Slacker! http://www.mono.org/
37 stories
·
3 followers

Online Anonymity, Privacy and Risk Evaluation

1 Share

I got into a conversation the other day about why I, as a massive supporter of the right to online privacy, still tended to use my real name online, in places where a more anonymous handle would be more than acceptable.

You’d have thought as somebody quite proficient at OSINT (Open Source, Intelligence,  the art of finding information, particularly relating to people, from public information sources), I’d have taken every opportunity to grab a little anonymity, especially as my real name is almost certainly unique in the world.

It comes down to risk vs reward. Understanding and mitigating the risk is crucial.

If you know my real name (which is pretty obvious from the domain name of this blog) then there is already loads of freely available information out there on me. I bought domain names in the 90s, back when a real postal address was mandatory (they even sent you a physical certificate of ownership) and I used to run a business out of my house, so it was a legal requirement to have my business address on any formal paperwork, so finding my home address is trivial.  I couldn’t find anywhere leaking my date of birth online but I’d bet there is some site I’ve entered it into (back before I thought to lie about it) which now leaks it publicly. Similarly, I get so many requests for genealogy info that I’m sure somewhere discloses my mothers maiden name. There are also documents I wrote at University on what is now called Cyber Security with my name on that I now wish didn’t exist, that highlight my security “white hat” has been bleached over the years.

That information is all out there. The genie is out of the bottle, it’s never going back in. So, you’d think that was ever MORE reason to hide my real name online? Not really and it’s all down to understanding and managing that risk.

If I operate under a pseudonym, I have a new risk. The risk of some detail linking the anonymous me to the real me. I’m going to be in the same physical location as my anonymous self, probably using the same computer, browser and internet connection, I’m going to have similar views, knowledge, understanding, frailties and experiences, the same grammar mistakes, the same typing patterns the same mouse movement patterns.

As mass tracking and analysis of both data and metadata becomes easier and more prevalent, the chances of me accidentally revealing a link between my real self and my anonymous self increases and once somebody makes that link, there is no point being anonymous at all.

What’s more, the ability to operate under a pseudonym means I’m more likely to reveal additional information than I normally would under my real identity (even if only subconsciously), increasing the risk even further. The instant all the content you wished to keep anonymous is linked back to your real identity you’re essentially stood there with a big sign saying “this is the stuff I didn’t want you to know was by me”.

To further evaluate the risk, you also have to understand that data can last forever and who can access this data over time changes. It’s not about who can see your private content now, it’s about who can see it in the future and then associate it back to you.

Back in 2006, I was in Amsterdam mainly to watch Feyenoord vs Blackburn Rovers, but I also visited the Amsterdam Museum (despite the cliche, not all English football fans in Amsterdam just hang out in De Wallen drinking beer and smoking weed) and read a fascinating but terrifying account of the Nazi occupation of Holland in World War 2. The dutch, quite sensibly, had collected everyone’s religion as part of the census, to ensure that in the case of their funeral being organised by the state, an appropriate ceremony was performed. However, after Nazi occupation, this same list has a whole different purpose.

The details you put online are no different. Just because you trust a website to responsibly keep your private data private, what if they are sold, hackedpressured by a nation state or have a rogue or sloppy employee?

I therefore operate under the assumption that EVERYTHING I put online can potentially end up in the wrong hands one day.

That doesn’t mean that I instantly post everything public, just because one day people might see it anyway, but it’s always a thought in the back of my mind when I post.

So, I’ve given up on online privacy? Hell No! It’s important to realise anonymity and privacy are not the same thing and the right to privacy is an important right to have, even if I choose to waive it.

Just because I feel one day, a hack, leak or change of government could see my emails/PMs/Skype calls etc being put in the wrong hands, doesn’t mean that I want to share them with everyone right now.  It’s precisely because anonymity is mere obfuscation that gives people a false sense of security that I think privacy is so very very important.

For example, my twitter account is public, this is my choice and I know anything I post on there can be seen by the entire world in perpetuity, so it tends to be limited mostly to conversations about tech, football or politics. Facebook however, I have configured to be more private,  that doesn’t mean I’ll post anything incriminating or particularly personal, but it will give you more of an insight into my daily comings and going, my social life and particularly upcoming and current events I’m attending. This includes data that may be of some value ahead of time (i.e. to allow you to break into my house, or scam my friends/bank etc into believing I’m stranded abroad without money) but virtually zero value after the fact. Therefore as long as I can trust Facebook to keep that data private for a short period, the risk is much smaller.

