Anonymity is only as stong as the group you are hiding in

Unknown known

Your Anonymous Posts to Secret Aren’t Anonymous After All | Threat Level | WIRED

This article describes a clever attack against Secret, the “anonymous” secret sharing app.

Their technique allows the attacker to isolate just a single target, so any posts seen are known to be from them. The company is working on detecting and preventing this attack, but it is a hard problem.

In general, any anonymity system needs to blend the activity of a number of users so that any observed activity could have originated from any of them. For effective anonymity the number needs to be large. Just pulling from the friends in my address book who also use Secret is way too small a group.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

Russia: To block Twitter, or not to block Twitter

Russia Map with Twitter Bird

Russia seems to have a conflicted relationship with Twitter and Internet censorship in general.

While trying to portray themselves as open and democratic, they clearly have a real problem with the radical openness of social media like Twitter.

Maxim Ksenzov, deputy head of Roscomnadzor (Russia’s censorship agency), said Twitter is a “global instrument for promoting political information” and that they could block Twitter or Facebook in minutes.

Prime Minister Dimitri Medvedev responded on his Facebook account, saying that state officials “sometimes need to turn on their brains” rather than "announcing in interviews the shutdown of social networks.” Which is not quite the same as saying that they would not do so.

The primary desire in Russia is for Twitter and all other social networks to open offices in Russia. That would smooth communications, but also provide leverage to push for censorship or access to data as needed.

Postmortem Social Media (a.k.a. virtual zombies)

For millennia people have asked the question “what happens to us when we die?”

While the larger spiritual question will continue to be debated, the question about what happens to our on-line data and presence is more recent, and also more tractable.

Until very recently little thought has been given to this issue. Accounts would continue until subscriptions lapsed, the website shut down, or the account was closed for inactivity.

This has lead to some rather creepy results. I have lost some friends over the last few years, but I continue to be haunted by their unquiet spirits, which remind me of their birthdays, ask me to suggest other friends for them, and generally keep bobbing in my virtual peripheral vision.

Many social media sites do have a process for dealing with accounts after the death of their owners, but they are cumbersome and I have never actually seen them used. Generally, they are only engaged postmortem, by the family of the deceased. Assuming that they don’t have the passwords to the account, they need to contact the provider in writing and provide proof that they are a relative and of the death of the account’s owner.

Google has an interesting idea that I would like to see other sites adopt. They have set up the “Google Inactive Account Manager”  which allows the user to specify what will happen in advance. The user specifies what length of inactivity should be taken as a sign of death. Once that is triggered, Google contacts the user using secondary email accounts and phone numbers, if available, to make sure this was not just a long vacation or a loss of interest. If there is no response to that, then the Inactive Account Manager kicks in.

It notifies a list of people that you specify that this has happened. You have the option of having your data packaged up and sent to some or all of those people. Finally, you may have it delete your account, or leave it available but closed as a memorial.

This may not be the perfect implementation of this concept, but it is an important step.

So please, set up your digital will, and lets put a stop to the digital zombie apocalypse.

The Privacy Blog Podcast – Ep.7: Blacklisted SSL Certificates, Social Media Hacking, and the “Right to be Forgotten” Online

Welcome to episode 7 of The Privacy Blog Podcast. In April’s episode, we’ll be looking at the blacklisting of SSL certificate authorities by Mozilla Firefox - Specifically, what this complex issue means and why Mozilla chose to start doing this.

In more breaking online privacy news, I will be discussing the security implications of relying on social media following the hacking of the Associated Press Twitter account earlier this week.

Next, I’ll chat about the “right to be forgotten” on the Internet, which hinges on the struggle between online privacy and free speech rights. In a closely related topic and following Google’s release of the new “Inactive Account Manager,” I will discuss what happens to our social media presence and cloud data when we die. It’s a topic none of us likes to dwell on, but it’s worth taking the time to think about our digital afterlife.

The power we give to Social Media

Last week the Twitter account of the Associated Press was hacked, and a message posted saying that bombs had gone off in the white house, and the president was injured.

 

Obviously this was false. The Syrian Electronic army a pro regime hacker group has claimed responsibility, which does not prove that they did it.

There is talk about Twitter moving to two factor authentication to reduce similar hacking in the future. While this is all well and good, it will not eliminate the problem.

