your information. First in the nation from what I understand, to be approved in a proposition.

No need for GPS

[tjcoyle]

Who needs to worry about GPS enabled phones?

A cell phone's signal is received by multiple antennas at distinct locations simultaneously, therefore, it's only a matter of using triangulation to determine a phone's location based upon signal strength.

Here's a sample of its applications, and if you do a quick search, you'll surely find more:

http://www.twincities.com/mld/twincities/3223847.h tm

your cellphone *already* lowjacks you

[Jamie+Zawinski]

People who are paranoid about getting GPSes in cellphones must not realize how small most cells are: if your cellphone is turned on, its location can already be determined to within a pretty small area: a quarter mile or less inside cities.

Re:your cellphone *already* lowjacks you

[stuffman64]

This is very true, in fact last year I witnessed a motorcycle accident in State College, Pa (location of my Alma Mater, PSU). When I called 911 to tell them of the accident, they did not ask me for my location, rather, she asked my to confirm if I was infact on East College avenue by the OfficeMax and the Supermarket.

Cell phone location is possible without GPS by timing the signal arrival between different towers. This is not nearly effective as GPS, but this time they hit it right on the head. Unfortunately, this non-GPS solution is much more expensive and less accurate than the GPS route, but nonetheless effective in semi-rural areas such as where I was.

Read about this technology here.

Another good PopSci Read

[stuffman64]

I should have included this in my original post, but PopSci also has a good article about the E911 GPS service in their most recent issue. I thought I saw it on their site, but apparently it is not there.

Here is another feature which links to a website that can map out a route in Manhattan to avoid its 2400 or so security cameras watching your every move. If you happened to read the article, a link to this also appears to the right.

By now you would think I work for Popular Science. I have no job. I employ my University with a $24,000 per year salary.

Terrorist Eating habits?

[interactive_civilian]

From the 5:47 pm: Discount card section:

Meanwhile, Larry Ponemon, the CEO of Privacy Council, says that since September 11 he's been hired by at least one major supermarket chain to oversee the handing over to law enforcement agencies of the buying records of customers with specific ethnic backgrounds. The authorities requested the data, Ponemon says, because they were trying to compile a profile of "terrorist eating habits."

So, what exactly are the eating habits of a terrorist? Do they all eat the same thing? Can I be flagged as a terrorist because I enjoy Mid-East food? Or, perhaps I am one of those "axis of evil" Korean people because I like kimchi and yaki-niku(ok, so that one is Japanese/Korean food)...

Is anyone else at least moderately (understatement) disturbed by the compiling of a profile of "terrorist eating habits"? It seems insanely useless to me. The idea that someone might get "special attention" because of the way he/she eats...pffft. The sad thing is, I won't be at all surprised if/when this happens.

Re:Terrorist Eating habits?

[PacoTaco]

The authorities requested the data, Ponemon says, because they were trying to compile a profile of "terrorist eating habits."

To allay suspicion, be sure to buy pork or alcohol every time you go to the store.

Re:Terrorist Eating habits?

[gilroy]

Blockquoth the poster:

I'm all for racial, gender, sexual preference equality, but has an expectant mother or an little old grandma or teenage girl EVER hijacked a plane or commited an act of terrorism?!

Don't be an idiot. As soon as the authorities adopt an exlcusive rule -- "We won't stop grandmothers" -- they open up a huge hole in their procedures, one which will get exploited. How many people ever crashed 767 into skyscrapers after hijacking them with paper cutters? The only way such procedures as searches can be effective is if they are either (a) universal or (b) truly random and very frequent. Any pattern employed can be used against the search. Why do you think Al Queada is trying to recruit "ordinary" Americans??

From where I sit, all this whining about "They even search gradmas, for Pete's sake" seems to come from people who are all for waging war but don't want to pay even the tiny price of extra time in the airports. "Let's you and them fight, but as soon as this 'war' involves sacrifice on my part, we need to reconsider." And generally it's not really the 76-year-old grandma that they want excluded from the search -- it's the safe-seeming white middle class.

