Slashdot Mirror
Schneier On a Generation Gap In Privacy
goompaloompa writes "In the Japan Times, Bruce Schneier writes that a passing conversation online is not what it may seem and that maintaining your privacy is becoming even more difficult as social media and cloud computing become the norm. Furthermore, while users in Japan may think they are secure, their level of protection may vary when the computers that store their data are overseas. At the root of the problem is a new generation gap: old laws incapable of covering current-day scenarios. Quoting: 'Twenty years ago, if someone wanted to look through your correspondence, they had to break into your house. Now, they can just break into your ISP. Ten years ago, your voicemail was on an answering machine in your office; now it's on a computer owned by a telephone company. ... We need comprehensive data privacy laws, protecting our data and communications regardless of where it is stored or how it is processed. We need laws forcing companies to keep it private and delete it as soon as it is no longer needed, and laws giving us the right to delete our data from third-party sites. And we need international cooperation to ensure that companies cannot flaunt data privacy laws simply by moving themselves offshore."
We need comprehensive data privacy laws...forcing companies to keep it private and delete it as soon as it is no longer needed, and laws giving us the right to delete our data from third-party sites...We need international cooperation to ensure that companies cannot flaunt data privacy laws simply by moving themselves offshore."
Fat chance. Just don't write anything on the goddamn internet. Maybe you missed the memo, but MySpace and Facebook aren't cool anymore and Twitter only serves to further cheapen your existence. The internet fads will only devolve in content while they expand their data-mining capabilities. The only way that our leadership (and the corporations who own them) will fix the internet is if enough people get tired of it and withdraw altogether from its data-mining fast-food for the brain. Problem is that there are too many infantile latchkey kids out there who won't last 5 seconds without blinkenlights or deluding themselves into believing that others actually give a shit what they have to say.
My own online presence involves only downloading, passive viewing of news websites along with E-mail and trolling Slashdot, and what I write in the latter two are not personal or representative of my meatspace self. Fuck the internet. The meatspace reigns supreme.
Some 20 years from now, the confirmation hearings for supreme court justice nominations will get to be really interesting. Also the mud slinging and sliming and negative ads during election campaigns are going to be even more entertaining than it is now. We will be living in really interesting times.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Sorry, but that's the bottom line. Move your data to the cloud; kiss the privacy of that data goodbye. Move your voicemail to the phone company. Same issue. Get your code developed in [offshore country of your choice], you can rest assured that some of that code will go to a competitor in [insert country of choice].
.
Anytime there's an entity between you and your data/property/money, etc. it's no longer really yours. You don't control it any longer.
Sometimes that doesn't matter. Sometimes it does. Big time. Plan accordingly.
Please do not read this sig. Thank you.
"Twenty years ago.... they had to break into your house. Now they can just break into your ISP". They make it sound like that's easier, as though they're getting into your shed. I had someone break into my house last year, and trust me, these Mensa candidates wouldn't have 'just broken into my ISP' instead. They could barely put together a sentence. If you've got an organization powerful enough after you that they can break into your ISP (which is for 99% of us a major corporation with serious security) the locks on your house weren't exactly a challenge anyway. I'm surprised Schneier is comparing two such flagrantly uncomparable things.
voicemail held by the phone company? only if you dont use an answering machine or you use their VM service. you CAN change your cellphones settings to ring your own VM system at home.
Email, use IMAP and yank it all from the servers. They cant read your email from 2 weeks ago if it's not there.
Also encrypt. It's not hard anymore.
Do not look at laser with remaining good eye.
has lived their entire lives online, they twitter about their bowel movements... I don;t think they even think about privacy as being something desirable.
This space available.
Yes we need (better) laws for protecting our privacy and data.
Yes we need much greater awareness than there is currently.
But some politician will create a law above all privacy laws which allows the breach of our data/privacy because of national security. I wish Internet companies that live on data, posts, tweets would make people more aware of their privacy but then that would go against their whole business model.
I mean there are a limited number of people who really understand and care about privacy. The masses are happy tweeting and posting along, many of them are teenagers who couldn't care less.
