Google "Street View" vans intercepted sensitive data

Cnet (among others) reports on Google's interception of personal information from open WiFi nodes, including passwords and e-mail.

Clearly it was poor practice for Google to be capturing and recording such information as they drove around, but the real news should be that the information was there to be captured. The intent of the monitoring of WiFi seems to be collecting the locations of WiFi base stations to improve enhanced GPS location services. This works by having your device upload a list of all the WiFi base stations it can see (along with signal strength) which the service then looks up in a database to determine your location. This requires the service to have a database of the physical location of an enormous number of WiFi base stations.

To do this, all Google would have needed to capture was the hardware address of each device. Instead they captured some of the actual data being sent back and forth as well.

It turns out that this is incredibly easy. With many of the WiFi chipsets built in to personal computers, laptops and USB adapters, one can easily download free software that will start intercepting open WiFi traffic with a single click.

The shocking news should not be that Google accidentally got this information but that anyone with bad intent could do it to you. Anonymizer will soon be releasing a video we did a few weeks back showing how someone could take control of your Facebook account using an open WiFi and almost no technical expertise at all.

If the connection between you and a website, email server, or other service is un-encrypted, then anyone near you can intercept it if you are using an open WiFi.

To be clear, open WiFi means that the underlying connection is un-encrypted. Many public WiFi sites have a login page. This is to manage usage, and provides no security to you at all.

If you get a connection before you type in a password, especially if you see a web page before you type a password, then you should assume you are on an insecure connection and therefor vulnerable.

TOR may actually reduce your privacy

WikiLeaks seeded its database of documents by intercepting traffic through a TOR node they were operating.

This article at Wired highlights an almost buried section of this New Yorker interview with one of the founders of WikiLeaks.

Before the WikiLeaks site went live, the founders noticed that hackers were transferring stolen government documents over the TOR network. They captured over a million of these documents to form the initial core of the WikiLeaks archive.

This shows once again what I have been saying for a long time. Any privacy system that allows any untrusted and unknown person to become part of the infrastructure and have access to cleartext information is fundamentally flawed.

Any person with malicious intent can easily set up a TOR node and begin exactly the same kind of data collection that the WikiLeaks folks practiced.

Reputation is everything in this business. It is not practical for typical individuals to properly vet their providers. Track record, reputation, and respected third party endorsements are your best bet when choosing a privacy or security provider. Look for those for everyone who has access to your information.

Copy & Paste intercept / snoop

John Gruber at Daring Fireball posted this interesting article on the growing practice of websites intercepting your attempts to copy text from their pages. They are actually modifying the contents of your clipboard and tracking the fact that you have clipped the information.

The referenced cases seem to be doing it for marketing and informational purposes, but there are many ways this could be used in more aggressive ways.

Imagine a site with sample code which (when copied) inserted some damaging code in to the middle of a large block.

I am worried that this capability exists at all within browsers. It seems like a major security vulnerability to me.

New Privacy Settings for Facebook

On May 26th Facebook announced new privacy controls. The EFF has a nice tutorial on how to properly configure these new settings to best protect your privacy.

Unfortunately these new settings options are being rolled out slowly. At this point I still don't have the ability to use the new settings at all. If you are lucky enough to have been moved to the new system, update those settings ASAP.

Privacy and Corporations at CFP Conference

I am very excited to be organizing a couple of panels at this year's "Computers Freedom and Privacy" (CFP) Conference in San Jose June 15-18.

Historically the conference has focused on personal privacy / freedom issues, technologies, and policies. That was certainly my focus as well when I started Anonymizer. Over time I have become aware of some other aspects to the privacy issue that I have not seen discussed. In addition to corporations impacting privacy of their customers, users, employees, etc. they also have issues and needs for privacy themselves.

Companies activities are monitored, analyzed, blocked, misinformed, and censored. While these have analogs in the personal privacy world, the details, impacts and scale, and solutions to the problems are often very different.

