privacy Archives - Page 123 of 145 - Schneier on Security

Entries Tagged "privacy"

Page 123 of 145

New Anonymous Browser

According to Computerworld and InfoWorld, there’s a new Web browser specifically designed not to retain information.

Browzar automatically deletes Internet caches, histories, cookies and auto-complete forms. Auto-complete is the feature that anticipates the search term or Web address a user might enter by relying on information previously entered into the browser.

I know nothing else about this. If you want, download it here.

EDITED TO ADD (9/1): This browser seems to be both fake and full of adware.

Posted on September 1, 2006 at 8:23 AM • View Comments

Stupid Security Awards Nominations Open

Get your nominations in.

The “Stupid Security Awards” aim to highlight the absurdities of the security industry. Privacy International’s director, Simon Davies, said his group had taken the initiative because of “innumerable” security initiatives around the world that had absolutely no genuine security benefit. The awards were first staged in 2003 and attracted over 5,000 nominations. This will be the second competition in the series.

“The situation has become ridiculous” said Mr Davies. “Security has become the smokescreen for incompetent and robotic managers the world over”.

Unworkable security practices and illusory security measures do nothing to help issues of real public concern. They only hinder the public, intrude unnecessary into our private lives and often reduce us to the status of cattle.

[…]

Privacy International is calling for nominations to name and shame the worst offenders. The competition closes on October 31st 2006. The award categories are:

Most Egregiously Stupid Award
Most Inexplicably Stupid Award
Most Annoyingly Stupid Award
Most Flagrantly Intrusive Award
Most Stupidly Counter Productive Award

The competition will be judged by an international panel of well-known security experts, public policy specialists, privacy advocates and journalists.

Posted on August 28, 2006 at 7:39 AM • View Comments

USBDumper (article is in French; here’s the software) is a cute little utility that silently copies the contents of an inserted USB drive onto the PC. The idea is that you install this piece of software on your computer, or on a public PC, and then you collect the files—some of them personal and confidential—from anyone who plugs their USB drive into that computer. (This blog post talks about a version that downloads a disk image, allowing someone to recover deleted files as well.)

No big deal to anyone who worries about computer security for a living, but probably a rude shock to salespeople, conference presenters, file sharers, and many others who regularly plug their USB drives into strange PCs.

EDITED TO ADD (10/24): USBDumper 2.2 has been released. The webpage includes a number of other useful utilities.

Posted on August 25, 2006 at 6:47 AM • View Comments

Skype Call Traced

Kobi Alexander fled the United States ten days ago. He was tracked down in Sri Lanka via a Skype call:

According to the report, Alexander was located after making a one-minute call via the online telephone Skype service. The call, made from the Sri Lankan capital Colombo, alerted intelligence agencies to his presence in the country.

Ars Technica explains:

The fugitive former CEO may have been convinced that using Skype made him safe from tracking, but he—and everyone else that believes VoIP is inherently more secure than a landline—was wrong. Tracking anonymous peer-to-peer VoIP traffic over the Internet is possible (PDF). In fact, it can be done even if the parties have taken some steps to disguise the traffic.

Let this be a warning to all of you who thought Skype was anonymous.

Posted on August 24, 2006 at 1:45 PM • View Comments

Privacy Risks of Public Mentions

Interesting paper: “You are what you say: privacy risks of public mentions,” Proceedings of the 29th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, 2006.

Abstract:

In today’s data-rich networked world, people express many aspects of their lives online. It is common to segregate different aspects in different places: you might write opinionated rants about movies in your blog under a pseudonym while participating in a forum or web site for scholarly discussion of medical ethics under your real name. However, it may be possible to link these separate identities, because the movies, journal articles, or authors you mention are from a sparse relation space whose properties (e.g., many items related to by only a few users) allow re-identification. This re-identification violates people’s intentions to separate aspects of their life and can have negative consequences; it also may allow other privacy violations, such as obtaining a stronger identifier like name and address.This paper examines this general problem in a specific setting: re-identification of users from a public web movie forum in a private movie ratings dataset. We present three major results. First, we develop algorithms that can re-identify a large proportion of public users in a sparse relation space. Second, we evaluate whether private dataset owners can protect user privacy by hiding data; we show that this requires extensive and undesirable changes to the dataset, making it impractical. Third, we evaluate two methods for users in a public forum to protect their own privacy, suppression and misdirection. Suppression doesn’t work here either. However, we show that a simple misdirection strategy works well: mention a few popular items that you haven’t rated.

Unfortunately, the paper is only available to ACM members.

EDITED TO ADD (8/24): Paper is here.

