Copy & Paste intercept / snoop

John Gruber at Daring Fireball posted this interesting article on the growing practice of websites intercepting your attempts to copy text from their pages. They are actually modifying the contents of your clipboard and tracking the fact that you have clipped the information.

The referenced cases seem to be doing it for marketing and informational purposes, but there are many ways this could be used in more aggressive ways.

Imagine a site with sample code which (when copied) inserted some damaging code in to the middle of a large block.

I am worried that this capability exists at all within browsers. It seems like a major security vulnerability to me.

New Privacy Settings for Facebook

On May 26th Facebook announced new privacy controls. The EFF has a nice tutorial on how to properly configure these new settings to best protect your privacy.

Unfortunately these new settings options are being rolled out slowly. At this point I still don't have the ability to use the new settings at all. If you are lucky enough to have been moved to the new system, update those settings ASAP.

Cypherpunk retrospective at 20th anniversary CFP conference

This year the "Computers Freedom and Privacy" (CFP) conference is taking place in San Jose from June 15-18. This year is the 20th anniversary of the conference which helped shape my thinking about Internet Privacy and introduced me to many of the key players in this space.

Around the same time in 1992 an email mailing list started called "Cypherpunks". Members were devoted discussions of Internet freedom and to creating and distributing privacy and security tools. Best known of these are the various flavors of Anonymous Remailers following the original anon.penen.fi.

This seems like a good time to stop and take stock of what has been achieved, lost, and abandoned in the evolution of privacy and anonymity on the Internet. I have organized a panel at CFP of some of the key Cypherpunks from the early days to talk about those early days, and share their vision and insight about where we are and where we should / are likely to end up.

I hope I will see many of you there.

IntelFusion - Use a proxy server. Feed an Intel service.

Read this post from IntelFusion. It makes a very strong case for why I worry about any privacy system run by operators you can't really trust, investigate, and verify. In this case it is an investigation of Glype servers. They can be configured to do significant logging, and the author has been able to remotely retrieve the logs from many of the Glype servers. The results show many users from within sensitive US Government organizations and would provide the ability for an attacker to gather all kinds of useful intelligence to find soft targets to exploit. On the personal privacy side, it is an easy way for attackers to intercept usernames, passwords, travel plans, personal information and more for use in, identity theft, burglary, and hacking among other things.

Pseudonyms: The Natural State of Online Identity | Privacy Digest

Pseudonyms: The Natural State of Online Identity | Privacy Digest This article does a nice job of making a point I have been talking around for some time. The Internet naturally supports pseudonymity, and that is really what we want most of the time. When I talk to someone on-line, I am most interested that I am still talking today with the person I started talking to last month. Whether the name actually corresponds to their birth certificate is not important (and I would not have any idea in a real world encounter either).

Anonymous iPad anyone?

Having just finished initial testing with the actual iPad device, I am pleased to announce that Anonymizer Universal (AU) provides the same level of support on the iPad that we have been providing for the iPhone and iPod Touch! Considering how these devices are going to be used, the combination of privacy along with the security when using insecure WiFi is really critical.

"Anonymizer Universal" product suite launched!

I am really excited to announce our new product “Anonymizer Universal” (AU), available starting today. AU represents a totally new architecture for our services. Not only is it more powerful, faster, and much more capable, but it now also supports Mac and iPhone platforms! With one subscription you can use it across any of the supported devices.

Our new solution is VPN based, and bypasses any specific software support issues. AU works with any browser. Any program that connects to the Internet will automatically take advantage of AU. All connections between your computer and Anonymizer are cryptographically protected.

AU continues to leverage our massively scaleable backend infrastructure that provides the anonymity and daily rotating IP addresses.

AU will replace both our “Anonymous Surfing” and “Total Net Shield products”. “Nyms” is becoming all web based and will soon be upgraded with new interface options and better integration.

Expect to see more new capabilities and expanded solutions going forward as the renewed and expanded resources we are devoting to these products bear fruit.

Google human rights accounts attacked from China

Official Google Blog: A new approach to China Google is officially stating that a number of email accounts hosted by Google were attacked from within China. The accounts seem to be mostly connected to Chinese human rights activists. They also state that this is part of a larger pattern extending over a number of other companies.

The most amazing thing about this is the very aggressive pro-privacy stance Google is taking in response to this. They are saying that they will stop censoring search results at Google.cn. That they will talk with the Chinese about how to do this, but are willing to completely pull out of operations in China if they can't provide un-censored content from within.

The post is worth reading in full. Here are the concluding paragraphs:

These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.

Wow. We shall see.

Huge vulnerability in encrypted USB drives

NIST-certified USB Flash drives with hardware encryption cracked - The H Security: News and Features Security firm SySS announced (in German) that it has discovered a massive vulnerability in the hardware encryption for USB thumb drives by Kingston, SanDisk and Verbatim. From the article at The H Security it looks like the problem is that all drives share a single symmetric encryption key at the hardware level. The password interface seems to simply do some gymnastics to get access to that key. It does not really matter what it does because SySS was able to intercept the actual hardware key being sent in the clear to the device.

