For a number of our American customers who travel abroad, the desire to stay in touch with US culture is not that odd. As a society Americans are somewhat insular. We value the familiar and can feel uneasy in different countries. One way to keep that connection is to watch American TV.
For years when I traveled I marveled that I Love Lucy was on TV in so many countries. Reruns of many popular shows from the past would be on during prime time. Unfortunately nostalgia is not a substitute for a current connection. Watching anything current was out of the question.
Then came the Internet, and watching TV on your laptop. Over the years however, many media sites started restricting access to those in their geographic location. It's easy enough to do with an IP address look up. So what was a traveler supposed to do?
The answer is use an Anonymous Proxy to change your IP address from a non US IP address back into an American IP address. This is however, only part of the answer. The proxy also has to have speed and not be recognized as a proxy. Using a software based proxy like Private Proxy put all the pieces of the puzzel together so US travelers can access US Interent web sites from other countries.
Saturday, December 6, 2008
Tuesday, October 21, 2008
The 7 Worst Mistakes People Make Online
Online business, activities and transactions are increasing exponentially each year. That means that a ton of money is flowing through this virtual world, and where there is a lot of money, usually, there is a lot of greed as well. Some people will do anything to make a quick buck, so the average consumer needs to be on guard. Unfortunately, many people are still in the dark when in comes to staying safe online. Everyday, there are more and more people who become victims of internet fraud and scams because they have neglected to take online security seriously. Here are the 7 worst mistakes that people make online, which could easily be avoided.
- Entering personal information on social networking sites for the entire world to see - This is a very common mistake made by many people, especially the unsuspecting youth. If you enter your personal information like your home address or your telephone number on a public site, and you aren't careful about whom you accept as friends, then it can potentially be misused or you could become a victim of harassment.
- Using unsecured, internet protocols for financial transactions - This puts your financial information, in particular, your credit card numbers and bank account numbers at serious risk when you purchase products online. Be sure to use a notable processor like PayPal or make purchases at the big-name, trusted sites.
- Using similar usernames and passwords for different accounts - It's simply risky, because if one of your accounts is somehow hacked, then the security of the rest of your accounts is also at risk.
- Accepting cookies on the internet from unfamiliar sites - This may make your online experience a little easier, but it can also be a great threat to your privacy. That innocent cookie could actually be a piece of spyware that records your keystrokes. Your account ids and passwords could be at risk of being exposed.
- Ignoring the importance of anti-virus and anti-spyware programs – As previously mentioned, spyware and related malware programs can send sensitive information about you to a third party. These can automatically install themselves without your knowledge while you are browsing the net. Therefore, make sure that you have an anti-spyware program installed and also, be sure to have the latest updates for your chosen program.
- Storing account ids and passwords, passport ids, bank account and credit card numbers, or other ID numbers and passwords on your hard drive – This type of information should be stored on a USB memory stick or copied to a CD. Although archaic, even just writing that information on a notepad and keeping it in a safe place in your home is safer than having it on your computer. I don't think that the hackers have written a program yet that can grab your sensitive information off our desk!
- Not monitoring the online activities of your kids – Everything that your children do online should be monitored. If it turns out that a family member is engaging in unsafe behavior that threatens your privacy and online security, take immediate action to inform them of the recklessness of their actions before it's too late. Put boundaries in place to minimize the risk.
Sunday, October 12, 2008
Not All Hotel Internet Connections Are Created Equal...
A recent report by Government Computer News sheds light on a topic that millions of people all over the world deal with on a regular basis: Internet privacy and security in the hotel industry. People have many different reasons to travel, but with the modern tech-era upon us one of the most frequently asked questions when booking a hotel is: "Do you have Internet?" That answer is most likely a, "yes."
Internet access allows you to be more productive during your trip and stay in touch with the rest of the world that isn't traveling with you, but just how safe is that Internet connection? According to researchers: Not very. Most of the Internet connections are not properly secured and leave you at risk for a number of privacy risks. Researchers gathered written information from147 hotels and personally visited other properties and the findings were quite astounding.
Roughly 20% of all hotels used simple network hubs to connect guests to the Internet. This means 20% of the hotels you have ever stayed at are allowing you to connect to an unsecured network where all the packets of data being sent over the network can be seen. Anyone else on that network can access your personal data via the network connection. Ideally, hotels should have security features implemented so only the packets associated with your session should be seen. No other users should have access to the data. This would stop an "interloper" from using a program that saves all packets being sent over the network.
Of the hotels that do offer Internet access, 90% of them allow guests to connect wirelessly. This adds an extra layer of protection since they have to use a router to get the signal out. While this is an advanced security measure, it still does not mean a user is protecting their personal information. Man-in-the-middle attacks are still possible, and almost 21% of hotels have reported attacks and malicious activity on their systems. Man-in-the-middle attacks allow an attacker's computer to act as an Internet gateway and intercepts all network traffic.
Researchers visited 46 hotels and found that six of the 39 hotels using wireless Internet used encryption methods on their network. Only six properties thought of going above and beyond their Linksys router and securing their network! Anyone using a hotel's Internet connection should assume the worse and hope for the best. An anonymous proxy server will definitely help keep you protected from an unsecured wireless network since it encrypts all the data you send before it reaches the Internet gateway.
Internet access allows you to be more productive during your trip and stay in touch with the rest of the world that isn't traveling with you, but just how safe is that Internet connection? According to researchers: Not very. Most of the Internet connections are not properly secured and leave you at risk for a number of privacy risks. Researchers gathered written information from147 hotels and personally visited other properties and the findings were quite astounding.
Roughly 20% of all hotels used simple network hubs to connect guests to the Internet. This means 20% of the hotels you have ever stayed at are allowing you to connect to an unsecured network where all the packets of data being sent over the network can be seen. Anyone else on that network can access your personal data via the network connection. Ideally, hotels should have security features implemented so only the packets associated with your session should be seen. No other users should have access to the data. This would stop an "interloper" from using a program that saves all packets being sent over the network.
Of the hotels that do offer Internet access, 90% of them allow guests to connect wirelessly. This adds an extra layer of protection since they have to use a router to get the signal out. While this is an advanced security measure, it still does not mean a user is protecting their personal information. Man-in-the-middle attacks are still possible, and almost 21% of hotels have reported attacks and malicious activity on their systems. Man-in-the-middle attacks allow an attacker's computer to act as an Internet gateway and intercepts all network traffic.
Researchers visited 46 hotels and found that six of the 39 hotels using wireless Internet used encryption methods on their network. Only six properties thought of going above and beyond their Linksys router and securing their network! Anyone using a hotel's Internet connection should assume the worse and hope for the best. An anonymous proxy server will definitely help keep you protected from an unsecured wireless network since it encrypts all the data you send before it reaches the Internet gateway.
Friday, October 10, 2008
7 Tips to Protect Your Online Privacy
It's common knowledge that the world has moved online, and so has the bulk of our personal lives. The majority of us pay our bills online, we manage our bank accounts online, and some may even earn an extra or full-time income from the Internet. Even those who were once leery of that “Internet thing” are venturing online these days. With our lives so impacted by the internet, there is an increased concern about online security. The information that we leave unguarded online can easily be obtained by unscrupulous people and used in ways that could a make our lives a nightmare. Be very careful of the footprints that you leave when you are on the web. The following are some of the measures that you can take to protect your online privacy.
- Whenever you visit a website, be sure to take a look at the privacy policy. More importantly, make sure that the website even has a privacy policy. The privacy policy indicates how that site will attempt to collect information from you and what will be done with that information. There should be verbiage that reassures you that your private data will be kept safe and will not be sold to a third party. If you don't see a privacy policy, then any information that you submit becomes public property, so be aware.
- Make sure that all of your online passwords are very difficult for anyone to just guess what they are and make it a habit to change your passwords at least once a month or even more often than that.
- Make sure that you teach your kids that it is unsafe to carelessly enter personal information on the internet. Children can easily be tricked into giving out information like your home address, social security numbers or other critical information regarding your family that could potentially lead to identity theft. Therefore, it is essential that you explain to your children the potential dangers of the internet and be sure to set boundaries.
- Clear the cache memory of your system while browsing. Cache memory may be useful in making your browsing faster; however, it can have a great impact on your privacy, especially if you are using a public computer. Periodically, clear the cache memory along with the history, the cookies and other traces of your online activity.
- Make sure that any online forums that you use or visit are secure in nature and clearly state that fact.
- Always use an anti-virus and an anti-spyware program to search for key loggers, viruses, malware and spyware that may be lurking on your computer. These malicious programs could be collecting and sending your personal, private information to a third party.
- Use your common sense. Sometimes, we allow ourselves to become victims of scams on the internet simply due to a lapse in judgment. For example, if you get a random email that says you have become a millionaire and they need your bank account number to transfer the funds, don't let the vain hope of instant riches cloud your judgment. Phishing is still alive and well.
Wednesday, October 8, 2008
Chinese Milk Producer Pays to Have Negative Publicity Censored
It may seem like I am picking on China today, but they are just putting themselves in the spotlight with yet an another controversy regarding Internet censorship . Australian news TheWest.com.au reported that a PR company acting on behalf of Chinese milk producer Sanlu, asked Baidu, China's leading search engine, to censor and stifle any negative publicity about tainted milk....twice.
Sanlu agreed to buy $640,000 worth of advertising from the search engine, as long as Baidu would censor and screen any negative press associated with the milk scandal. Thousands of infants have been hospitalized, with four deaths, with kidney illness after drinking Sanlu's product. The milk produced by Sanlu was tainted with melamine, which was used to "add" protein to watered down milk. Without going into very complex chemistry details, melamine is not good. It is 66% Nitrogen and has flame retardant properties, which can easily be turned into plastics, glues, and a ton of other such products. It is somewhat common to use melamine to cover up and mask low levels of protein, but adds no nutritional value.
Sanlu has since ceased production, but without first trying to bribe Baidu. Of course it is important to keep in mind that Baidu does abide by Chinese Internet laws, so it is possible the Chinese version of Baidu has been censoring content based on the regulations in place. It is bad enough that the Board of Directors at Sanlu need to water down the milk so they can increase their profit, but adding melamine to fool the tests is just ridiculous. Why would they take the risk, especially since it is common knowledge (in that industry) that melamine causes renal failure and kidney stones? And just to boot, the melamine they used wasn't even the purest grade since that kind would have been too expensive to use. Sanlu used lower grade melamine that could contain urea and ammonia. At least poison the country with the best toxins you can find...
Sanlu agreed to buy $640,000 worth of advertising from the search engine, as long as Baidu would censor and screen any negative press associated with the milk scandal. Thousands of infants have been hospitalized, with four deaths, with kidney illness after drinking Sanlu's product. The milk produced by Sanlu was tainted with melamine, which was used to "add" protein to watered down milk. Without going into very complex chemistry details, melamine is not good. It is 66% Nitrogen and has flame retardant properties, which can easily be turned into plastics, glues, and a ton of other such products. It is somewhat common to use melamine to cover up and mask low levels of protein, but adds no nutritional value.
