Privacy

Why you really should care about privacy

Privacy is not just for people who have something to hide. It is for everyone -- even you.

Privacy is not just for people who have something to hide. It is for everyone -- even you.


Privacy is an increasingly popular topic of discussion as the reach and relevance of the Internet in our lives increases. More and more, people find their leisure time, work time, and even home improvement time dominated by the Internet. Outdoor activities like hiking and bicycling often involve long hours spent researching and purchasing gear online for the best prices and quality equipment. Amazon has turned book readers into online bargain shoppers. LinkedIn, Facebook, and Google Buzz are turning the Internet into an invaluable job seeking tool -- more so even than job-hunting sites like Monster.com ever did.

With the amount of information we share over the Internet with vendors, social networking sites, and banks, privacy matters take on a whole new urgency. This urgency is only enhanced when one reads headlines about privacy breaches at such organizations, whether it be foreign governments cracking security at US Web-based corporations, the US government or UK government losing data, or corporations effectively giving information to anyone who pretends to be a law enforcement official -- because there is no reasonable way to service eight million requests in a year without automating the process to the point that there is no effective oversight. To the perceptive observer, it quickly becomes apparent that privacy is security.

Despite this, many people seem entirely uninterested in matters of privacy. They don't see the dangers of Internet services with automated law enforcement portals, trusting the government with private data, or encryption that doesn't trust the user. Even more disturbing, a common refrain echoes through online debates about the importance of privacy -- neatly paraphrased by Google's own CEO, Eric Schmidt:

If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.

Another common form of it is "You have nothing to fear if you have nothing to hide."

Despite the evident necessity of encrypted connections to e-commerce websites and the frequency of new vulnerabilities discovered in various implementations of SSL/TLS encrypted connections, many persist in believing that concern over sending private information to various corporate and government websites is paranoia.

Despite the evident necessity of guarding against social engineering attacks, many persist in believing that concern over providing automated access for law enforcement personnel -- and just trusting that they both have the required warrants and are who they claim to be -- is paranoia.

Despite the evident necessity of double-checking the encryption implementations offered by vendors to see if they're just using a glorified XOR cipher with a static, symmetric key, many persist in believing that concern over the inability to audit the source code for proprietary cryptographic systems is paranoia.

Is it really paranoia if someone is actually out to get you?

Is trust in the intentions and policies of corporations and government agencies really relevant if you cannot trust their competence to protect your private data?

I challenge those who do not believe in the importance of privacy in our information technology enhanced lives to put their money where their mouths are. Create a publicly accessible Website and post your private data there, to simulate the eventuality of some organization trusted with your data having its security cracked, suffering the ill effects of a disgruntled or rogue employee, reaping the rewards of bureaucratic complexity and laziness, or just leaving you to clean up after its representatives' and officers' incompetence. Here are some key examples of the sort of data you should share with the world:

  • Bank Account Numbers
  • Computer, Email, and Web Site Usernames and Passwords
  • Credit and Debit Card Numbers
  • Email Contents for the Last Six Months
  • Employment History (Including Current Employer)
  • Every Photograph You Have
  • Full Name
  • Medical Records
  • Mother's Maiden Name
  • Purchases for the Last Six Months (from Condoms to Reading Materials)
  • Social Security Number
  • Street Address
  • Telephone Numbers
  • Voter Registration Information
  • . . . and Anything Else that Comes to Mind

When you have done all that, and lived with it for a few months, come back and tell us whether you still think privacy is unimportant, and only for people who "have something to hide".

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

77 comments
Ocie3
Ocie3

[i]"Is it really paranoia if someone is actually out to get you?"[/i] Not if you have evidence that they are. Paranoia is a mental illness, the symptoms of which can be either (1) delusions of grandeur, or (2) an unfounded fear of persecution. It is not a joke for the person who is suffering from it.

zazou
zazou

If you are not paranoid that doesn't mean they are not after you...