Posted on August 23, 2006 at 2:11 PM • View Comments

TrackMeNot

In the wake of AOL’s publication of search data, and the New York Times article demonstrating how easy it is to figure out who did the searching, we have TrackMeNot:

TrackMeNot runs in Firefox as a low-priority background process that periodically issues randomized search-queries to popular search engines, e.g., AOL, Yahoo!, Google, and MSN. It hides users’ actual search trails in a cloud of indistinguishable ‘ghost’ queries, making it difficult, if not impossible, to aggregate such data into accurate or identifying user profiles. TrackMeNot integrates into the Firefox ‘Tools’ menu and includes a variety of user-configurable options.

Let’s count the ways this doesn’t work.

One, it doesn’t hide your searches. If the government wants to know who’s been searching on “al Qaeda recruitment centers,” it won’t matter that you’ve made ten thousand other searches as well—you’ll be targeted.

Two, it’s too easy to spot. There are only 1,673 search terms in the program’s dictionary. Here, as a random example, are the program’s “G” words:

gag, gagged, gagging, gags, gas, gaseous, gases, gassed, gasses, gassing, gen, generate, generated, generates, generating, gens, gig, gigs, gillion, gillions, glass, glasses, glitch, glitched, glitches, glitching, glob, globed, globing, globs, glue, glues, gnarlier, gnarliest, gnarly, gobble, gobbled, gobbles, gobbling, golden, goldener, goldenest, gonk, gonked, gonking, gonks, gonzo, gopher, gophers, gorp, gorps, gotcha, gotchas, gribble, gribbles, grind, grinding, grinds, grok, grokked, grokking, groks, ground, grovel, groveled, groveling, grovelled, grovelling, grovels, grue, grues, grunge, grunges, gun, gunned, gunning, guns, guru, gurus

The program’s authors claim that this list is temporary, and that there will eventually be a TrackMeNot server with an ever-changing word list. Of course, that list can be monitored by any analysis program—as could any queries to that server.

In any case, every twelve seconds—exactly—the program picks a random pair of words and sends it to either AOL, Yahoo, MSN, or Google. My guess is that your searches contain more than two words, you don’t send them out in precise twelve-second intervals, and you favor one search engine over the others.

Three, some of the program’s searches are worse than yours. The dictionary includes:

HIV, atomic, bomb, bible, bibles, bombing, bombs, boxes, choke, choked, chokes, choking, chain, crackers, empire, evil, erotics, erotices, fingers, knobs, kicking, harier, hamster, hairs, legal, letterbomb, letterbombs, mailbomb, mailbombing, mailbombs, rapes, raping, rape, raper, rapist, virgin, warez, warezes, whack, whacked, whacker, whacking, whackers, whacks, pistols

Does anyone reall think that searches on “erotic rape,” “mailbombing bibles,” and “choking virgins” will make their legitimate searches less noteworthy?

And four, it wastes a whole lot of bandwidth. A query every twelve seconds translates into 2,400 queries a day, assuming an eight-hour workday. A typical Google response is about 25K, so we’re talking 60 megabytes of additional traffic daily. Imagine if everyone in the company used it.

I suppose this kind of thing would stop someone who has a paper printout of your searches and is looking through them manually, but it’s not going to hamper computer analysis very much. Or anyone who isn’t lazy. But it wouldn’t be hard for a computer profiling program to ignore these searches.

As one commentator put it:

Imagine a cop pulls you over for speeding. As he approaches, you realize you left your wallet at home. Without your driver’s license, you could be in a lot of trouble. When he approaches, you roll down your window and shout. “Hello Officer! I don’t have insurance on this vehicle! This car is stolen! I have weed in my glovebox! I don’t have my driver’s license! I just hit an old lady minutes ago! I’ve been running stop lights all morning! I have a dead body in my trunk! This car doesn’t pass the emissions tests! I’m not allowed to drive because I am under house arrest! My gas tank runs on the blood of children!” You stop to catch a breath, confident you have supplied so much information to the cop that you can’t possibly be caught for not having your license now.

Yes, data mining is a signal-to-noise problem. But artificial noise like this isn’t going to help much. If I were going to improve on this idea, I would make the plugin watch the user’s search patterns. I would make it send queries only to the search engines the user does, only when he is actually online doing things. I would randomize the timing. (There’s a comment to that effect in the code, so presumably this will be fixed in a later version of the program.) And I would make it monitor the web pages the user looks at, and send queries based on keywords it finds on those pages. And I would make it send queries in the form the user tends to use, whether it be single words, pairs of words, or whatever.

But honestly, I don’t know that I would use it even then. The way serious people protect their web-searching privacy is through anonymization. Use Tor for serious web anonymization. Or Black Box Search for simple anonymous searching (here’s a Greasemonkey extension that does that automatically.) And set your browser to delete search engine cookies regularly.

Posted on August 23, 2006 at 6:53 AM • View Comments

Ten Worst Privacy Debacles of All Time

Not a bad list:

10. ChoicePoint data spill
9. VA laptop theft
8. CardSystems hacked
7. Discovery of data on used hard drives for sale
6. Philip Agee’s revenge
5. Amy Boyer’s murder
4. Testing CAPPS II
3. COINTELPRO
2. AT&T lets the NSA listen to all phone calls
1. The creation of the Social Security Number

EDITED TO ADD (8/22): Daniel Solove comments.

