House panel votes to mandate massive user tracking

House panel approves broadened ISP snooping bill | Privacy Inc. - CNET News

Declan McCullagh of CNET is reporting on a bill to require ISPs to maintain massive records on their users. According to the article this bill requires commercial Internet providers to retain "customers' names, addresses, phone numbers, credit card numbers, bank account numbers, and temporarily-assigned IP addresses".

They are calling it the "Protecting Children From Internet Pornographers Act of 2011" in a flagrent attempt to make it politically difficult to vote against it even though the bill has noting directly to do with Internet pornography or protecting children.

Were this bill to become law, it might cause real problems for the growth of public Wi-Fi where there is no user authentication. That would be a huge leap backwards for a very possitive trend of late.

Of course, criminals will continue to be trivially able to circumvent such tracking efforts making this primarily a mechanism for gathering information on innocent persons without any hint of suspicion or probably cause.

It is absolutely un-American to require every citizen to submit to continuous tracking and monitoring on the possibility that some tiny fraction of us will commit a crime. Law enforcement always lobbies hard for such provisions. Make sure your voice is heard that you value your privacy and your rights.

Contact your Representitive and Senators if this is something you feel strongly about.

Big public email database with some interesting efforts at privacy launched this month

The press release linked at the bottom of this post is for a new website called AddressSearch.com. While I normally ignore most of the PR blasts sent to this blog, this one seemed worth posting because of the interesting realities and conflicts it exposes. The idea is that you can use their database to find and email people. Their database contains 68.8 million email addresses, a huge number but only a fraction of all US email addresses. Given that many such databases exist, it seems inevitable that someone would set up a service like this.

On the positive side, they are doing a few different things to try to minimize abuse. First, they are limiting users to 5 message per day (although it is not clear how that is enforced). Second, they provide some general address location information about all the name matches to make it more likely that you are going to email the correct person. Finally, they don't actually give you the recipients email address.

This last step is the most interesting. They allow you to write your email in a web form, then send it for you without revealing the recipients address to you. Of course it will be possible to abuse this, but probably not in any way that is not already widely possible. I also assume that this company keeps copies of the emails and adds your name and return address to their database. This is about protecting recipient privacy, not sender privacy.

On the whole, I am not happy that such services exist at all. I use social networking sites to make contact with me by strangers possible but only in the manner of my choosing. I don't want random people sending messages to my personal or work email addresses. Imagine a distributed attack by members of Anonymous or LulzSec all sending 5 emails each to some victim. Of course the odds are that any attacker would have little difficulty in discovering the victim's address through other means and then would not have any effective limit to the number of emails sent.

This may also turn out to be an unfortunate service for people who share a name with a celebrity. Interestingly, for people the service finds where it does not have an email address in the database, a paid ad refers you to Intelius.com where you can pay a couple of dollars to get the real address without any privacy features.

At the end of the day, the good news is that this company is making a significant effort to pay attention to the privacy implications of their service.

First-Ever Free Email Directory With Added Privacy Protection -- JACKSONVILLE, Fla., June 21, 2011 /PRNewswire/ --

 

The difficulty of identifying attackers on the Internet and why it is impossible to fix.

This article in Scientific American does a nice job of describing why it is difficult to track attacks back to their true origins. This essay by Bruce Schneier goes farther arguing that it is fundamentally impossible to create an Internet without anonymity.

The core point of both articles is that identifying the computer that a given packet came from is not the same as identifying the sender. The computer could be a server set up to enable anonymous communications (like Anonymizer.com), it could be a compromised computer (like part of a botnet), or even a server run by the attacker purchased using pre-paid or stolen credit cards.

Whatever the mechanism, it will always be possible for attackers to hide their identities and activities. The real question is the degree to which we are willing to design the Internet to make tracking and monitoring of citizens easy for repressive regimes.

Facebook automatically tagging your face in pictures

Face book announced that it will soon start automatically suggesting your name for tagging photos any time it thinks it recognizes you in a picture. This automatic facial recognition is the default and will be done unless you explicitly opt out.

It looks like you need to customize your privacy settings to disable this. In Facebook, look under the "account" menu and select "Privacy Settings".

From there click the "Customize settings" link at the bottom of the table. Within there, look for "Suggest photos of me to friends", and set it to "Disabled".

I suspect that few people will simply stumble on that.

Other people tagging you in photos can lead to embarrassment you might want to avoid. Having your name suggested just makes that more likely.

While you are at it, you might want to change the setting that allows others to "check you in" to locations. That can tell thieves you are away from home or stalkers where to find you.

CNN has a good article on the announcement. Facebook lets users opt out of facial recognition - CNN.com

 

Using Language Patterns to Pierce Anonymity

Thanks to Bruce Schneier for linking to this interesting article on using patterns in language to identify the author of emails. While the technique would not allow them to identify your anonymous emails in an ocean of others, that is rarely the real world threat scenario.

