Tuesday, November 29, 2011
Malls Are Tracking Your Cell Phone
Malls in the U.S. have installed systems that track shoppers by their cell phones. Customer movement data is then shared with retailers in the mall.
Although the official explanation of the system claims that the data is anonymous, there are many ways to attach names to the data, including use of face recognition software that malls and retailers also have installed.
Imagining an Open Source Eye in the Sky
In the past, intelligence agencies had the tough job of collecting and aggregating data fast enough and with sufficient relevance that they could have an impact on the decisions regarding the targets of their collection. With the advent of computers, all of that correlation and cross-referencing got a lot easier. With the internet, data sources became enriched, and with modern software and hardware systems, the interfaces to that data have become more natural and powerful.
Businessweek has written about Palantir, a system that aggregates data for anti-terror surveillance.
The history of computers has shown that computing capacity always grows to the point that what used to be affordable to only major corporations becomes affordable to individuals. Today we carry around smart phones with the processing power that entire mainframes possessed in the 1970s. Desktop computers in 2011 have more power than supercomputers of the 1980s.
In addition, the open source world has proven that it can generate powerful software that supplants, replaces, or exceeds commercial applications. Where there is Matlab, there is also Octave. For Excel, there is OpenOffice. For Oracle, there is MySQL.
The next logical step is for open source data aggregation software with capabilities like those inside the three-letter agencies in the U.S., but used and operated by individuals or small organizations. A crowd-sourced intelligence net could field an enormous number of sensors. Most of the pieces of the software have other uses, so it is unlikely that development would be halted from lack of interest. And there are certainly enough people who want surveillance abilities of their own that the audience for this kind of software system exists.
When? Perhaps by 2015. Certain pieces will emerge in 2012. The capabilities for aggregation will grow a bit at a time, with data sockets for spill sources like Facebook, AOL, and Google+.
At the natural maturation point, the open-source software for surveillance data aggregation will match in quality and capability what is supplied to the Government by contractors.
Data Leakage From Official Sources
One of the arguments for ubiquitous spying is that it will catch criminals and keep data held only by government organizations. An argument against this would be that data will leak from those same organizations, so that there really isn't any privacy once such spying starts.
Here are examples of leakage:
New Jersey DMV Employees Caught Selling Identities
Sony offers identity theft protection, little news on PSN relaunch
UK military laptop theft exposes thousands to risk of identity theft
Help! I Need More Randomness in my Life! (Methods of Generating Passwords)
Here is a handy web site that will generate random sequences of characters. You can put in the character set you want to use (default is lowercase) and the number of characters in your sequence.
Random Letter Sequence Generator
http://www.dave-reed.com/Nifty/randSeq.htmlSaturday, November 26, 2011
Facebook Helping Stalkers to Do Better - A Links Collection
aka "Facebook is Stalin and the Gestapo's Favorite Web App"
What is "good" creepy? (in response to Sean Parker saying that Facebook was "good creepy")
Facebook’s Zuckerberg Questions Privacy Expectations
Friday, November 25, 2011
Massive Data Spills - A Links Collection
http://www.thinq.co.uk/2010/7/28/100-million-facebook-pages-leaked-torrent-site/
AOL search data scandal - Wikipedia
http://en.wikipedia.org/wiki/AOL_search_data_scandal
AOL Proudly Releases Massive Amounts of Private Data
http://techcrunch.com/2006/08/06/aol-proudly-releases-massive-amounts-of-user-search-data/
Wiretaps - A Links Collection
Legal, illegal, semi-legal, and "it didn't happen" private electronic eavesdropping. Articles from everywhere:
Thursday, November 24, 2011
Scott Adam's Noprivacyville vs. Sienna Miller's Friends
Scott Adams (Dilbert cartoonist) wrote a piece in March suggesting that lack of privacy might not be so bad after all. If lack of privacy is not bad, then Scott Adams might argue that U.K. actress Sienna Miller, whose phone was hacked by the News of the World, has nothing to complain about.
But Sienna Miller testified today that there was a consequence to her relationships: In her search for the source of the leak, she suspected her own friends of spilling private details to the media. You can imagine that not only did her peace of mind suffer, but her friendships, and her friends themselves, suffered, as a result of the News of the World hacking.