Sanlu has since ceased production, but without first trying to bribe Baidu. Of course it is important to keep in mind that Baidu does abide by Chinese Internet laws, so it is possible the Chinese version of Baidu has been censoring content based on the regulations in place. It is bad enough that the Board of Directors at Sanlu need to water down the milk so they can increase their profit, but adding melamine to fool the tests is just ridiculous. Why would they take the risk, especially since it is common knowledge (in that industry) that melamine causes renal failure and kidney stones? And just to boot, the melamine they used wasn't even the purest grade since that kind would have been too expensive to use. Sanlu used lower grade melamine that could contain urea and ammonia. At least poison the country with the best toxins you can find...
China Spies and Censors Skype Users
Beginning this month, many news sources (including Cnet and PC Magazine) have been reporting on the Chinese version of Skype that spies on certain "sensitive words" and blocks them from servers if needed. Skype is a software that allows you to make phone calls over the Internet and use your computer's microphone and speakers to communicate with others. It is sort of like a beefed up version of AIM, but along with instant messaging allows you to video conference and make phone calls.
It was only a matter of time after the Olympics left town that China would be back to spying and Internet censorship. Skype president, Josh Silverman, admitted that he knew TOM (Silverman's partner company in China) would be closely monitoring Skype users. Reports released by Canadian researchers stated that TOM is, "engaging in extensive surveillance with seemingly little regard for the security and privacy of Skype users. This is in direct contradiction of Skype's public statements regarding their policies in China." Millions of bits of data are tracked and stored, including personal information and contact details, for any chat that TOM-Skype is in charge of. Along with this, certain keywords related to Falun Gong, Taiwan, and anti-government statements are all closely monitored.
If this wasn't a big enough problem, reports show that proper safeguards are not being taken to ensure the data is not leaked. The data that is collected and stored is encrypted, but the encryption keys are kept on the same servers. Anyone with knowledge of hacking or cracking can just grab the information and decrypt it at their leisure. This is a major privacy issue, no matter what country you live in or how many freedoms you have.
Users contacting China via Skype are at risk just the same since log files are kept on any connection that passes through TOM-Skype. If Internet privacy was already a concern for you, then Chinese Skype just added another privacy risk to your plate.
It was only a matter of time after the Olympics left town that China would be back to spying and Internet censorship. Skype president, Josh Silverman, admitted that he knew TOM (Silverman's partner company in China) would be closely monitoring Skype users. Reports released by Canadian researchers stated that TOM is, "engaging in extensive surveillance with seemingly little regard for the security and privacy of Skype users. This is in direct contradiction of Skype's public statements regarding their policies in China." Millions of bits of data are tracked and stored, including personal information and contact details, for any chat that TOM-Skype is in charge of. Along with this, certain keywords related to Falun Gong, Taiwan, and anti-government statements are all closely monitored.
If this wasn't a big enough problem, reports show that proper safeguards are not being taken to ensure the data is not leaked. The data that is collected and stored is encrypted, but the encryption keys are kept on the same servers. Anyone with knowledge of hacking or cracking can just grab the information and decrypt it at their leisure. This is a major privacy issue, no matter what country you live in or how many freedoms you have.
Users contacting China via Skype are at risk just the same since log files are kept on any connection that passes through TOM-Skype. If Internet privacy was already a concern for you, then Chinese Skype just added another privacy risk to your plate.
Sunday, October 5, 2008
Ohio Woman Sues County Clerk After Identity Stolen...
With recent blog posts about the Virginia Watchdog and PulaskiWatch, it was only a matter of time before someone had their identity stolen due to the negligence of county clerks posting sensitive information. Computerworld reported on a Ohio woman suing the county clerk after her identity was stolen. An image of a speeding ticket, containing her personal information, was posted on the county website.
Originally, the case had been dismissed and Cynthia Lambert was out of luck. Her identity had been stolen and there was nowhere else for her to turn. That is until last week, when she was told she could reinstate her legal claim. Greg Hartmann, Hamilton County clerk of courts, violated Ohio's Privacy Act by posting such sensitive information about Ms. Lambert on the county website.
She received the ticket in September of 2003, and had her name, Social Security number, driver's license number, address, birth date, and signature. Having all that information easily accessible to anyone with an Internet connection definitely makes an Identity thief excited. With all that information, especially the Social Security number and signature, an identity thief can open up new lines of credit or take out loans with no risk to their own credit if he or she defaults--which usually happens.
Within a year at least two major purchases had been made in Ms. Lambert's name: $8,000 worth of electronics from Sam's Club and $12,000 in purchases from a Home Depot credit card opened in her name. Both of these purchases were made by showing a driver's license...more specifically Cynthia Lambert's driver's license. The kicker here is that the number on the driver's license used was one digit off from her actual license number. This was done in error by the officer who gave Ms. Lambert the ticket, and when the image of the ticket was posted it had the error as well. In addition, a woman caught for identity theft admitted to being part of a ring of thieves who use county websites to gain information used in the crimes.
The overturned ruling noted that while the county clerk did not act maliciously or break any laws by posting the speeding ticket, laws were broken because the Social Security number was kept in the image of the speeding ticket and published online.
This seems like a no-brainer to me. She has cited specific evidence to show her identity was stolen directly because of the county clerk's unwillingness to redact personal information. States such as California and Florida have made it illegal to post personal information and mandatory to redact data. While posting these records does make some sense, especially when a company needs to find information on a person for the purposes of opening a line of credit and such, there is no need to have Social Security numbers and signatures posted on a public forum. It is just as naive to assume the information is safe as the CEO of LifeLock putting his real Social Security number on TV and assuming no one would steal it. You are asking for trouble either way...
Originally, the case had been dismissed and Cynthia Lambert was out of luck. Her identity had been stolen and there was nowhere else for her to turn. That is until last week, when she was told she could reinstate her legal claim. Greg Hartmann, Hamilton County clerk of courts, violated Ohio's Privacy Act by posting such sensitive information about Ms. Lambert on the county website.
She received the ticket in September of 2003, and had her name, Social Security number, driver's license number, address, birth date, and signature. Having all that information easily accessible to anyone with an Internet connection definitely makes an Identity thief excited. With all that information, especially the Social Security number and signature, an identity thief can open up new lines of credit or take out loans with no risk to their own credit if he or she defaults--which usually happens.
Within a year at least two major purchases had been made in Ms. Lambert's name: $8,000 worth of electronics from Sam's Club and $12,000 in purchases from a Home Depot credit card opened in her name. Both of these purchases were made by showing a driver's license...more specifically Cynthia Lambert's driver's license. The kicker here is that the number on the driver's license used was one digit off from her actual license number. This was done in error by the officer who gave Ms. Lambert the ticket, and when the image of the ticket was posted it had the error as well. In addition, a woman caught for identity theft admitted to being part of a ring of thieves who use county websites to gain information used in the crimes.
The overturned ruling noted that while the county clerk did not act maliciously or break any laws by posting the speeding ticket, laws were broken because the Social Security number was kept in the image of the speeding ticket and published online.
This seems like a no-brainer to me. She has cited specific evidence to show her identity was stolen directly because of the county clerk's unwillingness to redact personal information. States such as California and Florida have made it illegal to post personal information and mandatory to redact data. While posting these records does make some sense, especially when a company needs to find information on a person for the purposes of opening a line of credit and such, there is no need to have Social Security numbers and signatures posted on a public forum. It is just as naive to assume the information is safe as the CEO of LifeLock putting his real Social Security number on TV and assuming no one would steal it. You are asking for trouble either way...
Thursday, October 2, 2008
Watch Out America...Satellite-Surveillance is Coming.
Reported by the Wall Steet Journal:
The Department of Homeland Security will begin the first phase of a satellite surveillance program. Surprisingly, the department has not guaranteed or ensured that the program will not break any privacy laws. The spy program, known as the National Applications Office, is meant to provide government officials (on multiple levels) with access to satellite imagery. This pertains to security needs, such as identifying weaknesses at borders and ports, and was also created with the intentions of assisting emergency response.
The critics of the NAO feel that using satellites in this manner violates our civil liberties and privacy rights. Nothing has been said about protecting Americans from using the satellites for eavesdropping. The only response is that the government stated they won't spy on us. Now that I have their word we can move on...
A 60-page report on the NAO showed some very important flaws to the system. The report showed that there is no assurance that the system won't be misused by other agencies. The response to this was for the government to "ensure that legal reviews and protection of classified information will be effective."
As of Tuesday, the bill was signed and a limited version is allowed to be tested, which will only have the capabilities for emergency response and scientific needs. Homeland security and law enforcement measures will be implemented as the NAO continues to meet its requirements. This seems like a pretty decent compromise since the only other step would have been to completely disband the project. This measure can help the fight against terrorism and protect our borders at their most vulnerable points, but still needs some time to iron out the kinks.
I, of course, am concerned about the privacy issues that will arise with the implementation of the NAO. One of the major criticisms presented with the limited version is what exactly are the requirements that need to be met? Are these requirements very easy, or overly difficult, to attain? Or are they able to be modified to benefit the pro-NAO parties involved and get the system implemented faster? Also, how can I be assured that my privacy will be protected? Especially in the case of national security, everyone becomes a suspect. This could be a very beneficial program, but with the billions of dollars required to create NAO and the possible privacy risks something more than "we said your privacy will be secured so believe us," needs to be done.
The Department of Homeland Security will begin the first phase of a satellite surveillance program. Surprisingly, the department has not guaranteed or ensured that the program will not break any privacy laws. The spy program, known as the National Applications Office, is meant to provide government officials (on multiple levels) with access to satellite imagery. This pertains to security needs, such as identifying weaknesses at borders and ports, and was also created with the intentions of assisting emergency response.
The critics of the NAO feel that using satellites in this manner violates our civil liberties and privacy rights. Nothing has been said about protecting Americans from using the satellites for eavesdropping. The only response is that the government stated they won't spy on us. Now that I have their word we can move on...
A 60-page report on the NAO showed some very important flaws to the system. The report showed that there is no assurance that the system won't be misused by other agencies. The response to this was for the government to "ensure that legal reviews and protection of classified information will be effective."
As of Tuesday, the bill was signed and a limited version is allowed to be tested, which will only have the capabilities for emergency response and scientific needs. Homeland security and law enforcement measures will be implemented as the NAO continues to meet its requirements. This seems like a pretty decent compromise since the only other step would have been to completely disband the project. This measure can help the fight against terrorism and protect our borders at their most vulnerable points, but still needs some time to iron out the kinks.
