Wednesday, December 21, 2011

Insect-Sized Drones as Catalysts of Tough Privacy Law


Frankly, I find the reasoning tenuous. Their thesis is that the appearance of tiny flying vehicles bearing cameras that could peek at you when you are naked in the bathroom will cause enough outrage that tougher privacy laws will be passed.


The Drone as Privacy Catalyst
http://www.stanfordlawreview.org/online/drone-privacy-catalyst

Could Domestic Surveillance Drones Spur Tougher Privacy Laws? 
http://spectrum.ieee.org/automaton/robotics/military-robots/could-domestic-surveillance-drones-spur-tougher-privacy-laws

Typically, there are enough people who want to see information on other people that legislation prohibiting violations of privacy could have a difficult time being passed. "The intent of such surveillance is to catch criminals," they say. It would also be a difficult law to enforce.

Still, what will celebrities do in such a world? When the paparazzi get their pictures from swarms of tiny cameras, what defense will a public figure have? It would seem nearly impossible to hide from all such cameras.   

Robots and Swimsuit Models
Posted by at No comments:

N.C. Officials Believe Skill Should be Punished


The logic seems very tenuous:  Kevin Lacy of North Carolina believes that someone should be prosecuted for practicing engineering without a license, even though no representation was made that would require license credentials.

N.C. Official Sics License Police On Computer Scientist For Too Good a Complaint
http://yro.slashdot.org/story/11/02/03/2044211/nc-official-sics-license-police-on-computer-scientist-for-too-good-a-complaint

Citizen Activist Grates on State
http://www.newsobserver.com/2011/02/03/964781/citizen-activist-grates-on-state.html

In other words, Lacy is saying that the creator of the traffic report should be prosecuted because his work was too good.
Posted by at No comments:

Stolen Credit Card Markets; Passwords; Usernames


Stolen Credit Cards Go for $3.50 at Amazon-like Online Bazaar
http://www.bloomberg.com/news/2011-12-20/stolen-credit-cards-go-for-3-50-each-at-online-bazaar-that-mimics-amazon.html

The science of password selection 
http://www.troyhunt.com/2011/07/science-of-password-selection.html

How Your Username May Betray You
http://www.technologyreview.com/web/32326/?p1=A4&a=f

Posted by at No comments:

RIAA Says "It wasn't us! Somebody hacked our IP address!"

TorrentFreak reports that RIAA is using the same excuse that people it prosecuted used to claim that they didn't download copyrighted movies from Torrent.
https://torrentfreak.com/riaa-someone-else-is-pirating-through-out-ip-addresses-111221/

Previously, TorrentFreak found that Homeland Security, Fox, Sony, and Universal had downloaded material.
http://torrentfreak.com/riaa-and-homeland-security-caught-downloading-torrents-111217/

The irony, hypocrisy, outrage is all clear and obvious. If you would like to check the results yourself, you can always try You Have Downloaded.


Everyone is Watching Your Torrents
https://thunked.org/general/everyone-is-watching-your-torrents-t189.html
Posted by at No comments:

Friday, December 16, 2011


Major media companies discovered pirating. See below.

Amazon Granted Location Tracking Patent
http://yro.slashdot.org/story/11/12/14/1354245/amazon-granted-location-tracking-patent
Amazon Big Brother patent knows where you'll go
http://www.cbsnews.com/8301-505124_162-57342567/amazon-big-brother-patent-knows-where-youll-go/
Sony, Universal and Fox Caught Pirating Through BitTorrent
http://yro.slashdot.org/story/11/12/14/0632236/sony-universal-and-fox-caught-pirating-through-bittorrent
Judge Orders Man To Delete Revenge Blog
http://yro.slashdot.org/story/11/12/14/0439226/judge-orders-man-to-delete-revenge-blog
Wikipedia Debates Strike Over SOPA
http://news.slashdot.org/story/11/12/14/0615207/wikipedia-debates-strike-over-sopa
Carrier IQ Responds To FBI Drama, EFF Wants More Information
http://mobile.slashdot.org/story/11/12/13/2347241/carrier-iq-responds-to-fbi-drama-eff-wants-more-information
24-Year-Old Asks Facebook For His Data, Gets 1,200 PDFs
http://yro.slashdot.org/story/11/12/13/2321224/24-year-old-asks-facebook-for-his-data-gets-1200-pdfs

Note to Sony, Universal, Fox, and other media companies:  The concept and name "I Own All Information" are protected under copyright, design, and trademark law. Re-posting, copying this blog in part or in concept, or otherwise misusing this original creative material will be considered theft and will be prosecuted under U.S. Federal law and international laws, including the DMCA as applicable.
Posted by at No comments:
Labels: , , , , ,

Tuesday, December 13, 2011

The Worst Passwords

Don't use 'monkey', 'Lovely', or 'princess'.