billfranke
billfranke

Chad Perrrin said: 'Even more disturbing, a common refrain echoes through online debates about the importance of privacy ? neatly paraphrased by Google?s own CEO, Eric Schmidt: '"If you have something that you don?t want anyone to know, maybe you shouldn?t be doing it in the first place." 'Another common form of it is ?You have nothing to fear if you have nothing to hide.?' I disagree that Schmidt paraphrased the common form you cite here. He said "Don't do anything that you don't want others to know about". He didn't say "If what you're doing isn't illegal or unethical or immoral or otherwise potentially embarrassing, don't do it". There's a semantic difference. There may be no practical difference, however. For example, whether you pay for your purchases in person at a brick and mortar store in your neighborhood with a credit card or with a credit card on the Internet, you compromise your privacy because you expose your credit card number when making both purchases, and your signature when signing the credit card form in person. If you don't want anyone to know your credit card number, don't use one anywhere. While my old-fashioned father did use a credit card when he bought gasoline or consumer goods at stores -- although, he preferred to pay cash -- he never used one on the Net, nor did he do any online banking. He sacrificed speed and convenience for a higher degree of privacy than we Net denizens seem to be able to live with. If you don't want anyone to see your face on a social networking site -- especially when you're drunk and half undressed at some party -- don't post those pictures of yourself. And don't hang out with people (some of whom you may call "friend") who think that just because they're your friends, they have the right to post your image on their social networking site or blog or photoblog or other Web page. If you want to visit porn sites but don't want anyone to know about it, then use somebody else's PC, not the one your employer provides at work, and not the one your name is attached to in your ISP's customer database. There are plenty of obnoxious moralists who are perfectly happy to take your picture and publish it on the Internet or their church newspaper if they see you picking up a streetwalker or visiting an "adult" book store. When you do things in public, you lose whatever privacy rights you mistakenly thought you had. If you don't want to be looked at, don't appear in public: stay in your cave and shun the world. While I agree wholeheartedly that governments and businesses should not be able to unrestrictedly collect and exploit (use for their own advantage and the individual's disadvantage) as much information about a person as is now available in what are essentially public records, there is no hope that this trend will be reversed. Businesses care about taking your money in exchange for the goods and services they make a profit from; governments care about collecting as much information about everyone as possible for both good and bad reasons, and because those in government are generally power-hungry, they will never yield what they consider their right and duty to collect it and use it for whatever reasons they can provide to justify their having it; and strangers with binoculars, telescopes, telephoto lenses, long-range microphones, and an insatiable voyeuristic character will continue to spy on whomever they deem worthy of their attention. Keeping your business from the prying eyes of the rest of the world is as impossible as trying to prevent yourself from appearing in the dreams and fantasies of those who may be obsessed with you. All you can do is hire someone you can trust (can you really trust anyone at all, even if you're not paranoid?) to conduct your business anonymously, wear a mask in public, keep your mouth shut, and never express your opinions in any way about anything at all, even the flavor or brand of ice cream you prefer. I.e., become a hermit and separate yourself from the big world out there. Franz Kafka (as well as other novelists and social critics) understood the capricious nature of the real world when he wrote _The Trial_. Josef K. never stood a chance. Neither do those of us who use the Net. The invisible inscription at the end of every hyperlink is this: "Abandon [all] hope [of privacy] all ye who enter here". Live with it; get over it; and stop whining. One cannot be a part of society and anonymous at the same time. One cannot be free without being eternally vigilant or totally solitary.

alan
alan

Out of the 14 items on the list, I have seen 7 items - fortunately not all for the same person. I was not looking for that - it is just stuff I happened to seen for my son's friends when I joined F.B. just to look at grand-children's photos. He has a quite a few friends. I am sure I would find an example of each of the 14 if I had patience. Mother's maiden Name ! ! ! If your Uncle and you are F.B. "friends" and have different surnames, that gives the whole world a good chance of guessing your Mother's Maiden Name. Are you glad your bank is able to confirm your I.D. with that info. ! !

jfuller05
jfuller05

I've noticed the "openness" craze, I won't be a part of it. I kind of like having personal information personal.

jo-mi
jo-mi

People who don't care about privacy are stupid. Where do they put the boundary between private affairs and public affairs? Take, for example, what goes on in the bedroom. Should that be broadcast? There one will find practises that offend some greatly, so stop doing them or be persecuted (maybe prosecuted)! Or supposing, you want to go away for some peace and quiet - up into the mountains say, alone, to merge with nature. Do you want Google to know where you are all the time? And the police? And the people you want a rest from? Satelite technology is improving all the time. So are tracking techniques. Bill Gate once had a dream that he called "The documented life". His idea, which maybe he still nurtures, was to rig people out at birth with continual recorders so that absolutely everything they did, saw, read, heard, or experienced would be recorded. The means to do so are here already. Storage is no problem since the data can be continuously uploaded to the powers that be. That way nothing could be hidden, no crime would go unpunished, no misdemeanours would be unfined. Anything wrong, the police could be at your door in the morning, or, better, maybe during the night. How many times a day do you think you break laws or bylaws? 10? 20? Think about it and count them. Include the inadvertant ones. Want to share you private conversations, your flirts, your love-makig, your private discussions (there's gist for the watchers mills)? Freedom? Why would you want that? If you do nothing wrong, who needs it?