I, of course, am concerned about the privacy issues that will arise with the implementation of the NAO. One of the major criticisms presented with the limited version is what exactly are the requirements that need to be met? Are these requirements very easy, or overly difficult, to attain? Or are they able to be modified to benefit the pro-NAO parties involved and get the system implemented faster? Also, how can I be assured that my privacy will be protected? Especially in the case of national security, everyone becomes a suspect. This could be a very beneficial program, but with the billions of dollars required to create NAO and the possible privacy risks something more than "we said your privacy will be secured so believe us," needs to be done.
Friday, September 12, 2008
Arkansas Man Posts County E-mail Records
Computerworld reported that an upset Arkansas man has posted sensitive information on his website, PulaskiWatch. The information was found via public records and consisted of e-mails between nine government officials, including the county clerk. This privacy issue may seem a little familiar as the Virginia Watchdog (which, coincidentally, does not seem to be working) also posted sensitive information on government officials in Virginia.
Bill Phillips, the creator of PulaskiWatch, did this to prove a point to the county officials who had posted circuit court records containing Social Security numbers, bank account numbers, and images of voided checks. Phillips' retaliation consisted of searching thousands of e-mails, mostly with office-related communications, on the Internet and posting his findings. Some of the e-mails that Computerworld had access to discussed sensitive topics, such as: appropriate salaries for two recently demoted employees, and a woman who had quit because of safety concerns (there was a stranger roaming the parking lot). Phillips also posted every county clerk employee's name, date of hire, and salary. He focuses his retaliation on the county officials and does not seem to be posting the sensitive information. Having them on the Pulaski County site once is already bad enough. And by the way, students working on the elections will be making $7.50 an hour. Yes, I did find that in one of the e-mails.
While this may seem like an invasion of privacy, and limits a person's privacy rights, the important thing to notice is that both Pulaski Watch and Virginia Watchdog had found their information publicly. They did not have to buy records from a secretary or bribe a judge like in The Sopranos. All they had to do was search their local county government website and perhaps even Googling someone's name. Phillips has agreed to remove all the sensitive, yet legal and public, documents from his website on the condition that County Clerk Pat O'Brien removes the documents with sensitive information. It seems like a fair trade off to me. Your private e-mails will be removed once the residents all have their personal information removed, and hopefully identity theft won't be on the rise in Pulaski County.
The county has already faced this issue once, when it was forced to remove personal information from real estate records. O'Brien stated he won't remove the court records, and even if he wanted to only the Arkansas Supreme Court can give instructions on blocking out Social Security numbers. O'Brien said he would remove the records, but the software used for real estate records can't be used on court records. Too bad, so sad Pulaski County..
Bill Phillips, the creator of PulaskiWatch, did this to prove a point to the county officials who had posted circuit court records containing Social Security numbers, bank account numbers, and images of voided checks. Phillips' retaliation consisted of searching thousands of e-mails, mostly with office-related communications, on the Internet and posting his findings. Some of the e-mails that Computerworld had access to discussed sensitive topics, such as: appropriate salaries for two recently demoted employees, and a woman who had quit because of safety concerns (there was a stranger roaming the parking lot). Phillips also posted every county clerk employee's name, date of hire, and salary. He focuses his retaliation on the county officials and does not seem to be posting the sensitive information. Having them on the Pulaski County site once is already bad enough. And by the way, students working on the elections will be making $7.50 an hour. Yes, I did find that in one of the e-mails.
While this may seem like an invasion of privacy, and limits a person's privacy rights, the important thing to notice is that both Pulaski Watch and Virginia Watchdog had found their information publicly. They did not have to buy records from a secretary or bribe a judge like in The Sopranos. All they had to do was search their local county government website and perhaps even Googling someone's name. Phillips has agreed to remove all the sensitive, yet legal and public, documents from his website on the condition that County Clerk Pat O'Brien removes the documents with sensitive information. It seems like a fair trade off to me. Your private e-mails will be removed once the residents all have their personal information removed, and hopefully identity theft won't be on the rise in Pulaski County.
The county has already faced this issue once, when it was forced to remove personal information from real estate records. O'Brien stated he won't remove the court records, and even if he wanted to only the Arkansas Supreme Court can give instructions on blocking out Social Security numbers. O'Brien said he would remove the records, but the software used for real estate records can't be used on court records. Too bad, so sad Pulaski County..
Wednesday, September 10, 2008
Google Introduces New Protocol for Storing Data
Reuters and Yahoo! News report that Google has agreed to cut the amount of time it stores users' web surfing habits from 18 month to only nine months. This is quite a significant drop, especially when taking into account that in March 2007 Google had no policy and kept the information for an indefinite period of time. Google's new policies, "are part of a broader trend that is increasing across the industry for companies to compete in good privacy practices," according to Google's global privacy counsel Peter Fleischer.
Along with the new nine month data retention policy, Google plans to anonymize the data much more quickly. Could this be in response to the Viacom/YouTube issue? This is is a great precautionary measure to protect our Internet privacy from companies like Viacom that want to sue Google so they can obtain users' records. After nine months the data and the IP address are disassociated and the data can no longer be tracked back to a specific user.
The move to an 18-month data retention policy came about due to the European Union putting pressure on Google to increase their privacy measures. The new nine-month policy was adapted to further refine Google's privacy protection and keep users much safer while surfing the Internet. The new nine month policy makes Google the alpha male, as far as privacy is concerned. Microsoft still keeps data for 18 months and Yahoo! currently retains data for 13 months.
While this is good news for anyone who surfs the Internet, it is important to remember that your data is being tracked and recorded. Data retention policies are extremely helpful, but ultimately privacy must begin with you. Using an anonymous proxy server will help you be invisible and maintain anonymity while surfing and stay one step ahead of even the most favorable data retention policies.
Along with the new nine month data retention policy, Google plans to anonymize the data much more quickly. Could this be in response to the Viacom/YouTube issue? This is is a great precautionary measure to protect our Internet privacy from companies like Viacom that want to sue Google so they can obtain users' records. After nine months the data and the IP address are disassociated and the data can no longer be tracked back to a specific user.
The move to an 18-month data retention policy came about due to the European Union putting pressure on Google to increase their privacy measures. The new nine-month policy was adapted to further refine Google's privacy protection and keep users much safer while surfing the Internet. The new nine month policy makes Google the alpha male, as far as privacy is concerned. Microsoft still keeps data for 18 months and Yahoo! currently retains data for 13 months.
While this is good news for anyone who surfs the Internet, it is important to remember that your data is being tracked and recorded. Data retention policies are extremely helpful, but ultimately privacy must begin with you. Using an anonymous proxy server will help you be invisible and maintain anonymity while surfing and stay one step ahead of even the most favorable data retention policies.
Monday, September 8, 2008
NebuAd Halts Invasion of Users' Privacy...
Reports from Internetnews.com state that NebuAd, creators of the very controversial behavioral targeting technology, recently announced they will stop their ad-targeting campaign. This comes shortly after many of their clients (such as CableOne) dropped NebuAd over privacy concerns and a Congressional hearing. In a statement made by NebuAd, they stated, "plans for wide spread deployment via the Internet service provider channel are delayed to allow time for Congress to spend additional time addressing the privacy issues and policies associated with online behavioral advertising." Along with the project being halted and ISPs canceling their contracts, CEO and co-founder Bob Dykes resigned.
NebuAd's behavioral targeting campaign was supposed to keep information anonymous and only collect and store pertinent information so that online advertisements could reflect an individuals tastes and offer products that they are more likely to want to purchase. The above mentioned ISP was one of the many multiple service operators that had contracts with NebuAd for their state-of-the-art services. ISPs have been tracking and recording their users' information and selling it to the highest bidder, which in many cases was NebuAd. While this concept seemed like a good idea, privacy advocates and security experts called it "browser high jacking," and made it clear that an ISP could be breaking federal wiretapping laws by using NebuAd.
NebuAd required the ISPs they contracted with to inform their users of the ad-tracking campaign. ISPs did inform their users, but in many cases did not allow them to opt-out of having their Internet privacy jeopardized. Also, many of the ISPs did not specifically tell their users what was happening, but just made small modifications to their privacy policies. Embarq, for example, stated in their privacy policy: "The Web sites that you visit or online searches that you conduct" may be used to "deliver or facilitate the delivery of targeted advertisements." On a side note--only 15 Embarq users opted out. Who should be blamed then? Is NebuAd at fault for developing the eavesdropping software, or is it the fault of the ISPs who don't tell their users they are being spied on and then sell the information? The next step is for Congress to introduce legislation requiring explicit consent from users that way they know and willingly allow their information to be collected.
NebuAd's behavioral targeting campaign was supposed to keep information anonymous and only collect and store pertinent information so that online advertisements could reflect an individuals tastes and offer products that they are more likely to want to purchase. The above mentioned ISP was one of the many multiple service operators that had contracts with NebuAd for their state-of-the-art services. ISPs have been tracking and recording their users' information and selling it to the highest bidder, which in many cases was NebuAd. While this concept seemed like a good idea, privacy advocates and security experts called it "browser high jacking," and made it clear that an ISP could be breaking federal wiretapping laws by using NebuAd.
NebuAd required the ISPs they contracted with to inform their users of the ad-tracking campaign. ISPs did inform their users, but in many cases did not allow them to opt-out of having their Internet privacy jeopardized. Also, many of the ISPs did not specifically tell their users what was happening, but just made small modifications to their privacy policies. Embarq, for example, stated in their privacy policy: "The Web sites that you visit or online searches that you conduct" may be used to "deliver or facilitate the delivery of targeted advertisements." On a side note--only 15 Embarq users opted out. Who should be blamed then? Is NebuAd at fault for developing the eavesdropping software, or is it the fault of the ISPs who don't tell their users they are being spied on and then sell the information? The next step is for Congress to introduce legislation requiring explicit consent from users that way they know and willingly allow their information to be collected.
Thursday, September 4, 2008
Internet Explorer's Privacy Mode, Not So Private...
Microsoft has recently introduced the world to InPrivateBrowsing, or privacy mode, which is the latest and greatest feature of IE8. According to numerous reports, including PCAdvisor, private mode is not very private at all. The information can easily be recovered and the privacy features are mostly cosmetic, giving you the false sense of security that you are protecting and securing your browsing habits. The main goal of InPrivateBrowsing is to prevent other users [of the same PC] from being able to access web surfing information.
InPrivateBrowsing was created by Microsoft to protect a user's Internet privacy by deleting browser history and other data that is stored by IE during a web surfing session. The dubbed, "Porn Mode," hides browser history from nosy people trying to spy on your web history. Forensic experts were able to easily retrieve all the information that IE was expected to keep protected. The main feature of InPrivateBrowsing is that it does not allow cookies to be stored. Cookies are bits of text and data that are stored on your computer so that websites can easily access your information. Without cookies, login details and other sensitive information remains secure. Along with the disabling of cookies, the browser doesn't allow history to be stored in the Windows registry, which is another way information can be found on your PC.