But if you were to take Scott Adams' perspective, you could argue that these events are not from the Noprivacyville set of "rules", because News of World failed to live up to the "no privacy" rule itself. To be compliant, they would have to have disclosed that they were hacking Sienna Miller's phone. The lack of this disclosure, that is, retaining the private information that they were hacking her phone, could be deemed a "breach" of the Noprivacyville "rules".
So how many ways was the hacking wrong? Under current laws, it was both criminal and fraudulent (a civil tort). Under common sense, it was a violation of personal space. And even under the fictitious Noprovacyville rules, it was wrong because News of the World claimed privacy for itself that it wasn't entitled to, or non-reciprocal.
The point? Even if you argue that lack of privacy is a problem only for criminals, which is a typical retort on message boards when people discuss the latest outrage against privacy, then you must concede that observers must fully disclose their observational activities. The failure to disclose surveillance, the failure to disclose an interest in observing, and the failure to disclose conclusions obtained from surveillance are all violations of Noprivacyville-like rules. Surveillance activity itself is subject to the same disclosure rules that apply to those surveyed.
Wednesday, November 23, 2011
Picking Passwords that Defeat Hackers and Spies
It is hard to pick good passwords if you don't know what one looks like. It helps to see the mistakes others make.
MySpace Passwords Aren't So Dumb
MySpace password exploit: Crunching the numbers (and letters)
Password Security: What Users Know and What They Actually Do
How I’d Hack Your Weak Passwords
Check your password—is it strong?
(Warning: Although this password strength-testing page claims that your password is not transmitted over the internet, there is no way to guarantee this. You may want to use new, made-up passwords to see how the strength tester responds, then create your real password that you don't type into the strength tester.)
Secure Passwords Keep You Safer
This article by Bruce Schneier has an excellent overview of PRTK and its strategy for cracking passwords. PRTK ("Password Recovery Toolkit") is software containing a smart guessing system. For more on this commercial product, try:
PRTK
Once you understand what PRTK is doing you can greatly improve your passwords, perhaps to the point that PRTK no longer has a chance at cracking them. Although PRTK is not the same as the NSA, understanding how to defeat a PRTK attack probably gives you 90% to 99% of the awareness and skills needed to create passwords that would defeat government-based password cracking.
Some IOAI-style posts on Vorpal Trade
Before I started this blog I posted several articles on Vorpal Trade that are relevant to I Own All Information. Here is the collection of links:
Spilling Dirt in Social Media
Hacking Cell Phones to Steal Computer Passwords
Not Time Travel, Info Time Travel
Internet = Gossip Star
Tracking Google CEO Bodily Events
All Your Informations are Belong to Me
You Have No Privacy, Get Over It Say Social Media Moguls
Tuesday, November 22, 2011
Why this blog is here
The phrase "I own all information" started as a joke. It was my reaction to Facebook's bottomless appetite for information about people, the increasing use of cameras in public places, and the existence of sites like Pipl, Intelius, and Spokeo. The thought was "Hey guys, you have it all wrong. You don't own this information. I own all information. Hand it over." The unspoken thought was that Facebook certainly didn't "own" this information they have saved from their users. You could make an equally logical case that it belonged to me.
Then there is the democratization of surveillance. As surveillance becomes cheaper, governments and giant corporations will use more of it. But just around the corner is the era of super-cheap surveillance, in which ordinary people, you and I, will perhaps begin to collect vast amounts of information too. Anything a corporation can collect, we can collect. It is purely symmetrical, and only fair. And with the vast expansion of computer storage space on modern desktop computers, you can store your collects indefinitely. Your modern desktop or laptop computer today has enough hard disk space to store a (short) brief on every single person on this planet.
Sometime ago, I created a bookmark folder named "I own all information" in my browser. I used it to capture links to articles on passwords, surveillance cameras, Facebook, warrantless demands for data, and the like that caught my attention. Over the course of a few months I found so many items for this folder that it quickly grew to hold vastly more links than all of my other bookmark folders. While writing my Vorpal Trade blog I would occasionally write an article about oversharing of information, and I started to think it might be useful to have my "I own information" links on a web page, or at least collected in blog posts.
So here it is. I'll post links and comments about emerging trends in privacy and information collection. I'll also keep permanent pages of links grouped by category. Collating this stuff is not necessary better than Google, but it is better than keeping the links just in my Bookmarks folder.
Despite the title of the blog, I don't own all information. You do. It is just a joke.
Subscribe to:
Posts (Atom)