Repeal
Repeal

Prior to the revolution, the King of England wanted the platen of every printing press in the colonies to have a unique mark to identify every page printed so he could track the source of dissent. Anonymous speech is an American birth right Given proposed campaign laws the pamphlet Common Sense might never have been published and American might still be a British Colony! Call your U.S. Senators and Congressman and ask them to vote no on the Disclose Act.

Paul
Paul

InZerosystems is the ONLY 100% solution! In the 2 weeks prior to the 24 June demo, "well over 2 million attempts to penetrate the technology, and all cyber attacks failed" according to BusinessWire! It prevents theft of proprietary information and strengthens our competitiveness throughout the world!

internetfodder
internetfodder

So much of the security we use everywhere is fallable. Does that mean we stop living our lives? How could the situation ever change? How could there possibly be a perfectly secured system? The internet is incredibly useful and made more so by feeding it with personal data. I think all that is necessary is a knowledge of who we can trust and who we cannot. Albeit no system is perfectly secure, but wachovia must be doing better than facebook is. Reasonable precautions trump total abstension in this case. I will share my private data with those most able to secure it.

jkameleon
jkameleon

Whatever the police & government know about you, Mafia knows as well. One bad cop is enough.

AnsuGisalas
AnsuGisalas

as well as high-quality images of finger- retina- and ear-prints. And a varied sample of voice samples, including ones of yourself reading a number of crime novels out loud, all acting-like :)

apotheon
apotheon

Do you mean evidence you can use to convince someone else, or just evidence that satisfies your own needs? Some evidence is not really transferable, after all -- but to others one may still look paranoid. . . . and I don't know if you noticed, but I wasn't joking.

Ocie3
Ocie3

following is a quotation of what Eric Schmidt said about privacy, according to PC World, December 11, 2009, in a report by Jared Newman: [i]"Lest anything be taken out of context, here's the full quote from Schmidt, uttered in an interview with CNBC: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place, but if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it's important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities.'" (italicization added)[/i] ( http://www.pcworld.com/article/184446/googles_schmidt_roasted_for_privacy_comments.html ) Make of it what you will, his mention of the Patriot Act is on the mark. Another worthwhile read are the remarks of John Dvorak, on Market Watch, December 11, 2009, in an article titled: "Eric Schmidt, Google and privacy - Commentary: It's not about you so much as about people in power." ( http://www.marketwatch.com/story/eric-schmidt-google-and-privacy-2009-12-11 )

apotheon
apotheon

Distorting Eric Schmidt's words Really? Look at the context of what he was saying, and tell me that again. There's a semantic difference. There may be no practical difference, however. Oh -- maybe you did read it, and actually agree that what he said is functionally (and intentionally, in the context in which he said it) a paraphrase of that common refrain. You just decided to try to say what I said was wrong so you'd have a sensationalistic title for your comment post, I guess. Live with it; get over it; and stop whining. One cannot be a part of society and anonymous at the same time. Shall I tell you where to go, and where to stick that? It's not about being anonymous all the time. It's about being able to have some damned privacy. There's a distinct semantic difference here, and it is most certainly a practical difference as well. One cannot be free without being eternally vigilant or totally solitary. I agree with that statement, wholeheartedly. I find it odd that you tacked that on to the end of a paragraph in which you basically tell us all to stop being vigilant and just give up.

Ocie3
Ocie3

yes, anonymous libel and slander, no! And that should most definitely apply to political speech. Corporations should also have a legal obligation to publish only facts as to the actual content of pending legislation, instead of disseminating lies about it! My opinions -- yours may differ.

willy_uk
willy_uk

See the old stories about codes printed onto each and every page by laser printers. I sure hope you're not using one of them your your anonymous speech. (I might add, I'm all for anonymity and am extremely suspicious of anyone who's ever used the words "nothing to hide, nothing to fear" or run for a position of influence... so don't take that as a slight - I just think it's interesting that the King's wishes eventually came true in the USofA)

AnsuGisalas
AnsuGisalas

Like, locking your front door. Ditto for your car. Logging into a limited account instead of administrator. Running a resource-hogging security program. Scanning for malware once in a while. Knowing the cost/benefits of the various inconveniences helps.

