Guilty By Association

dmf writes "News.com is running a little piece about Microsoft's forays into researching aspects of social computing. With AOL Buddy Lists, Yahoo Messenger, Friendster, and other mappable relationship environments, is it possible the information will soon be used against you? Scenarios such as governments tracking private citizens, investigating terrorist links, political groups finding potential donor lists, marketing departments finding affinity groups, and other easily imagined data mining opportunities could open the doors for information abuse and misinterpretation of individual ties. What implications can it bring in the future of the personal life?"

Other mappable relationship environments?

[nokilli]

You mean like this? Won't be long before /. is mined for this data, regardless of what the robots.txt file says about it.

Re:Other mappable relationship environments?

[WorkEmail]

As we progress further and further into the digital age, consumers will have to resort to their own cryptography to ensure that their communication stays private.

PGP was a good start, it is basically an uncrackable form of cryptography based on public keys, that a very brave guy almost spent his life in prison for posting on a BS back ni the day. Click here for info on it.

Many Slashdot'ers probably are already familiar with this, but hey, you never know. We will all be fighting for privacy in the coming years it seems, best to know what tools are available to you. :)

PGP is available on almost every OS, Windows 95/98/NT/2000, MacOS, AIX, HPUX, Linux, Solaris, and DOS. And can be easily configured to work with most popular email programs as well.

Privacy means that only the intended recipient of a message can read it. By providing the ability to encrypt messages, PGP provides protection against anyone eavesdropping on the network. Even if the information is intercepted, it is completely unreadable to the snooper. Authentication identifies the origin of the information, certainty that it is authentic, and that it has not been altered. Authentication also provides an extremely valuable tool in network security: verification of the identity of an individual. In addition to secure messaging, PGP also provides secure data storage, enabling you to encrypt files stored on your computer. Version 6.5.8 also includes PGPnet - a powerful VPN client which enables secure peer-to-peer IP-based network connections - and Self-Decrypting Archives (SDAs) which allow you to exchange information securely even with those who do not have PGP.

Re:Other mappable relationship environments?

[gcaseye6677]

If you think that's scary, check out the mission of these people.

Re:Other mappable relationship environments?

[segment]

Well speaking from experience, I can tell you a little something about the Department of Justice and most will probably say i'll sound like disgruntled employee, or someone antigovernment, or something along those lines, but this is my take on them. Having gone to court against the DOJ for a 'cybercrime', I can tell you that they will try to bring out anything and everything you ever did, or that looks bad. If you showed up late to work, and were written up, they'll look for ways to spin the issue into you being an uncooperative work or something along those lines.

If you can find anyone who has fought for their rights in a court of law against the DOJ just ask them what they do to one pretrial. Past 5-10 year history comes on the table tax records, employee records, hell ex girlfriend/boyfriend records if they can get em. Better hope you don't have someone against you with an axe to grind and I mean it. In order to understand why, you have to understand that it's all about money bottom line. Most of the DA's offices are allocated budgets, and more convictions means the crime rate in your district is up which means, your office needs more money. Aside from that, you'd better hope your case (hopefully you won't/don't have one) is not high profile whereas it will lead to promotion, or an entire new 'crime division' being opened up because of you. Remember cases define the prosecutor. "Well I convicted foo foo foo for foo!" and then the book deal. It's sad, but it's what happens.

In Federal Court in the District of Massachusetts in 1998, the conviction rate was nearly 91.7% This closely follows the national trend in which conviction rates in federal court are around 90%. source Some put the rate at like 98% conviction. Either the feds are the best at finding the worse or there are a lot of dirty tricks going on. Now I'll leave it at that and you make your assumptions. I can tell you offhand associations will harm you point blank.

Re:Other mappable relationship environments?

[RailGunner]

You know, I'm really not sure WordOfMouthResearch.com is legit..

I received a notice that my personal email address got listed on their site from someone apparently looking for information on me. So, I used my anonymous email address and registered as having information about the person who owns my personal address. So far, my anonymous alter-ego has not been contacted, though BOTH addresses have seen a marked increase of spam. When I started bouncing emails to my personal address from WordOfMouthResearch.com, I received the same "Someone is searching for information on you" message from a different source email address. After about 5 or 6 of these, I bounced the entire domain.