Ugh. much of this stuff is a no-brainer

[josh+crawley]

--Mark withdraws $100 at his bank's ATM machine.

Big suprise. Guess what that black dome is above it. I'll give you a clue, the sticker that says "Camera" is right... Also, I'd expect the bank to keep the records for at least 10 years (census data/back taxes).

--Mark enters his office building and takes the elevator to 5. (cameras..)

Guess how much theft happens in places like that... They're just defending against that. And if trust between your employer is an issue, you can always get a different job. Just be glad they dont lock the fire doors like they did in the early 1900's.

--Mark writes a friend: "No raise. My boss is a liar."

Unless you're using heavy encryption AND sending to a secure source (someone who wont blab), he's an IDIOT. I'd laugh and then find a different way to fire/lay him off.

--Mark IMs his girlfriend: "Don't worry about last night. I'll get tested. Love you."

Anybody's who heard of DSniff wont be saying stuff like this over ANY network.

--Mark deletes a file containing freelance work he did for a competitor.

We've went over this in every major publication. This should NOT be new material. And figuring the crowd is the SciAM subscribers (me), I'd figure the average computer security like this would be common knowledge.

--Mark calls a friend from the street at his lunch break. "Dude, she wants me to get an AIDS test," he confides.

We know that cell phones are NOT safe. They're broadcast devices. Even during 9-11, some senator said that getting cell records were trivial at best.

--Almost home, Mark stops to buy deodorant and toilet paper; the card saves him 36 cents.

Dead horse. I simply state that I will fill in fake info if you give me one. I then take one, scribble through it, use it, and then toss it on the ground. Stores are pulling this shit, so I do the same.

--Mark shows his driver's license to enter his favorite bar.

I'd demand to talk to the bar manager, demand to know why he thinks he has the right to STEAL my information. If he doesnt let me in, I go elsewhere and LET both bars know that.

A lot of this "information stealing" is the cost of life in this type of society. Much of that data is useless. Simply, use your head. If it seems weird (like idiots who want to pre-approve you for a cred card) TELL EM' NO!

Re:Must be Yanks

[Rhinobird]

You say that now. Wait till you try running for office. Your opponent bribes someone to get you spending habits and finds out that you like the gay porn. Your opponent then lambasts you in media as against family values and tradition and what not. You lose. There was nothing wrong with what you were doing, but then again, it wasn't anybody else's business either.

I know I personally wouldn't want some of the strip joints I go to, to become common knowledge. While I may enjoy the naked women, I wouldn't want a potential employer (or even my current employer) to know what I'm gonna be doing with that money they'd be(en) paying me.

Too much information can color an impression of an otherwise honorable person. You may say something like, "I have nothing to hide, so this doesn't bother me." Don't fall into that trap. Something will come up that you would rather not be public knowledge. Maybe you wet the bed till you were in high school. Do you want your boss to confront you about that herpes test you had last week? Do your co-workers know how you REALLY feel about Star Trek/Star Wars/Buffy/Simpsons? What would they say about ALL that memorabelia that you have? What were you DOING down in the seedier parts of town last night? Buying drugs? No...just seeing those stippers...again. Does your Mom know about your subcription to Playboy/Penthouse/Hustler/Big'uns? All those things and more will become easier and easier to discover, just because you say you have nothing to hide.

Re:One thing about privacy...

[Fat+Casper]

I don't do anything bad; I'm not about to blow up the Chuck E. Cheese's down the street with a dirty bomb or anything.

That's shortsighted as hell. Maybe nothing you do is "bad" now, but maybe something you do will be illegal tomorrow. There are plenty of things that are perfectly legal that are unpopular as hell. Voting is legal, but the idea of the secret ballot is the only thing that makes it work. Privacy is more vital to our lives than simply not going to jail.

Remember: If we let Bush and Ashcroft tear up our Constitution, then the terrorists have already won.