Life is about being a Phoenix!
And snazzy uniforms for the global information police I guess...
\u262D = \u5350
"'Twenty years ago, if someone wanted to look through your correspondence, they had to break into your house. Now, they can just break into your ISP."
Yeah... But anyone can be break your house (it does not require any skill) but breaking into your ISP is not a job for Joe Lambda.
People who really care about their privacy do not yell about privacy law. They use secure systems, they keep their life private.
I think people who are vocal about privacy are just trying to signal that they have interesting lives. If your life is boring and common, it has very low information entropy. By hinting that you have some private information, they're often trying to imply their life is interesting. And when they're done yelling, they twitter what they had for breakfast.
\u262D = \u5350
People can read your unencrypted e-mail? Stuff you post on the internet hangs around longer than you think? Maybe there really are people who didn't already know this.
"Don't belong. Never join. Think for yourself. Peace." V.Stone, Microsoft Corporation
Dammit, it's "flout", not "flaunt".
I do not mind the calls to have companies be required to adhere to stricter privacy laws, but damn, the elephant in the room are government agencies. I can probably win this bet, very many of the same people who want these restrictions favor universal health care in the US. Do you not see the connection?
Want the best example of how companies are burdened with privacy or similar laws that the government just ignores? Medicare. They use SSN on about everything. Private companies can no longer do this but Medicare prints your SSN on their cards!. So while some may trust the government more than a private company there is one major risk here, that information is put in an easy to identify public place. As such its not hard for the bad guys to get a lot of information about you in just a single source.
Privacy laws are fine, just enforce them on both private and public organizations.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
Many people say that you do not have any rights once you do something in public. However I think times have changed and we should be reconsider what we call privacy.
Once when you did something stupid in public, the few (100?) who saw it remembered the fact and not the person. They would say: I saw this guy doing that and such.
Even if it was somebody you knew, you might not have an idea that it was that specific person.
Then came the ability to take pictures. Only if you were very important would people see it and relate the fact with the person.
Now each and every person that does something stupid could be traced down for the rest of his or her life. "Not doing stupid things" is not an option. That is how you learn.
Will this ever change? No, because there is a louder cry of 'freedom of the press' then there is of 'privacy for all people'. The reason is because those defending the first can shout louder, because they ARE the press.
Unfortunately the 'press' is not about freedom of the press. It is about making money.
Don't fight for your country, if your country does not fight for you.
Face the new reality.
Information wants to be free.
factor 966971: 966971
What we need are more clarity about laws regarding basic rights and their nemesis discrimination.
The average person in their average life does not need privacy. They need discretion from their peers and the public regarding their personal life and laws which protect their right to live how they choose without discrimination.
Yes I advocate transparency. The truth will set you free and all that...
The only people who *need* privacy are those who are a) doing something illegal or unethical and want to keep others from finding out or b) doing something competitive and want to keep their progress from their competition.
People in category (a) deserve no legal cover for their actions.
People in category (b) have a thing called security which they should implement to provide a deterrent to unwanted attention or disclosure.
Everyone else just needs to know that their insurance won't go up if they are found to practice aggressive sexual methods or that they suck at cooking and start fires on the range every other weekend trying to cook.
People will be better off when their neighbors know about their weird behavior and learn to accept it (just like those neighbors will be better off when you find out about their quirks). This is called living in a community and it's about time we got back to it instead of trying to live in isolated 'privacy' gardens where we think we're the only ones who have issues and everyone else's lives are perfect.
Think of all the anxiety and social problems this would prevent. It's hard to discriminate against some group of people when you find out that all of your friends are in that group.
A fool throws a stone into a well and a thousand sages can not remove it.
Can someone give me a non-Fox News explanation of how worried any should be worried about this? Some /.ers are privacy freaks who are so egocentric as to think that *everyone* is out to get them all the time. i'd like to hear from a non-paranoid person about the real risks involved.
i'm inclined to think that the elephant doesn't even know the ant exists, let alone cares about where i bought lunch last Tuesday.
What is the REAL likelihood that any given person would be the targeted and what is the realistic harm that someone could do? And what sane precautions should one take?