Posted by at No comments:
Labels:

A Grab Bag

Scammers Work Around Two-Factor Authentication With Social Engineering

Download.com Bundling Adware With Free Software

Apple to Samsung: Don't Make Thin or Rectangular Tablets or Smartphones
Apple says, essentially, that you can't make a smartphone or tablet.

Digital Face-Swapping Getting Cheaper
In other words, get ready for photographic evidence that can be fabricated to suit any thesis.

Multi-Target Photo-Radar System To Make Speeding Riskier
Watches four lanes at once, 32 vehicles at once, records speed and license plate.

DARPA to detail program that radically alters security authentication techniques
Going beyond passwords.

FBI takes out $14M DNS malware operation

DARPA gets serious with Internet security, schmoozes the dark side
Describes the DARPA Cyber Analytic Framework, and points out that most exploits average only about 125 lines of code.
Posted by at No comments:
Labels: , , , ,

State-Sponsored Info Control and Hacking

Tunisia Can Alter E-Mails With Big Brother Software
Reporters say that Tunisia's was a kind of test and the technology, sold by European companies, could show up "in other places."

China-Based Hacking of 760 Companies Reflects Undeclared Global Cyber War
Long article, goes into some depth, and covers a lot of the industrial espionage conducted by China.

Indian Minister Seeks To Censor User-Generated Content Online
His demand is for worldwide censorship.

Posted by at No comments:
Labels: , , , , ,

Wednesday, December 7, 2011

"I prefer my photos better than reality, please"

I missed this when it emerged in March, but it is still amusing. Panasonic is introducing a camera that makes you more beautiful than you actually were. According to the Slashdot article:

Panasonic Launches Beautifying Camera
...'According to data we've acquired, around 50 percent of our digital camera clients are not satisfied with the way their faces look in a photograph,' she said. 'So we came up with the idea so our clients can fix parts they don't like about their faces after they've taken the picture.'

Holy smokes, only 50 percent!? I wonder if there is any variance between the genders in those statistics...
Posted by at No comments:
Labels:

Creepy Keepers of the Keys

The arguments for surveillance generally are about catching more crooks. The arguments against are that the practitioners of surveillance cannot be trusted; that they will break the laws themselves, and then use their privileged access to avoid punishment. At this point, I'd almost write "well, duh!" But then I can't count the number of times I've seen some comment posted on an article where the writer is voting for more surveillance without a whisper of concern for the "who watches the watchers" problem.

IT Pros Can't Resist Peeking At Privileged Info
26% of IT staff admit to using their privileges to view confidential data. That is the percentage that would admit to it.

GCreep: Google Engineer Stalked Teens, Spied on Chats
A Google staffer, no less, with the mission to "not be evil" was nevertheless. Quote: "...SREs are given unfettered access to users' accounts for the services they oversee..."

Government Spying on Itself
Usually this kind of article (if found on someplace other than IOAI) would have a link about some nefarious Government plot to read our emails. And maybe that will show up in the future, but this time, the paranoids out there in media land goofed(!):

New US Government Project To Monitor Electronic Communication

COULD THE U.S. GOVERNMENT START READING YOUR EMAILS?

These articles are reporting on PRODIGAL, which is created by Georgia Tech for the U.S. Government. What's lost during the fireworks and outrage, however, is that PRODIGAL is designed to spy on internal Government computer networks. This is an actual case, if the story is correct, of an informational organization seeking to reinforce probity through active surveillance of itself. In other words, this is a mole-catcher. And the media reports are badly inaccurate in tone.

Moral: Not everything about privacy and surveillance is gloom and doom. The PRODIGAL story is not exactly a lullaby that will help you sleep better, but it is a step forward and upward.