The major flaw of InPrivateBrowsing lies with cache files. These files are stored on your computer so that the websites you visit will load faster. The major flaw of InPrivateBrowsing is that it does not delete, or even disable, the Internet cache files. A user can manually delete these files, but they are still easily accessible with forensic tools. Users can always delete their cookies, cache, and temporary Internet files, but why would someone want to do that? For example, if I am searching the Internet for an engagement ring I could use privacy mode to make sure no traces of the searches are left online. That would be much more convenient than manually deleting everything. Not only would it be convenient, but it would look a lot less suspicious than having to delete all traces of my surfing. Both privacy mode and manual deletion solve the same problems, but the latter definitely looks fishy.
InPrivateBrowsing was created by Microsoft to protect a user's Internet privacy by deleting browser history and other data that is stored by IE during a web surfing session. The dubbed, "Porn Mode," hides browser history from nosy people trying to spy on your web history. Forensic experts were able to easily retrieve all the information that IE was expected to keep protected. The main feature of InPrivateBrowsing is that it does not allow cookies to be stored. Cookies are bits of text and data that are stored on your computer so that websites can easily access your information. Without cookies, login details and other sensitive information remains secure. Along with the disabling of cookies, the browser doesn't allow history to be stored in the Windows registry, which is another way information can be found on your PC.
The major flaw of InPrivateBrowsing lies with cache files. These files are stored on your computer so that the websites you visit will load faster. The major flaw of InPrivateBrowsing is that it does not delete, or even disable, the Internet cache files. A user can manually delete these files, but they are still easily accessible with forensic tools. Users can always delete their cookies, cache, and temporary Internet files, but why would someone want to do that? For example, if I am searching the Internet for an engagement ring I could use privacy mode to make sure no traces of the searches are left online. That would be much more convenient than manually deleting everything. Not only would it be convenient, but it would look a lot less suspicious than having to delete all traces of my surfing. Both privacy mode and manual deletion solve the same problems, but the latter definitely looks fishy.
Sunday, August 31, 2008
More Social Security Numbers on the Web...
Betty Ostergren, a privacy advocate that posts Social Security numbers she found on the Internet, has been given the thumbs up by a federal judge in Virginia. Computerworld reports that the state government can not stop her from posting the Social Security numbers on her website. At first glance, this privacy issue should enrage a lot of people. Knowing she has your personal information and is posting it all over the Internet would upset a lot of people; but how did she find this information in the first place? She got the information from the Internet and public records. The privacy advocate did this as a lesson, and to start a campaign to show people just how easy it is to find sensitive information about them.
She won the case and it was ruled that she should not have to remove the Social Security numbers from her site since she legally obtained them from public records. While the memorandum does not set a precedent, it is the first step in truly realizing how much we take our Internet privacy for granted. Ostergren's website, The Virginia Watchdog, presents privacy issues that arise from the government posting personal information on websites. Over the past few years she has repeatedly shown that Social Security numbers have been posted and little has been done to protect personal information.
I can agree with what she is doing. She did not seek out the information from private sources or use illegal methods, she used the Internet and the public sector. Everything she found was attained from government documents that did not conceal the ultra-sensitive information. With the already astonishing number of identity thefts every year, I don't see how the government posting such private information can help. How about a permanent marker and two seconds to hide the information? Problem solved... Ms. Ostergren also posts the information of high-profile officials, such as former Gov. Jeb Bush, former U.S. Secretary Colin Powell, and some local Virginia officials. I guess it really strikes a nerve and makes them care when their information is up there, and not just the information of the huddled masses.
She won the case and it was ruled that she should not have to remove the Social Security numbers from her site since she legally obtained them from public records. While the memorandum does not set a precedent, it is the first step in truly realizing how much we take our Internet privacy for granted. Ostergren's website, The Virginia Watchdog, presents privacy issues that arise from the government posting personal information on websites. Over the past few years she has repeatedly shown that Social Security numbers have been posted and little has been done to protect personal information.
I can agree with what she is doing. She did not seek out the information from private sources or use illegal methods, she used the Internet and the public sector. Everything she found was attained from government documents that did not conceal the ultra-sensitive information. With the already astonishing number of identity thefts every year, I don't see how the government posting such private information can help. How about a permanent marker and two seconds to hide the information? Problem solved... Ms. Ostergren also posts the information of high-profile officials, such as former Gov. Jeb Bush, former U.S. Secretary Colin Powell, and some local Virginia officials. I guess it really strikes a nerve and makes them care when their information is up there, and not just the information of the huddled masses.
Wednesday, August 27, 2008
A Digital Bill of Rights to Protect Internet Privacy
TechCrunch (via the WashingtonPost) has recently published an article stating what should be the Digital Bill of Rights to protect consumers. With the Internet age in full-swing, and Election '08 in the near future, what better time than now to present a plan of action for laws and regulations regarding the Internet? Many laws governing the Internet are quite outdated and can't keep up with the daily advances in technology...as food for thought: What if laws had never been changed with the inception of modern mail carriers? Imagine the same laws were still completely intact even with the transition from the Pony Express to the modern-day United States Postal Service. Could that work? Could a law regarding the Pony Express still govern the actions of USPS?
Issues such as copyright infringement, net neutrality, and digital privacy are difficult to govern, mainly because they are creations of the modern era of technology. Maybe it is time to dust off the books and create some new laws that can maintain a degree of control and consistency over rapidly expanding technology. Many laws do not protect users' Internet privacy and allow companies to spy on us and record our information so they can build a profile of our web surfing habits. The Digital Bill of Rights would be a step in the right direction to create updated laws that can protect consumers from ISPs, marketing companies, device manufacturers, and even the government itself.
Presented in the article is the author's own Digital Bill of Rights, which he asks users to help further refine. Maybe our candidates can use this as a starting point and get the ball rolling in the right direction.
Issues such as copyright infringement, net neutrality, and digital privacy are difficult to govern, mainly because they are creations of the modern era of technology. Maybe it is time to dust off the books and create some new laws that can maintain a degree of control and consistency over rapidly expanding technology. Many laws do not protect users' Internet privacy and allow companies to spy on us and record our information so they can build a profile of our web surfing habits. The Digital Bill of Rights would be a step in the right direction to create updated laws that can protect consumers from ISPs, marketing companies, device manufacturers, and even the government itself.
Presented in the article is the author's own Digital Bill of Rights, which he asks users to help further refine. Maybe our candidates can use this as a starting point and get the ball rolling in the right direction.
Saturday, August 23, 2008
European Privacy? More Like European Invasion of Privacy...
OhMyNews recently reported that the U.K., along with other European powers, are developing a system to spy on cell phone records, including text and calls, as well as Internet searches.
The British government wants to invade privacy by storing records in a database so that hundreds of public organizations can access this information as needed. The cell phone, text message, and Internet records will be used to investigate criminal and terrorist acts. The records will be kept at the data center for at least 12 months. Dates, times, and contacts (from cell phones) will be stored, while searches and instant message conversations will be tracked and recorded as well. The only bright side is that, supposedly, the content will not be stored just the identifying information.
The cost for transferring the massive amount of data--a mere 50 million pounds per year. It must be worth it to the surveillance-obsessed nation that already monitors citizens through CCTV. 1984 anyone? One spy camera for every fourteen people wasn't bad enough, now forget about protecting personal information or any type of Internet privacy.
I can't see any benefit in this. The U.K. is making it seem like every citizen is guilty and will be treated accordingly. What will the exact laws be concerning the use, or better yet misuse, of information? How secure will this database be? We could end up having another situation, much like what happened in Sarasota, but on a much larger scale--imagine millions of people having their information posted on the Internet.
The British government wants to invade privacy by storing records in a database so that hundreds of public organizations can access this information as needed. The cell phone, text message, and Internet records will be used to investigate criminal and terrorist acts. The records will be kept at the data center for at least 12 months. Dates, times, and contacts (from cell phones) will be stored, while searches and instant message conversations will be tracked and recorded as well. The only bright side is that, supposedly, the content will not be stored just the identifying information.
The cost for transferring the massive amount of data--a mere 50 million pounds per year. It must be worth it to the surveillance-obsessed nation that already monitors citizens through CCTV. 1984 anyone? One spy camera for every fourteen people wasn't bad enough, now forget about protecting personal information or any type of Internet privacy.
I can't see any benefit in this. The U.K. is making it seem like every citizen is guilty and will be treated accordingly. What will the exact laws be concerning the use, or better yet misuse, of information? How secure will this database be? We could end up having another situation, much like what happened in Sarasota, but on a much larger scale--imagine millions of people having their information posted on the Internet.
Protecting Personal and Financial Privacy - Blog Review
As an avid reader with more than a casual interest in privacy, I tend to find interesting sites on the topic of privacy. Today I found Protecting Personal and Financial Privacy, a blog by Mike Valentine. Not only does he write well, I found the articles thoughtful.
His latest post discusses AOL and behavioral targeting. He points out that people are careless with their personal information. This is point we've been making on this blog since we started it. Privacy starts with personal responsibility. If you give up your personal information too easily, you forfeit your right to privacy.
His latest post discusses AOL and behavioral targeting. He points out that people are careless with their personal information. This is point we've been making on this blog since we started it. Privacy starts with personal responsibility. If you give up your personal information too easily, you forfeit your right to privacy.
Friday, August 22, 2008
Another ISP Admits to Invasion of Users' Privacy...
Well it is more than an Internet Service Provider, but Cable One, the 10th largest cable operator, has recently admitted to conducted a six-month study on their Internet users' surfing habits. Cable One joins Charter Communications (as reported in a previous post) and a slew of other MSOs (multiple service operators) who spy on their customers for behavioral targeting purposes, and ultimately sell that information for big bucks to advertising companies.
Cable One revealed the information on August 8 to the House Energy and Commerce Committee, which had previously expressed their concerns on cable operators using advanced technology to invade privacy. So if I decipher this correctly: Cable One tried to defend themselves against these allegations by providing information and stating they invaded their customers' privacy. Cable One stated that spying on 14,000 of their 700,000 customers was a better way to provide "more relevant advertising" to their customers.
Bresnan Communications and Knology also came out of the woodwork to say they spied on customers throughout a similar time frame. WideOpenWest admitted to doing this, in cooperation with NebuAd's service. WideOpenWest stopped the program after five months because of the privacy concerns. All efforts to surf anonymously have become null and void for many Internet users, and for no apparent reason other than having better online advertisements. Shouldn't these companies help protect personal information, not jeopardize it?
Cable One argues that they were not breaking any laws by conducting this research, and had made the information available to their users via the acceptable use policy they read when signing up for services. The information was also found in Cable One's yearly privacy notice, which is sent to all customers. They provided users with appropriate notice, BUT did not allow them to opt out of the research, "because doing so would stifle our ability to test new technologies that have the potential to offer significant benefits to our customers.” Wow...
