Slashdot Mirror
Guilty By Association
dmf writes "News.com is running a little piece about Microsoft's forays into researching aspects of social computing. With AOL Buddy Lists, Yahoo Messenger, Friendster, and other mappable relationship environments, is it possible the information will soon be used against you? Scenarios such as governments tracking private citizens, investigating terrorist links, political groups finding potential donor lists, marketing departments finding affinity groups, and other easily imagined data mining opportunities could open the doors for information abuse and misinterpretation of individual ties. What implications can it bring in the future of the personal life?"
PGP was a good start, it is basically an uncrackable form of cryptography based on public keys, that a very brave guy almost spent his life in prison for posting on a BS back ni the day. Click here for info on it.
Many Slashdot'ers probably are already familiar with this, but hey, you never know. We will all be fighting for privacy in the coming years it seems, best to know what tools are available to you. :)
PGP is available on almost every OS, Windows 95/98/NT/2000, MacOS, AIX, HPUX, Linux, Solaris, and DOS. And can be easily configured to work with most popular email programs as well.
Privacy means that only the intended recipient of a message can read it. By providing the ability to encrypt messages, PGP provides protection against anyone eavesdropping on the network. Even if the information is intercepted, it is completely unreadable to the snooper. Authentication identifies the origin of the information, certainty that it is authentic, and that it has not been altered. Authentication also provides an extremely valuable tool in network security: verification of the identity of an individual. In addition to secure messaging, PGP also provides secure data storage, enabling you to encrypt files stored on your computer. Version 6.5.8 also includes PGPnet - a powerful VPN client which enables secure peer-to-peer IP-based network connections - and Self-Decrypting Archives (SDAs) which allow you to exchange information securely even with those who do not have PGP.
I used to have a room mate who worked for the Anti-Terrorist Task Force here in New York City. The horror stories he'd tell me were gut wrenching. The truth is... privacy isn't real. Everything you do is tracked.
All of the data mining companies end up selling their information to the government...
He told me that the government had dummy corporations who purchased the data and it was all centralized.
Everything from your NYC Metrocards, to the discount cards you get at the local grocery store. Everything from your Email accounts, to your cell phone habits. I didn't believe it until he proved it.
He was able to take someones first and last name, approximate age, and in return give me their home address, childrens names, home mortgage amount, bank used, cell number, parents address, university, major, where he went on vacation, how long he was gone, spending habits, etc. etc. It was scary stuff. Scary.
1984 in 2004.
Encryption utilities for a few popular chat networks: Simp
That's why a lot of us are using SSH tunnels or VPNs with our own IM protocols, DNS and mail servers. There's a whole phantom internet out there and a lot of people don't even realize it.
.ssh/config file and point them to a Jabber client. It's worked well, and no one else has access to the Jabber server other than the people who I've allowed in. Same with e-mail. Sure, I still have to interact with the outside world, but most of my friends and family are pointed to my mail server and use SSH tunnels to communicate with me. They don't see it as an inconvenience because to them, they just double click the "Connect to the T4D Network" icon on their desktop and then use their mail/IM/web clients like they would any other time. When they're done, they just click the "X" in the upper right corner of the CMD window that has a nice friendly message in it that says, "Close this window to disconnect from the T4D network".
Personally, I've been using ssh and Jabber to IM with all my friends. The only thing that's required is that I give them a custom configured ssh client,
I can only imagine that this will become more commonplace as these technologies get easier to use. Tunnels and VPN are sure to be the next "big thing" once they are really simple enough to install. So far my installation experiences with people who want to access the T4D network have just been to email them a zip file and tell them where to put the extracted files. But a double click wizard would be nicer... Can't code in Windows though because I don't have the money to waste on a compiler.
Un-news
dmf writes ".... With AOL Buddy Lists, Yahoo Messenger, Friendster, and other mappable relationship environments, is it possible the information will soon be used against you? Scenarios such as governments tracking private citizens, investigating terrorist links,
Wasn't there a front page post about bloggers plaigarizing other bloggers today?
