"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." (Benjamin Franklin)


Privacy and PSYC

Privacy and the social network

The social network in PSYC is driven by the amount of trust you give other people - that means you are under control of how much you publish information to others. Also by running your own server your data still resides with you. This is in harsh contrast to almost all existing social network systems.


Did I mention Encryption ??? Important!!!

Obfuscation, Padding, Delay

With PSYC2 over pseudonymous routing we are exploring all the advantages they bring for privacy. It makes no sense to look back at federation any longer. Encryption isn't enough anymore. Check out the secure share project.

Idle Time Imprecision in psyced

People's idle times are output to friends and to users of the same server issuing /who. The latter obviously is not a very safe thing to do, so that may one day change.

But even then, we avoid giving anyone a precise time that would allow him to nail down a person's last activity:

"I know you were in the office at 12:37 !!"

Not so easily with psyced, as it uses the following logic for idle time calculation:

t = t < 30 ? 0 : t < 300 ? 300 : (t + random(200) - 100);

In human terms that means, under 30 seconds isn't idle at all, under 5 minutes is 5 minutes, above idle time is always imprecise by +/- 100 seconds.

Maybe this math is still too precise and could use a larger randomness, like +/- 5 minutes. What do you think?

See also

Privacy and Politics

... just a random story out of thousands worthy of being mentioned:

More stuff on Cheney and his company Halliburton on http://www.projectcensored.org/censored_2007/

Why is this also important for non-US-citizen? Because U.S. politics still have a blueprint effect on the world, like How to handle your inside job successfully etc, but that's not about privacy, that's just an example.

Intelligence on Internet intelligence

I've got nothing to hide

  • Non ho niente da nascondere...
  • Ich habe nichts zu verbergen...

Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance.

  1. Watch http://www.youtube.com/watch?v=PoYF1q68OFc and laugh  :)
  2. Read if-you-have-nothing-to-hide-you-have-everything-to-fear
  3. if-you-have-nothing-to-hide-you-have-nothing-to-fear
  4. http://hackersblog.itproportal.com/?p=696
  5. http://www.wired.com/politics/security/commentary/securitymatters/2006/05/70886
  6. http://www.samizdata.net/blog/archives/004600.html
  7. http://www.theregister.co.uk/2006/11/08/guilty_associations/
  8. http://www.freerepublic.com/focus/f-news/1863889/posts mentioning http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565
  9. http://yro.slashdot.org/article.pl?sid=08/02/25/039219
  10. And then there are also the stupid people

Experience hath shewn, that even under the best forms (of government) those entrusted with power have, in time, and by slow operations, perverted it into tyranny. — Thomas Jefferson

Interestingly, when googling for "nothing to hide" you get several pages of irrelevant stuff, and then suddenly all the relevant material comes at once. How does that happen!?

This one's cute: http://www.bristol-no2id.org.uk/blog/?page_id=13 suggests that somebody who says he's got nothing to hide is somebody who has in fact gotten used to lying a lot in childhood, and so he is lying to himself and everyone whenever he says that phrase.


Let's talk about.. Sex!

Everyone cares. Some have it, some want it, some no longer want to be bothered by it. Some have visited porn sites on the Internet. Some did it, because it is exciting. Some did it by mistake. Some went on the really wicked sites, because they are interested to know everything about sex, even the wicked things some people do, that you probably wouldn't. Still you like to know about it. You don't want to miss out on anything.

Maybe you really never cared about sex on the Internet. Maybe you just sent some explicit pictures or words to your boyfriend?

Well. Intelligence agencies know all of that. At least American ones do. They have been monitoring and archiving information about anyone clicking anything on the Internet for years, no matter if you just surfed the web, wrote e-mails about things or did some file sharing.((s))

They might have some minor trouble understanding which IP number belonged to whom at a certain time, but don't be too hopeful. Most probably you left your IM running or wrote some e-mails in the same session when you looked at pornography.

The observation technologies grew with the Internet, and monitoring facilities like Echelon were there even before the Internet was.((s)) The big intercontinental links have always been routed in a wiretapping-friendly way, so the Internet naturally grew into the existing monitoring systems. They just needed to learn to interpret the data running over those wires. But hey, ARPAnet, weren't they the ones who invented it in the first place?

In the case of telephony, they needed a reason to actually wiretap a conversation, because you just can't record all. With e-mail traffic back then and IM traffic now it's different. No matter how much you communicate, Google proves that it is possible to keep complete archives (for the web in the case of Google, but that shouldn't make such an enormous difference). It is a reasonable speculation to consider the possibility that secret agencies have a Google-like full text search facility over all of Internet's unencrypted communications ever since the early days. This is not science fiction, and it's nothing to be so angry about. It just happened, and we're the ones who have been ignoring the possibilities to save our electronic privacy ourselves.

So far this may have eased solving some crimes. Probably it doesn't even get used to such profane purposes.

So, getting back to your everyday little secrets that you have been sharing over the net.. who knows, maybe one day in your country, those people who no longer have sex, and want everybody else to no longer enjoy sex, will make the laws. And then what you did will become illegal, and maybe they find a way to obtain the information about you that has been collected in the early Internet years and now.

Or maybe 30 years from now, you are running for a high positioned job, the peak of your career, politics, showbiz, education.. whatever. I know some people who can leak information to the press that will destroy all your hopes, at a finger snap. And it's happening all the time. So many scandals out there based on private information that shouldn't have gotten to the news.