Utilizing the synergization of benchmark e-solutions to pre-workaround action items!
At least arbitrary communications can be encrypted and you can actively fight for your privacy. The bigger problem is corporatism selling your privacy as these companies operate above the law and government that supports them.
But, that's just me, I could be wrong,
edfardos
At least not for the last 433 years.
http://www.merriam-webster.com/dictionary/flaunt
* Main Entry: flaunt
* Pronunciation: \flont, flänt\
* Function: verb
* Etymology: perhaps of Scandinavian origin; akin to Old Norse flana to rush around
* Date: 1566
intransitive verb
1 : to display or obtrude oneself to public notice (a great flaunting crowd -- Charles Dickens)
2 : to wave or flutter showily (the flag flaunts in the breeze)
transitive verb
1 : to display ostentatiously or impudently : parade (flaunting his superiority)
2 : to treat contemptuously (flaunted the rules -- Louis Untermeyer)
synonyms
-- flaunt noun
-- flauntingly \flon-ti-l, flän-\ adverb
-- flaunty \-t\ adjective
usage
Although transitive sense 2 of flaunt undoubtedly arose from confusion with flout, the contexts in which it appears cannot be called substandard
(meting out punishment to the occasional mavericks who operate rigged games, tolerate rowdyism, or otherwise flaunt the law -- Oscar Lewis)
(observed with horror the flaunting of their authority in the suburbs, where men...put up buildings that had no place at all in a Christian commonwealth -- Marchette Chute)
(in our profession...very rarely do we publicly chastise a colleague who has flaunted our most basic principles -- R. T. Blackburn, AAUP Bulletin).
If you use it, however, you should be aware that many people will consider it a mistake.
Use of flout in the sense of flaunt 1 is found occasionally
("The proper pronunciation," the blonde said, flouting her refined upbringing, "is pree feeks" -- Mike Royko).
Mit der Dummheit kämpfen Götter selbst vergebens
In the end , you will find, we need harsh extrovert penalties for anyone opening our privacy up for scrutiny. Whether a court order is involved or not , the data guardian should have to fear for his and his families lives. At a court order the data could be accidentally irretrievably "lost" rather than shared. HaXoRs could be tracked down by connection and their physical address shared with the data owner. Judges who order data under their popular misconception of constitutionality should be deleted themselves. Irretrievably.
The future of privacy is in your hands. How badly do you want it? Enough to fight? Kill? How about your freedom?
Makes ya think, donut?
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
As of this post, there are only 48 comments - pretty low for a front page Slashdot article. Admittedly, this is only Slashdot, but if there was even a slight correlation with the lack of thought about the issue in the general public, that would suggest that apathy abounds on the issue and that little is going to be done about it.
Privacy is less important to people that ever. Many are more concerned with the opposite - their own celebrity and 15 seconds of fame...
Privacy is a lousy concept. If an utterance is made to another person then it is not a private matter at all. If I receive a communication from another person am I not free to make it as public as I wish?
In other words if people have their panties in a knot over potential harm from their words then don't speak or write them. The ultimate in privacy involves keeping your mouth shut.
...maintaining your privacy is becoming even more difficult as social media and cloud computing become the norm.
Cloud computing is becoming the norm in pundit tech discussion perhaps, but in the real world where I work local software still rules. Perhaps before we invest heavily on server-side processing, we should improve our ISP services to cut down on nickel-and-dime use billing and frequent disconnections and traffic shaping...
Twenty years ago, if someone wanted to look through your correspondence, they had to break into your house. Now, they can just break into your ISP.
Not in my case. I constantly (as in "every 70 seconds") download any newly arrived mail from my ISP to my own machine and then delete the copy on the server as soon as I have a local one. And I have every intention of keeping on doing this for as long as I'm mentally able to process e-mails. This way, they still don't have to break into my house again, but at least they have to break into my computer, where I can plug any holes and trace the log files.
Yes, my setup does mean that I can not easily read my e-mail when I'm not at/near home. But I honestly don't see the big need for that, even though I regularly spend the night in other locations (my dad's home, hotels during business trips, ...). And I ever were to really expect some important mail at a time when I can't be at home, all that's required is to unplug the network cable before I leave and plug it back in afterwards. Big deal.