But privacy in the modern world is tricky. It’s 16 years since of the launch of PGP and almost 3 years since google announced End to End, but there is still no practical way for me to send an email to any non-technical friends with the belief that nobody other than them will ever be able to read it. End to End (E2E) encrypted messengers like Signal, Telegram, WhatsApp and even Facebook Messenger are great, but do I really trust my phone and computer operating systems enough to  be sure the message wasn’t snooped on when it’s decrypted and even if I did, is it reasonable to expect my mum to install a new messenger app, when it’s unlikely I would ever say anything I’d couldn’t be overheard saying to her in the street?

And what of systems that don’t purport to offer E2E encryption? I love slack, but even if their data is encrypted both in transit and at rest as they claim, they can still be decrypted and subpoenaed. The tech simply isn’t there yet to make privacy EASY and that’s the way both corporations (who sell you data) and government agencies (who use is for surveillance purposes) like it.

Which brings us back to risk vs reward. In much the same way to only truly secure a computer is unplug it and encase in in concrete, the only way to stay truly private online is to never be online, However, if you want the rewards being online brings, the have to accept the risks. But, when you understand the risks, you can start to mitigate them somewhat.

There is always a risk and E2E encrypted chat could still be made public, but it’s certainly less risk than some public forum with an unknown operator who may be doing anything with your data to fund their project, even if you are operating under some veil of anonymity. There is a chance the government’s mass surveillance data could be compromised, but it’s much more likely that dodgy service that provides you with free PPV films and sports will have their subscribers details made public. There is chance your slack logs may be subpoenaed, but there is a greater chance you’ll leave your PC or phone unattended and logged into slack.

Risk vs Reward, but make sure you understand ALL the risks. Not just the immediate ones.

My advice – Choose your tools and sites wisely, choose what you say online and who you say it to wisely and work with people like the Open Rights Group and EFF to ensure your right to privacy is a legally protected right.

Read the whole story
Share this story
Delete

Thanks Mom!

4 Comments and 20 Shares

I started thinking about the history of my first PC recently while reading Fire in the Valley, a book on the history of the PC revolution.

On Christmas in 1995, I unwrapped a shiny new IBM Aptiva. Much to my delight, my mom had gifted me my first PC.

Each time I've thought about my mom making this purchase, it's been thru the lens of someone looking back in time. Reading Fire in the Valley reminded me that I'd never before put myself in my mom's perspective and thought about her making the decision within the context of being a parent without a technical background in 1995.

So, I asked my mom about the purchase. And since it's 2016, I asked over text message. Below is our conversation:

altaltaltaltaltaltaltaltalt

...And this is where we end.

To bring this story full circle, this year for Christmas I bought my mom her first MacBook Pro.

Thanks mom!

alt

Read the whole story
popular
293 days ago
reply
Share this story
Delete
4 public comments
codesujal
289 days ago
reply
This is a wonderful story... #fb
West Hartford, CT
iaravps
292 days ago
reply
Rio de Janeiro, Brasil
skittone
294 days ago
reply
So sweet. She bought her kid a computer that she didn't really understand herself, because she thought it would be important later. Awesome.
angelchrys
294 days ago
reply
It's kinda dusty in here
Overland Park, KS

Fixing Problems

11 Comments and 22 Shares
'What was the original problem you were trying to fix?' 'Well, I noticed one of the tools I was using had an inefficiency that was wasting my time.'
Read the whole story
Share this story
Delete
10 public comments
toddgrotenhuis
380 days ago
reply
Isn't this just #yakshaving?
Indianapolis
putnawa
387 days ago
reply
The struggle is real
Seattle, WA, USA
dbrandon
387 days ago
reply
This happens to me a lot.
chrisamico
387 days ago
reply
Current status.
Boston, MA
jepler
388 days ago
reply
Are your computer problems "for the want of a nail" or "I don't know why she swallowed the fly"?
Earth, Sol system, Western spiral arm
esran
388 days ago
reply
*cough* no comment
Bristol, UK
gradualepiphany
388 days ago
reply
Hm. I don't actually do this often. But I might have a bit of a penchant for starting over clean.
Los Angeles, California, USA
Covarr
388 days ago
reply
You remind me of the solution.
What solution?
The solution to the problem?
What problem?
Moses Lake, WA
Cthulhux
388 days ago
The problem of Voodoo!
AlexHogan
387 days ago
Who do?
Cthulhux
387 days ago
You do!
kyuzo
377 days ago
While I imagine anyone who didn't grow up watching Labyrinth is wonder what just happened.. as someone who did grow up watching that movie, this made my day. Thank you!
Cthulhux
377 days ago
;-) you're welcome.
alt_text_bot
388 days ago
reply
'What was the original problem you were trying to fix?' 'Well, I noticed one of the tools I was using had an inefficiency that was wasting my time.'
tedder
388 days ago
reply
#devops
Uranus
eraycollins
388 days ago
Contingent Life

blueandbluer: cwolfescribbles: redrodent: fuckyeahcomicsbaby: ...

