TAG | Privacy
In many cases, a false sense of security causes people to put themselves at much greater risk.
The following article describes a “burner” phone service that re-uses the temporary phone numbers. It appears that number a security researcher received was previously used by a sex worker, who’s customers continued to send pictures and messages to the number after it had been re-assigned.
In a brilliant campaign, IO9 and the EFF is having cosplayers pose with pro-anonymity, pro-privacy, and pro-pseudonymity signs. See the whole set here. The most popular seems to be “I have a right to a Secret Identity!”.
This article describes a clever attack against Secret, the “anonymous” secret sharing app.
Their technique allows the attacker to isolate just a single target, so any posts seen are known to be from them. The company is working on detecting and preventing this attack, but it is a hard problem.
In general, any anonymity system needs to blend the activity of a number of users so that any observed activity could have originated from any of them. For effective anonymity the number needs to be large. Just pulling from the friends in my address book who also use Secret is way too small a group.
Thanks to WhoIsHostingThis for providing this informative infographic (click to enlarge). They provide a cool service that allows you to look up the hosting service behind any website.
The Importance of Privacy & The Power of Anonymizers: A Talk With Lance Cottrell From Ntrepid — The Social Network Station A recent interview I did, talking about data anonymization and mobile device privacy. Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.
- The need to target your privacy efforts
- Why your secrets may not be safe with secrecy apps
- The possibility of more light shining on National Security Letters
- Conflicted feelings about censorship in the Russian government
- Google and the right to be forgotten
- What you need to do to deal with all these password breaches
- A demonstration of a stealthy camera snooping app for Android
- and a quick announcement about Anonymizer
The latest leaked messages to blow up in someone’s face are some emails from Evan Spiegel, the CEO of Snapchat. These were incredibly sexist emails sent while he was in college at Stanford organizing fraternity parties.
These emails are like racist rants, homophobic tweets, and pictures of your “junk”. They are all trouble waiting to happen, and there is always a risk that they will crop up and bite you when you least expect it. If you have ever shared any potentially damaging messages, documents, photos, or whatever then you are at risk if anyone in possession of them is angry, board, or in search of attention.
Even if it only ever lives on your computer, you are vulnerable to hackers breaking in and stealing it, or to someone getting your old poorly erased second hand computer.
This falls in to the “if it exists it will leak” rant that I seem to be having to repeat a lot lately. The first rule of privacy is: think before you write (or talk, or take a picture, or do something stupid). Always assume that anything will leak, will be kept, will be recorded, will be shared. Even when you are “young and stupid” try to keep a thought for how that thing would be seen in ten years when you are in a very different position. Of course, ideally you are not sexist, racist, homophobic, or stupid in the first place.
Earlier this month I talked about the ECJ ruling against Google on the “right to be forgotten.”
Google has now set up a web form and process for making these requests. You need to provide your name, the URLs you want hidden, and an explanation of why the URL is “irrelevant, outdated, or otherwise inappropriate”.
Google will then make the call about whether your request will be honored. They will “assess each individual request and attempt to balance the privacy rights of the individual with the public’s right to know and distribute information. When evaluating your request, we will look at whether the results include outdated information about you, as well as whether there’s a public interest in the information—for example, information about financial scams, professional malpractice, criminal convictions, or public conduct of government officials.”
Remember, this only removes that URL from Google searches for your name, not from other searches, other search engines, or from the underlying website.
The recent ruling by the European Court of Justice (ECJ) has re-ignited debate about the “right to be forgotten”, or perhaps more accurately the right to have certain information purged from the Internet. While this right provides some real privacy benefits, it runs up against free speech and jurisdictional problems.
Here are seven conundrums around the right to be forgotten and the recent ECJ ruling:
- The ECJ ruling provides for removing search results, but not for removing the underlying web page. In the case in question, a newspaper article is allowed to stay on-line, but a search on the plaintiff’s name must not return a link to that page.
- While the search result would be removed when the search is the person’s name, other searches for the information would show that link.
- The ECJ does not give you a right to remove anything harmful or embarrassing to you, only information “inadequate, irrelevant or no longer relevant, excessive in relation to the purposes of the processing”
- You don’t have a right to have certain information forgotten if that is newsworthy and noteworthy. In other words, if this was likely to be searched for by a lot of people, then you can’t remove it.
- The ECJ ruling only applies to EU residents . If you are outside the EU, or using a search engine outside the EU then you don’t have this right.
- The ECJ ruling only applies to search engines operating in the EU. If the search engine is exclusively operating outside the EU, or is being accessed from outside the EU, then the search results would still be visible. This means that you would get the search results if you were using Anonymizer Universal from within the EU.
- The tools and laws used to enforce the right to be forgotten are very similar to the techniques used for censorship by repressive regimes. Once in place, the urge to use the power more broadly has been irresistible to governments that obtain it.