The bigger issue is that these poorly secured social media sites are used by people around the world as reliable sources of news.

Apparently much of the crash came from automated trading systems parsing the tweet, and generating immediate trades without any human intervention at all.

The DOW dropped 140 points in 5 minutes.

The creators of these trading algorithms feel that news from twitter is reliable enough to be the basis of equity trades without any confirmation, or time for reflection.

Certainly very large amounts of money were made and lost in that short period.

Why make the effort to hack into what we hope is a well defended nuclear power plant or other critical infrastructure, when you can get similar amounts of financial damage from subverting a nearly undefended twitter account.

Because individual twitter accounts are not considered critical infrastructure, they are hardly protected at all, and are not designed to be easy to protect.

Nevertheless we give it, and other social media, substantial power to influence us and our decisions, financial and otherwise.

Take for example the crowd sourced search for the Boston bombers on reddit. Despite the best of intentions, many false accusations were made that had major impact on the accused, and one can imagine scenarios which could have turned out much worse. What if the accused at committed suicide, been injured in a confrontation with authorities, or been the vicim of vigilante action? Now, what if there had been malicious players in that crowd intentionally subverting the process. Planting false information, introducing chaos and causing more damage.

 

This is an interesting problem. There are no technical or legislative solutions. It is a social problem with only social solutions. Those are often the hardest to address.

Security by obscurity and personality shards

Adam Rifkin on TechCrunch has an interesting article about Tumblr and how it is actually used.The thesis of the article is that Tumblr is used more openly and for more sensitive things than Facebook because the privacy model is so much easier to understand and implement. If you have five interests and corresponding social circles, just set up five pseudonymous Tumblrs. Each then becomes its own independent social space with minimal risk of cross contamination. While all of those Tumblrs are public and discoverable, in practice they are not easy to find and unlikely to be stumbled upon by undesired individuals. This is classic security by obscurity. By contrast, Facebook wants you to put everything in one place, then use various settings to try to ensure that only the desired subset of friends, friends of friends, or the general public have access to it. This ties to the case I have been making for a while that people want to be able to separate their various personality shards among their various social circles. Even with access controls, using the same account for all of them may be too much connection and the odds of accidentally releasing information to the wrong people is too likely. I would like to see something like Tumblr provide stronger abilities to restrict discoverability, but it represents an interesting and growing alternative model to Facebook.

Facebook "Like" not protected speech in Virginia

Courthouse News Service reports that a virginia judge has ruled Facebook "Likes" are not protected speech.

The case was related to employees of the Hampton VA sheriff's office who "Liked" the current sheriff's opponent in the last election. After he was re-elected, he fired many of the people who had supported his opponent.

The judge ruled that posts on Facebook would have been protected, but not simple Likes.

Interesting study of message deletion censorship

This article from Threatpost discusses a study out of CMU of Chinese censorship of their home grown social networking websites.

Now that they are blocking most of the western social media sites entirely, the focus of censorship is internal. Obviously blocking the internal sites as well would defeat the purpose, so they are selectively deleting posts instead. This study looks at the rate at which posts with sensitive key words are removed from the services.

It clearly shows how censorship can be taken to the next level when the censor controls the websites as well as the network.

India asks social network sites to manually screen all posts.

The NYTimes.com reports that Kapil Sibal, the acting telecommunications minister for India is pushing Google, Microsoft, Yahoo and Facebook to more actively and effectively screen their content for disparaging, inflammatory and defamatory content.

Specifically Mr. Sibal is telling these companies that automated screening is insufficient and that they should have humans read and approve allmessages before they are posted.

This demand is both absurd and offensive.

  • It is obviously impossible for these companies to have a human review the volume of messages they receive, the numbers are staggering.
  • The demand for human review is either evidence that Mr. Sibal is completely ignorant of the technical realities involved, or this is an attempt to kill social media and their associated free wheeling exchanges of information and opinion.
  • There is no clear objective standard for "disparaging, inflammatory, and defamatory" content, so the companies are assured of getting it wrong in many cases putting them at risk.
  • The example of unacceptable content sighted by Mr. Sibal is a Facebook page that maligned Congress Party president Sonia Gandhi suggesting that this is more about preventing criticism than actually protecting maligned citizens.

