Slashdot Mirror
Ask Slashdot: How Do You Protect Your Privacy When It's Out of Your Control?
An anonymous reader writes "A week ago, Slashdot was asked, "How do you protect your privacy?" The question named many different ways privacy is difficult to secure these days, but almost all of the answers focused on encrypting internet traffic. But what can you do about your image being captured by friends and strangers' cameras (not to mention drones, police cameras, security cameras, etc.)? How about when your personal data is stored by banks and healthcare companies and their IT department sucks? Heck; off-the-shelf tech can see you through your walls. Airport security sniffs your skin. There are countless other ways info on you can be collected that has nothing to do with your internet hygiene. Forget the NSA; how do you protect your privacy from all these others? Can you?"
...you can't. That's what "out of your control" means.
- Shame people who are doing such activities.
- Convince others that what they are doing is a bad idea.
- When all else fails, get violent.
Wear a condom. It works for me.
I'm not entirely sure that any of those things are about privacy, as any right to privacy does not extend to the right to be completely unknown.
First, you stop asking sefl-defeating questions. The question is not "how do you protect privacy when its out of your control", it's "how do I control things in order to increase my privacy" You ask how to maintain your privacy when your friends all have cameras, why do you have friends that pull out a camera at the drop of a hat again? You ask about protecting personal data that's collected by banks and companies that have horrible IT, why are you doing business with them again? Your privacy is literally your own business, and if you don't mind it, someone else will.
Just because you're paranoid doesn't mean they aren't out to get you
The premise of the question implies "How can I keep doing everything I'm doing right now but 100% maintain my privacy?". That's a dumb question. Look at the assumptions--how do you maintain your privacy when all your friends take pictures of you all the time and share them online? Gee whiz, how about asking your friends not to take pictures of you? Or consider whether being a socialite and a party animal is compatible with your aim of privacy? How about when personal data are stored by banks? Maybe you should consider reducing the amount of data you give to banks to begin with. Airports? Consider not flying.
The problem is that making these lifestyle changes actually involve giving things up, which no one wants to do. If you want a quiet, private, contemplative life lived independent of others then make such a life for yourself. If you want to be an interconnected urbanite who takes full advantage of globally connecting technologies, there's going to be a degree of privacy loss.
I like privacy and I donate to the EFF and I'm for reforming all of the above scenarios to give users more control of their privacy. But given that those reforms haven't happened and the problem is getting worse, at some point you have to change your own behaviour and consider if the goodies you get exceed the value of the privacy you're losing.
How Do You Protect Your Privacy When It's Out of Your Control?
You give it up with a smile and don't, or you hire lawyers.
If you want news from today, you have to come back tomorrow.
I don't believe that technological privacy is achievable, and I'm skeptical that it's valuable. Whether cryptography actually works (an interesting mathematical question in itself), cryptosystems fail fairly often. Even when they do work, to truly be untraceable or private with them you have to effectively opt out of commerce. Don't logon to anything when you're using Tor, kids; also, don't use Google, since they can always watch your referer tags and see 3/4 of your pages that way. The problem with privacy as we normally talk about it is that it is extremely fragile -- what we've historically taken as 'privacy' was really laziness -- going back to my example from the detective firm above, all this information was already there, it was just split into a couple of dozen different archives and databases. Beforehand, it took time and effort, so you had privacy because unless something was really important, it wasn't worth the effort of searching. Now, it's very easy to record and archive, and we've been focused for many years on making recording and archiving easier, and we elect to be recorded and archived in order to participate with other people -- bank won't serve you if you're wearing a ski mask, visit vegas and you'll see that any table game has very specific gestures and rules to make what you're doing camera-friendly, want a loan you need to have a credit rating.
So, privacy has to be implemented, which means its going to be a combination of legal, technical and social elements. Technical in the same sense as breaking and entering -- the definition of B&E is that the breaker has to make -an- effort, regardless of how trivial. Lifting a latch is considered B&E, and similarly you need some indication that you're trying to achieve privacy. Legal in the sense of limiting the consequence when your privacy is breached.
Heck; off-the-shelf tech can see you through your walls.
If you actually read the article you linked, you could find out that it's custom made hardware made from components which may be used in a wi-fi device, that's not the same as off-the-shelf.
FTFA:
"All the components we use are ones typically used in a Wi-Fi handheld device," she said.