Anyone else have information on these guys? Again, I think they're just harvesting email addresses for spammers under the guise of providing a service (that no one seems to be using - again, if my "alter-ego / evil twin" email is the only address that has information on me, which when I checked last it was, these "people" looking for information on me would have contacted my alternate email by now.

And as far as using AOL IM and Friendster and all that to data mine, I suspect that the spammers will be the first to use this data, since they can't reliably harvest email addresses with web spiders anymore since people are trying to actively avoid them - however, there is a valid email address associated with an AOL IM login, and also with Yahoo IM, and with MSN Messenger, so there's some major sources that the spammers can get email addresses from, and they'll also cross reference the information, and you'll get more, and more targetted spam. Do you like guitars, for example? Here comes spam offering Guitar Strings cheap, along with the 50 others promising natural male enhancement.

Re:Other mappable relationship environments?

[WorkEmail]

The other idea that popped into my head was this...

Like with mp3's and copy protected music cd's that you cannot burn or rip, you can get programs that simply "record" any sound that is coming out of your system, and then make it into a file type of your choice. So regardless of how protected the file or disc is, you simply play it, and then bam, you have a copy.

So what if they did the same with text communication? So that your machine picked out and reported back to some organization (MS, the Government, whoever) only the actual text on your screen? That is scary, because you could encryp it however you wanted, but when you open it up to read it, bam, the program captures and interprets all that is shown on the screen and that's that. So unless you actually know some secret type of language, or use "key text" cryptography and then write the intended message down on paper when you decrypt it off of your screen, that would be the only way to do it securely.

Does that idea make sense?

Re:Other mappable relationship environments?

[Mysticalfruit]

What your talking about is radio screen scraping.

Basically, your monitor is a big antennae that's emitting signals in every direction. With the proper equipment people sitting in a van outside your house can pick those signals up and see your screen.
(Personally I'd like to see this demonstrated)

So what are your options.
1. Use and LCD panel and have the video signal from your machine to your monitor be encrypted.
2. Learn morse code and just have all your sensitive stuff outputed to the LED's on your keyboard. (there are programs that'll already do that)
3. Use your computer inside a faraday cage...

Re:Other mappable relationship environments?

[Dravik]

There is no need to encrypt your video cable. Just buy a good quality cable that is shielded. That will bring the emissions from that source to levels that are to low to intercept. Just using a normal LCD panel will prevent you type of ease dropping your worried about.

Their gender detection code leaked already!!

[va3atc]

#include
#include

void main()
{

if

contacts more then 75 = female;

anything else = male;

}

**any code monkey wish to do this properly it would be more humours :-) **

Security

[Ctrl-Z]

All I can say is that if you transmit private information over an insecure channel, you should not be surprised at the results.

RMS wrote about this recently

[H4x0r+Jim+Duggan]

http://www.gnu.org/philosophy/my_doom.html

Friends of Friends on orkut bad enough

[Amiga+Lover]

It's bad enough getting friends of friends contacting me on orkut. For some reason the religious right people think it's fair game to email me with all kinds of links to support their causes.

A swift "fuck off" does the job there, but you can't do that with an auto bot that then goes and pumps your details into Yet Another Mass Marketing Tool

No problem

[Orien]

That is why you don't put REAL personal info in your $CHAT_PROGRAM profile. As long as it thinks that I was born on 1/1/1900 and live on 123 main st. Beverly Hills 90210, I'm not worried about data mining. :)

Re:No problem

Oh, and what happens when sites that you *had* to put real info into (say, eBay or PayPal) changes their privacy policy and opens you up to associative data mining, based on your eBay purchases and PayPal records?

This is a specific, simple and very frightening example, because we've seen companies change privacy policies on a whim (Yahoo! for example)

You can't lie online forever. Think about mailing lists with public archives. What if you sign your real name, with a munged email address? Sure, they can't SPAM you but they can still extract your name and cross-reference it, which just might uniquely identify you. Especially if the cross-references are smart enough to stick to the subject of the mailing list.

I use disposable email addresses, try to hide my online identity whenever possible, but I can still punch my favorite online alias or my full name into Google and gets hits back for ME. If Google has my name in it, I'm sure there are other databases with it in there too.