"Private" YouTube videos expose thumbnail images

Thanks to a PrivacyBlog reader for pointing me to this article: Blackhat SEO – Esrun » Youtube privacy failure

It looks like it is easy to find thumbnail images from YouTube videos that have been marked private.

If you have any such videos, go back and check that you are comfortable with the information in the thumbnails being public, or delete the video completely.

PM David Cameron on censorship: bad when you do it, OK when I do it.

Back in February, British Prime Minister David Cameron gave a speech where he strongly opposed the censorship and crack down on protesters in Egypt.

For decades, some have argued that stability required highly controlling regimes, and that reform and openness would put that stability at risk. So, the argument went, countries like Britain faced a choice between our interests and our values. And to be honest, we should acknowledge that sometimes we have made such calculations in the past. But I say that is a false choice.
As recent events have confirmed, denying people their basic rights does not preserve stability, rather the reverse. Our interests lie in upholding our values - in insisting on the right to peaceful protest, in freedom of speech and the internet, in freedom of assembly and the rule of law. But these are not just our values, but the entitlement of people everywhere; of people in Tahrir Square as much as Trafalgar Square.

Now, with the riots in England he feels that restricting access to social media, and censoring free speech is necessary to maintain order.

Everyone watching these horrific actions will be struck by how they were organised via social media. Free flow of information can be used for good. But it can also be used for ill. And when people are using social media for violence we need to stop them. So we are working with the police, the intelligence services and industry to look at whether it would be right to stop people communicating via these websites and services when we know they are plotting violence, disorder and criminality. I have also asked the police if they need any other new powers. Police were facing a new circumstance where rioters were using the BlackBerry Messenger service, a closed network, to organise riots. We've got to examine that and work out how to get ahead of them.

It is easy to condemn censorship in others, but it seems expedient when one is trying to control one's own population. When in power, the difference between justifiable actions and tyranny is largely a matter of "us" vs "them". "We" are good and would not abuse this power while "they" use censorship to keep the boot of oppression on their people.

The trouble is, it is very hard to know when one has moved past the tipping point, and powerful self justification comes easily to intelligent leaders and their advisors. As has been said many times "no man is the villein of his own story".

This is a Rubicon I hope the UK can hold back from crossing.

Facebook automatically tagging your face in pictures

Face book announced that it will soon start automatically suggesting your name for tagging photos any time it thinks it recognizes you in a picture. This automatic facial recognition is the default and will be done unless you explicitly opt out.

It looks like you need to customize your privacy settings to disable this. In Facebook, look under the "account" menu and select "Privacy Settings".

From there click the "Customize settings" link at the bottom of the table. Within there, look for "Suggest photos of me to friends", and set it to "Disabled".

I suspect that few people will simply stumble on that.

Other people tagging you in photos can lead to embarrassment you might want to avoid. Having your name suggested just makes that more likely.

While you are at it, you might want to change the setting that allows others to "check you in" to locations. That can tell thieves you are away from home or stalkers where to find you.

CNN has a good article on the announcement. Facebook lets users opt out of facial recognition - CNN.com

 

Debate about activist need for anonymity on Facebook

Amid unrest, a hard new look at online anonymity | The Social - CNET News:

This article takes an interesting look at the issues with Facebook's true name policy and the impact it has on activists and dissidents in repressive countries. It quite rightly talks about the fact that for most of the history of the Internet use of "screen names" was the default.

The odd thing about this debate is that there is basically no authentication of the names used. Many people assume that since most users are under true name that all of them are. It is trivial to set up a new account with a plausible name which can not be traced back to the real user.

I would hope that dissidents, activists and others at risk would take advantage of this simple capability to protect themselves. Yes, this is in violation of the terms of service, but I think it is for a much greater good.

If you choose to do this, take care with who you friend under this alias. If the social network you create matches your real one, or that of another account, it may be very easy to unmask your identity.

Reader question on privacy software

A reader of this blog recently emailed me to ask:

What s/w do you recommend to keep anonymous while using Gmail, IE, Outlook, and Facebook on a laptop?

This is actually a very tricky question because the nature of all of these tools, except Internet Explorer (IE), is to be associated with a visible and discoverable account and identity in the "cloud". I will discuss IE last and separately.

Gmail ties to your gmail and other Google accounts. Outlook ties to some existing email account at some email provider. Facebook is tied to your Facebook account and is explicitly designed for making your information public.

