The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

CAT | Social Networking

Back in February, British Prime Minister David Cameron gave a speech where he strongly opposed the censorship and crack down on protesters in Egypt.

For decades, some have argued that stability required highly controlling regimes, and that reform and openness would put that stability at risk. So, the argument went, countries like Britain faced a choice between our interests and our values. And to be honest, we should acknowledge that sometimes we have made such calculations in the past. But I say that is a false choice.
As recent events have confirmed, denying people their basic rights does not preserve stability, rather the reverse. Our interests lie in upholding our values – in insisting on the right to peaceful protest, in freedom of speech and the internet, in freedom of assembly and the rule of law. But these are not just our values, but the entitlement of people everywhere; of people in Tahrir Square as much as Trafalgar Square.

Now, with the riots in England he feels that restricting access to social media, and censoring free speech is necessary to maintain order.

Everyone watching these horrific actions will be struck by how they were organised via social media. Free flow of information can be used for good. But it can also be used for ill. And when people are using social media for violence we need to stop them. So we are working with the police, the intelligence services and industry to look at whether it would be right to stop people communicating via these websites and services when we know they are plotting violence, disorder and criminality. I have also asked the police if they need any other new powers. Police were facing a new circumstance where rioters were using the BlackBerry Messenger service, a closed network, to organise riots. We’ve got to examine that and work out how to get ahead of them.

It is easy to condemn censorship in others, but it seems expedient when one is trying to control one’s own population. When in power, the difference between justifiable actions and tyranny is largely a matter of “us” vs “them”. “We” are good and would not abuse this power while “they” use censorship to keep the boot of oppression on their people.

The trouble is, it is very hard to know when one has moved past the tipping point, and powerful self justification comes easily to intelligent leaders and their advisors. As has been said many times “no man is the villein of his own story”.

This is a Rubicon I hope the UK can hold back from crossing.

· · · · · ·

Face book announced that it will soon start automatically suggesting your name for tagging photos any time it thinks it recognizes you in a picture. This automatic facial recognition is the default and will be done unless you explicitly opt out.

It looks like you need to customize your privacy settings to disable this. In Facebook, look under the “account” menu and select “Privacy Settings”.

From there click the “Customize settings” link at the bottom of the table. Within there, look for “Suggest photos of me to friends”, and set it to “Disabled”.

I suspect that few people will simply stumble on that.

Other people tagging you in photos can lead to embarrassment you might want to avoid. Having your name suggested just makes that more likely.

While you are at it, you might want to change the setting that allows others to “check you in” to locations. That can tell thieves you are away from home or stalkers where to find you.

CNN has a good article on the announcement. Facebook lets users opt out of facial recognition –


· · · · · · ·

Amid unrest, a hard new look at online anonymity | The Social – CNET News:

This article takes an interesting look at the issues with Facebook’s true name policy and the impact it has on activists and dissidents in repressive countries. It quite rightly talks about the fact that for most of the history of the Internet use of “screen names” was the default.

The odd thing about this debate is that there is basically no authentication of the names used. Many people assume that since most users are under true name that all of them are. It is trivial to set up a new account with a plausible name which can not be traced back to the real user.

I would hope that dissidents, activists and others at risk would take advantage of this simple capability to protect themselves. Yes, this is in violation of the terms of service, but I think it is for a much greater good.

If you choose to do this, take care with who you friend under this alias. If the social network you create matches your real one, or that of another account, it may be very easy to unmask your identity.

· · · ·

A reader of this blog recently emailed me to ask:

What s/w do you recommend to keep anonymous while using Gmail, IE, Outlook, and Facebook on a laptop?

This is actually a very tricky question because the nature of all of these tools, except Internet Explorer (IE), is to be associated with a visible and discoverable account and identity in the “cloud”. I will discuss IE last and separately.

Gmail ties to your gmail and other Google accounts. Outlook ties to some existing email account at some email provider. Facebook is tied to your Facebook account and is explicitly designed for making your information public.

The profound question here is, what do we even mean by being anonymous using these services? I would argue that the best one can manage is to be pseudonymous; that is to maintain a persistent and visible pseudonym / alias which, while discoverable, is not associated with your true identity.