There are several things you can do.

[Moderation+abuser]

1. Use cash, not credit cards, for a start. Take out the most the ATMs will allow at any one time.

2. Buy a prepay mobile phone, pay cash for the top-up cards.

3. Set up free email addresses with Yahoo and the like. Use one address to get others.

4. Don't use encryption. Or alternatively, get *everyone* else to use encryption, but don't raise a flag over your mails.

5. Don't bother with store loyalty cards. I mean, are you really bothered about 5p off a product?

6. Support/use your local family grocer or market rather than the big chain stores.

There's more you can do, but doing the above is simple and will reduce your information profile significantly.

Re:There are several things you can do.

[thelen]

I think it's a mistake to approach the problem in terms of minimizing the footprint you leave. Why set yourself up in opposition to the system when you can utilize it's own methods to protect yourself?

For instance, why not use a grocery card with purchases that you would *want* people to see, like that you buy lots of broccoli and juice? In the worst case scenario, if an insurance company ever saw those records they'd believe you had lower cancer risk. Pay in cash for things you want them *not* to see, such as the bag of chocolates, smokes and double bottle of cheap red wine.

Put books on gardening and cooking on your credit card bill, pay in cash for books on hacking.

Use an ordinary mobile phone except for when you truly *need* privacy, and for god's sake turn it off when you cross state lines to buy grass!

Set up email accounts in several different classes: One that you *want* identified with you for legitimate personal/professional contact; one for questionable personal use (e.g., dirty jokes) that you access through a proxy server; one as a throwaway that you don't really care about, say for registration sites. And don't mix them up!

The point is to understand the system well enough to *purposely shape* the profile that's built of you rather than eliminating it all together. The latter option is becoming increasingly unrealistic.

Re:There are several things you can do.

[Junta]

1) Ok, so wow, they don't know what you buy, but at any one point you have hundreds of dollars on your person at a given time, and if you either get robbed or drop your wallet, well, you are pretty well screwed. An alternative is to make your purchases at the most generic place you can when you buy something. For example, knowing you bought something at a general store is not very informative as opposed to a purchase at a games store.

2) Never signed up for a prepay cell phone, this may be a good strategy, again, paying in cash may not buy you much though.

3) Also a fine point for the paranoid, but I'm not sure all these huge companies are all trading personal information so that any email address can be tracked down to someone.

4) Now this is just damn stupid. This is like telling someone to send all important information on a post card instead of in an envelope. Sure, an encrypted email may raise a flag somewhere, but if you use good encryption and use it for as much of your email as possible, pretty much no one short of the NSA is going to decipher your mail and after the NSA wastes enough time deciphering "Hello, how have you been?" messages, they may decide they are not worth the trouble. And if you believe they will try to read each and every encrypted email even if history shows all to be benign in your case, they would probably be reading your plaintext mail, especially if it happened to contain a few keywords.

5) Alternatively I would say feed the personal information out with bogus data, better yet get your friends to do the same and swap cards ever so often. That way you save money and provide no personal information.

6) If a local grocer or market exists, then yes, this is a nice thing to do, for more reasons than just protecting personal information. In fact, if your sole goal is protection of private informaiton this is not a good strategy. The better strategy would be to cycle your shopping among different stores and have those stores be far away, just because you aren't being electronically tracked does not mean other people can't look and see what you buy. If you are going to be paranoid, might as well be extremely paranoid.

I'm not that protective of my information, I really don't have anything to hide from the NSA. Encrypted email may set off flags, but I don't give a damn, I don't trust post cards and so I don't trust email, and if the NSA knows I'm telling my friend he can come over this weekend, I don't care.

I like protecting what I can from common eyes, but do not obssess over whether executives at Food Lion know I bought beef last week, or even that my bank knows I bought something expensive from an electronics store a while back. Protecting privacy is all good, but there is a point where the inconveniences are just overboard to protect data that no one is really interested in anyway, or at least data that can't really be used against you.