They then simply wrote a little program to just send that key without bothering with the password or anything else. Because all drives by the same maker use the same key, this program can instantly open any encrypted USB drive by that maker.

From the sound of it, this is a very easy attack for someone to duplicate. If you have one of these drives, I would suggest that you treat them as if they were normal un-encrypted thumb drives.

Kudos to Kingston for quickly providing details of which of their drives are affected, and recalling them. SanDisk and Verbatim have issues software fixes. If I understand the attack correctly, I am not sure how a software patch will solve it, so watch this space.

Google thinks you don't need privacy

You Have Zero Privacy Anyway -- Get Over It This is a good article by David Adams on OSnews talking about a recent quote by Google CEO Eric Schmidt saying "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place." David compares this to a similar and infamous quote by Sun's Scott McNealy.

I think the reality is not that privacy is dead, or unimportant, but that it is hard. Maintaining privacy requires thought and vigilance, now more than ever. Much as I love it, the Internet is the most surveillance enabled and friendly technology ever created.

Question from a long time customer

A long time customer recently sent in the following question. Since it should be of broad interest, I asked his permission to anonymous post and answer it here.

How do you know that subscribing to an anonymizer does not simply mark you for observation? We all know the NSA is capable of intercepting any electronic communication, and with gajillions of electronic communications happening every second, how would the NSA (or the FBI or the CIA or whoever it is who watches us) know which of those communications to watch? Seems like the people wanting anonymity would be the first on the list. Surely they COULD, couldn't they? That is, get the subscriber lists, which would enable them to intercept communications this side of the proxy - i.e., intercept on the way out, on the way TO the proxy, BEFORE it gets securely tunneled? And no, that would not be possible with the web, but it would with email. Supposedly. This is what has been proposed to me. What do you think? Does it have any validity?

It is certainly the case that the government could, in principle, monitor your access to privacy services. As long as that access is over a strongly encrypted connection, the contents of your communication, what sites you are visiting or who you are communicating with would be protected. The strength of your anonymity is then largely determined by the number of other users of the same service with which your traffic is being mixed.

In the United States, the use of privacy tools is not restricted. Strict separation of intelligence from law enforcement functions should prevent drift net monitoring of your use of Anonymizer from leading to any kind of legal investigation. The huge number of Anonymizer subscribers would also make this difficult and highly visible.

Outside of the US it is another story. Many countries exercise much greater control over the Internet. Even if it were not blocked by the Iranian government, accessing the Anonymizer website from within Iran would be a risky activity. Once again, the key here is safety in numbers. We have run anti-censorship tools in Iran that supported over 100,000 users. With those numbers, it is awkward for the government to go after people simply for using the service. This is not to say that if you are already under observation for some other reason that it would not give them added ammunition. Privacy tools are generally very effective at keeping you below the radar, but can be much less effective once you are on the radar for whatever reason.

The reality is that there is no evidence of widespread Internet surveillance being used in the US to track users of privacy services. As long as the connection to the service is well encrypted, you should be fine.

Google stands up to Korean push against anonymity

YouTube Korea squelches uploads, comments | Digital Media - CNET News I am very pleased that Google is taking a stand against Korean anti-privacy laws. The law in question requires large Internet services (like YouTube) to collect real name information about any user posting content or comments. In response, Google has completely cut off any posting or commenting through the Korean version of the site. The solution Google proposes is that users should simply log in to a non-Korean version of the site and post away. This way Google never  needs to capture identifying information.

It will be interesting to see if Korea responds by trying to block access to all non-Korean versions of YouTube. Obviously anonymity tools provide an excellent end run around this kind of restriction.

I find myself of two minds on how to feel about this action. On the one hand, it respects Korea's right to set its own laws within its borders, without allowing any one country to dictate how the rest of the world will use such tools. On the other hand, I find such anti-privacy policies so repugnant, I would like to see companies simply refuse to comply and pull hardware out of that country while continuing to provide the service.

A Demonstration of a vulnerability of Cloud Computing.

Careless in the Cloud: Google Accidentally Shares Some Docs -- Seeking Alpha The article above documents a recent security breach in the on-line Google Docs system. Google Docs allows people to create and edit documents, presentations, and spreadsheets in a manor similar to the Microsoft Office software suite. Unlike Office, the Google Docs system is free and provided through a web interface. The documents are actually stored and edited within Google's servers. That is the core of the issue.

Google provides the ability to share your documents with collaborators. In this breach, Google accidently made a number of documents available to people who were not authorized. While the fraction of documents affected was very small, it is a real wake up call. To get my documents off my computer, you need to specifically breach my computer. A breach of the Google systems could yield the sensitive documents of an enormous number of people. They are a big target. Even accidental releases like this could put huge numbers of people at risk.