Of course all this does not solve the mass problem of computer illiterates who use gmail just because somebody they know knows somebody who told them that - unlike Microsoft - Google surely does not mean any evil. Trouble is, that most of those people are hooked by stuff that some "computer expert" tells them to do. If we were to tell them not to use their ISP as their personal archive and tell them how to set up their system properly, they mostly wouldn't even know the difference while still being much safer. So the real problem are not the unwashed masses, but the geeky/nerdy types who like to show off how they could in theory read mail while climbing the Everest and who tell mom and dad that this is what they need too in order to be trendy.
Linux user since early January 1992.
> 'Twenty years ago, if someone wanted to look through your correspondence, they had to break into your house'
Don't know if it was 20 years ago, but that's simply not true. If you were dumb enough to not shred the stuff, the minute it hit the garbage on the curb, it was fair game. It's no different than in this case. Find (and use) reliable encryption (or whatever) and you're taking stronger steps to protect yourself - just like shredding your documents.
Bark less. Wag more.
About nine years ago, when phones started to get GPS capability, I was asking people what they thought of having their location tracked. Older people were horrified. Teenagers wanted a live map with all their friends on it.
The cell phone industry was hesitant to roll out GPS-based people tracking applications for years. Helio was the first to really do it, with their "Buddy Beacon" system. (This only worked if both parties had a Helio phone, so it wasn't that useful given Helio's tiny market share.) Now it's a common phone capability.
I don't necessarily think that we need such laws. I think that the information the 3rd party sites choose to keeps should be EASILY outlined. None of the "Privacy Policy" bullshit. Let's face it, its legal ramble. As for services we pay for... Yeah, Telephone companies should not have acess to my voicemails. Or if they do, I want to not only to know about it, but I also want to know why, and I should'nt be paying them to spy on me! (I guess if they have it in their possession it isnt really spying)
Regardless... Things won't change, I just want to know what they are keeping before I sign up.. It was my choice to sign up.. right??
It's easy to make too much of cleartext SMTP. Though I can think of attack vectors that would enable wire sniffing attacks, most require significant knowledge of some middleman network architecture. Pretty much all SMTP traffic is traveling over switches, and non-trivial to tap.
Compromising the mail server is far more fruitful. At a minimum the cleartext SMTP traffic become much more accessible. Wire sniffing is passive, and therefore a little scarier, but server compromise is likely much more common, and more dangerous.
Boy, Bruce just keeps getting paid to pump out the same old specters, doesn't he? People don't want privacy! Why? Because by giving up information about themselves, they start, or enter, conversations. The value of the information they get back is greater than the loss from what they give out, because what they give out is usually pretty trivial. The bigger concern than confidentiality is integrity. Highly social sites like EBay and Facebook have already come up with ways to verify the integrity of information you're receiving from semi-anonymous sources. Banks, etc., generally do pretty well - if they didn't, there would not be such high adoption of online banking. Medical information is the next looming crisis, and we'll probably have some problems, then they'll get sorted out and we'll FINALLY have useful electronic medical records. Privacy isn't an either/or thing. It's about control, about trade-offs, and about protection that's equal to the risk. I really don't think pictures of my vacation need to require retinal scans to view. (But maybe yours do! That's cool!)
myspace.com/johnnyfreakingcocaine
There is likely already information about you floating around somewhere on the internet that you don't control. The solution is not to stick your head under a pillow and hide. The solution is to take control and post information that you want people to know about you.
You don't have to post pictures of you naked and drunk. You can post comments about your research and technical interests. Talk about the wonderful experience that you're getting at work or in class.
Do you want the embarrassing pictures (posted by someone else) to be first in a google search for your name, or would you like comments about several different open source projects that you've contributed to to be first?