Wi-Vi transmits two Wi-Fi signals, one of which is the inverse of the other.
Off-the-shelf stuff can't do this, but with components similar to that you can.
This sig is intentionally left blank.
Oh, one more thing.
If you can't make money fighting the system, you certainly could make some by maintaining all of these electronic / computer gizmos.
Again, you folks just have to start looking at the bright side of things.
After all, nothing from nothing....
Faster! Faster! Faster would be better!
Using cash is a start. Not far beyond that is switching buses constantly and hiding your face from cameras; pretty soon you're milking your own goats.
gain 120lb and be as unattractive as I can?
Can you pass me the deep fried butter stick in bacon wrap and the cheese dips please? I can't get up from my couch.
The only thing to do is to use misdirection and misleading information to those that collects data if you can't bounce them with stuff like AdBlock or do not call registry.
Always buy zip-ties and vaseline at the same time. If someone asks - then buy some candy too and tell them that they don't want to know.
Zip-ties are great when doing some work on your car, vaseline protects electrical connectors and candy is there to keep the blood sugar up for those times when you have been working on the car for too long without food.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Change your name to John or Jane Smith. If someone tries to search for your info, they will be literally flooded with false positives. Sometimes I wish I had a common name like that.
This means no cell phone, no computer, no credit cards,
no bank accounts, and no fixed address.
It can be done, but few are willing to actually do it.
This article is not even going to be read or commented on by
people who are protecting their own privacy, because they will
never see it or care about it.
Not give information out. Keep it to yourself. With or without technological aid.
The individual trying this out either has to lie a lot (give false information) or risk standing out. That is, in the current environment.
To make this possible we need our systems (in the broadest sense of the word, so a government keeping records is a "system") to change the working assumptions. For many things you still "need" to give your name when in fact there is no need intrinsic to the function, only convenience, usually for somebody else, like law enforcement. This "convenience" carries risks itself, so it is long term all around better to get rid of it.
How you'd do this? Well, change the assumptions, change the laws, change how we organise things. Only after that does technology come into play.
And that technology? Authentication systems that aren't inevitably tied to just one possible identity per person and certainly not systems depending on some selection out of a small number of possible passwords per person with no redress possible, and also not systems that depend on a limited subset of "identity providers", reducing everyone else in the system to second class citizens.
Come up with designs that address those, and more shortcomings, that empower instead of subjugate. You might even consider deploying DRM around packed-up identity information, giving control back to the owner. Better yet, don't give the information away at all, for example using zero knowledge proofs. There are plenty of tricks ("technologies") and we are employing far too few of them.
Even the simple act of not requiring everyone to use the same database key for completely unrelated databases is, so far, too hard, and that needs to change. I could go on, but this ought to suffice for now.
While there is no single silver bullet, there is a clear general direction how we need to change our current systems, how we need to change our very thoughts and assumptions to keep a tenable society. Notice that everything so far governments and corporations have produced and are producing, fail at the very first of assumptions. A good case in point is "NSTIC", who were warned of these issues yet, as is evident in the design, chose to ignore the warnings.
There are truly out-of-control entities, such as criminal gangs, but most snoops have to obey laws, and if they are businesses generally chose to do as a cost-avoidance strategy (;-))
This large group of commercial snoops are currently trying to capture as many unhappy people as they can, and within a few years are in line for a harsh slapping about from enraged politicians: see the UK for a picture of what happens when newspapers crack people's cell phones. Now imagine what response you get when they start losing snooped credit card numbers.
Amex is already sensitive to this and related problems seen by their customers, and will issue short-term and single-use credit card numbers for transactions with doubtful merchants. I have every expectation that they will be asked to offer "avatar" cards, and after hemming and hawing, will issue me a card in my pen name, after taking some steps to make sure they can't be blamed if I'm the crook, not the merchant.
Given that, I'll have an avatar on steam with the ability to buy and sell things without exposing who I am. People named "John Smith" already have lots of avatars, all of whom think they're the real John Smith. This will do nicely for anything on-line or credit-card-centric.
Physical presence and photos are a different problem: we have weak laws about what used to be called "database matching", and we may need laws against keeping photos of me paying with a credit card any longer than it takes for the credit to clear. Of course, if I "pay" with a shotgun, I have to expect the pictures to be kept until they're thrown my ass in jail (:-))
Retaining data, and using it without the permission of the person who provided it has been a problem since the printing press was invented. Public libraries found that the were being asked for patron's reading histories, and created the now common policy of retaining the patron-book relationship only until the book was returned or replaced.