Makes me wonder about casual aquaintences

[Ruzty]

My AIM (err iChat) buddy list has a decent sized section of casual aquaintences. They're people who I game with, used to work with or met at conventions. If one of them does something nasty are the Feds going to come knocking on my door asking questions?

I know my chats are fully logged already and never discuss anything even semi-private over IM. But the concept of guilt by association on an electronic level is simply frightening.

-Rusty the paranoid

Easy Solution

[2MuchC0ffeeMan]

have everyone add 'Link' to their buddy list... now everyone is everyone's 'second cousin' through link.

if you can beat em, flood them with false data.

Guilty by Association?

[The+Beezer]

Absolutely.

Motion Picture Association of America

Recording Industry Association of America

Feel free to contribute...

ACHTUNG!!!

[Dark+Lord+Seth]

OSAMA BIN LADEN wants to MURDER the PRESIDENT OF THE UNITED STATES OF AMERICA, a certain chap named GEORGE W BUSH by hitting him repeatedly over the head with a ROCKET PROPELLED GRENADE LAUNCHER shaped sausage while dreaming of using TACTICAL NUCLEAR WEAPONS and drive his fave Type-R sport ZSU-23 SHILKA with BIOLOGICAL, CHEMICAL and NUCLEAR AAA rounds.

There, Eris knows wether US intelligence is tracking this or not but if they are, this is sure to mess up someone's day, hehehe... Ooo, look at that pretty black helicopter!

By Association

[ackthpt]

I post on Slashdot

Trolls post on slashdot

Trolls watch TV

George W. Bush watches TV

In Soviet Russian, TV watches YOU!

You breath air

Terrorists breath air

Terrorists see the stars at night

Posting on Slashdot can be associated to Astronomy. Cool!

Not to mention unraveling the military hierarchy

[ertdredge]

I began to get concerned about things like this when I realized how easy it would be for someone to start piecing together parts of the U.S. military hierarchy from classmates.com's "who did X serve with?" information collection.

I can't wait until 10 (or 2) years from now these companies start buying each other and consolidating the network information, along with everything available publicly from, say, livejournal.

this is the reason

[blue_adept]

that in the future, more and more people will rely on anonymous handles for their online identities. This is already happening to some extent, for my own purposes, I used bogus information for the yahoo registration when creating my anti-war page... not because I seriously fear repercussions today, but 20, 30 years from now, who knows, we may be living in a very different world, and an anonymous identity (as far as it goes) is the best way to protect yourself.

of course, for true anonymity you need the right tools.

Bin Laden is no buddy

[Jonboy+X]

"...governments tracking private citizens, investigating terrorist links..."

So, you're saying that I should take Osama off of my buddy list if I don't want trouble from the feds?

If you're...

[Chess_the_cat]

one of the idiots who bother to fill in your phone number, birth date, street address and SSN in your AIM profile you get what you deserve.

New McCarthyism?

[Johnny_Law]

I would not be so worried about the government collecting such information if it were not for the knowledge that they have tried to collect it in the past and used it in less than ethical ways.

Is it any wonder people are paranoid about them doing it again in the future or the people who defend some of the governments actions?

Isn't this a bit late..

[Channard]

.. when credit cards and clubcards are already so heavily used. A credit card shows where you've been and where you've spent money - for example, someone only need look for a pub that you use your card at regularly to track you down. And the FBI has already shown its willingness to get information from ISPs regards even the vaguest suspicion of a crime - is there any real anonymity left? I doubt it.

Ohhh

[savagedome]

Kevin Bacon is surely going to be in a lot of trouble.

If it can be used at all, ...

[burgburgburg]

information always will be used against you when convenient.

That's why there should be privacy laws saying that information is non-usable unless explicitly permitted. Right now, it's bass-ackwards.

This is easy enough

[kin_korn_karn]

Simple! Just jack Kevin Bacon into the Matrix and you'll have a link to everyone!

SSH and VPNs

[Trolling4Dollars]

That's why a lot of us are using SSH tunnels or VPNs with our own IM protocols, DNS and mail servers. There's a whole phantom internet out there and a lot of people don't even realize it.