Ocie3
Ocie3

when an officer (usually a detective) wants to access and acquire P.I.I. about a suspect, then they must submit a written request to a supervisor for permission to obtain it. The supervisor's signature and, sometimes, other data such as a "one-time password" (string), are required to authorize the search and the record is kept indefinitely. There are perhaps many things that "one bad cop" can do in various contexts, but cops who have the means to access other people's P.I.I. typically work with one or more partners, and have supervisors who are actively involved in investigations. In small agencies, such as a sheriff's department in a rural county with a small population, patrolmen are often also the initial investigators (detectives). They can have some "unsupervised" access to law enforcement databases, but not so much as you might believe. Such agencies usually don't have the [i]funding[/i] that is needed to gain access to sophisticated information systems, even in this day and age of the Internet.

Ocie3
Ocie3

of those biological "identifiers" to assume [i]your[/i] identity?? Completing an application for a credit card account with the full name, US Social Security Number, birth date, birthplace, mother's maiden name, etc., requires only things that you (and an impostor) know. In my experience, lenders have not required anything else to authenticate the application. If such an application also required, for example, a document which shows a set of DNA triplets which identify a specific person, then the lender could simply require that you report to a laboratory to have a swab of the mucus lining your mouth taken, then you pay a fee to have the laboratory process the sample and produce a report which they send to the lender. That report must, of course, include some other P.I.I. such as full name, US Social Security number, birthdate, etc. -- at least enough to allow the lender to associate that DNA report with the application for credit. AFAICS, having such information publicized would be of benefit only to the lender, and of little use to anyone who attempts to impersonate you. Then again, an impersonator [i]might[/i] be able to report your DNA data to the lender without, in fact, visiting the laboratory, yet convince the lender that the reported DNA data did originate from the laboratory as the result of a test performed on you, and did not originate with the impostor instead. Of course, that would be a fake laboratory report, with respect to the impostor. But a fake report might not be necessary, however. Since the DNA data alone is not useful without the other P.I.I. data, then an impostor could go to the laboratory, provide the P.I.I. data which is yours, then allow a mucus sample to be swabbed from the lining of their own cheek, to be processed and reported by the laboratory to the lender, who now has the DNA identification of the impostor in association with [i]your[/i] P.I.I. both on the lab report and on the application for credit. Only if the lender has some way to independently verify that DNA data is yours, such as by comparing it to a public record, would they be able to detect the impersonation. Else, the impostor does indeed acquire your identity!!

apotheon
apotheon

That's beautiful! I wish I had thought of the crime novel idea while writing the article.

Ocie3
Ocie3

"if you have evidence that they are." [i]i.e.,[/i] out to get you. You need the kind of evidence (facts) which you can use to convince a psychiatrist that your fears of persecution are [i]not[/i] unfounded, of course, since psychiatrists are the ones who are qualified to make that diagnosis. Of course, you might want a "second opinion" either way. Sorry, I did not mean to imply that you were joking. Most of the time when someone does ask that question, it is either rhetorical or in jest, and often it is simply in questionable taste. Personally, I do not know whether anyone is "out to get me". However, I have suspicions that a significant number of people are collecting, or would like to collect, a lot of data about who I am (P.I.I.) and what I do [i]via[/i] the Internet. Those suspicions are reasonable, considering the well-known facts, and the evidence is not difficult to collect. All that they might want to do is use the data to "target" advertising to me, but they do not have [i]my[/i] interests at heart, only those of the parties who want me to buy their goods and services. That could be harmful and contrary to my well-being, but they don't seem to care whether it is, and most of them would even assert that I will benefit by it, too. For example, their targeted advertising could increase the likelihood that I would go into debt in order to accept their offers, and doing that would, ultimately, not be a good thing for me to do. Such merchants always assert that they don't intend that I go into debt, that they only want me to spend "disposable income" and never deprive my wife and children (if any) of what they might need in order to buy their goods and services. But I've noticed that they always offer to accept payment [i]via[/i] credit cards, and never require that I submit proof that my decision to buy something from them will not harm others. Succinctly, they want to manipulate me, to cause me to make purchases in a greater number, and perhaps variety, than I would make without being exposed to such advertising. They assert that I should make only rational decisions "in the marketplace" but the intended effect of their strategies and tactics in sales and advertising is to induce me to behave irrationally. That is what is fundamentally wrong with such advertising, and those merchants and their agents are most definitely "out to get me" to do what they want me to do, regardless of the consequences either for me personally, or for society in general.

Jaqui
Jaqui

name;y, the ip address you have from your isp goes into a pool for someone else to use. so you are surfing anonymously, and someone else is using your traceable ip address to get child porn. naughty you, it's your ip address, you are the prime suspect. proving you didn't, well then you have to explain why you went through an anonymizer proxy to make the ip address available.