Private photos and lifelogs are harder to manage, but less harmful, as there are so very many of them, and are private to that person...
--dave
davecb@spamcop.net
1: Put your cash in a safe and buy a few guns. Hackers and Banksters can't steal it if it's in a safe. Additionally thieves are probably going to pass by a well-hidden safe bolted into the furniture or house structure. If you're scared of a corrupt police force, hidden camera's can be installed anywhere.
2: There are several identity-wipe services available online to take you off of sites like Pipl or Spookeo. Engage them; if you're afraid of identity theft this helps, if you're afraid of psychotic boyfriends, it helps even more.
3: If you don't want your purchases being tracked, pay in cash.
4: If you're going to buy something unsultry online and don't want to be tracked, use pre-paid credit cards bought with cash.
5: I somehow doubt the NSA is buying enough disks to store a decade's worth of internet traffic, but if you're afraid of that, hidemyass.com and proxomitron, or use good proxying agents.
6: Use multiple identities when working online, don't let them cross over to each other.
7: Make sure you have a strong, easily findable professional profile online if you need one. Linked-in is good for this.
8: Use a password Vault for online profiles that use long passwords. Change the passwords to your online accounts once per year. Backup your vault regularly to encrypted flash or optical disk. I use WinZIP with AES256.
9: Employ Disk Encryption and regularly backup your data to an in-house NAS system.
Q: How do you protect your ass-cherry from prison rape?
A: don't go to prison.
Do you even lift?
These aren't the 'roids you're looking for.
Most of the submitter's issues stem from inadequecies in the law. Drones, CCTV etc. can't really be fought with technological measures. Outlawing invasive behaviours (or having strict rules over their use) seems the only option.
Yes, our technology enables easy mass surveillance. Does that mean we simply accept it? Do we accept a future where those with the most technology and money simply do whatever the fuck they want? That seems to be the conclusion of a lot of people.
It's a long shot, especially when government seems so authoritarian and adversarial to the populace, but I'd suggest it to be the only solution.
If well it may be pretty hard or near impossible to get 100% privacy, trying to get as close as possible (or at least, at the point you draw the line) worth it. And that is a process, not a static destination.
And for the TSA, lead condoms with scrotum wings.
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Like this:
http://users.commspeed.net/guzzi/images/aluman.jpg
(http://forums.radioreference.com/attachments/general-scanning-discussion/13425d1201360481-aluminum-foil-protective_suit.jpg
There's something to be said for blending into the background, being "down in the noise", not being whomever they're looking for. Pay cash when possible. (It's still allowed, although maybe not for too much longer.) Be less distinctive in appearance. Build up a really boring persona. Don't make it worth anyone's time to follow you.
Practice safe computing. I think this is probably more important than CCTVs everywhere. Don't open or click on anything unless you know exactly what it is. If you must do porn or warez, do it on a virtual machine, not the same one on which you do your banking and pay your utilities.
Beware of social engineering. It works so well that I would be really surprised if it were not used as a surveillance tactic.
But in general, just be uninteresting.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
I think the problem for many people is that the privacy horse left the barn a long time ago; you'd need a time machine to send yourself a note in the past telling yourself to implement procedures and countermeasure back then so that you'd be protected today. Much like the Internet doesn't forget, neither does the databases of governments and corporations; once they've got information on someone, they're not going to delete it, ever. The goal would have been to prevent any information about yourself being collected in the first place.