I am organizing a panel to discuss these issues at the conference and would love to hear from others who may have experienced these kinds of issues and would be willing and able to share them at this conference.

IntelFusion - Use a proxy server. Feed an Intel service.

Read this post from IntelFusion. It makes a very strong case for why I worry about any privacy system run by operators you can't really trust, investigate, and verify. In this case it is an investigation of Glype servers. They can be configured to do significant logging, and the author has been able to remotely retrieve the logs from many of the Glype servers. The results show many users from within sensitive US Government organizations and would provide the ability for an attacker to gather all kinds of useful intelligence to find soft targets to exploit. On the personal privacy side, it is an easy way for attackers to intercept usernames, passwords, travel plans, personal information and more for use in, identity theft, burglary, and hacking among other things.

The Library of Congress will publicly archive every tweet ever posted

For a long time I have been saying that storage is cheap and that one should assume that anything put out on the Internet will live forever. It looks like that is even being institutionalized. The US Library of Congress recently announced that it will be creating a public archive of every tweet sent since the founding of Twitter. This kind of resource will keep tabloids in business for decades to come. Generations of celebrities yet undiscovered should be concerned about their old unguarded, but now professionally preserved, brain droppings.

For the record, I am not opposed to this archiving. It is happening anyway in private databases. This just makes the issue more visible and helps to raise awareness. It is similar in many ways to The Internet Archive project.

Saving Internet Anonymity -- The Struggle is Joined

Lauren Weinstein's Blog: Saving Internet Anonymity -- The Struggle is Joined I strongly encourage anyone with a commitment to Internet anonymity to read this blog post. An organized opposition to the existence of such anonymity is growing. Of course, like attempt to clamp down on cryptography, it will only impact the law abiding while criminals use bots and other tools to circumvent the restrictions.

Between this and the push to remove the expectation of privacy from all stored emails, I am very concerned.

China may have temporarily disabled access to Google

Google Runs Into Chinas Great Firewall - WSJ.com This article reports on an outage experienced by Google users in China. At first Google thought it was due to a technical issue, but now think that it was an intentional outage caused by the Great Firewall of China. It seems likely that this was a retaliation to punish Google for its statements and actions.

Google Stops Censoring in China

From the Official Google Blog (follow link for the whole post):

So earlier today we stopped censoring our search services—Google Search, Google News, and Google Images—on Google.cn. Users visiting Google.cn are now being redirected to Google.com.hk, where we are offering uncensored search in simplified Chinese, specifically designed for users in mainland China and delivered via our servers in Hong Kong. Users in Hong Kong will continue to receive their existing uncensored, traditional Chinese service, also from Google.com.hk. Due to the increased load on our Hong Kong servers and the complicated nature of these changes, users may see some slowdown in service or find some products temporarily inaccessible as we switch everything over.

I would expect to see China censor Google.cn very quickly (which would prevent the re-direct to Google.hk). It will be interesting to see if China will then take the next step of censoring Google.hk and possibly other Google properties around the world. It would be easy for Google to set up any or all of them to return results in chinese if the browser is detected to be configured in that language.

UK insurer raises rates on social network users.

In this article "I don't bleepin' believe it" ComputerWorld reports on a UK insurer raising rates on social network users. The reason points back to something I have been talking about for some time. People post travel information to their social network sites. They say when they will be away from home, and for how long. This is perfect fodder for thieves, who can typically also collect enough information about the posters to identify them and find where they live. This is why I don't blog, Twitter, or otherwise post about conferences I am going to, even though it would be great to use social networks to connect with folks at the conference or in the conference city.

Tor partially blocked in China

Tor partially blocked in China | The Tor Blog That last article lead me to this post on the TOR blog from September 15, 2009 (I am a bit late to this party). China is now blocking about 80% of the public TOR nodes.