Sterling chip Camden
Sterling chip Camden

I'm against lying, but who gets to decide what's a lie and what's the truth? No, it's better to allow free speech in all its forms, and caveat lector. If there's one positive effect of the web in our culture, it's that it has taught people not to trust most of what they read.

apotheon
apotheon

I find that, most of the time, the more a "security" program hogs resources, the less effective it is as a security tool.

jkameleon
jkameleon

> Such agencies usually don't have the funding that is needed to gain access to sophisticated information systems, even in this day and age of the Internet. Yeah, agencies don't have funding. Mafia has.

AnsuGisalas
AnsuGisalas

Impersonation can be a lot of things. Forensic impersonation will be a possibility in the near future, if it isn't already. DNA impersonation isn't so hot yet, but conceivably a person would only need to hit the "sampling"-points in the DNA, since the whole string is never checked. They only look for certain features. Finger- and other prints can be copied to a composite film that then can be used to transfer that print. And to fool print scanners.

AnsuGisalas
AnsuGisalas

"We've got your threatening messages to their voicemails, and your fingerprints were all over their offices. It's clear that you brutally murdered a whole string of your ex-husbands competitors. Everything you say can and will be used against you in a court of law."

apotheon
apotheon

You need the kind of evidence (facts) which you can use to convince a psychiatrist that your fears of persecution are not unfounded, of course, since psychiatrists are the ones who are qualified to make that diagnosis. Convincing someone is not the same as being right (for the right reasons). Sometimes, it is very difficult to convince an "expert" of something that is manifestly true even when you can present evidence to them. It can get more difficult when the only evidence you have is your memory, and the person is inclined to believe your memories are actually fabrications of one sort or another. I don't put much stock in the value of psychologists for determining the reasonability of my beliefs, frankly -- even though I suspect that psychologists in general would find my beliefs within the realm of reasonability (though they would most likely disagree with many of them), as long as the subject didn't stray into politics. Sorry, I did not mean to imply that you were joking. Most of the time when someone does ask that question, it is either rhetorical or in jest, and often it is simply in questionable taste. In my case it was intended as a response to other peoples' irresponsible use of the term "paranoid". That is what is fundamentally wrong with such advertising, and those merchants and their agents are most definitely "out to get me" to do what they want me to do, regardless of the consequences either for me personally, or for society in general. Nice conclusion. I have some ideas for how to eliminate a lot of the incentives for screwing people over with targeted marketing and the like, but that really gets into a subject for another day (and perhaps another venue).

apotheon
apotheon

I never said anything that implied I "accepted" any assertions by either you or Jacqui. Please do not read meaning into my words that is not evident in those words.

AnsuGisalas
AnsuGisalas

But I don't recall the url. "Why do you implicitly assume that the only people who would use Anonymizer are engaged in activities which are illegal, immoral or which they have "some reason to hide"??" I don't. I just assume that among these users, there will be an overrepresentation of the mentioned kinds of clientele. People with something to hide will try to hide what they have if they know how. But what I meant with the used condom is this: if you do something with a borrowed IP that is openly identifible (such as use a webmail, or log onto a secured service), and that borrowed IP has been used before for illicit ends, then it's an instance that ties you to that illicit use. It's not a huge risk of this tie coming to anyone's attention (unless the NSA is doing something that we don't know about), but it's still not a nice thought. But that power-off thing sure sounds prudent. Damn, I want a remote for my electricity control box, so I can turn off certain circuits with a single button... it'd be handy for a lot of things.

Ocie3
Ocie3

was a physician who was hanged, because he treated John W. Booth for the injuries that Booth suffered during his assassination of President Abraham Lincoln. As to the "used condom" analogy, I power-off the DSL "modem" (router) before I retire for the night and turn the power on again when I arise the next morning. Each time that I do that, the ISP assigns an IP address which is (allegedly but also apparently) randomly selected from a "pool" of the IP addresses that are available. When I began using the service, the ISP techs told me that the pool contained 32 IP addresses. However, I have kept a sample of those which I've been assigned, and it certainly appears that the pool is [i]probably[/i] every available IP address that they have when I turn the "modem" on. Maybe the amount of time that has passed since it was most recently running affects the size of the pool. Or maybe they constantly diversify the 32 IP addresses that are in the pool. Regardless, you can bet that every one of those IP addresses has been used by someone else at some time. I started power cycling the "modem" daily when I discovered that my nominally "dynamic" IP address changed only when the modem lost power, then restarted. So the IP address would remain the same for weeks and months. So what is the difference between the used IP addresss issued by my ISP, and the one that is randomly selected from the range(s) of IP addresses which are owned by Anonymizer? Their pool of available addresses at any given time is probably smaller than the one for my ISP, but if it is not significantly small, then it doesn't matter. Having an anonymous IP address is only the start of the measures that someone must take to effectively become anonymous and untraceable. Why do you implicitly assume that the only people who would use Anonymizer are engaged in activities which are illegal, immoral or which they have "some reason to hide"?? I don't know about you, but if I were wealthy, I believe that it would be prudent to use an anonymous IP address to prevent someone from using it to discover where I am while I am online. There are other reasons, too, but what they amount to is "for self protection".