Fortunately Gmail and Facebook are free and typically do not require any real credentials to set up an account, and many of the free email providers work similarly. Using Anonymizer Universal (AU), and a browser with no history or cache to set up the accounts would ensure they were not connected to your real identity. It is important that the accounts never be accessed in any way except through AU, or they will be forever after associated with your real IP address. Furthermore, it is critical that the browser used is never used for any activity connected to your real identity, or the cookies and other digital detritus in your browser may allow these sites (or other folks) to tie the pseudonym to your other real name accounts.

IE is in many ways the easiest because there is no underlying account, but all the same rules apply. You need to ensure that you isolate your anonymous or pseudonymous activity from your real name activity.

For all of this activity a virtual machine can be a very effective tool. For example, if you use a Mac you can use a virtual machine running Windows or Linux for all of your alias activities and use the normal operating system for your real name activities. Similar tools exist for other operating systems.

· · · · · · ·

This WSJ article reports on a new privacy issue with Facebook. It turns out that their application infrastructure allow those applications access to your personal information independent of your privacy settings. They are then able to (and have in many cases been shown to) share that information with third parties. The specific information shared is your Facebook user ID, and in some cases your friend’s user IDs.

Many of the most popular applications have been shown to be sharing this information, including FarmVille, Texas HoldEm Poker and FrontierVille among others.

· · · ·

BBC News – Details of 100m Facebook users collected and published

Ron Bowes wrote some software which scanned through Facebook to capture any unprotected personal information from the website.

The collected data has been compiled in to a huge file which is available over BitTorrent among other free channels.

While the program did not access any protected information, it has exposed any and all users who have not taken the proper steps to restrict access to their Facebook accounts, either through error or lack of knowledge, awareness or prudence.

The fact that it has been captured and distributed also makes it impossible to ever effectively change or remove any of the collected information. It is out there in the wild and out of anyones hands or ability to corral or correct.

This link will download the big (2.79GB) compressed database for you right now using a BitTorrent client (it may break at some point).

No tags

In this article “I don’t bleepin’ believe it” ComputerWorld reports on a UK insurer raising rates on social network users. The reason points back to something I have been talking about for some time. People post travel information to their social network sites. They say when they will be away from home, and for how long. This is perfect fodder for thieves, who can typically also collect enough information about the posters to identify them and find where they live.

This is why I don’t blog, Twitter, or otherwise post about conferences I am going to, even though it would be great to use social networks to connect with folks at the conference or in the conference city.

No tags

Google and India Test the Limits of Liberty –

In this case, it is not the search engine, but their social networking site “Orkut” which is the issue. Google’s troubles stem less from their actions than the fact that they are the dominant social networking site in India, and so most of those issues happen on that site.

Google has been forced to take down a lot of content, and hand over the identities of many posters. If the examples in the article are to be believed, the threshold for censorship is not high.

At the risk of repeating myself, if you live in India and you want to say something that might push or cross the line, do it with robust anonymity technology. You might still have your post taken down, but they can’t come after you.

No tags

Fledgling Rebellion on Facebook Is Struck Down by Force in Egypt –  For a short time Facebook became the center of a fledgling activist movement in Egypt. Over 74,000 people registered on a Facebook page devoted to this issue. It became the primary communications path for this group, and enabled its explosive growth. It also contained the seeds of its rapid unwinding and the arrest and beating of the creator of that page.To me this is yet another example of the “On the Internet nobody knows you’re a dog” syndrome. People feel so comfortable in front of their computers, they will say and do things they would fear to do in public or face to face. Facebook is in no way anonymous, nor does it claim to be. While there are many tools that could have enabled these people to operate and organize anonymously, there is no evidence that they used any of them.The Internet is very powerful, but it is also very public. People wishing to use it in repressive countries need to take special care to protect themselves and their visitors. 

No tags

New Sites Make It Easier To Spy on Your Friends – This article does not break any new ground, but does a nice job of listing and discussing a number of tools one can use to gather information on people. They pull from on-line information sources as well as public records for things like criminal history. For employers, it would be a good place to start before hiring someone to do a full background check.The big take away at the end is that you need to make sure you reduce your Internet footprint, specifically by taking care to check the privacy box on many sites, and to simply provide no or false information to others. For example, although I would never provide a wrong age to gain access to a restricted website, I almost never provide my correct birthday because to many other sites (like banks) use that as part of your identity verification. 

No tags

<< Latest posts

Older posts >>