Posted by at No comments:
Labels: ,

Facebook Keeps Shadow Profiles on Non-Users

This article started out as a report on the supposed shadow profiles that Facebook keeps on non-users. The arc of the story is clear: Some people choose not to have Facebook accounts because they don't trust the company or its web site, but if Facebook keeps secret data caches on non-users then it is up to something more than just providing a service. Here are some of the stories:

Facebook Is Building Shadow Profiles of Non-Users

and the actual document of the complaint:

Facebook Building 'Shadow Profiles' of Non-Members, Experts Allege

Facebook is 'building shadow profiles of NON-users', says complaint to privacy watchdog

[Whoops, that was two Murdoch links back to back. Here is an independent voice.]

Facebook Ireland accused of creating 'shadow profiles' on users, nonusers

Of course, Facebook says that it is not keeping profiles of non-users. It does admit to keeping names and emails and linking them to people who are users.

Facebook denies “Shadow Profile” claims; Risks €100k privacy fine

I started thinking about Facebook's claim. If they only keep name and email, that is more than most us would like, but it could be a lot less than all the rest of these background investigation sites have:

pipl.com
www.intelius.com
www.spokeo.com
www.peoplefinders.com
www.anywho.com
www.whowhere.com
www.zabasearch.com
www.peoplesmart.com
www.beenverified.com
backgroundsearch.com
www.peoplerecords.com
www.backgroundpi.com
www.snoopstation.com

Every single one of these sites keeps a "shadow profile" on millions of people. So is Facebook any worse? Or should we be just as alarmed at spokeo or pipl or snoopstation?

One thing that is different is that Facebook keeps social network data. Spokeo may not have any links data connecting Smith with Johnson. Or they might. But we know for sure that Facebook does, and that its plans for using network data are more sophisticated than what we've seen from the public records publishers in the past.

Posted by at No comments:
Labels: , ,

Another Facebook Spill

The funny thing about this one is someone used the exploit and then showed photos from Mark Zuckerberg's own account to prove that the exploit worked.

Facebook Flaw Exposed Private Photos

There are dozens of news reports with this story, from CBS, Perez Hilton, Slate, Forbes, Times of India, NY Post, slashdot, The Age, PC Mag, and the list goes on and on.

Just search for "zuckerberg private photos" on Google.
Posted by at No comments:
Labels: ,

Sunday, December 4, 2011

CarrierIQ: The Saga So Far

What keeps this blog hopping is that there are so many violations of privacy expectations these days. That means I can barely keep up, and you can read about the details from many other sources that have better information than I do. Here is my collection of articles and links about Carrier IQ and its spat with the cell-phone-using public.

Background: Trevor Eckhart discovered a piece of software (a rootkit?) installed on many Android, Blackberry, and Nokia cell phones that records keystrokes(?) and records just about everything that happens on that phone. When this news became public, Carrier IQ issued a cease-and-desist letter to Eckhart. The tech-savvy community took this as confirmation that everything Carrier IQ was accused of doing was true.

Carrier IQ: Most Phones Ship With "Rootkit" (11/16/11)

Carrier IQ Tries To Silence Security Researcher (11/22/11)

Cease and Desist Letter Sent to Eckhart by Carrier IQ (11/16/11)

More on Carrier IQ (11/15/11)
Analyzes and extrapolates on the emerging data, pointing out that phone company employees would then have extremely good intell that could be used for home invasions.

Carrier IQ Relents, Apologizes (11/24/11)

Their press release (11/23/11):


How Carrier IQ was wrongly accused of keylogging (12/2/11)

Carrier IQ Drama Continues (12/3/11)

So what's going on? Carrier IQ has pointed out that if anyone is recording anything, it is the carriers, who have control over the data stream.

Interestingly, in the CNET article above, they say "...AT&T's statement, which merely says that Carrier IQ is used in accordance with the company's privacy policies." To me, this sounds like a paper wall between the public and spooky surveillance. What AT&T is really saying is, "we don't look at unless the Federal government shows up and tells us to give your data to them."