This mostly ends a rather baffling situation where for some reason the Chinese were failing to block TOR even though it was being used effectively for censorship circumvention, the list of nodes is publicly available, and they are no more difficult to block than any other server.

Privacy Network Tor Suffers Breach | Privacy Digest

Privacy Network Tor Suffers Breach | Privacy Digest It has been reported, and the TOR folks have confirmed, that two of their core directory servers were recently compromised along with another server showing usage metrics. While it does not at first appear that the attack was aimed at compromising the TOR network, it would certainly have made some interesting attacks possible. Specifically, it looks like it would have allowed attackers to force users on to chains of all enemy run nodes. This is very concerning.

It also brings us the issue of general security of the TOR nodes. Since they are mostly run my volunteers, the security of the nodes is going to be very inconsistent. It is likely that many of them are vulnerable to attack which would give an adversary the ability to control a much larger fraction of the TOR network.

Google human rights accounts attacked from China

Official Google Blog: A new approach to China Google is officially stating that a number of email accounts hosted by Google were attacked from within China. The accounts seem to be mostly connected to Chinese human rights activists. They also state that this is part of a larger pattern extending over a number of other companies.

The most amazing thing about this is the very aggressive pro-privacy stance Google is taking in response to this. They are saying that they will stop censoring search results at Google.cn. That they will talk with the Chinese about how to do this, but are willing to completely pull out of operations in China if they can't provide un-censored content from within.

The post is worth reading in full. Here are the concluding paragraphs:

These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.

Wow. We shall see.

Once Again, Google is in a tricky spot with censorship, this time in India.

Google and India Test the Limits of Liberty - WSJ.com In this case, it is not the search engine, but their social networking site "Orkut" which is the issue. Google's troubles stem less from their actions than the fact that they are the dominant social networking site in India, and so most of those issues happen on that site.

Google has been forced to take down a lot of content, and hand over the identities of many posters. If the examples in the article are to be believed, the threshold for censorship is not high.

At the risk of repeating myself, if you live in India and you want to say something that might push or cross the line, do it with robust anonymity technology. You might still have your post taken down, but they can't come after you.

Google thinks you don't need privacy

You Have Zero Privacy Anyway -- Get Over It This is a good article by David Adams on OSnews talking about a recent quote by Google CEO Eric Schmidt saying "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place." David compares this to a similar and infamous quote by Sun's Scott McNealy.

I think the reality is not that privacy is dead, or unimportant, but that it is hard. Maintaining privacy requires thought and vigilance, now more than ever. Much as I love it, the Internet is the most surveillance enabled and friendly technology ever created.

Question from a long time customer

A long time customer recently sent in the following question. Since it should be of broad interest, I asked his permission to anonymous post and answer it here.

How do you know that subscribing to an anonymizer does not simply mark you for observation? We all know the NSA is capable of intercepting any electronic communication, and with gajillions of electronic communications happening every second, how would the NSA (or the FBI or the CIA or whoever it is who watches us) know which of those communications to watch? Seems like the people wanting anonymity would be the first on the list. Surely they COULD, couldn't they? That is, get the subscriber lists, which would enable them to intercept communications this side of the proxy - i.e., intercept on the way out, on the way TO the proxy, BEFORE it gets securely tunneled? And no, that would not be possible with the web, but it would with email. Supposedly. This is what has been proposed to me. What do you think? Does it have any validity?

It is certainly the case that the government could, in principle, monitor your access to privacy services. As long as that access is over a strongly encrypted connection, the contents of your communication, what sites you are visiting or who you are communicating with would be protected. The strength of your anonymity is then largely determined by the number of other users of the same service with which your traffic is being mixed.

In the United States, the use of privacy tools is not restricted. Strict separation of intelligence from law enforcement functions should prevent drift net monitoring of your use of Anonymizer from leading to any kind of legal investigation. The huge number of Anonymizer subscribers would also make this difficult and highly visible.