This sounds so familiar.
It reminds me of this post:
And this post
And this one too:
Opinions on the Twiddler2 hand-held keyboard?
I received a notice that my personal email address got listed on their site from someone apparently looking for information on me. So, I used my anonymous email address and registered as having information about the person who owns my personal address. So far, my anonymous alter-ego has not been contacted, though BOTH addresses have seen a marked increase of spam. When I started bouncing emails to my personal address from WordOfMouthResearch.com, I received the same "Someone is searching for information on you" message from a different source email address. After about 5 or 6 of these, I bounced the entire domain.
Anyone else have information on these guys? Again, I think they're just harvesting email addresses for spammers under the guise of providing a service (that no one seems to be using - again, if my "alter-ego / evil twin" email is the only address that has information on me, which when I checked last it was, these "people" looking for information on me would have contacted my alternate email by now.
And as far as using AOL IM and Friendster and all that to data mine, I suspect that the spammers will be the first to use this data, since they can't reliably harvest email addresses with web spiders anymore since people are trying to actively avoid them - however, there is a valid email address associated with an AOL IM login, and also with Yahoo IM, and with MSN Messenger, so there's some major sources that the spammers can get email addresses from, and they'll also cross reference the information, and you'll get more, and more targetted spam. Do you like guitars, for example? Here comes spam offering Guitar Strings cheap, along with the 50 others promising natural male enhancement.
- If you wish to truly be anonymous, only use cash, post only from libraries, or use open wireless connections with spoofed MACs.
- If you want to live in the real world and be anonymous, use credit cards for normal stuff, use your home PC/broadband for normal stuff, use #1 for anything you don't want tracked.
- Or, have so much sporadic activity by allowing free access from your own wireless AP, have large groups of friends share logins, etc, and obfuscate the entire tracking system via multiple simultaneous logins. Note - AIM already allows multiple logins (I've had 3 simultaneous logins at once, the only downside is that only your received messages get sent to all 3
So, that's a real brief primer on anonymity, and the fact that you have little or no anonymity. If you don't like the way the country's going, get out and vote in the next election.The cesspool just got a check and balance.
What your talking about is radio screen scraping.
Basically, your monitor is a big antennae that's emitting signals in every direction. With the proper equipment people sitting in a van outside your house can pick those signals up and see your screen.
(Personally I'd like to see this demonstrated)
So what are your options.
1. Use and LCD panel and have the video signal from your machine to your monitor be encrypted.
2. Learn morse code and just have all your sensitive stuff outputed to the LED's on your keyboard. (there are programs that'll already do that)
3. Use your computer inside a faraday cage...
Yes Francis, the world has gone crazy.
I've seen it demonstrated ... maybe.
I worked in the Aerospace industry, in a building that handled classified info, and, not surprisingly, was also a Faraday cage.
Vans would sit in the parking lot and point big antennas at the building. We were informed that these were security audits by "some three letter agency" (which, in this case, would probably be DIA, not NSA, but who knows... coulda been KGB for all I know).
Anyway, on one security day, they did a demo. I mean, really, they could have been playing us a video tape and we wouldn't have known, but it seemed pretty convincing. They pointed the antenna at a nearby unshielded building, and brought up someone's screen (they were doing a powerpoint on department budgets). It was pretty hard to read, but you could do it.
There are anti-TEMPEST fonts available that, evidently, are much harder to capture using this technique. There are background static programs that render the technique useless, but also give the user a whanging headache...
Eloi, Eloi, lema sabachtani?
www.fogbound.net
It's more than just a joke. A group of online friends and I who led quite innocent lives at the time decided that one solution to the developing surveillance of email (this was about '95-8) was to munge our sig files with noise; thus, benign conversations were finished off by keywords that would be sure to catch any filters. [Things like AK-47, bomb, cocaine, etc. as in the parent, only more thorough.] Our hope was to be mildly irritating, a gentle kind of monkeywrenching, in order to discourage any hidden observers.