Take charge and drown out any adverse propaganda with the propaganda that you control.
un-ALTERED reproduction and dissimination of this IMPORTANT information is ENCOURAGED
IMHO, you're putting an unnecessary strain on the IMAP server of your ISP (70 seconds polling is really aggressive)... and it doesn't buy you any more confidentiality either. A "deleted" file on the IMAP server is merely unlinked, i.e. it is still present in the free blocks of said server, and can be reconstructed. Depending on the load of that server, deleted mails can remain readable many days, of not weeks and months after you've thought you deleted them.
Run your own mail server at home: it provides you with a lot more control and not just w.r.t. confidentiality. You can also fine-tune the anti-spam settings to your heart's desires. You may want to get your own domain and a static IP address though, but it's worth every penny.
cpghost at Cordula's Web.
...if I called you gay, you would understand that I am referring to your "joyful and carefree disposition"?
Language is a living, growing and changing thing.
Eventually, along the way, stroking your girlfriend's pussy in public becomes a lewd act.
Mit der Dummheit kämpfen Götter selbst vergebens
I actually do run a Linux based server and additional spam filter of my own. Works just fine, so I don't see the need for getting a static address. If my ISP ever folds, I might reconsider, but until then I just want things to work and keep on working as they have done for ages without (even one-time) hassles.
With respect to the 70 seconds: I've been doing this for about 14 years now (POP initially, later IMAP). If my ISP has an issue with it, all they need to do is contact me. They don't seem to think it's needed. For about 7 years I've done the same at my previous employer because I wanted to keep on using my unsupported Linux mail client even after they switched to Exchange. The IT group there - that I had excellent links with - never complained either.
With respect to the delete/unlink: so what? This applies to any out-of-the box system, whatever you or your ISP use. Each and every mail that passes through somewhere can end up being stored as a temporary file, even if it is just stored until it can be forwarded from one SMTP server to the possibly "temporarily unavailable" destination.
The thing with my setup is that the file is logically deleted within minutes of arriving. I don't care if it takes days to clear the free blocks. There's a world of difference between a script kiddie data thief being able to read all my 14 years of mail at the click of a button, or him having to collect and piece together the free blocks to only get a few days worth of data with holes in it.
Linux user since early January 1992.
At my age, 20 years from now, I'll be in a nursing home being cared for by a younger generation of caretakers, who have never had privacy, or have any understanding of why old people (like me) seem to be obsessed with a need for privacy. "But Mr. Robertson the webcam in your bathroom is so the attendants can look after your safety. If you fall down we need to know about that."
At work, I'd be surprised if emails routed in and out aren't stored separately from the copies you deleted for some period of time.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
you are old, when you think everything young people do are stupid.
internet changed human history, and young people growing up with it will develop their own social protocols. how can one declare that the new way of interaction is wrong?
At work I didn't care about deleting stuff for privacy reasons. After all, those mails were work related. All I wanted in that context, was being able to continue to use my old e-mail client and it so happens that the easiest way to do that was to use fetchmail to retrieve all new mail and delete it from the server afterwards. The mails were simply stored as files on my UNIX account (the whole idea was that I insisted on using the unix command line friendly maildir format for storing mails). So the mails never even left the server room and they were automatically backed up as well.
On my home box I use a dedicated IMAP server, which allows any mail client to be used, but even so I set it up to still store the mails in maildir format.
I only mentioned the use of such a setup at work as a reply to the "you might overload the IMAP server" comment, nothing more.
Linux user since early January 1992.
Some people are actually capable of reading and understanding what you (and others) say, then remembering it and acting on it. We understand that everything that we do on line has the potential to be remembered by the system, and therefore recalled at some future date. Therefore we only say things that we're willing to have recalled twenty years from now. Similarly we know that it's not impossible for someone else to read our mail, so if we want to send a private communication we write a document, encrypt it with an appropriate tool, and then transmit the encrypted version.
So, Bruce, as a journalist, you're going to have to find a different drum to beat on.
The people who haven't absorbed the message so far? Tough. They'll either learn, or fall behind economically (or politically, or culturally ; all in some fairly vague sense). At which point, they (and their descendants) might as well be dead. Tough.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
And I want a yacht. And a fast car. And a mansion.
Bruce, let's hold our breaths and see who gets what they want first.