In essence the companies are arguing that because they put it in writing it is alright to spy on users and completely ignore any type of Internet privacy laws. It seems a bit ridiculous that my privacy rights are in jeopardy and I have no way of opting out. I can't even choose to say "No." In other words, even if I know it is happening I have no say in the outcome. The companies are not just able to record information for advertising purposes, but can use this technology to track and record ALL information being transmitted and received through their network. Hopefully when the Committee drafts a new law they remember to add the clause that we, as paying customers who want to feel safe, should have to opt-IN to this research--not be forced into whatever absurd money-making scheme the companies are up to.
Cable One revealed the information on August 8 to the House Energy and Commerce Committee, which had previously expressed their concerns on cable operators using advanced technology to invade privacy. So if I decipher this correctly: Cable One tried to defend themselves against these allegations by providing information and stating they invaded their customers' privacy. Cable One stated that spying on 14,000 of their 700,000 customers was a better way to provide "more relevant advertising" to their customers.
Bresnan Communications and Knology also came out of the woodwork to say they spied on customers throughout a similar time frame. WideOpenWest admitted to doing this, in cooperation with NebuAd's service. WideOpenWest stopped the program after five months because of the privacy concerns. All efforts to surf anonymously have become null and void for many Internet users, and for no apparent reason other than having better online advertisements. Shouldn't these companies help protect personal information, not jeopardize it?
Cable One argues that they were not breaking any laws by conducting this research, and had made the information available to their users via the acceptable use policy they read when signing up for services. The information was also found in Cable One's yearly privacy notice, which is sent to all customers. They provided users with appropriate notice, BUT did not allow them to opt out of the research, "because doing so would stifle our ability to test new technologies that have the potential to offer significant benefits to our customers.” Wow...
In essence the companies are arguing that because they put it in writing it is alright to spy on users and completely ignore any type of Internet privacy laws. It seems a bit ridiculous that my privacy rights are in jeopardy and I have no way of opting out. I can't even choose to say "No." In other words, even if I know it is happening I have no say in the outcome. The companies are not just able to record information for advertising purposes, but can use this technology to track and record ALL information being transmitted and received through their network. Hopefully when the Committee drafts a new law they remember to add the clause that we, as paying customers who want to feel safe, should have to opt-IN to this research--not be forced into whatever absurd money-making scheme the companies are up to.
Thursday, August 21, 2008
Sarasota Students' Personal Information Posted on the Internet
Recently reported by the New York Times and the Herald Tribune (Sarasota's local newspaper), a little bit more than 88% of the 38,500 students in the Sarasota school district had personal information posted on the Internet for nearly two months.
The school district has a contract (for now) with Princeton Review to maintain a database of Sarasota County Planning Tools, to help teachers develop tests and keep track of students' grades. The information, which contained students' names and school ID numbers (which in some cases were Social Security numbers) from this database was accidentally posted on the Internet for two months before it was finally removed this past Monday. Along with names and ID numbers the information also included students': birth dates, sex, ethnicity, disabilities, and standardized test scores. The files were able to be found by using a search engine and Princeton Review claims the files were released when the company recently switched ISPs.
Sarasota students were not the only ones affected by this mistake, Fairfax, VA. students (nearly 74,000 of them) had their information posted on the Internet as well. The company was hired to measure student performance and nearly got 74,000 students' identities stolen. Hackers could have had a field day with this information--but if we recall correctly from a previous Identity Theft post, it usually takes the Identity Theft victim three months to realize something is wrong. In the case of a young student that has no need to check their credit ratings; it could be even longer.
The article hints around as to who is to blame here. Of course Princeton Review is at fault because the security of their system and website has been compromised and over 100,000 students had their personal information sitting on the Internet for two months. Not to mention that with the world wide web, nothing that has been posted can truly be deleted--some cached record may be sitting on a server with the information.
Is the school board to blame as well? Would they need to compile this massive database of personal information if standardized tests weren't stressed as the focal point of a student's education? While I am not trying to start a debate as to the validity of standardized tests, it is just an interesting subject to touch on. What happened to the days where teachers logged the information in their grade books? Is it necessary to have a massive database with every bit of information about a student? These are all questions that the school board will be answering when deciding whether or not to keep Princeton Review's contract.
In this case I would say protecting personal information trumps the ease of sticking everything on some site to analyze the students performance. It is great for parents, students and teachers to have access to this information so they can all keep track of performance and make sure nothing is wrong. Is the risk of having this happen again worth it? Do students even get and interim reports and report cards anymore? I remember that being a pretty good gauge as to what I needed work on.
The school district has a contract (for now) with Princeton Review to maintain a database of Sarasota County Planning Tools, to help teachers develop tests and keep track of students' grades. The information, which contained students' names and school ID numbers (which in some cases were Social Security numbers) from this database was accidentally posted on the Internet for two months before it was finally removed this past Monday. Along with names and ID numbers the information also included students': birth dates, sex, ethnicity, disabilities, and standardized test scores. The files were able to be found by using a search engine and Princeton Review claims the files were released when the company recently switched ISPs.
Sarasota students were not the only ones affected by this mistake, Fairfax, VA. students (nearly 74,000 of them) had their information posted on the Internet as well. The company was hired to measure student performance and nearly got 74,000 students' identities stolen. Hackers could have had a field day with this information--but if we recall correctly from a previous Identity Theft post, it usually takes the Identity Theft victim three months to realize something is wrong. In the case of a young student that has no need to check their credit ratings; it could be even longer.
The article hints around as to who is to blame here. Of course Princeton Review is at fault because the security of their system and website has been compromised and over 100,000 students had their personal information sitting on the Internet for two months. Not to mention that with the world wide web, nothing that has been posted can truly be deleted--some cached record may be sitting on a server with the information.
Is the school board to blame as well? Would they need to compile this massive database of personal information if standardized tests weren't stressed as the focal point of a student's education? While I am not trying to start a debate as to the validity of standardized tests, it is just an interesting subject to touch on. What happened to the days where teachers logged the information in their grade books? Is it necessary to have a massive database with every bit of information about a student? These are all questions that the school board will be answering when deciding whether or not to keep Princeton Review's contract.
In this case I would say protecting personal information trumps the ease of sticking everything on some site to analyze the students performance. It is great for parents, students and teachers to have access to this information so they can all keep track of performance and make sure nothing is wrong. Is the risk of having this happen again worth it? Do students even get and interim reports and report cards anymore? I remember that being a pretty good gauge as to what I needed work on.
Friday, August 15, 2008
Breaking Down the Great Firewall (part 2)...
As an update to my recent post about China's Great Firewall it seemed appropriate to discuss the methods for bypassing the Golden Shield Project. With the Olympics in full swing, and nearly halfway over, it is only a matter of time before China's government re-bans the websites and Beijing is again part of China's Internet censorship program. Chinese officials lifted their ban on certain websites after journalists were upset that many of the sites they needed to access were unavailable because of the GSP. Once the final medal is awarded it most likely won't be much longer before China is back to banning as much content as possible, so it is important to know ways to bypass the Great Firewall and maintain Internet privacy.
The following methods may seem familiar, as they are used for anonymous surfing, but they do in fact work rather well for circumventing the GSP and gaining access to banned sites.
The following methods may seem familiar, as they are used for anonymous surfing, but they do in fact work rather well for circumventing the GSP and gaining access to banned sites.
- Anonymous Proxy servers: Anonymous proxy servers based outside of China can be used to access blocked content. The sites are blocked only to Chinese citizens and therefore if you surf using a U.S.-based proxy server then you can gain access to restricted sites. The website will read the IP address and give you permission to view the site. At the same time, the server will hide your IP so that anyone snooping the connection will see a person from Tulsa, OK surfing the Internet. As an added bonus a good proxy server will also encrypt the data being transmitted so that anyone spying can not view the information.
- Foreign companies can apply for a local website hosted in China. While this method does not apply to an individual user attempting to access a banned site, it is a method to bypass the Great Firewall since the company's content does not have to go through the Great Firewall (but the company does have to apply for a local ICP license)
- Using secure tunnels such as a Virtual Private Network (VPN). GSP can't filter secure traffic that is being communicated and therefore secure tunnels provide a way for users to access content and create sites that would otherwise be banned.
- Onion routing networks, such as Tor, can be used since it requires a network of computers to encrypt and mask your information. This method is, in essence, very similar to an anonymous proxy server. The major drawback of Tor is that you do not know who set up the anonymous connection you are passing through. As noted in an earlier post, you really have no idea who set up the connection and therefore anyone can invade your privacy through this trusted network. If a group of grad students and professors can do it, why wouldn't the Chinese government?
- FreeGate: a software utility created for Iranian and Chinese citizens to bypass any Internet censorship attempts by the government. The software finds open proxies, which are not blocked and can be accessed by any user, and penetrate firewalls. This useful tool is a bit controversial as it has been reported to be a Trojan virus.
- Reporters without Borders offers a "Handbook for Bloggers and Cyber-Dissidents" (PDF) which gives detailed information and tools for blogging and surfing anonymously. The handbook gives detailed instructions, including screenshots, for setting up a blog and remaining anonymous.
Friday, August 8, 2008
Anonymous Surfing Software vs Web-based Anonymous Proxy...which is better for your Internet privacy?
As an Internet user you face many dangers online ranging from cyber criminals trying to steal your identity to marketing companies and ISPs tracking and logging your IP address. As a lot of web surfers know, one of the best ways for protecting personal information and maintaining Internet privacy is to use a proxy server. While many useful proxy servers can be found on the Internet simply by searching "proxy" on Google, the age old question that many Internet users have difficulty answering is: What is better to use, anonymous surfing software or free web-based anonymous proxies?
Web-based:
These are quite easy to use and require nothing on your part besides an active Internet connection. These web anonymizers require you only to enter the URL of the site you wish to visit and give it a click. Your IP address is hidden and replaced with the IP address of the site's server. This is a great example of proxy avoidance and will get you onto a blocked website, but only offers minimal, if any, data protection and encryption services. The main purpose of the web-based anonymous proxy is to get on a website such as MySpace, that would normally be blocked by an IT Department. Another downside is that this type of proxy can't gain access to sites that use Secure Socket Layer or Secure Shell encryption, such as banking sites.
Software-based:
A software-based proxy will run with your current browser and allow you to surf freely without having to go back to a homepage to enter a new URL. After installation it should only require 1-click to run the program and surf anonymously. A good software proxy will cost you a few dollars a month (nothing to break the bank over), which is a downside compared to the free web proxies. There is usually a fee associated because you are getting what you pay for...software proxies offer anonymous surfing, but also encrypt the data being transmitted. This means that in addition to your IP address being masked, your data and the transmission between networks is also secure (which is not the case with a web proxy).