Personally, I've been using ssh and Jabber to IM with all my friends. The only thing that's required is that I give them a custom configured ssh client, .ssh/config file and point them to a Jabber client. It's worked well, and no one else has access to the Jabber server other than the people who I've allowed in. Same with e-mail. Sure, I still have to interact with the outside world, but most of my friends and family are pointed to my mail server and use SSH tunnels to communicate with me. They don't see it as an inconvenience because to them, they just double click the "Connect to the T4D Network" icon on their desktop and then use their mail/IM/web clients like they would any other time. When they're done, they just click the "X" in the upper right corner of the CMD window that has a nice friendly message in it that says, "Close this window to disconnect from the T4D network".

I can only imagine that this will become more commonplace as these technologies get easier to use. Tunnels and VPN are sure to be the next "big thing" once they are really simple enough to install. So far my installation experiences with people who want to access the T4D network have just been to email them a zip file and tell them where to put the extracted files. But a double click wizard would be nicer... Can't code in Windows though because I don't have the money to waste on a compiler.

The sincerest form of flattery....

[orthogonal]

Guilty By Association

dmf writes ".... With AOL Buddy Lists, Yahoo Messenger, Friendster, and other mappable relationship environments, is it possible the information will soon be used against you? Scenarios such as governments tracking private citizens, investigating terrorist links, ...could open the doors for information abuse and misinterpretation of individual ties. What implications can it bring in the future of the personal life?"

Wasn't there a front page post about bloggers plaigarizing other bloggers today?

This sounds so familiar.

It reminds me of this post:

Since the whole point of this is to build social-connection-webs, it's ideal for government crackdown via the guilt by association angle: not only can you find everybody who is emailing to dump.ashcroft@new.american.revolution.org, you can also find -- and investigate -- all the friends of the dissenter, too.

And for anyone who isn't worried that the FBI occasionally oversteps it bounds in investigating dissent, just consider that the social affinity networks of p2p traders could also be subpoenaed: we know Joe uploads mp3s, let's subpoena his email "buddy list" and investigate all those people too.

And this post

Yeah, but I'd consider a high-level analysis of my email headers (either sent or received) to be a violation of my privacy. Whether or not I'm mailing to kinky@alterate.life.styles.com, fringe.politcal.groups.require@free.speech.too.org , unpopular.opinions@free.thinkers.net, or falun.gong@is.banned.by.my.dictator.org, it should be nobody's business but my own.

Someone will undoubtedly argue that since headers are sent in the clear anyway, it shouldn't matter, but keeping a database of who mails what to whom only makes abuse -- by freelance busybodies or government spies and censors -- that much the easier.

And this one too:

Having any central server aware of all file trading gives whoever controls -- or can subvert the security of -- that central server a far too broad window into the demographics, politics, proclivities, and beliefs of anyone trading files. While this would be a boon to marketeers, governments, and anyone else whose goal is manipulation and control, it must be anathema to anyone who values privacy and liberty -- from left wing "hippie" to right wing "gun-nut", from closted homosexual to crypto-Christian.

Here's a real life example:

[vasqzr]

Child pornography rings.

They busted a guy here at work who was doing it. By they, I mean the FBI and Customs officers. By doing it, I mean trading child pornography.

Investigators have said Jeffs and two mid-Michigan men were members of an Internet club that produced child pornographic photographs, videos and live broadcasts and shared the images with other group members on their buddy lists.

Some of the "buddies" face charges that they performed sex acts with minors. Many of the victims are the suspects' own children.

What happens is, they bust one guy by meeting up with him in real life, posing as a young child. Once they've got him, they can go on his computer and see who he's got on his buddy lists, address books, they just get everyone else.

Tell me if this is the wrong attitude....

[devphaeton]

... Sure there are both extremes in ways of thinking with this.

But am I wrong to think that

1)anything i do online *may* be subject to monitoring, storing or somehow intercepted by one or more individuals or agencies that i don't intend?

2) therefore make sure that i don't discuss my cc numbers or that multiple homicide i pulled off last summer freely amongst people

3) consider exactly what it would take in forms of hardware, computing and people resources to collect, organize, interpret and investigate the amount of raw data that would be generated in server-side logs, on a service that is (for all intensive purposes) provided for little to no cost.