They have it in their archives. Building archives that are larger than the entire Internet, is feasible. It can be done.

So it is about time you start wondering what you have to hide.

Privacy and the Net

Little discussion on privacy on the Internet in general. Sorry for being in German, it isn't essential however.

Lauschangriff auf IRC

"Vorgeblich mit Fördermitteln der US-amerikanischen National Science Foundation (NSF) wollen Wissenschaftler des New Yorker Rensselaer Polytechnic Institute eine automatische Bespitzelung von Internet-Relay-Chat-Communities in Angriff nehmen." (2004-11-25)

steinex sagt:

Für mich ist dies aber irgendwie alles Blödsinn, zumal es tausende Möglichkeiten gibt garantiert abhörsicher zu kommunizieren (SILC, verschlüsselte IRC-Messages, Email mit PGP verschlüsselt, DCC-Chat, etc.). Ich glaube nicht wirklich das Bin-Laden #terroristen betritt und dort nachfragt wer Lust hätte Pilot zu werden. ;) Ich fühle mich deswegen jedenfalls nicht sicherer, im Gegenteil, ich finde diese ganze Überwacherei, vorallem so eine realitätsfremde, total zum kotzen. [...]

Ausserdem ist mir unklar, wie das technisch überhaupt von statten gehen soll, schliesslich müssten die IRC-Server dann ja quasi kompromittiert werden - zumindest bin ich noch nicht dahintergestiegen wie die sich das vorstellen. [...]

"To monitor chat on Undernet the researchers would need to actually have a client inside the channels they want to monitor. Private messaging between two users is not possible to follow for an outsider, unless the ircd contains code to do so. As the ircd in use on Undernet, ircu, is open source, this seems highly unlikely."

Da so ziemlich jeder ircd da draussen OpenSource ist ist die Abhörung also quasi unmöglich, es sei denn die Netzbetreiber fügen in ihren ircd Code ein, der das mitloggen erlaubt, oder man müsste einen Client in den Channel bringen der halt ganz einfach mitloggt - schließt allerdings das belauschen von Querys wieder aus.

lynX merkt an:

es ist ein katzenspiel für geheimdienste den irc-traffic abzuhören. dazu brauchen sie nur an einigen wichtigen routern des internets den durchlaufenden traffic einzufangen. nach ports sortiert.. fein säuberlich lässt sich damit fast alles rekonstruieren. sie müssen dafür also nicht einmal irc-admins importunieren, von denen bestimmt welche durch eine FBI brille zu beindrucken wären. und weil es auf dauer zuviel zum loggen ist, brauchen sie studenten die ihnen geeignete filtertools bauen. die tools arbeiten wohl noch mit bots, aber kaum haben die geheimdienste den code, passen sie ihn auf ihre sniffs an. will nicht wissen welche mengen an opensource software gegen die bürger zu solchen zwecken benutzt wird. zu guter letzt hat es also keinen zweck fremde bots vom channel zu kicken, da der abhörer unter der oberfläche ist. da helfen nur cryptopläne mit shared key zwischen den anwesenden...

update: da es inzwischen leicht ist interserver IRC traffic per TLS zu verschlüsseln, müssten sich geheimdienste doch noch bemühen administrativen zugriff auf zentrale serverknoten zu erhalten.

Everybody knows you were a dawg on the Internet

Some voices on getting your name googled...

"I happen to have the last name that is the same as the stage name of a popular porn actress, and my first and middle name happen to coincide with the first and last name of a male porn star she frequently stars with. So 90%+ of the stuff that comes up when you search for my name on google is porn......"

"My current employer googled my email address, found my LiveJournal and read the previous two years or so of what I'd been writing."

"Back in the early 90s usenet was "safe" because everyone knew that it got expired after a week or two. We all used our real names and email addresses too. Then someone found some old backup tapes 10 years later and handed them over to Google. A friend of mine was quite a good troll back then, but now it haunts him due to his unique name. He's written Google and gotten them to delete his posts, but they won't delete other people's posts that quote him, so he's a bit screwed. I advised him to start posting lots of technical stuff to hopefully flood out the bad crap, and then write off the rest as youthful indiscretion."

See also

Think also

eCHox murmelt: und wenn wir mal ehrlich sind, jeder spitzelt gerne

... I once heard somebody say in the US we have freedom of speech so we can spot the bad guys. With profiling platforms on the Internet this is moving to a global scale, and additionally the technology makes it more and more easy to wiretap on everyone. This may or may not be a problem yet, but how can such a temptation be resisted? It is suddenly so easy to spy on entire generations and populations. What an enormous success socialism could have been if it had the Internet! Sorry, but this is scary, even to someone who usually doesn't care to think about these things. And it is such an amazing irony, that the Internet is empowering the people to make their own choices about software and privacy, and they are simply not making them. Never before in history of humankind has humanity had such freedoms and demonstrated willingness to miss out on them. The totalitarian system fails, if you force your people - but maybe it works, if you don't structure it like an obvious totalitarian system and, most of all, don't force anybody, you just marketing them. Defining the convenient truths is the new totalitarianism.

Und so

twister sagt: Ich wünsche euch allen viel Freude und Glück mit dem neuen Grundrecht auf "Gewährleistung der Vertraulichkeit und Integrität informationstechnischer Systeme".