1 Comment and 10 Shares




















blueandbluer:

cwolfescribbles:

redrodent:

fuckyeahcomicsbaby:

A Tale of Nine Lives by Akimiya Jun

I’m not crying, you’re crying!!

Couldn’t find the reblog button though all the tears in my eyes

A someone who lost a well-loved rescue cat to cancer this year, thank you.

Read the whole story
popular
420 days ago
reply
Share this story
Delete
1 public comment
RedSonja
422 days ago
reply
Sitting next to my 18 year old cat crying now, thanks.

Fenceposts

2 Comments and 12 Shares

To show that Gothic script could be fatiguing to read, medieval scribes invented this joke sentence:

mimi numinum niuium minimi munium nimium uini muniminum imminui uiui minimum uolunt

The snow gods’ smallest mimes do not wish in any way in their lives for the great duty of the defenses of wine to be diminished.

In Ancient Writing and Its Influence (1969), Berthold Louis Ullman and Julian Brown write, “When this is written in Gothic characters without dots for the i‘s and with v written as u, it makes a first-class riddle”:

mimi numinum script

Read the whole story
popular
471 days ago
reply
norb
470 days ago
Nerds have always been the same, even since medieval times
Share this story
Delete
2 public comments
esran
471 days ago
reply
Stop mumbling when you write!
Bristol, UK
digdoug
472 days ago
reply
Why doesn't the snow god use bigger mimes?
Louisville, KY

Thoughts and Prayers

6 Comments and 31 Shares

A man goes into an immigration services center in Binghamton New York, blocks the exit in the back with his car, goes through the front door with handguns, body armor and ammunition. He shoots the receptionists and opens fire on a citizenship class. He murders thirteen. This is horrific. I offer my thoughts and prayers.

A psychiatrist trained to help others with the stress of combat goes to Ft. Hood, the army base at which he is stationed, and opens fire on his fellow soldiers and some civilians, too. Another thirteen people are murdered there. Three are killed charging the shooter. Words cannot express my sorrow. I offer my thoughts and prayers.

A professor is denied tenure at the University of Alabama. She goes to a department faculty meeting and in that conference room pulls out a nine-millimeter handgun and shoots six people, three of whom she manages to murder. Those people were just doing their jobs and what happened to them is terrible. I don’t want to have to think about it any further. I offer my thoughts and prayers.

A truck driver in Manchester, Connecticut comes out of a company disciplinary hearing for allegedly stealing beer and starts shooting up his place of work. He murders eight people, calls his mother and tells her about it, and then shoots himself. Gun control discussions are a mess in this country and they never go anywhere productive, there’s no middle ground, and they make me tired thinking about them. I offer my thoughts and prayers.

In Tucson, Arizona, a member of Congress is meeting with her constituents in the parking lot of a supermarket, and a 22-year-old man comes up and shoots her straight in the head. A representative to Congress, can you believe that! She somehow survives, but he murders six others, ranging in age from nine to 79. That’s quite a range. Surely the attempted assassination of a US Representative will start a substantive discussion by someone. In the meantime, I offer my thoughts and prayers.

Seal Beach, California, where a man and a woman are having a custody dispute. His solution: Enter his wife’s place of work, a hair salon, and open fire on anyone there. He murders his ex-wife and seven other people, including one man not even in the salon. He is  was in his car in the parking lot outside the salon. Bad luck. Here’s an interesting thing: there is a sort of magical power to saying that you offer your thoughts and prayers.

Oakland, California, and at a small Christian college, a man who had been expelled for behavioral and anger management problems decides that he’s going to find an administrator he has issues with. He doesn’t find her, so instead grabs a secretary, enters a classroom and orders the students there to line against a wall. Some refuse. He shoots, reloads and shoots some more. Seven people are murdered. The shooter later says he’s sorry. The magical power of saying that you offer your thoughts and prayers is that once you do it, you’re not required to do anything other than to offer your thoughts and prayers.

In Aurora, Colorado, a midnight audience of Batman fans are half an hour into the final installment of Christopher Nolan’s superhero trilogy when a man enters the theater, clad in protective armor, sets off two gas canisters and starts shooting. Some audience members think this is a stunt tied into the film. It’s not a stunt, and the shooter, armed with an assault rife, a shotgun and a glock, murders a dozen people, ten of whom die right there in the theater. When police visit the shooter’s home, they find it rigged with explosives. The shooter placed a camera to record what happens if the police just barge in. Saying “thoughts and prayers” is performative, which is to say that just in saying it, you’ve performed an action. Prayers leave your mind and go to God. It is a blessed, holy and as such apparently sufficient thing, to offer your thoughts and prayers.