Posted on August 22, 2006 at 6:19 AM • View Comments

Random Bag Searches in Subways

Last year, New York City implemented a program of random bag searches in the subways. It was a silly idea, and I wrote about it then. Recently the U.S. Court of Appeals for the 2nd Circuit upheld the program. Daniel Solove wrote about the ruling:

The 2nd Circuit panel concluded that the program was “reasonable” under the 4th Amendment’s special needs doctrine. Under the special needs doctrine, if there are exceptional circumstances that make the warrant and probable cause requirements unnecessary, then the search should be analyzed in terms of whether it is “reasonable.” Reasonableness is determined by balancing privacy against the government ‘s need. The problem with the 2nd Circuit decision is that under its reasoning, nearly any search, no matter how intrusive into privacy, would be justified. This is because of the way it assesses the government’s side of the balance. When the government’s interest is preventing the detonation of a bomb on a crowded subway, with the potential of mass casualties, it is hard for anything to survive when balanced against it.

The key to the analysis should be the extent to which the search program will effectively improve subway safety. In other words, the goals of the program may be quite laudable, but nobody questions the importance of subway safety. Its weight is so hefty that little can outweigh it. The important issue is whether the search program is a sufficiently effective way of achieving those goals that it is worth the trade-off in civil liberties. On this question, unfortunately, the 2nd Circuit punts. It defers to the law enforcement officials:

That decision is best left to those with “a unique understanding of, and responsibility for, limited public resources, including a finite number of police officers.” Accordingly, we ought not conduct a “searching examination of effectiveness.” Instead, we need only determine whether the Program is “a reasonably effective means of addressing” the government interest in deterring and detecting a terrorist attack on the subway system…

Instead, plaintiffs claim that the Program can have no meaningful deterrent effect because the NYPD employs too few checkpoints. In support of that claim, plaintiffs rely upon various statistical manipulations of the sealed checkpoint data.

We will not peruse, parse, or extrapolate four months’ worth of data in an attempt to divine how many checkpoints the City ought to deploy in the exercise of its day to day police power. Counter terrorism experts and politically accountable officials have undertaken the delicate and esoteric task of deciding how best to marshal their available resources in light of the conditions prevailing on any given day. We will not and may not second guess the minutiae of their considered decisions. (internal citations omitted)

Although courts should not take a “know it all” attitude, they must not defer on such a critical question. The problem with many security measures is that they are not a very wise expenditure of resources. It is costly to have a lot of police officers engage in these random searches when they could be doing other things or money could be spent on other measures. A very small number of random searches in a subway system of over 4 million riders a day seems more symbolic that effective. If courts don’t question the efficacy of security measures in the name of terrorism, then it allows law enforcement officials to win nearly all the time. The government just needs to come into court and say “terrorism” and little else will matter.

Posted on August 16, 2006 at 3:32 PM • View Comments

Surveillance Tour of Minneapolis

Minnesota Public Radio interviewed me while wandering around Minneapolis, looking for cameras and other forms of mass surveillance.

Posted on August 9, 2006 at 1:24 PM • View Comments

AOL Releases Massive Amount of Search Data

From TechCrunch:

AOL has released very private data about its users without their permission. While the AOL username has been changed to a random ID number, the ability to analyze all searches by a single user will often lead people to easily determine who the user is, and what they are up to. The data includes personal names, addresses, social security numbers and everything else someone might type into a search box.

The most serious problem is the fact that many people often search on their own name, or those of their friends and family, to see what information is available about them on the net. Combine these ego searches with porn queries and you have a serious embarrassment. Combine them with “buy ecstasy” and you have evidence of a crime. Combine it with an address, social security number, etc., and you have an identity theft waiting to happen. The possibilities are endless.

This is search data for roughly 658,000 anonymized users over a three month period from March to May—about 1/3 of 1 per cent of their total data for that period.

Now AOL says it was all a mistake. They pulled the data, but it’s still still out there—and probably will be forever. And there’s some pretty scary stuff in it.

You can read more on Slashdot and elsewhere.

Anyone who wants to play NSA can start datamining for terrorists. Let us know if you find anything.

EDITED TO ADD (8/9): The New York Times:

And search by search, click by click, the identity of AOL user No. 4417749 became easier to discern. There are queries for “landscapers in Lilburn, Ga,” several people with the last name Arnold and “homes sold in shadow lake subdivision gwinnett county georgia.”

It did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga., frequently researches her friends’ medical ailments and loves her three dogs. “Those are my searches,” she said, after a reporter read part of the list to her.

Posted on August 8, 2006 at 11:02 AM • View Comments

←Previous 1 … 121 122 123 124 125 … 145 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.