Ultimately, both methods of protecting your IP address and Internet privacy have their pros and cons. At the end of the day if you only need a quick fix to get onto a blocked website that requires no personal information (such as a log-in, e-mail, or password) then a web proxy will work for you. Using a software proxy whenever you surf, even if only for a few minutes, would be highly recommended. It is still easy to use and offers much more protection and freedom to surf without the worry of just how protected you are. The advanced protection alone makes software proxies your best bet.
Web-based:
These are quite easy to use and require nothing on your part besides an active Internet connection. These web anonymizers require you only to enter the URL of the site you wish to visit and give it a click. Your IP address is hidden and replaced with the IP address of the site's server. This is a great example of proxy avoidance and will get you onto a blocked website, but only offers minimal, if any, data protection and encryption services. The main purpose of the web-based anonymous proxy is to get on a website such as MySpace, that would normally be blocked by an IT Department. Another downside is that this type of proxy can't gain access to sites that use Secure Socket Layer or Secure Shell encryption, such as banking sites.
Software-based:
A software-based proxy will run with your current browser and allow you to surf freely without having to go back to a homepage to enter a new URL. After installation it should only require 1-click to run the program and surf anonymously. A good software proxy will cost you a few dollars a month (nothing to break the bank over), which is a downside compared to the free web proxies. There is usually a fee associated because you are getting what you pay for...software proxies offer anonymous surfing, but also encrypt the data being transmitted. This means that in addition to your IP address being masked, your data and the transmission between networks is also secure (which is not the case with a web proxy).
Ultimately, both methods of protecting your IP address and Internet privacy have their pros and cons. At the end of the day if you only need a quick fix to get onto a blocked website that requires no personal information (such as a log-in, e-mail, or password) then a web proxy will work for you. Using a software proxy whenever you surf, even if only for a few minutes, would be highly recommended. It is still easy to use and offers much more protection and freedom to surf without the worry of just how protected you are. The advanced protection alone makes software proxies your best bet.
Breaking down the Great Firewall...
No, this isn't a clever campaign to start a world movement to get rid of the Great Firewall and liberate China's netizens. With the arrival of the 2008 Olympic games in Beijing, it seems that this would be an appropriate time to focus on The Great Firewall of China, or the Golden Shield Project (as it is officially known). The Golden Shield is a censorship and surveillance program run by China's Ministry of Public Service. While the Chinese government has been using the Great Firewall to censor and block websites in China since 2003, many of us do not have a full understanding of the Golden Shield Project and its intricacies. This article is not meant to start a revolution against the Chinese government to bring down the Great Firewall, but a means to gain a better understanding of something that many Americans and Europeans have little knowledge about--Internet censorship using GSP.
While most Americans and Europeans do have the right to choose what sites they visit and surf the Internet freely (again the keyword is "most"), other countries' citizens are stifled by government censorship of the Internet. In China any site that expresses opposing views or states a negative opinion of the government is banned. Not only will the site be banned, but the authors may face criminal charges and a lengthy prison sentence. While many sites have recently been unblocked by the Chinese government because of the Beijing Olympics, many other sites including, pro-democracy advocates, Taiwanese government and media, and blog sites are still banned. The idea of having privacy rights or any type of Internet privacy is a concept that many Chinese citizens have little understanding of.
The concept of the Great Firewall started in 1998 and began operating in 2003. The need for the GSP stemmed from Communist regimes fearing that the Chinese Democracy Party would develop an extensive and powerful network that couldn't be controlled. The GSP acts as a firewall (hence the nickname) and blocks content based on IP addresses and a massive database of banned websites. The IPs are banned and prevented from gaining access to blocked content basically by using a proxy server the opposite way we would use it (think: reverse proxy). GSP combines IP filtering with DNS poisoning to maintain control over the Internet in China.
Along with IP blocking, URL-, DNS-, and Packet-filtering, the GSP has a unique characteristic: it doesn't just ban sites based on these methods, but also bans websites based on the content. This blog would be banned instantly because it shows methods for gaining access to "forbidden sites," but also any content that is considered subversive by the government would be subject to banishment (this means any pro-democracy, pro-Tibet, and pro-anything else the Chinese government is against).
The final point that has been brought about because of the Great Firewall is self-censorship. While sites that should be banned do slip through the cracks, many Chinese citizens end up practicing self-censorship and not visiting these sites anyway. It makes perfect sense: Just because the site hasn't been banned yet, is it still okay to look at? Why take that chance and end up in prison like many Chinese bloggers do? The thought that you are being watched by the Golden Shield Project even if the site is allowed on the network is a mighty force...people tend to act differently when their bosses, or the authorities, are paying attention.
While most Americans and Europeans do have the right to choose what sites they visit and surf the Internet freely (again the keyword is "most"), other countries' citizens are stifled by government censorship of the Internet. In China any site that expresses opposing views or states a negative opinion of the government is banned. Not only will the site be banned, but the authors may face criminal charges and a lengthy prison sentence. While many sites have recently been unblocked by the Chinese government because of the Beijing Olympics, many other sites including, pro-democracy advocates, Taiwanese government and media, and blog sites are still banned. The idea of having privacy rights or any type of Internet privacy is a concept that many Chinese citizens have little understanding of.
The concept of the Great Firewall started in 1998 and began operating in 2003. The need for the GSP stemmed from Communist regimes fearing that the Chinese Democracy Party would develop an extensive and powerful network that couldn't be controlled. The GSP acts as a firewall (hence the nickname) and blocks content based on IP addresses and a massive database of banned websites. The IPs are banned and prevented from gaining access to blocked content basically by using a proxy server the opposite way we would use it (think: reverse proxy). GSP combines IP filtering with DNS poisoning to maintain control over the Internet in China.
Along with IP blocking, URL-, DNS-, and Packet-filtering, the GSP has a unique characteristic: it doesn't just ban sites based on these methods, but also bans websites based on the content. This blog would be banned instantly because it shows methods for gaining access to "forbidden sites," but also any content that is considered subversive by the government would be subject to banishment (this means any pro-democracy, pro-Tibet, and pro-anything else the Chinese government is against).
The final point that has been brought about because of the Great Firewall is self-censorship. While sites that should be banned do slip through the cracks, many Chinese citizens end up practicing self-censorship and not visiting these sites anyway. It makes perfect sense: Just because the site hasn't been banned yet, is it still okay to look at? Why take that chance and end up in prison like many Chinese bloggers do? The thought that you are being watched by the Golden Shield Project even if the site is allowed on the network is a mighty force...people tend to act differently when their bosses, or the authorities, are paying attention.
Wednesday, August 6, 2008
China partially lifts its Internet censorship and restrictions
CNSNews.com has reported that China is loosening their restrictions on Internet censorship, something that privacy advocates have been pressuring China to do for years. With the Olympics coming to town, the Chinese government has lifted many of the tight controls which previously restricted its citizens from freely surfing the Internet. The important part of the story is that these restrictions have not just been lifted at the Olympic games compound, but in other parts of Beijing as well. This ultimately means that Chinese netizens can now use Wikipedia, BBC China, and non-government sites such as Amnesty International and Reporters without Borders. These sites, along with many other have been banned by the Chinese government via The Great Firewall.
For the first time in years, or ever in some cases, Chinese citizens have the the chance to surf the Internet freely and see China from a different point of view. The Chinese government banned many websites that do not coincide with their point of view and Chinese citizens did not have the opportunity to see things from an outside perspective. Chinese netizens had to resort to anonymous proxy servers and other methods to maintain their Internet privacy. People can now openly view and dialog some of the major issues facing China such as: air pollution, Tibet, media censorship, and human rights.
The lifting of the ban came about due to an overwhelming demand from foreign journalists that were angered because they could not visit certain sites they needed. While the ban being lifted is a big deal in China, many sites are still censored and unable to be accessed. Reporters without Borders has stated that their English-language site is no longer banned but the Chinese-language site is. Many Tibetan advocacy sites and the Chinese Human Rights Defenders site still faces the restrictions placed by The Great Firewall.
Although the system isn't perfect, China did agree to loosen the restrictions for the Olympics. This is a step in the right direction, as far as human rights are concerned. While Chinese government and media will always defend their Internet censorship policies, the rest of the world still sees it as a way to oppress their people even more. The major question posed to Chinese citizens is: Does an average person really worry about the censorship? Do they want to know about the U.S. or U.K.'s view on China's government policies? Or is it a case of ignorance is bliss and as long as they have a job, shelter, and food for their family?
For the first time in years, or ever in some cases, Chinese citizens have the the chance to surf the Internet freely and see China from a different point of view. The Chinese government banned many websites that do not coincide with their point of view and Chinese citizens did not have the opportunity to see things from an outside perspective. Chinese netizens had to resort to anonymous proxy servers and other methods to maintain their Internet privacy. People can now openly view and dialog some of the major issues facing China such as: air pollution, Tibet, media censorship, and human rights.
The lifting of the ban came about due to an overwhelming demand from foreign journalists that were angered because they could not visit certain sites they needed. While the ban being lifted is a big deal in China, many sites are still censored and unable to be accessed. Reporters without Borders has stated that their English-language site is no longer banned but the Chinese-language site is. Many Tibetan advocacy sites and the Chinese Human Rights Defenders site still faces the restrictions placed by The Great Firewall.
Although the system isn't perfect, China did agree to loosen the restrictions for the Olympics. This is a step in the right direction, as far as human rights are concerned. While Chinese government and media will always defend their Internet censorship policies, the rest of the world still sees it as a way to oppress their people even more. The major question posed to Chinese citizens is: Does an average person really worry about the censorship? Do they want to know about the U.S. or U.K.'s view on China's government policies? Or is it a case of ignorance is bliss and as long as they have a job, shelter, and food for their family?
Saturday, August 2, 2008
Identity Theft Resources and Tools for Victims
While we write blogs and update our site with useful tools and information to protect your Internet privacy, 84 million people a year fall victim to identity theft. With fraud totals reaching $49.3 billion in 2007, it is very important to take the first step and proactively find ways to keep your information private. We provide blogs, articles, and products that protect you, but the 84 million people a year who have fallen victim to identity theft have little help or support.
Many victims find out within three months of the theft...that means the person who stole the identity has had a three month head start on spending your money and opening up false accounts. This fact, along with the fact that the average identity theft victim can spend 330 hours repairing their credit, shows that ID theft is a dangerous crime. 330 hours = roughly 13 full days. That means a person can spend 13 24-hour days (or 41 8-hour work days) trying to fix the damage from ID theft. The FTC has created a section of their website that contains tools and information for the victims of identity theft so they can begin the rebuilding process as quickly as possible.
If you are the victim of identity theft you should do these four steps immediately:
Many victims find out within three months of the theft...that means the person who stole the identity has had a three month head start on spending your money and opening up false accounts. This fact, along with the fact that the average identity theft victim can spend 330 hours repairing their credit, shows that ID theft is a dangerous crime. 330 hours = roughly 13 full days. That means a person can spend 13 24-hour days (or 41 8-hour work days) trying to fix the damage from ID theft. The FTC has created a section of their website that contains tools and information for the victims of identity theft so they can begin the rebuilding process as quickly as possible.