4) consider that in the logs above (or email archives, or...) that about 99.9% is going to be completely useless and/or boring drivel about tons of other people you don't know or care about.

???

I dunno.. shoot. I see the whole "invasion of privacy" and "do this today, and here's what it will lead to" argument, and it makes sense, but then i consider the points above and it all seems blown out of proportion.

What do slashbots think?

Re:Live, go to jail!

[canajin56]

This is, of course, the optimal state for things. If everybody is a criminal, the police can arrest anybody, because they can always find a law the person has broken. Even now it is getting that way. There are over 3,000,000 federal laws, not to mention state laws and local laws. Are you SURE you havn't broken any?

For example, purchaced a sex toy of some form? They're available everywhere, but it is illegal to sell them. The fact that the law isn't regularly enforced doesn't change the fact that you can go to jail for working in an adult store. Then there are the crazy state and city laws like "You can't kiss on Sundays" and "You cannot sell yo-yo's on Sundays" and "No more than 3 women can live under the same roof" and "It is illegal to drink a beer immediatly after having sex." and "A husband cannot have sex with his wife if he has eaten garlic or anchovis. If she requests it, he is legally obligated to brush his teeth"

Being watched is inevitable

[clacour]

Being watched and tracked (and having "privacy" essentially disappear) is pretty near inevitable, for the same reasons that patents (both hard and soft) are increasingly a bad idea, and open-source software is inevitable.

Technology has marched on, and the world has changed (again).

All the trends in technology over the last 10 years say that privacy as we have known it, is headed for extinction. Cameras that get smaller and smaller, remote controlled robots, hacking into wireless LANs, PLUS all the electronic interactions (like RFID) that are coming, PLUS computers getting cheaper by the day... This all adds up to privacy basically being impossible.

Proprietary software is doomed, because the Internet made the level of interactivity that open-source software needs possible. For exactly the same reasons that the medieval guilds (with their proprietary methods for things like ironsmithing and glassblowing) were doomed once the movable-type printing press was invented, proprietary software cannot compete. In the near term (5-10 years), it will still have a solid space in niche markets, but I'm not even sure that will last. It certainly isn't going to last in mainstream software arenas like OSes and databases.

But that same increase in processing power and decrease in communication delay means that doing things like examining every electronic transaction that someone performs (and building a detailed profile of their life from it), is not only beginning to be possible, it's very nearly inevitable. Even the most paranoid of you out there (and on Slashdot, the percentage of paranoids is a good bit higher than average) would not want the sort of draconian methods that would be required to prevent it. (No computers and no networks, for instance.)

The proper solution, I think, is to change our culture, so that it doesn't matter that someone knows the kinks in my soul.

I am mostly connected to reality, so I'm not holding my breath on this cultural shift, but I really only see three possibilities:

We turn Luddite and roll back the clock technologically. (Not likely to happen voluntarily by most of this audience, but some of the non-technical types turning Luddite IS all too possible.)

Privacy gets moved to the same status as apprenticeship - it's something that existed historically, and it's occasionally useful for analogies, but it's not part of anybody's life anymore. This could either go the Japanese route (I believe the usual phrase is something like "Nakedness is frequently seen and never noticed." In other words, commenting on someone's quirks is far more shameful than having said quirks to begin with.), or simply an open acceptance that other people do things differently than you.

The third possibility is the one that worries me. That's a totalitarian society (probably theocratic) that uses this information to control people to a degree that has heretofore been unbelievable. I don't think such a state would last very long at all, but the creation and destruction of it would get really, really ugly.

The US is the only culture I have extensive first-hand experience with. I would strongly prefer to see us go to option 2B (taking the attitude that you can live your life any way you want as long as you don't hurt me).

That fits wonderfully with our stated national beliefs. It's an absolutely lousy fit with what our behavior says we believe. The behavior (IMO) says we urgently want #3.

That's the big reason the 3rd option worries me. I can very easily see a theocratic state as an intermediate step to the live-and-let-live one. If anyone has any practical, pragmatic suggestions for how to create such a cultural shift (one suitable for a total absence of privacy), speak up now, because the situation could get critical within 10 years, and is almost guaranteed to get critcal in 20.