Posted by at No comments:
Labels: , , ,

Just Plain Spooky - A Links Collection

Feds Warrantlessly Tracking Americans’ Credit Cards in Real Time
This is about a year old. The Wired site has a full DOJ PowerPoint presentation. Aside from being spooky, this is a problem when fitted together with the "all data spills" concept. That is, if we assume that Fed personnel are human, and therefore subject to little side deals and payments, then this data leaks out to "unnamed third parties" continually.

Canon blocks copy jobs by keyword
Using OCR, plus I assume other means, Canon's Uniflow 5 system can read the content of documents being scanned, printed, and copied and record the existence of trigger words or even block specific functions.
http://www.itnews.com.au/News/235047,canon-blocks-copy-jobs-by-keyword.aspx

Cookies on Your Computer That Last Forever
Hackers have been working on making tracking cookies that cannot be deleted. This is a holy grail goal for both marketeers and spy agencies. (No difference!) Warning: If you go to this URL, they may place a tracking cookie on your browser (and computer) that you may not be able to get rid of.

'Pre-crime' Comes to the HR Dept
A company called Social Intelligence is scraping your Facebook, MySpace, Google+, LinkedIn and other posts and building a case file that will be sold to companies that want to judge whether you will be a fit employee.

Black duck eggs and other secrets of Chinese hackers
Plain old industrial espionage, yum yum. I think this is pretty much the epitome of the undeniable tell. China, you can't deny that black duck eggs would be available in that tiny town! Dead give away!

Full-Body Scan Technology Deployed In Street-Roving Vans
American Science & Engineering, based in Billerica, Massachusetts, makes the Z Backscatter Vans ("ZBV") that can be used on any road and used to peer through building walls. (I wonder what the medically-indicated maximum dose of X-ray radiation from these things is? How long until the surveillance is so regular that cancer rates go up?)
Posted by at No comments:
Labels: , , , ,

Intellectual Property Conflicts - A Links Collection

Nintendo's 3DS Terms of Services seizes ownership (copyright) of all things you write.

Some doctors and dentists are requiring that you assign your copyrights to them.

Dropbox officially stated that information you uploaded could not be read by them, but actually, it can.

Slashdot reports that California thinks it can copyright its laws. (Sorry, I know this is old. But it is still a great candidate for this category.)

CarrierIQ is deserving of an article all by itself, but in the meantime I'll tide myself over with pointing out this: If keylogging is occurring, then CarrierIQ is violating copyright law, because the text typed by a user is automatically copyrighted upon creation. Further, any text that is "interesting" to CarrierIQ or its clients would, by virtue of being "interesting," have value; by having value it automatically self-strengthens its copyright.

Posted by at No comments:
Labels:

Thursday, December 1, 2011

Today's Perspectives

From TechDirt, an interview about SOPA et al

China Newspaper Says Cyber Hotline Needed

News Corp Hacked U.K. Govt?

DuQu Team Stayed a Step Ahead of Investigators


Posted by at No comments:
Labels: , , ,

Thomas Jefferson on the Ubiquity of Ideas

Today's thought is lifted from a May 2007 TechDirt piece, and is a quote from Thomas Jefferson:

If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it. Its peculiar character, too, is that no one possesses the less, because every other possesses the whole of it. He who receives an idea from me, receives instruction himself without lessening mine; as he who lights his taper at mine, receives light without darkening me.

Posted by at No comments:
Labels: ,

Tuesday, November 29, 2011

I Want to Know What You're Thinking

Posted by at No comments:

Malls Are Tracking Your Cell Phone

Malls in the U.S. have installed systems that track shoppers by their cell phones. Customer movement data is then shared with retailers in the mall.


Although the official explanation of the system claims that the data is anonymous, there are many ways to attach names to the data, including use of face recognition software that malls and retailers also have installed.
Posted by at No comments:
Labels:

Imagining an Open Source Eye in the Sky

In the past, intelligence agencies had the tough job of collecting and aggregating data fast enough and with sufficient relevance that they could have an impact on the decisions regarding the targets of their collection. With the advent of computers, all of that correlation and cross-referencing got a lot easier. With the internet, data sources became enriched, and with modern software and hardware systems, the interfaces to that data have become more natural and powerful.

Businessweek has written about Palantir, a system that aggregates data for anti-terror surveillance.