If you are the victim of identity theft you should do these four steps immediately:
- Review your credit reports and place a fraud alert (or extended fraud alert) with the credit bureaus.
- Close the accounts that have been tampered with or opened fraudulently.
- File a complaint with the FTC.
- File a police report.
- You must always keep a log of your actions and findings when gathering information from an identity theft. The FTC has provided a "course of action chart" to help you keep detailed information for your reference.
- FTC ID Theft Complaint form. This form found on the FTC's Consumer Protection page can be combined with the police report to create an Identity Theft Report, helping victims get the ball rolling sooner and recover quicker. The report is used to block fraudulent information from appearing on your credit report, and prevent companies from collecting debts due to an identity theft.
- ID Theft Affidavit (pdf). This form is less detailed and does not offer as much protection as the Identity Theft Report, but is still a very useful tool to have. The eight page document must be filled out in order to absolve you of any debt incurred due to identity theft, or to gain access to the information a company has on the identity thief they dealt with.
- Victim's Statement of Rights. This statement details your rights under federal law (and also has a link to state resources).
- You will have to write many letters to credit card companies, banks, and other companies that have been used during your identity theft. The FTC provides a list of sample letters for various purposes that are useful and time saving tools (note: Word documents):
- Requesting fraudulent transactions or account information
- Requesting credit bureaus to block fraudulent information from appearing on your credit report
- Disputing charges on an existing account that has been tampered with
- Disputing charges on an account opened by the identity thief
- Law Enforcement(pdf) cover letter that should be attached with your FTC Identity Theft Complaint
Wednesday, July 30, 2008
GovGab...your U.S. government blog
GovGab is an important tool for staying up to date on government legislation and resources. The blog posts vary by many different topics, with some of the newer ones focusing on keeping your food from spoiling during a power outage or discovering disabilityinfo.gov. The blog also breaks down into different categories so you can search for the things you are interested in.
The part of the blog I would like to focus on is one of their more recent posts. It is focused on privacy protection. The most important part of the posts points us to a list of privacy resources aimed at helping us maintain privacy. The resource page is set up with government and non-government sponsored websites that are all focused on helping us keep our privacy.
The resource page has just about any topic you could need to know about. It does have a lot of articles and resources for protecting children online, which is always a major concern. Other areas include financial information, identity theft protection, medical records privacy and Internet privacy. The resources site has a lot to offer and can keep you busy for a long time. Along with privacy resources, the resources site allows you to locate local officials, find information on a business, and get resources for teachers and consumers.
Ultimately the blog is a great source of information from our government. It does a great job of keeping the postings entertaining and not just focused on politics and policies.
The part of the blog I would like to focus on is one of their more recent posts. It is focused on privacy protection. The most important part of the posts points us to a list of privacy resources aimed at helping us maintain privacy. The resource page is set up with government and non-government sponsored websites that are all focused on helping us keep our privacy.
The resource page has just about any topic you could need to know about. It does have a lot of articles and resources for protecting children online, which is always a major concern. Other areas include financial information, identity theft protection, medical records privacy and Internet privacy. The resources site has a lot to offer and can keep you busy for a long time. Along with privacy resources, the resources site allows you to locate local officials, find information on a business, and get resources for teachers and consumers.
Ultimately the blog is a great source of information from our government. It does a great job of keeping the postings entertaining and not just focused on politics and policies.
Anonymous Surfing is now available for Firefox and Vista using Private Proxy
Tampa, Florida (July 30, 2008) - PrivacyView Software, the developer of award-winning Internet and computer privacy software, announced today that the latest release of its anonymous proxy server, Private Proxy, supports Firefox version 3.0 under both Windows XP and Windows Vista.
This recent update allows Private Proxy users to use Mozilla Firefox version 3.0 under Windows Vista. Private Proxy previously supported Firefox on Windows XP. Now Vista users can surf anonymously with both Firefox and Internet Explorer.
Increasingly, people need safe and secure access to the Internet in order to protect both their privacy and freedom. Private Proxy allows users to choose an anonymous proxy server where their Internet browsing can not be monitored. For example, with the recent Viacom / YouTube lawsuit, any Private Proxy user would have been secure from potential tracking from Viacom. By using Private Proxy, the IP address is changed to an anonymous IP address and hence not associated with a specific user.
Private Proxy also encrypts the Internet communications between Firefox or Internet Explorer and the anonymous proxy enabling users to create a secure tunnel. With a secure tunnel, users are able to access sites that were previously blocked by bypassing filters typically used by restrictive governments and many corporations. Further, the users’ anonymity is protected because the destination websites will not be able to track the users to their company or location based on their IP address.
The software comes with a 7 day free trial allowing users to decide if they want to keep the service without having to spend any money. Along with the 7 day free trial, PrivacyView offers two options for its users: they can subscribe to a monthly service for $9.95 or choose a quarterly option for only $24.95.
About PrivacyView Software:
PrivacyView Software, LLC is a privately held company headquartered in Tampa, Florida. Founded in 2003, the company creates and markets privacy software for consumers. The company and its products have won numerous technology awards. For more information about PrivacyView, and its affiliate program, please visit www.privacyview.com.
This recent update allows Private Proxy users to use Mozilla Firefox version 3.0 under Windows Vista. Private Proxy previously supported Firefox on Windows XP. Now Vista users can surf anonymously with both Firefox and Internet Explorer.
Increasingly, people need safe and secure access to the Internet in order to protect both their privacy and freedom. Private Proxy allows users to choose an anonymous proxy server where their Internet browsing can not be monitored. For example, with the recent Viacom / YouTube lawsuit, any Private Proxy user would have been secure from potential tracking from Viacom. By using Private Proxy, the IP address is changed to an anonymous IP address and hence not associated with a specific user.
Private Proxy also encrypts the Internet communications between Firefox or Internet Explorer and the anonymous proxy enabling users to create a secure tunnel. With a secure tunnel, users are able to access sites that were previously blocked by bypassing filters typically used by restrictive governments and many corporations. Further, the users’ anonymity is protected because the destination websites will not be able to track the users to their company or location based on their IP address.
The software comes with a 7 day free trial allowing users to decide if they want to keep the service without having to spend any money. Along with the 7 day free trial, PrivacyView offers two options for its users: they can subscribe to a monthly service for $9.95 or choose a quarterly option for only $24.95.
About PrivacyView Software:
PrivacyView Software, LLC is a privately held company headquartered in Tampa, Florida. Founded in 2003, the company creates and markets privacy software for consumers. The company and its products have won numerous technology awards. For more information about PrivacyView, and its affiliate program, please visit www.privacyview.com.
Tuesday, July 29, 2008
Hide My IP?
To ensure your Internet Privacy, there are two things to watch, your IP address and your local Internet traces. In this post, we will focus on hiding your IP address.
First, why be concerned about hiding your IP address? Why do people search on Hide My IP or Hide My IP Address? It's simple, your IP address is associated with the server you use to connect to the Internet.
For example, I live in Tampa and connect to the Internet with my Road Runner account. When I check my IP address, it shows that I am in Tampa and use Road Runner as my Internet Service Provider (ISP). That in itself is not a problem. However, there are two possible reasons to be concerned. First, some sites block access based on an IP address. You might have been banned from a favorite website, or posted over the daily allowable limit on a given website. The IP address is one of the ways that you can be tracked or blocked. However, as I tell all our customers of our anonymous proxy, Private Proxy, to change IP addresses is often not enough. You also have to make sure you don't have a cookie stored on your PC that also identifies you. Assuming the cookie issue is solved, hide IP software or services can get you past a blocked website.
If you surf from work, you might need a hide IP address service so that you can not be tracked back to your company. When you surf from work, chances are that you are connecting through your company's Internet server. This server's IP address will identify the company. If you are researching a competitor you probably would not want your IP address to show up on the competitor's website log. Worse yet, if you are surfing for personal reasons at work, you really might not want anyone to be able to track back to your employer.
In both instances, whether surfing from home or work, the server you connect through has a log showing your web surfing. With an IP address that points back to the server, you can be tracked back directly to your home or our desk. Here's how: The IP address shows the web server. The web server knows who you are. In the case of an employer, all they have to do is look at the log. In the case of an ISP, all it takes is a subpoena or a helpful ISP employee. In either case, with the right questions, you can be traced.
So why do I hide my IP address? It's mostly principle. When I hide my IP address I know I've made it more difficult for someone to trace me. I find it very disturbing that some web sites and most search engines use IP addresses to build profiles. Why make it easy for them? Hence, I hide my IP.
First, why be concerned about hiding your IP address? Why do people search on Hide My IP or Hide My IP Address? It's simple, your IP address is associated with the server you use to connect to the Internet.
For example, I live in Tampa and connect to the Internet with my Road Runner account. When I check my IP address, it shows that I am in Tampa and use Road Runner as my Internet Service Provider (ISP). That in itself is not a problem. However, there are two possible reasons to be concerned. First, some sites block access based on an IP address. You might have been banned from a favorite website, or posted over the daily allowable limit on a given website. The IP address is one of the ways that you can be tracked or blocked. However, as I tell all our customers of our anonymous proxy, Private Proxy, to change IP addresses is often not enough. You also have to make sure you don't have a cookie stored on your PC that also identifies you. Assuming the cookie issue is solved, hide IP software or services can get you past a blocked website.
If you surf from work, you might need a hide IP address service so that you can not be tracked back to your company. When you surf from work, chances are that you are connecting through your company's Internet server. This server's IP address will identify the company. If you are researching a competitor you probably would not want your IP address to show up on the competitor's website log. Worse yet, if you are surfing for personal reasons at work, you really might not want anyone to be able to track back to your employer.
In both instances, whether surfing from home or work, the server you connect through has a log showing your web surfing. With an IP address that points back to the server, you can be tracked back directly to your home or our desk. Here's how: The IP address shows the web server. The web server knows who you are. In the case of an employer, all they have to do is look at the log. In the case of an ISP, all it takes is a subpoena or a helpful ISP employee. In either case, with the right questions, you can be traced.
So why do I hide my IP address? It's mostly principle. When I hide my IP address I know I've made it more difficult for someone to trace me. I find it very disturbing that some web sites and most search engines use IP addresses to build profiles. Why make it easy for them? Hence, I hide my IP.
Thursday, July 24, 2008
Researchers in trouble for snooping...
cnet News is reporting that researchers from the University of Colorado and the University of Washington could face charges for snooping the Tor network. The researchers could face up to five years in prison for breaking the Wiretap Act. Tor (The Onion Router) anonymous proxy network is a free software that allows users to surf the Internet anonymously through a circuit of networked computers that encrypt and transmit the data.