The profound question here is, what do we even mean by being anonymous using these services? I would argue that the best one can manage is to be pseudonymous; that is to maintain a persistent and visible pseudonym / alias which, while discoverable, is not associated with your true identity.

Fortunately Gmail and Facebook are free and typically do not require any real credentials to set up an account, and many of the free email providers work similarly. Using Anonymizer Universal (AU), and a browser with no history or cache to set up the accounts would ensure they were not connected to your real identity. It is important that the accounts never be accessed in any way except through AU, or they will be forever after associated with your real IP address. Furthermore, it is critical that the browser used is never used for any activity connected to your real identity, or the cookies and other digital detritus in your browser may allow these sites (or other folks) to tie the pseudonym to your other real name accounts.

IE is in many ways the easiest because there is no underlying account, but all the same rules apply. You need to ensure that you isolate your anonymous or pseudonymous activity from your real name activity.

For all of this activity a virtual machine can be a very effective tool. For example, if you use a Mac you can use a virtual machine running Windows or Linux for all of your alias activities and use the normal operating system for your real name activities. Similar tools exist for other operating systems.

BBC News - Details of 100m Facebook users collected and published

BBC News - Details of 100m Facebook users collected and published

Ron Bowes wrote some software which scanned through Facebook to capture any unprotected personal information from the website.

The collected data has been compiled in to a huge file which is available over BitTorrent among other free channels.

While the program did not access any protected information, it has exposed any and all users who have not taken the proper steps to restrict access to their Facebook accounts, either through error or lack of knowledge, awareness or prudence.

The fact that it has been captured and distributed also makes it impossible to ever effectively change or remove any of the collected information. It is out there in the wild and out of anyones hands or ability to corral or correct.

This link will download the big (2.79GB) compressed database for you right now using a BitTorrent client (it may break at some point).

UK insurer raises rates on social network users.

In this article "I don't bleepin' believe it" ComputerWorld reports on a UK insurer raising rates on social network users. The reason points back to something I have been talking about for some time. People post travel information to their social network sites. They say when they will be away from home, and for how long. This is perfect fodder for thieves, who can typically also collect enough information about the posters to identify them and find where they live. This is why I don't blog, Twitter, or otherwise post about conferences I am going to, even though it would be great to use social networks to connect with folks at the conference or in the conference city.

Once Again, Google is in a tricky spot with censorship, this time in India.

Google and India Test the Limits of Liberty - WSJ.com In this case, it is not the search engine, but their social networking site "Orkut" which is the issue. Google's troubles stem less from their actions than the fact that they are the dominant social networking site in India, and so most of those issues happen on that site.

Google has been forced to take down a lot of content, and hand over the identities of many posters. If the examples in the article are to be believed, the threshold for censorship is not high.

At the risk of repeating myself, if you live in India and you want to say something that might push or cross the line, do it with robust anonymity technology. You might still have your post taken down, but they can't come after you.

The strength and weakness of Internet activism

Fledgling Rebellion on Facebook Is Struck Down by Force in Egypt - washingtonpost.com  For a short time Facebook became the center of a fledgling activist movement in Egypt. Over 74,000 people registered on a Facebook page devoted to this issue. It became the primary communications path for this group, and enabled its explosive growth. It also contained the seeds of its rapid unwinding and the arrest and beating of the creator of that page.To me this is yet another example of the "On the Internet nobody knows you're a dog" syndrome. People feel so comfortable in front of their computers, they will say and do things they would fear to do in public or face to face. Facebook is in no way anonymous, nor does it claim to be. While there are many tools that could have enabled these people to operate and organize anonymously, there is no evidence that they used any of them.The Internet is very powerful, but it is also very public. People wishing to use it in repressive countries need to take special care to protect themselves and their visitors. 

It is not easy to stay private

New Sites Make It Easier To Spy on Your Friends - WSJ.com This article does not break any new ground, but does a nice job of listing and discussing a number of tools one can use to gather information on people. They pull from on-line information sources as well as public records for things like criminal history. For employers, it would be a good place to start before hiring someone to do a full background check.The big take away at the end is that you need to make sure you reduce your Internet footprint, specifically by taking care to check the privacy box on many sites, and to simply provide no or false information to others. For example, although I would never provide a wrong age to gain access to a restricted website, I almost never provide my correct birthday because to many other sites (like banks) use that as part of your identity verification.