AnsuGisalas
AnsuGisalas

does sound more reasonable. Of course, the problem is then, that with the anonymizer you're banging around the internet with what amounts to a used condom. So, it can potentially lead to incrimination, if not, maybe being convicted of a crime. Unless your skin colour has the wrong pigmentation pattern, in which case your name is mud.

Ocie3
Ocie3

Oh, I don't have much trust or faith in the US legal system! Every year, thousands of men and women "confess" to crimes that they never committed, in order to avoid trial for a crime which they were accused and arrested for committing -- regardless of whether they did commit that crime(s). Now why would they do that?? That said, with regard to the IP address which my ISP has currently assigned to my computer, I am the only one who is using it to connect to any web site(s) and those web site(s) do, of course, use it to respond to my initiative. An anonymization service cannot use that IP address to do anything [i]except send packets to my computer[/i]. Also, it is quite unlikely that anyone else is using my IP address at the same time that I am using it. Just think of how that [b]would not work[/b] for either one of us if they were!! [i]Edit: [/i] Of course, two or more computers can use the same IP address if they are on the same network (LAN or WAN). The IP address provided by the ISP is actually assigned to the "broadband modem" (a router), which is be cabled to a "gateway" router for the network. Identifying which computer has sent and/or received a specific packet(s) is a matter of record. As I wrote, "Jaqui" was mistaken to claim that the anonymization service somehow uses the IP address which my ISP has assigned to me for their traffic with other users and/or to other web sites. Jaqui's assertions do not make any sense whatsoever -- they are nonsense, and it appears to me that you have accepted them as valid regardless of my refutation. If you don't respect mine, then do your own analysis.

apotheon
apotheon

In the USA, at least, you are never required to prove that you did not do something, or to prove that you did not fail to do something which you are required to do by law (e.g. to file a tax return with the IRS when certain criteria are met). To the contrary, the prosecutor must prove beyond a reasonable doubt either that you did something which is a crime, or that you failed to do something that you were required by law to do (e.g., to stop at a traffic signal when the red light was lit). In theory, that is true. Unfortunately, while theory and practice are the same in theory, they are quite different in practice. Consider this: in a court of law, you could well be convicted on the strength of how the IP address assigned to you was used -- unless you explain to those idiots in the jury box to their satisfaction that others could have been using that IP address at that time. In short, once a prosecutor's witness says "It was his IP address!" it's up to you to prove that you were not, in fact, the guy using that IP address to perform whatever acts are attributed to you by the prosecution. Far flimsier evidence than that has been used to "prove" people are guilty of various crimes, such as the West Memphis Three who are currently serving time purely on the strength of a (later recanted) "confession" that was basically beaten out of a mentally retarded kid, even when there's lots of evidence pointing to other people as possible culprits. Trust not in the purity of the legal system here in the US, for its description in the Constitution does not precisely match up with its character in the real world.

Ocie3
Ocie3

The Anonymizer service does absolutely nothing with the IP address that is assigned by my own ISP for my use. They can't, because that is the IP address which my computer uses to connect to their anonymization service and to which the service sends the TCP/IP packets that they have fetched at my request. They have their own "pool" of IP addresses, one of which is randomly chosen and assigned to a customer at the time that customer's computer establishes a secure connection to the anonymizer web site. That IP address is used in each TCP/IP packet header as the customer's IP address with respect to the web site servers and/or other computers to which the customer proceeds to connect [i]via[/i] the anonymization system. In effect, the anonymization service becomes a temporary substitute for the customer's ISP with regard to the customer's connections to other web sites. It is almost the same as accessing the WWW [i]via[/i] a dial-up service which uses a proxy server. In the USA, at least, [i]you[/i] are never required to prove that you did [i]not[/i] do something, or to prove that you did not fail to do something which you are required to do by law ([i]e.g.[/i] to file a tax return with the IRS when certain criteria are met). To the contrary, the prosecutor must prove beyond a reasonable doubt either that you [i]did[/i] something which is a crime, or that you [i]failed[/i] to do something that you were required by law to do ([i]e.g.,[/i] to stop at a traffic signal when the red light was lit). As far as I know, the anonymization service is perfectly legal and it is not a crime [i]per se[/i] to use the service (so far!).

