Anonymity is only as stong as the group you are hiding in

in , , , ,

Unknown known

Your Anonymous Posts to Secret Aren’t Anonymous After All | Threat Level | WIRED

This article describes a clever attack against Secret, the “anonymous” secret sharing app.

Their technique allows the attacker to isolate just a single target, so any posts seen are known to be from them. The company is working on detecting and preventing this attack, but it is a hard problem.

In general, any anonymity system needs to blend the activity of a number of users so that any observed activity could have originated from any of them. For effective anonymity the number needs to be large. Just pulling from the friends in my address book who also use Secret is way too small a group.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

Russia: To block Twitter, or not to block Twitter

in , , ,

Russia Map with Twitter Bird

Russia seems to have a conflicted relationship with Twitter and Internet censorship in general.

While trying to portray themselves as open and democratic, they clearly have a real problem with the radical openness of social media like Twitter.

Maxim Ksenzov, deputy head of Roscomnadzor (Russia’s censorship agency), said Twitter is a “global instrument for promoting political information” and that they could block Twitter or Facebook in minutes.

Prime Minister Dimitri Medvedev responded on his Facebook account, saying that state officials “sometimes need to turn on their brains” rather than "announcing in interviews the shutdown of social networks.” Which is not quite the same as saying that they would not do so.

The primary desire in Russia is for Twitter and all other social networks to open offices in Russia. That would smooth communications, but also provide leverage to push for censorship or access to data as needed.

Security by obscurity and personality shards

in , , ,

Adam Rifkin on TechCrunch has an interesting article about Tumblr and how it is actually used.The thesis of the article is that Tumblr is used more openly and for more sensitive things than Facebook because the privacy model is so much easier to understand and implement. If you have five interests and corresponding social circles, just set up five pseudonymous Tumblrs. Each then becomes its own independent social space with minimal risk of cross contamination. While all of those Tumblrs are public and discoverable, in practice they are not easy to find and unlikely to be stumbled upon by undesired individuals. This is classic security by obscurity. By contrast, Facebook wants you to put everything in one place, then use various settings to try to ensure that only the desired subset of friends, friends of friends, or the general public have access to it. This ties to the case I have been making for a while that people want to be able to separate their various personality shards among their various social circles. Even with access controls, using the same account for all of them may be too much connection and the odds of accidentally releasing information to the wrong people is too likely. I would like to see something like Tumblr provide stronger abilities to restrict discoverability, but it represents an interesting and growing alternative model to Facebook.