The history of computers has shown that computing capacity always grows to the point that what used to be affordable to only major corporations becomes affordable to individuals. Today we carry around smart phones with the processing power that entire mainframes possessed in the 1970s. Desktop computers in 2011 have more power than supercomputers of the 1980s.

In addition, the open source world has proven that it can generate powerful software that supplants, replaces, or exceeds commercial applications. Where there is Matlab, there is also Octave. For Excel, there is OpenOffice. For Oracle, there is MySQL.

The next logical step is for open source data aggregation software with capabilities like those inside the three-letter agencies in the U.S., but used and operated by individuals or small organizations. A crowd-sourced intelligence net could field an enormous number of sensors. Most of the pieces of the software have other uses, so it is unlikely that development would be halted from lack of interest. And there are certainly enough people who want surveillance abilities of their own that the audience for this kind of software system exists.

When? Perhaps by 2015. Certain pieces will emerge in 2012. The capabilities for aggregation will grow a bit at a time, with data sockets for spill sources like Facebook, AOL, and Google+.

At the natural maturation point, the open-source software for surveillance data aggregation will match in quality and capability what is supplied to the Government by contractors.
Posted by at No comments:
Labels:

Data Leakage From Official Sources

One of the arguments for ubiquitous spying is that it will catch criminals and keep data held only by government organizations. An argument against this would be that data will leak from those same organizations, so that there really isn't any privacy once such spying starts.

Here are examples of leakage:

New Jersey DMV Employees Caught Selling Identities

Sony offers identity theft protection, little news on PSN relaunch

UK military laptop theft exposes thousands to risk of identity theft


Posted by at No comments:
Labels:

Help! I Need More Randomness in my Life! (Methods of Generating Passwords)

Here is a handy web site that will generate random sequences of characters. You can put in the character set you want to use (default is lowercase) and the number of characters in your sequence.

Random Letter Sequence Generator
http://www.dave-reed.com/Nifty/randSeq.html


Posted by at No comments:
Labels:

Saturday, November 26, 2011

Facebook Helping Stalkers to Do Better - A Links Collection

aka "Facebook is Stalin and the Gestapo's Favorite Web App"


A 'Scary' App Based on Your Private Facebook Info

What is "good" creepy? (in response to Sean Parker saying that Facebook was "good creepy")

Facebook’s Zuckerberg Questions Privacy Expectations




Posted by at No comments:
Labels:

Friday, November 25, 2011

Massive Data Spills - A Links Collection

http://www.thinq.co.uk/2010/7/28/100-million-facebook-pages-leaked-torrent-site/

AOL search data scandal - Wikipedia
http://en.wikipedia.org/wiki/AOL_search_data_scandal

AOL Proudly Releases Massive Amounts of Private Data
http://techcrunch.com/2006/08/06/aol-proudly-releases-massive-amounts-of-user-search-data/

Posted by at No comments:

Wiretaps - A Links Collection

Legal, illegal, semi-legal, and "it didn't happen" private electronic eavesdropping. Articles from everywhere:

Yahoo, Verizon: Our Spy Capabilities Would ‘Shock’, ‘Confuse’ Consumers (Wired.com)




Posted by at No comments:

Thursday, November 24, 2011

Scott Adam's Noprivacyville vs. Sienna Miller's Friends

Scott Adams (Dilbert cartoonist) wrote a piece in March suggesting that lack of privacy might not be so bad after all. If lack of privacy is not bad, then Scott Adams might argue that U.K. actress Sienna Miller, whose phone was hacked by the News of the World, has nothing to complain about.

But Sienna Miller testified today that there was a consequence to her relationships: In her search for the source of the leak, she suspected her own friends of spilling private details to the media. You can imagine that not only did her peace of mind suffer, but her friendships, and her friends themselves, suffered, as a result of the News of the World hacking.

But if you were to take Scott Adams' perspective, you could argue that these events are not from the Noprivacyville set of "rules", because News of World failed to live up to the "no privacy" rule itself. To be compliant, they would have to have disclosed that they were hacking Sienna Miller's phone. The lack of this disclosure, that is, retaining the private information that they were hacking her phone, could be deemed a "breach" of the Noprivacyville "rules".