AnsuGisalas
AnsuGisalas

That puts this whole thing very nicely into perspective. What do we let others lend?

apotheon
apotheon

If there's one positive effect of the web in our culture, it's that it has taught people not to trust most of what they read. Unfortunately, that mostly seems to apply only to the Internet. People tend to assume that newspapers, magazines, and "broadcast" news media all tell the truth, except where what they say directly contradicts their own assumptions. Still . . . there does appear to be a gradual undermining of public trust in mainstream media these days, and I believe that's a pretty good thing.

Ocie3
Ocie3

Quote: [i]".... If there's one positive effect of the web in our culture, it's that it has taught people not to trust most of what they read."[/i] Frankly, I doubt that very much. It seems that everyone under the age of 30 believes everything that they read on the Internet, and seldom read anything from another source unless, perhaps, it is a textbook. Your question as to "who gets to decide what's a lie and what's the truth?" has an answer: in cases of libel and of slander, the [b]jury[/b] decides not just whether someone has told a lie(s), but also whether the subject of the lie(s) has suffered demonstrable harm, and how grevious it has been if they have. The US Supreme Court has consistently held that the right to free speech is not a right to tell lies, although they have stopped short of prohibiting character assassination in "political speech". If Congress ever passed a law prohibiting libel and slander in "political speech" (as it is prohibited, for example, in England), then I am sure that the USSC would find it constitutional. Indeed, telling a lie(s) can be an [i]inherently[/i] criminal act, such as the commission of fraud, or acts of counterfeiting. So what is [b]YOUR[/b] answer to your question, eh??

Neon Samurai
Neon Samurai

(ducks) My gaming boot is a pretty limited use system rarely used for browsing. I find MSE light enough on resources without leaving me totally naked. We'll see how it proves out in ongoing third party assessments though. With everything and it's dog's latest game title now having to go online for some feature or validation, pulling out the network cable isn't practical nor is running my system naked of AV (but, it may also be my security geek paranoid mind also).

Jaqui
Jaqui

Symantec/Nortons and McAffee just got BURNED! All 3 products are major resource hogs :D

AnsuGisalas
AnsuGisalas

I've yet to get an infection with this Zealot Alert Extremist suite I'm using, but I have this odd feeling that it's using a lot of resources blocking out other potential security programs, and while this could be a useful part of preventing conflicts, and even could be sign of a strict defense against certain kinds of installs that would cover malware as well as security programs... I still wonder if it's just monopolization.

JamesRL
JamesRL

Its like those of us in a corporate environment with multiple passwords. The more "unique" passwords you have the less secure it is, because you are more likely to have to store them somewhere, like a sticky note or notepad file. As for resources, I do have to turn off my anti-virus program during my gaming because of resource issues. A less resource intensive program would be more secure for me. James

apotheon
apotheon

Too late -- DNA is already public. You leave it everywhere you go. It's really only a matter of a few years before that even becomes a reasonable defense in court, I think.

Ocie3
Ocie3

of DNA triplet sets which [i]uniquely[/i] identify respective individuals would almost certainly have to be maximally secured, including encrypted backup copies and perhaps even multiple sets of backup copies that are kept in different locations. As to whom has such custody, it could be a governmental service (Social Security Admin. -?- they already have our number :-) ). Or it could be provided by a non-profit NGO or even by contract between individuals and private for-profit firms. Regardless, it would have to be very strictly regulated with standard guarantees, fiscal reserves, penalties,etc., and none of this "we get to change the terms whenever and however we like" bullshit that is so common nowadays (and which, IMO, should be outlawed). The principal concern is that the party who has custody of the data [i]must not have[/i] any interest in the data itself, only in maintaining it securely and allowing only those who have permission to access it, as I described before.

AnsuGisalas
AnsuGisalas

I guess that answers my question :( But: "Blanket or enduring permission would not be allowed." Until someone loses a disk, right?