This vulnerability is not specific to Google, it applies generally to any provider of cloud computing capabilities. I personally avoid cloud computing when I can because I have high security needs, and because I find that I often need to work on my documents when I am off-line. Google is starting to do a good job of addressing the second issue, but the first is going to be harder.

Video: Hacker war drives San Francisco cloning RFID passports - Engadget

Video: Hacker war drives San Francisco cloning RFID passports - Engadget The law of unintended consequences strikes again. In an attempt to improve national security, the U.S. Government has been pushing hard for the widespread adoption of RFID tags in passports around the world. They are already in U.S. passports. The problem is that they are easily scanned from a distance (as shown in the video), and can be cloned. If the RFID chip in the passport is trusted by the authorities, then the security situation is actually worse, not better. Getting real passport information from someone used to be hard. It generally involved actually stealing the passport. With the scanner, one could produce large numbers of clones while simply standing around the airport with the antenna in ones roller luggage (staying out side of security).

The long range readable RFID tags also make possible all kinds of other tracking and identification. The video talks about correlating personal information from RFID enabled credit cards with the passport number to produce even better fakes.

Distribution of such devices around a city would provide much better and more accurate and automated tracking of a population than cameras with their resolution, and facial recognition issues.

Competition in privacy policies finally starting

For many years privacy advocates have claimed that if users were fully informed and aware of privacy policies then they would vote with their feet. Privacy policies would become part of the free market decision making process, in addition to price, brand, reputation, convenience, etc. It appears this process is actually starting to take place in one industry: search engines. It is likely that they have been the first because of the significant public focus on privacy issues around search over the last few years.

First Google said they would "anonymize" their logs after 18 months, which they later shortened to 9. Yahoo countered with 13 months and has now gone to 90 days. I talked about Google's 18 month policy back in March 2007. In August 2007 I mentioned a CNET Report on privacy ratings for Search engines.

This tit for tat shortening of the identifiable log retention policies suggests that pressure around this issue is meaningful to the search engine giants. What is somewhat less clear is whether the pressure is from the market, or from the media / politicians / government.

It is still the case that the logs are not actually deleted, but rather the source IP address and user ID cookies are stripped out. There is a good Wikipedia article on the scandal around a release of "anonymized" AOL search information, and how it was still possible to identify individual users in the data.

The real proof of this trend towards privacy policy competition will be when we see elements of privacy policies being promoted front and center on diverse websites as part of their competitive positioning / marketing.

High resolution tracking through cell phones

It appears that a company is now selling a tool that will allow high resolution tracking of the motion of customers through stores and malls by triangulating on their cell phones. The technique involves tracking the phone through its globally unique IMEI number. The company claims that this is anonymous because only the phone company knows the correspondence between the IMEI and the customer's real name.I have very little faith in that protection. There are simply too many ways one might extract that kind of information, which could then become widely available. One could even connect the location information and IMEI data to checkout records. After a couple of trips, it would be fairly unambiguous. This is certainly clever, but disturbing. There is no opt-in or opt-out, and the tracking takes place passively with no ability for the user to detect that it is going on.Shops track customers via mobile phone - Times Online

ISP admits to collecting web surfing data.

I encourage everyone to read this article by Declan McCullagh: Q&A with Charter VP: Your Web activity, logged and loadedThe gist is that Charter Communications, the third largest cable operator in the US, is testing a system to capture the URLs you visit when you browse the web, then provide that information to advertising networks through a third party company, NebuAd. They claim this information is "anonymized", but I can't really see how that is possible. If a company wants to target car ads at people who visit many car websites, then the advertiser must know that you have done so when you are shown the ad. Since they have your IP address, they know who you are (or at least have personally identifiable information).While the advertiser may not get the actual web logs, this is a huge amount of information, and I am sure more could be gathered by a clever and systematic set of advertising targets. For each narrow target, capture information on which users match the target criteria when there is an opportunity to show them an ad.The obvious solution is to prevent the ISP from gathering this information in the first place. Any kind of encrypted tunnel, like those provided by the various Anonymizer solutions, will prevent this kind of commercial espionage on their users.

It is not easy to stay private

New Sites Make It Easier To Spy on Your Friends - WSJ.com This article does not break any new ground, but does a nice job of listing and discussing a number of tools one can use to gather information on people. They pull from on-line information sources as well as public records for things like criminal history. For employers, it would be a good place to start before hiring someone to do a full background check.The big take away at the end is that you need to make sure you reduce your Internet footprint, specifically by taking care to check the privacy box on many sites, and to simply provide no or false information to others. For example, although I would never provide a wrong age to gain access to a restricted website, I almost never provide my correct birthday because to many other sites (like banks) use that as part of your identity verification.