Sunday morning, and in Oak Creek, Wisconsin, members of the Sikh temple there have gathered for services and meditation and are preparing a communal meal when a white supremacist and Army veteran starts shooting, murdering six and wounding a police officer before killing himself. Did you know that Sikhs are often confused by the unknowing and possibly uncaring for being Muslim, and that the excuse of “I thought they were Muslims” is itself a sign of racial hatred? Mind you, there are people who will say to you that it’s not enough, only to offer your thoughts and prayers.

In Minneapolis, a man is called into an office by his supervisor and told he is losing his job. The man replies, “Oh, really?” and pulls out a handgun, shooting the supervisor after a struggle for the weapon, eventually murdering five others before killing himself. Indeed, people particularly particular expect more from lawmakers, who have the ability to call hearings and allow government studies and even change laws, rather than only to offer their thoughts and prayers.

Brookfield, Wisconsin, another hair salon, another estranged couple. The wife seeks  sought a restraining order when the husband threatens threatened to burn her with acid and set her on fire with gasoline. He does neither. He does, however, murder her, along with two other women. Witnesses say the wife tried to protect the others before she died. But again, even if you’re a lawmaker, with the ability to do things that could have concrete impact, you might argue that your responsibility to women being murdered by husbands, workers co-workers murdered by co-workers, religious minorities murdered by bigots, soldiers murdered by other soldiers, innocents murdered by those who are not, ends when you, in a tweet, Facebook post or press release, offer your thoughts and prayers.

A man enters an elementary school in Newtown, Connecticut, and with a Bushmaster XM15-E2S carbine rifle, murders twenty children, all of whom are either six or seven years old.

We pause here a moment to think about that.

Twenty children. Ages six, or seven.

And here maybe you think to yourself, this is it. it. This is the place and time where thoughts and prayers in fact aren’t enough, where those who only offer their thoughts and prayers recognize that others see them in their inaction, see that the convenient self-absolution of thoughts and prayers, that the magical abnegation thoughts and prayers  offer, offer is no longer sufficient, is no longer proper, is no longer just or moral, or even offers the appearance of morality.

We pause here a moment, and we wait to see what happens next.

And then they come. One after another.

I offer my thoughts and prayers.

And it keeps going.

Five murdered in Santa Monica, California by a gunman. I offer my thoughts and prayers.

12 murdered in a running firefight through the Washington Navy Yard in DC. Like a ritual, I offer my thoughts and prayers.

Ft. Hood, Texas again, for another three murdered. Like a litany, I offer my thoughts and prayers.

Six murdered in Isla Vista, California. Violence against women is horrible, and I offer my thoughts and prayers.

Nine murdered in Charleston, South Carolina. It’s unspeakable that violence against black Americans has happened like this, and I offer my thoughts and prayers.

Five murdered in Chattanooga, Tennessee. Muslims should answer for the crimes of this person, even if they do not know him or would in any way condone the action, and I offer my thoughts and prayers.

Nine murdered in Roseburg, Oregon. I offer my thoughts and prayers.

Three murdered in Colorado Springs, Colorado. Thoughts and prayers.

Fourteen murdered in San Bernadino. Thoughts. Prayers.

Fifty murdered in Orlando.

Fifty people, in a gay club, by a shooter who his father says was disgusted by the sight of two men kissing, and who news reports now tell us had pledged allegiance to ISIS.

And what do we do now, I wonder, when the victims are who they are and the perpetrator is who he is, the situation is ripe for posturing, and there’s a phrase to be used that allows one to assert maximum public virtue with minimum personal effort or responsibility?

What do we do now, when thoughts and prayers are easy, and everything else is hard?

Here is the thing: In the aftermath of terrible violence, offer thoughts, and prayers, if it is your desire to do so.

Then offer more than thoughts and prayers. Ask for more than thoughts and prayers. Vote for more than thoughts and prayers. Help those for whom thoughts and prayers are the  a start of their responsibilities, not the  an abdication of them. And as for the others, you may politely remind them of Matthew 6:5-6, 6:5-7, and perhaps also Matthew 7:21-23. 7:21-23. Perhaps they will see themselves in the words there. Perhaps not. They’re worth thinking on regardless.

“I offer my thoughts and prayers.”

Thank you.

It’s not enough.

It never was.

What more do you have to offer?


Read the whole story
popular
495 days ago
reply
Share this story
Delete
6 public comments
satadru
487 days ago
reply
Missed this last week, but as per usual right on the money.
New York, NY
RickROIC
492 days ago
reply
When do we move beyond offering our thoughts and prayers?
tante
495 days ago
reply
"Thoughts and prayers" aren't enough.
Oldenburg/Germany
rtreborb
495 days ago
reply
Queue Anthony Jeselnik
jmosthaf
495 days ago
reply
So true.
Heidelberg, Germany
kyleniemeyer
495 days ago
reply
Scalzi, at his best
Corvallis, OR
Next Page of Stories