Of course, no clue as to whether the 30 of us made a whit of difference.
Damn those pesky terrorists
I got that same email. It's all a crock.
You get an email that there's info about you for the asking, you just have to sign up. Then you find out that you have to pay to find out anything more than "There is information".
The best part is you have to pay something like $20 to contact whoever posted this mysterious information about you to find out what it is or have it removed or anything at all. If you contact the site they won't delete information if you don't want to participate because "reports are owned by their creators".
Total scam. Don't pay any attention.
There is no need to encrypt your video cable. Just buy a good quality cable that is shielded. That will bring the emissions from that source to levels that are to low to intercept. Just using a normal LCD panel will prevent you type of ease dropping your worried about.
The purpose of language is communication, If the idea is clear the grammar ain't important
In one case, the fellow (a doctor, born in Syria) co-signed a lease for a brother of a friend from Syria. Not unusual, friendship counts for a lot more in countries where you trust your friends more than the bank. Based on information passed by Canada (allegedly, yeah right) the US Customs deported the guy while passing through Canada to Syria (country of birth) instead of Canada (country of citizenship, his passport...). It took a year to get him out. Lawsuits against Ashcroft et al pending. Apparently the brother was associated with al Quaida.
In the other case, the Canadian decided to go back to Iraq (country of birth) with a bunch of cars to sell, and visit family. He also agreed to carry $20,000 for friends to give to their families (In countries like Sadam's, would you trust a bank?). This money he did declare before he left. On the way back through Syria (them again) he was picked up and interrogated, using many of the same questions the Canadian police used just before he got on the plane in Canada. His crime, of course, was to be principal of a mosque school in Toronto after several known activists had held that position.
Syrian interrogation consisted of such delightful procedures as whipping the bottom of the feet with cables and then making the person stand, not to mention the usual beatings and electroshock therapy. Another example of North American outsourcing, by our intelligence agencies.
No other proof has been presented against these two. No smoking gun, just guilt by association. When presented with an opportunity to get their questions more forcefully put to these unfortunates, the CSIS and FBI took the opportunity.
You don't need electronic buddy lists and such, these examples show that normal weak links work fine. But it WILL make it easier to draw tenuous connections where no real connections exist. You wanna be presumed guilty based on who your chat buddies talked to? I guess we'll have to limit the degree of association to 4 or less, since everyone's only 5 connections away from anyone else.
One of the major topics at SIGKDD this year will be privacy preserving data mining (it has been a hot topic for a couple of years now). The current research is quit promising for anything in which all we need is a statistical aggregate. So preference mining, such as what Amazon does, can certainly be done while preserving a high degree of privacy.
No one knows how to do link-mining (find a terrorist cell in a group of people), while preserving privacy, however. Personally, I am not convinced that that type of stuff is possible.
I mean this in a helpful, non-troll, non-flamebait way. You have a good point in that Insightful post of yours, but you've also hit a peeve of mine that seems to be getting increasingly common lately. When you said:
Why, because for all intensive purposes . . .
What you mean is:
Why, because for all intents and purposes . . .
Or, equally acceptable:
Why, because for all practical purposes . . .
Think about it -- the purposes need not be intensive; your comment applies to all purposes, intensive or otherwise. That is, in fact, the point of the sentence, yet you broke the intended meaning by needlessly qualifying the purposes.
Sorry for the mini-rant. I'm really, sincerely just tring to be helpful. People do judge you by the words you (mis)use, and I'd hate to have someone ignore your insight because of this (small but strangely abrasive) mistake.
everything in moderation
> You know, I'm really not sure WordOfMouthResearch.com is legit..
I'm really not sure those fellas at Enron are on the level either... The Word Of Mouth Connection is a SCAM. Just google for "word of mouth scam" and click on just about any of the links.
I've finally had it: until slashdot gets article moderation, I am not coming back.