Going forward, I'm not sure how much damage control can be done. In the real world (i.e. non-internet), there are places where you simply must use your real name and real information, and there's nothing you can do about that. If it's interaction with government agencies, well, we've all collectively screwed the pooch a long time ago in that area, and thanks so much to so many people who voted away our rights to privacy for hollow promises of "security" that nobody can realistically deliver.. but I digress. Limit your exposure/interaction with government agencies as much as possible? Best I can do there. It took decades to dismantle privacy in this country, and it'll take decades to recover it. Banking/financial institutions, legal matters, entering into contractural agreements with any company or corporation (even something as simple as wireless service)? You've got to use your real name and information for those; best you can do there is to be sure who you're dealing with, and see some legal disclaimers in writing that state what your collected information will be used for. Things like "rewards" clubs (Safeway, Walgreens, etc) and organizations like Costco and Sams Club? Someone may correct me on this, but even something as simple as a Safeway rewards club card is entering into a legal contract with Safeway, and I believe that there must be a privacy agreement associated with that, which (believe it or not) people who work at Safeway may never have even seen; just accepting the card itself could be considered your consent to terms of a contract and privacy (or lack thereof) agreement that you never knew existed, and it may well entitle Safeway to collect information on you and your purchasing habits that they otherwise aren't legally allowed to do; same goes for Costco, Sams Club, etc. Healthcare companies? HIPAA is supposed to protect you, but yes the devil is in the (implementation) details, isn't it? They can claim they're HIPAA compliant, and that you're 100% safe, but they can also completely bungle everything (like we've all read about in the news more than once in the last few years) and some asshat scammer has your (and 100,000 other people's) very personal, private data. If someone else has an idea what you can do about this, I'd like to hear it; all hospitals and doctors offices collect data on you in order to treat you medically; I suppose you could insist they keep no records of you, and instead put everything on a flash drive you provide for them -- except most hospitals have IT policies against using portable flash drives for anything. Keeping your friends or strangers from taking pictures of you and posting them somewhere? Speaking from experience, you may have to go so far as alienating some of your friends and acquaintances, who may not share your views on privacy, and think that you're just being a jerk for no reason. Also, how can you control the actions of others? You can't. Airport security/TSA scrutiny? Don't fly anywhere. Rally to the cause of people who want to dismantle the TSA, write your congresscritter, sign petitions, etc. to make the TSA go away, or at least get reigned in to the point where they're not on track to become the Secret Police.
There are too many things going on this this world for me to address here. The best advice I can give is to stay aware and not stick your head in the sand. It seems like every day there are more and more instances of some government agency or corporation making free with people's privacy. Telev
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
It is not possible to protect your privacy anymore. However you may be able to find the source of a leak and take legal action. Keep a ledger and put one piece of data on every site that is different and record when and where you did that. For example if you put data that says you earn $75.500 per annum on one site and that number crops up elsewhere you can know who leaked it. You can also spell out a supposed middle name unique to every site. If the initial of your middle name is A then be Alfred on one site and Albert on the next. Your birth date can be one day different across many sites. One day you may get mail or a phone call that returns a bit of false data. Then get your lawyer busy.
Of course, keeping personal information entirely secret is the best means of control, but in the modern world, complete secrecy is getting more and more impractical.
It's not just impractical; for most people, it's undesirable. You can't interact in many useful ways with people or organisations you'd like to collaborate with unless you inherently give up some degree of personal information. That "loss" of privacy isn't in itself a problem for most people, because it's done willingly and typically for mutual benefit.
The problems usually start when others get hold of the information, or when information that was willingly shared for one useful purpose then gets reused for something else. Technology makes both of these possibilities increasingly easy, but as always that technology is ethically neutral.
IMHO, what we need is to establish standards of respect for this kind of personal data, where it's not socially acceptable to share potentially sensitive information about someone without their knowledge and consent. Just because technology means we could do something, it doesn't mean we have to, any more than I have to drink five pints this afternoon and then drive home at 90mph past the park where your kids are playing just because I have money and a car. The common idea that you can't solve social problems with technological measures applies.
Where necessary, those social norms then need to be backed by force of law, so that organisations with contrary motivations such as businesses and governments are compelled to comply as well.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
well you could start by lobbying with some laws to limit db's about persons.. start by catching up to the eu laws on it.
which is really the answer to the question: by political action.
world was created 5 seconds before this post as it is.
Indeed, I slept through your post and missed it.
I know it's difficult when there are so many people who don't give one tenth of one fuck about anyone but themselves, but build a better society, one in which we aren't all looking up each other's arseholes with flashlights unless we're doing a rectal examination. Do anything you can to make the world a better place, and that will have the long-term effects of reducing surveillance.
You also have to convince at least two other people to do the same, if you really want this to take off... And them, as well, and so on. Eventually, that requirement can be eliminated.
Now, if we can just agree on what we should do...
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
You can start by decreasing the amount of data you give away, for free. A second step would be to start reading the EULAs, Ts & Cs, and other annoyances that come between you and ACCEPT and make wiser decisions about which ones you choose. You can falsify some stuff with impunity (does that website really need you phone number or address - or will any random selection of words and numbers do) and you can start using cash again and having multiple bank and credit card accounts (but don't veer into the world of fraud). Just be aware that you'll never shake off the determined tracker / stalker, but hey: you don't have to make it easy for them, either.