Ocie3
Ocie3

makes better fiction than truth. Quote: [i]"This is not 'I am Y', it's 'Y was here>Y did it', and by way of that 'there's nothing missing from this picture'. In case 'Y' is a person with a clean record who is not likely to be implicated in any way, then the latter statement is the payoff." (italicization added)[/i] To the contrary: the absence of evidence is not evidence of absence, nor is the presence of evidence [i]per se[/i] the evidence of presence. One problem with your reasoning occurs when in fact there is solid and convincing proof that "Y" was somewhere else at the time of the crime ([i]i.e.,[/i] they have a solid alibi), and/or that "Y" has never been present at the scene of the crime regardless of what the "evidence" may be. The second problem is that my fingerprints and biological tissues are all over the apartment in which I live, and the only thing that they [i]might[/i] "prove" is that I have been here. They don't prove that I committed any crime that was committed here in the absence of any significant evidence that it was committed by someone else, such as the person who subsequently tries to sell my computer [i]via[/i] EBay. What you are referring to is "circumstantial evidence", which is the weakest kind no matter how "scientific" it is. Although it might not be difficult to convict a suspect of the crime based [i]entirely[/i] upon circumstantial evidence, it is not likely to be sustained upon appeal, if the convict's legal counsel and the appellate judges are at all competent. Quote: [i]"Did that answer your question, or did I make a fool of myself? (italicization added)[/i] You answered my question as to what "forensic impersonation" is or may be. However, with regard to the triplet sets which are used to [i]uniquely[/i] identify a specific individual, notice the preceding word in this sentence which is italicized. What does it mean? When I wrote that the [i]probability[/i] is very low, I meant as in "1 in 10,000,000,000" low. There aren't even that many people on the planet yet. Currently, DNA triplets are not used very often for authenticating a person's identity which, again, is insufficient without their P.I.I.. There might be some risk that publishing a set of DNA triplets which are [i]unique[/i] to a specific person could also reveal genetic data that should be kept private (if not secret). But if DNA profiles are to be used at all for identification purposes, then publication is necessary regardless of such a risk, for the reason that I described. However, "publication" does not necessarily mean "accessible by anybody at any time or from any place". Access to the data could and probably should be restricted, and those who access the data to verify the identity of a person should also [i]not[/i] be permitted to retain a copy of the data. IMO, access to such data should require the person's prior knowledge and explicit consent for each and every access that is made to it. Blanket or enduring permission would not be allowed.

AnsuGisalas
AnsuGisalas

What's usually talked about is up-front impersonation; i.e. making use of private information to publically assume part of someone's ID for a specific purpose. It involves a more or less open claim by person X that "I am person Y". With forensic impersonation I mean specifically using someone's identifying features to replace one's owns at the scene of a crime. We all know (from watching CSI) that when the evidence has been removed by the perp (leaving an conspicuous void), the police will comb everything; find missed evidence and automagically catch the bad guy. But if the real evidence is cleaned up, creating a void, and then the void is replaced with evidence of a specific kind? This is not "I am Y", it's "Y was here>Y did it", and by way of that "there's nothing missing from this picture". In case "Y" is a person with a clean record who is not likely to be implicated in any way, then the latter statement is the payoff. Now, sure, supercriminals aren't thick on the ground, crime being a sucker's game. DNA, obviously, should not be public. Not now, that they can be used to identify hereditary diseases and the like, and not later when it might be useful for other, more offensive things. And sure, one persons DNA isn't so hot. But if you have a lot of people's profiles (zuckers) then you can check among your customers for matches, and presto, you can make them a sufficiently good biometric ID. The business is in bulk. Did that answer your question, or did I make a fool of myself? EDIT: You did make a good argument, no doubt about that. I just think that the prohibitively dangerous information available in a persons DNA precludes making it public record. A specific set of markers can be public maybe, but even then there's dangers of previously undiscovered correlations.

Ocie3
Ocie3

"forensic impersonation"?? I don't believe that I've seen the word "forensic" as an adjective of "impersonation" before. The triplet sets that are identified in a DNA analysis are specifically chosen according to the particular purpose that they will serve. When the aim is to [i]uniquely[/i] identify a specific individual human being, then the triplet sets are such that the [i]probability[/i] that someone from whom they have been gathered is [i]not you[/i] when the triplets match yours is extremely low. If I may say so, I don't believe that you have carefully considered my explanation as to how the DNA data for each specific individual [i]should[/i] be public and not private, so that someone cannot make their own DNA profile as the one which will be associated with your other P.I.I. instead of your DNA profile being associated with it. Obviously, your DNA does not encode your full name, residence address, birth date, birthplace, parent's names, etc., by which you are [i]identified[/i]. It can only identify you by association with that other P.I.I..

Editor's Picks