So how many ways was the hacking wrong? Under current laws, it was both criminal and fraudulent (a civil tort). Under common sense, it was a violation of personal space. And even under the fictitious Noprovacyville rules, it was wrong because News of the World claimed privacy for itself that it wasn't entitled to, or non-reciprocal.

The point? Even if you argue that lack of privacy is a problem only for criminals, which is a typical retort on message boards when people discuss the latest outrage against privacy, then you must concede that observers must fully disclose their observational activities. The failure to disclose surveillance, the failure to disclose an interest in observing, and the failure to disclose conclusions obtained from surveillance are all violations of Noprivacyville-like rules. Surveillance activity itself is subject to the same disclosure rules that apply to those surveyed.
Posted by at No comments:
Labels: , , , ,

Wednesday, November 23, 2011

Picking Passwords that Defeat Hackers and Spies

It is hard to pick good passwords if you don't know what one looks like. It helps to see the mistakes others make.

MySpace Passwords Aren't So Dumb

MySpace password exploit: Crunching the numbers (and letters)

Password Security: What Users Know and What They Actually Do

How I’d Hack Your Weak Passwords

Check your password—is it strong?
(Warning: Although this password strength-testing page claims that your password is not transmitted over the internet, there is no way to guarantee this. You may want to use new, made-up passwords to see how the strength tester responds, then create your real password that you don't type into the strength tester.)

Secure Passwords Keep You Safer
This article by Bruce Schneier has an excellent overview of PRTK and its strategy for cracking passwords. PRTK ("Password Recovery Toolkit") is software containing a smart guessing system. For more on this commercial product, try:

PRTK
Once you understand what PRTK is doing you can greatly improve your passwords, perhaps to the point that PRTK no longer has a chance at cracking them. Although PRTK is not the same as the NSA, understanding how to defeat a PRTK attack probably gives you 90% to 99% of the awareness and skills needed to create passwords that would defeat government-based password cracking.


Posted by at No comments:
Labels:

Some IOAI-style posts on Vorpal Trade

Before I started this blog I posted several articles on Vorpal Trade that are relevant to I Own All Information. Here is the collection of links:

Spilling Dirt in Social Media

Hacking Cell Phones to Steal Computer Passwords

Not Time Travel, Info Time Travel

Internet = Gossip Star

Tracking Google CEO Bodily Events

All Your Informations are Belong to Me

You Have No Privacy, Get Over It Say Social Media Moguls

Posted by at No comments:
Labels: , , ,

Tuesday, November 22, 2011

Why this blog is here

The phrase "I own all information" started as a joke. It was my reaction to Facebook's bottomless appetite for information about people, the increasing use of cameras in public places, and the existence of sites like Pipl, Intelius, and Spokeo. The thought was "Hey guys, you have it all wrong. You don't own this information. I own all information. Hand it over." The unspoken thought was that Facebook certainly didn't "own" this information they have saved from their users. You could make an equally logical case that it belonged to me.

Then there is the democratization of surveillance. As surveillance becomes cheaper, governments and giant corporations will use more of it. But just around the corner is the era of super-cheap surveillance, in which ordinary people, you and I, will perhaps begin to collect vast amounts of information too. Anything a corporation can collect, we can collect. It is purely symmetrical, and only fair. And with the vast expansion of computer storage space on modern desktop computers, you can store your collects indefinitely. Your modern desktop or laptop computer today has enough hard disk space to store a (short) brief on every single person on this planet.

Sometime ago, I created a bookmark folder named "I own all information" in my browser. I used it to capture links to articles on passwords, surveillance cameras, Facebook, warrantless demands for data, and the like that caught my attention. Over the course of a few months I found so many items for this folder that it quickly grew to hold vastly more links than all of my other bookmark folders. While writing my Vorpal Trade blog I would occasionally write an article about oversharing of information, and I started to think it might be useful to have my "I own information" links on a web page, or at least collected in blog posts.

So here it is. I'll post links and comments about emerging trends in privacy and information collection. I'll also keep permanent pages of links grouped by category. Collating this stuff is not necessary better than Google, but it is better than keeping the links just in my Bookmarks folder.

Despite the title of the blog, I don't own all information. You do. It is just a joke.
Posted by at No comments:
Subscribe to: Posts (Atom)