In many cases there is a relative hand full of likely authors of a given email or group of emails. It is often possible to gather large samples of emails known and acknowledged to be from the likely authors. In that case this technique has a small group of targets and excellent training materials which allow for very high levels of accuracy (the authors of the paper claim 80% - 90%). That is probably enough to get a warrant to search your home and computers.

Unless you have been unusually careful, the gig is probably up by then. Remember, this might not be for criminal matters. It many cases this would come up in whistle blowing or other non-criminal situations.

Debate about activist need for anonymity on Facebook

Amid unrest, a hard new look at online anonymity | The Social - CNET News:

This article takes an interesting look at the issues with Facebook's true name policy and the impact it has on activists and dissidents in repressive countries. It quite rightly talks about the fact that for most of the history of the Internet use of "screen names" was the default.

The odd thing about this debate is that there is basically no authentication of the names used. Many people assume that since most users are under true name that all of them are. It is trivial to set up a new account with a plausible name which can not be traced back to the real user.

I would hope that dissidents, activists and others at risk would take advantage of this simple capability to protect themselves. Yes, this is in violation of the terms of service, but I think it is for a much greater good.

If you choose to do this, take care with who you friend under this alias. If the social network you create matches your real one, or that of another account, it may be very easy to unmask your identity.

Reader question on privacy software

A reader of this blog recently emailed me to ask:

What s/w do you recommend to keep anonymous while using Gmail, IE, Outlook, and Facebook on a laptop?

This is actually a very tricky question because the nature of all of these tools, except Internet Explorer (IE), is to be associated with a visible and discoverable account and identity in the "cloud". I will discuss IE last and separately.

Gmail ties to your gmail and other Google accounts. Outlook ties to some existing email account at some email provider. Facebook is tied to your Facebook account and is explicitly designed for making your information public.

The profound question here is, what do we even mean by being anonymous using these services? I would argue that the best one can manage is to be pseudonymous; that is to maintain a persistent and visible pseudonym / alias which, while discoverable, is not associated with your true identity.

Fortunately Gmail and Facebook are free and typically do not require any real credentials to set up an account, and many of the free email providers work similarly. Using Anonymizer Universal (AU), and a browser with no history or cache to set up the accounts would ensure they were not connected to your real identity. It is important that the accounts never be accessed in any way except through AU, or they will be forever after associated with your real IP address. Furthermore, it is critical that the browser used is never used for any activity connected to your real identity, or the cookies and other digital detritus in your browser may allow these sites (or other folks) to tie the pseudonym to your other real name accounts.

IE is in many ways the easiest because there is no underlying account, but all the same rules apply. You need to ensure that you isolate your anonymous or pseudonymous activity from your real name activity.

For all of this activity a virtual machine can be a very effective tool. For example, if you use a Mac you can use a virtual machine running Windows or Linux for all of your alias activities and use the normal operating system for your real name activities. Similar tools exist for other operating systems.

Anonymizer Nevercookie tool is now available

I am very excited that we have finally released our new free "Anonymizer Nevercookie" product. You can download it here from our facebook account. It enhances the private browsing mode in Firefox to protect against a whole range of new kinds of tracking cookies that currently are nearly impossible to delete.

Excellent EFF post on failures of Cryptography regulation

The EFF has an excellent article on eight reasons why government regulation of cryptography is a bad idea. The short answer is: the bad guys can easily get it and use it anyway, and it will make security for the rest of us much worse (not including the big brother surveillance  and constitutional issues).

India continues move towards surveillance state

India to Monitor Google and Skype - WSJ.com. As an extension of their policy of pushing for access to encrypted communications on RIM BlackBerry devices, they are now demanding access to data from both Google and Skype. India is demanding that Skype and Google install servers within India so the government can access the information on Indian users.

Obviously bad guys can trivially bypass this through the use of VPNs and by taking care to use servers located outside of India. The real impact will be to open all legitimate Internet users to universal surveillance.

Eric Schmidt against Anonymity

In this interview with Eric Schmidt, CEO of Google, comes out very strongly against anonymity starting at about 5:10 in the video. His argument is that: "If you are trying to commit a terrible evil crime it is not obvious that you should be able to do so with complete anonymity." The problem is that absolute and complete anonymity is easy for criminals. There is a robust economy in stolen account, botnets, stolen credit cards, open networks and other capabilities that enable absolute anonymity for anyone willing to violate the law. It is only anonymity for the law abiding that is difficult, and the reason Anonymizer exists. Arguing against anonymity is, for all practical purposes, only arguing against anonymity for legitimate purposes while it thrives for illegitimate purposes.

I will spare you the lecture on the history of anonymity and anonymous speech dating back to the founders of the United States.

BTW, this was delayed for a while while I struggled with getting embedding working within WordPress. It seems to be working now on FireFox, but not when I view in Safari. Please comment with how I am being stupid if you know what is going wrong.