Outside of the US it is another story. Many countries exercise much greater control over the Internet. Even if it were not blocked by the Iranian government, accessing the Anonymizer website from within Iran would be a risky activity. Once again, the key here is safety in numbers. We have run anti-censorship tools in Iran that supported over 100,000 users. With those numbers, it is awkward for the government to go after people simply for using the service. This is not to say that if you are already under observation for some other reason that it would not give them added ammunition. Privacy tools are generally very effective at keeping you below the radar, but can be much less effective once you are on the radar for whatever reason.

The reality is that there is no evidence of widespread Internet surveillance being used in the US to track users of privacy services. As long as the connection to the service is well encrypted, you should be fine.

Google stands up to Korean push against anonymity

YouTube Korea squelches uploads, comments | Digital Media - CNET News I am very pleased that Google is taking a stand against Korean anti-privacy laws. The law in question requires large Internet services (like YouTube) to collect real name information about any user posting content or comments. In response, Google has completely cut off any posting or commenting through the Korean version of the site. The solution Google proposes is that users should simply log in to a non-Korean version of the site and post away. This way Google never  needs to capture identifying information.

It will be interesting to see if Korea responds by trying to block access to all non-Korean versions of YouTube. Obviously anonymity tools provide an excellent end run around this kind of restriction.

I find myself of two minds on how to feel about this action. On the one hand, it respects Korea's right to set its own laws within its borders, without allowing any one country to dictate how the rest of the world will use such tools. On the other hand, I find such anti-privacy policies so repugnant, I would like to see companies simply refuse to comply and pull hardware out of that country while continuing to provide the service.

A Demonstration of a vulnerability of Cloud Computing.

Careless in the Cloud: Google Accidentally Shares Some Docs -- Seeking Alpha The article above documents a recent security breach in the on-line Google Docs system. Google Docs allows people to create and edit documents, presentations, and spreadsheets in a manor similar to the Microsoft Office software suite. Unlike Office, the Google Docs system is free and provided through a web interface. The documents are actually stored and edited within Google's servers. That is the core of the issue.

Google provides the ability to share your documents with collaborators. In this breach, Google accidently made a number of documents available to people who were not authorized. While the fraction of documents affected was very small, it is a real wake up call. To get my documents off my computer, you need to specifically breach my computer. A breach of the Google systems could yield the sensitive documents of an enormous number of people. They are a big target. Even accidental releases like this could put huge numbers of people at risk.

This vulnerability is not specific to Google, it applies generally to any provider of cloud computing capabilities. I personally avoid cloud computing when I can because I have high security needs, and because I find that I often need to work on my documents when I am off-line. Google is starting to do a good job of addressing the second issue, but the first is going to be harder.

Competition in privacy policies finally starting

For many years privacy advocates have claimed that if users were fully informed and aware of privacy policies then they would vote with their feet. Privacy policies would become part of the free market decision making process, in addition to price, brand, reputation, convenience, etc. It appears this process is actually starting to take place in one industry: search engines. It is likely that they have been the first because of the significant public focus on privacy issues around search over the last few years.

First Google said they would "anonymize" their logs after 18 months, which they later shortened to 9. Yahoo countered with 13 months and has now gone to 90 days. I talked about Google's 18 month policy back in March 2007. In August 2007 I mentioned a CNET Report on privacy ratings for Search engines.

This tit for tat shortening of the identifiable log retention policies suggests that pressure around this issue is meaningful to the search engine giants. What is somewhat less clear is whether the pressure is from the market, or from the media / politicians / government.

It is still the case that the logs are not actually deleted, but rather the source IP address and user ID cookies are stripped out. There is a good Wikipedia article on the scandal around a release of "anonymized" AOL search information, and how it was still possible to identify individual users in the data.

The real proof of this trend towards privacy policy competition will be when we see elements of privacy policies being promoted front and center on diverse websites as part of their competitive positioning / marketing.