Other than that, cultivate a nickname, nom de plume, start using your mother's maiden name, or just become known in all your social circles as JACKSON. You could also make sure you give your children very, very common names - rather than trying to be unique (like everyone else), so that name searches will throw up so many hits that hand-checking is impractical.
Apart from that, make sure you have several varied social media accounts (if you really must have any at all) rather than just the stipulated one - and grow a beard, if you can.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
I doubt very much that most people had much in the way of "privacy" through most of history. Your average Joe in a tribe or village ... well, his neighbors knew what he was doing, and who with, approximately all of the time.
I happen to like the brief window of modern higher privacy that we had, don't get me wrong ... just saying that it was something of an aberration.
If we are going to be in fishbowl, the big fish should also.
Apparently the mods disagree. They'd rather carry on with this little charade. They don't see that every anomaly and 'disturbance' is recorded and can be traced to a source. It is so naive to believe that there is any 'privacy'. The only argument left is what can be done with the info. Right now we give it too much power to too few people. So I'm always for those who can leak it all. Time for those who make the rules to feel the pain.
“He’s not deformed, he’s just drunk!”
Is it worthwhile to use baseballs caps and dark glasses to foil face recognition technology?
which is really the answer to the question: by political action.
Actually as I see it the real problem is convincing enough people that the whole thing matters enough for them to get involved politically over it.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
What you could do is set up penalties for data loss, but since there is little difference between corporations and government and it benefits them to leave it all exposed you will never be able to bottle this genie again IMO.
One thing I made for public cameras was my old hoodie with a with a mesh fabric drop down, so it acts like a veil in front of the hoodie but can still be seen through and put away.
I'm not actually that worried about it yet but we got to talking and started trying stuff... I doubt it work against thermal imaging.
"If any question why we died, Tell them because our fathers lied."
Wear a mask. Not a Halloween prop or anything, but a medical mask, as you would wear when you are running a cold or something. No, it won't really prevent automated face identification, but it will prevent any casual recognition or incidental appearances in other people's online albums.
As a bonus, if you do happen to carry a cold or the flu at the time, you're also helping prevent the spread.
Trust the Computer. The Computer is your friend.
What's out of control is the controllers. Can't balance a checkbook, can't stay out of trouble, can't hang around normal people, always looking for a fight with the wrong people. It's all fun and games till someone loses an eye.
The mind conceives, the body achieves, the spirit manifests.
Very good point fust. Its like Poland or East Germany, Soviet Union or Russia - you know the protest is been filmed. You know the secret intelligence services will catch up with you in their own time.
If they cant turn you into an informant you face ~'protesting' charges and conviction.
The optics of been seen protesting leak out and the official lies about events become news.
Domestic spying is now "Benign Information Gathering"
Stay away from the tame US companies - change to 'white' box hardware. Read up on the people who where correct over many years and rethink the academics and trusted coders pushing US brands.
Open source OS, not on a big US brand file system would help with any malware been sent down to your computer.
Beyond that its back to open time pads and a computer version of number stations.
Domestic spying is now "Benign Information Gathering"
Don't use banks (use credit unions). Don't use credit cards (use cash). Don't use Facebook. Don't use Google. Don't buy shit online. Don't buy cable TV.
Do that, and you're 90% of the way there, in my opinion.
I don't respond to AC's.
The NSA scrubs every phone call made anywhere, yours, mine, everyones. Privacy is a luxury of the past.
For what little it's worth, I agree with almost everything you said there. I don't think we're quite as stuck with "micromanaging" our kids here in the UK yet -- there are still enough of the older generations around to point out when parents are being overly protective and provide a degree of social/political acceptability -- but unfortunately the "fear everything" culture our governments and courts and schools seem determined to push on everyone is relentless.
Personally, I intend to ignore them anyway and teach my kids to be independent and responsible on their own, just as I'd stop to help a child who was hurt regardless of whether some jobsworth might look at a camera and think I was up to no good because of their rampant paranoia. It's the right thing to do, and I'll be damned if I'm going to raise kids who are afraid to go out of their own house or refuse to help someone else's kids who need it just because politics.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.