Lessons Learned

[macsforever2001]

Lessons Learned:

• To get cash, wear a facemask at the ATM machine.
• Use the stairs instead of the elevator.
• • If in a skyscraper - do not pick your nose in the elevator.
• Do not get AIDS.
• Get a digital cell phone, not an analog one.
• Do not go to bars - at least ones that ID you.
• Do not use those lame bonus cards at the grocery store.
• For Tollbooths, do not get those nice EZpass things. Just use cash.
• Do not buy a car with a fancy GPS based navigation system.
• • Make sure your car rental does not have one either - go with the economy car.
• At work: Do not disparage your company or boss via email - or at least use PGP.
• At work: Do not waste time surfing the web... damn busted!

For thieves and low-lifes only:

• After you have robbed another person, do not use their ATM card as you travel.
• Do not steal a car with a fancy GPS based navigation system.
• Do not go to an airport, walk near public buildings or walk the streets of a major city
• When erasing computer files to hide corporate fraud, use a program that overwrites the free space.

Does anyone know where I can download that "Caught In The Act" video?

Re:Tracking isn't all bad...

[edp]

"If you're not doing anything wrong, you shouldn't be concerned with people watching you."

False. You should be concerned with people watching you because they can harm your interests even if you are not doing anything wrong. Just for example, if somebody could see how you voted, they could harass you or bribe you. That's why voting booths have privacy curtains. Privacy is essential to democracy and freedom.

If you buy valuable objects (electronics, jewelry, whatever), you are doing nothing wrong. But if the wrong people get ahold of that information, you become a target for theft. How do you keep information like the addresses of people with valuable items out of the hands of criminals? You keep it out of the hands of companies that collect it. They almost never have your security at heart, and they often have lax security procedures. Privacy is essential for security.

How do you keep your competitor from learning your business plans? You keep the plans secret. You do not want information about what you are buying or whom you are meeting to get into your competitor's hands. How you keep them from learning that information? You keep it out of everybody's hands. Privacy is essential for business.

How do you protect yourself from sexual assault? You don't let strangers know your address. You don't let every peon employee who sees a pretty woman in a store find out where she lives. How do you keep strangers from getting her address? You don't let companies collect it. Privacy is essential for safety.

How do you keep telemarketers from bothering you? You don't let them have your phone number or information about your interests and purchasing patterns. (They may still call randomly, but this decreases targeted calls.) How do you keep them from getting that information? You don't let companies collect it. Privacy is essential for peace and quiet.

There is not right of privacy

[Arandir]

There is no right of privacy. No, this isn't a troll. It's the truth. Our expections of privacy are not rights, just expectations. Legally transforming these expectations into rights is a guarantee that the Law of Unexpected Consequences will be invoked.

Throughout most of human existance privacy was a virtual unknown. Communities were small enough that everyone knew everyone else. Everyone knew where you were, where you were going, and what you were going to do when you got there. The only privacy you had was within your own home if you were lucky enough to have one. Back then (prior to a mere few decades ago) privacy meant solitude

Jump to today. We are so confused over privacy it's almost funny. We would be incensed if everyone knew that we were buying condoms online, yet we buy them at the local drug store in plain sight. We display outrage when a website tracks our addresses, yet we post our real estate listings in the local paper. We wonder why PGP hasn't caught on for email with the general public, yet we yack on the cell phone in the clear all day long.

The big disconnect is easy to explain. We think we have an expectation of privacy because we are sitting in a chair in our homes with the curtains closed. But in reality we are online spewing out personal information as fast as we can over the internet. Here's an experiment. Go buy the very same product three times. The first time buy it online using your personal computer from your home. The second time buy it online using a computer sitting in a public library. The third time buy it from a brick and mortar retailer.

We should have, and must have, privacy within our own homes, including the harddrives of the computers within our homes. But that privacy ends at the walls of our homes. Once we engage in communication beyond our house walls, it's up to us to make our own privacy by using encryption, anonymizers or whatnot.