Two graduate students and three professors never had a legal review of the project or had been authorized by the university's Human Subjects Committee. The academic paper was presented at the Privacy Enhancing Technology Forum and intended to shed light on exactly what kind of information was flowing over Tor. The results found "some of Tor's users include pro-democracy dissidents, journalists and bloggers in countries like China, Egypt and Burma who would otherwise face arrest and torture for their work."
To study Tor, the researchers set up an exit node in December 2007 and recorded and stored the first part of each network packet passing through the node. This gave them information as to what kind of information was being passed and what websites people are visiting. They then ran an entry node which gave them the users' IP addresses as they passed through the node, allowing them to see which countries used Tor the most. The two studies recorded and stored different types of information so users could not be cross-referenced.
They found German users were on Tor the most, while 58% of bandwidth used on Tor was from web browsing. A massive 40% of the bandwidth was used by torrent users, even though these users only amounted for 3% of the total.
The researchers spoke with a lawyer and felt that it was unnecessary to get a second opinion or to contact the university's Institutional Review Board, even though Tor's policy is not to attach such recording programs because it could result in criminal and civil charges. The team did not follow proper protocol in any way...could it perhaps be that the university would have a problem with their researchers spying and recording people's information without their consent?
Two graduate students and three professors never had a legal review of the project or had been authorized by the university's Human Subjects Committee. The academic paper was presented at the Privacy Enhancing Technology Forum and intended to shed light on exactly what kind of information was flowing over Tor. The results found "some of Tor's users include pro-democracy dissidents, journalists and bloggers in countries like China, Egypt and Burma who would otherwise face arrest and torture for their work."
To study Tor, the researchers set up an exit node in December 2007 and recorded and stored the first part of each network packet passing through the node. This gave them information as to what kind of information was being passed and what websites people are visiting. They then ran an entry node which gave them the users' IP addresses as they passed through the node, allowing them to see which countries used Tor the most. The two studies recorded and stored different types of information so users could not be cross-referenced.
They found German users were on Tor the most, while 58% of bandwidth used on Tor was from web browsing. A massive 40% of the bandwidth was used by torrent users, even though these users only amounted for 3% of the total.
The researchers spoke with a lawyer and felt that it was unnecessary to get a second opinion or to contact the university's Institutional Review Board, even though Tor's policy is not to attach such recording programs because it could result in criminal and civil charges. The team did not follow proper protocol in any way...could it perhaps be that the university would have a problem with their researchers spying and recording people's information without their consent?
Privacy vs Border Security
Today we reexamine and update a previous blog posting concerned with you privacy while travelling. A recent article presented by istockanalyst.com discusses how laptop searches cross the line between privacy and security.
Jawad Khaki was returning home from a business trip when he was stopped by customs. Khaki, a corporate executive, told customs everything he had done and everywhere he went. He was then asked to turn on his cellphone, which customs took from him and searched. Customs checked his to-do list and his calender.
This is just one story of the line between privacy and security that is being crossed by customs agents. Does the search and seizure of laptops, cellphones, and PDAs cross the line?
The main question being presented, in both this article and my previous blog post, "What if a traveler's laptop includes corporate secrets, a lawyer's confidential documents, a journalist's notes from a protected source, or personal financial and medical information?" Advocacy groups are concerned with the misuse of information and say they have not gotten any clear answers when posing these questions to the Department of Homeland Security. Two groups have actually filed a lawsuit so they can get that information from Homeland Security.
I understand that sometimes it is necessary to conduct these searches to protect our national security...I am not referring to the time where it does compromise national security, but instead the times where a businessman is travelling and is extensively searched above and beyond what is reasonable. Customs and Border Patrol spokeswoman said that, "The department doesn't keep seized electronics unless it suspects wrongdoing, and any U.S. citizen's information that's copied is kept only if it's relevant for criminal or national-security investigations." I do appreciate that, but it needs to be made into official policy.
CBP is using the same reasoning behind checking luggage to check laptops. No reason or probable cause is needed to be searched by customs. There needs to be a distinction between the two. Laptops carry sensitive and personal information, especially if it being used for business travel. The data found on there is an "extension of a person's professional and personal identity." The main difference between the search of luggage and the search of a computer, which is also pointed out in the article, is that the luggage can be returned easily...but do you know what has been downloaded and copied off your laptop?
Tough situation...
Jawad Khaki was returning home from a business trip when he was stopped by customs. Khaki, a corporate executive, told customs everything he had done and everywhere he went. He was then asked to turn on his cellphone, which customs took from him and searched. Customs checked his to-do list and his calender.
This is just one story of the line between privacy and security that is being crossed by customs agents. Does the search and seizure of laptops, cellphones, and PDAs cross the line?
The main question being presented, in both this article and my previous blog post, "What if a traveler's laptop includes corporate secrets, a lawyer's confidential documents, a journalist's notes from a protected source, or personal financial and medical information?" Advocacy groups are concerned with the misuse of information and say they have not gotten any clear answers when posing these questions to the Department of Homeland Security. Two groups have actually filed a lawsuit so they can get that information from Homeland Security.
I understand that sometimes it is necessary to conduct these searches to protect our national security...I am not referring to the time where it does compromise national security, but instead the times where a businessman is travelling and is extensively searched above and beyond what is reasonable. Customs and Border Patrol spokeswoman said that, "The department doesn't keep seized electronics unless it suspects wrongdoing, and any U.S. citizen's information that's copied is kept only if it's relevant for criminal or national-security investigations." I do appreciate that, but it needs to be made into official policy.
CBP is using the same reasoning behind checking luggage to check laptops. No reason or probable cause is needed to be searched by customs. There needs to be a distinction between the two. Laptops carry sensitive and personal information, especially if it being used for business travel. The data found on there is an "extension of a person's professional and personal identity." The main difference between the search of luggage and the search of a computer, which is also pointed out in the article, is that the luggage can be returned easily...but do you know what has been downloaded and copied off your laptop?
Tough situation...
Monday, July 21, 2008
Facebook leads to two-year prison sentence...
Blogger News Network is reporting on a 20-year old Rhode Island native who has been sentenced to two years in prison for a drunk driving accident that left another driver seriously injured. Now you are probably asking, "What does this have to do with an Internet privacy blog?" The answer: Two weeks after he was charged, Joshua Lipton attended a Halloween party dressed as a "jail bird." The photos of him partying were posted on Facebook, which ended up being very useful to the prosecution.
The prosecution found these photos and used them as evidence in court. They said Joshua was an "unrepentant partier" who "lived" it up, even though the victim of the crash was in the hospital. The judge agreed and before giving out his sentence deemed Justin to be "depraved."
Prosecutors are not the only ones who are using social networking sites to make important professional decisions. Many employers are looking up their candidates on these sites to see what kind of life they lead and if they would like to employ them, or not.
It is probably a good idea to completely delete your profiles when you are looking for a job...or when you are on trial. Better yet, think twice before you post anything.
The prosecution found these photos and used them as evidence in court. They said Joshua was an "unrepentant partier" who "lived" it up, even though the victim of the crash was in the hospital. The judge agreed and before giving out his sentence deemed Justin to be "depraved."
Prosecutors are not the only ones who are using social networking sites to make important professional decisions. Many employers are looking up their candidates on these sites to see what kind of life they lead and if they would like to employ them, or not.
It is probably a good idea to completely delete your profiles when you are looking for a job...or when you are on trial. Better yet, think twice before you post anything.
Private investigators jobs made easier than ever with the Internet...
Sometimes it seems like writing blog posts and doing research is just about data and these huge companies possibly gaining too much information about you or an ISP tracking you. So I decided to put things into perspective and describe a scenario that doesn't involve two massive companies or some obscure government body.
A recent interview with a private investigator presented by Yahoo! News and cnet News discusses just how easy it is for him to gather information for his clients in this modern era. With the increased use of the Internet, his preferred tool, and social networking sites, Steven Rambam is able to learn everything possible about a person without ever having to meet them.
Privacy decreases with every blog post, every MySpace bulletin, and every photo posted. Mr. Rambam states, "Anything you put on the Internet will be grabbed, indexed, cataloged, and out of your control before you know it...The genie is out of the bottle. Data doesn't stay in one location. It migrates to hundreds of places." This has helped his job, basically by making it easier to find out anything he needs while building a case for a client.
He starts off by using social networking sites to find out what the person looks like. From there he can also gather other information such as: occupation, hometown, age, etc. He evens compiles a list of friends and family to interview. He says that he used to have to pay the police to get a driver's license photo...now all he has to do is find their MySpace page. He also uses job search engines to find resumes with personal information, and even uses the dreaded marketing companies that compile our data on us.
He also discusses the various ways technology has benefited his business, while hurting our privacy. Cell phones, referred to as the 24/7 "snitch," since data can be cross-referenced to see who you talked to and where you were. This along with the increased use of cameras, such as in New York City subways, to monitor and control the population.
Mr. Rambam conducted an experiment...he had someone agree to go into hiding for a year and see how many times he could be found. The answer: 9. Nine times the person who was attempting and trying to hide their identity was found. Through various methods, mostly Internet-based, he was able to track down his target.
A recent interview with a private investigator presented by Yahoo! News and cnet News discusses just how easy it is for him to gather information for his clients in this modern era. With the increased use of the Internet, his preferred tool, and social networking sites, Steven Rambam is able to learn everything possible about a person without ever having to meet them.
Privacy decreases with every blog post, every MySpace bulletin, and every photo posted. Mr. Rambam states, "Anything you put on the Internet will be grabbed, indexed, cataloged, and out of your control before you know it...The genie is out of the bottle. Data doesn't stay in one location. It migrates to hundreds of places." This has helped his job, basically by making it easier to find out anything he needs while building a case for a client.
He starts off by using social networking sites to find out what the person looks like. From there he can also gather other information such as: occupation, hometown, age, etc. He evens compiles a list of friends and family to interview. He says that he used to have to pay the police to get a driver's license photo...now all he has to do is find their MySpace page. He also uses job search engines to find resumes with personal information, and even uses the dreaded marketing companies that compile our data on us.
He also discusses the various ways technology has benefited his business, while hurting our privacy. Cell phones, referred to as the 24/7 "snitch," since data can be cross-referenced to see who you talked to and where you were. This along with the increased use of cameras, such as in New York City subways, to monitor and control the population.
Mr. Rambam conducted an experiment...he had someone agree to go into hiding for a year and see how many times he could be found. The answer: 9. Nine times the person who was attempting and trying to hide their identity was found. Through various methods, mostly Internet-based, he was able to track down his target.
Tuesday, July 15, 2008
Privacy International...defending your personal privacy.
Privacy International has been around for almost 20 years and works hard day-in and day-out to protect our personal privacy from corporations and governments. They are the oldest privacy advocacy group and the first of its kind international resource for privacy protection. Headquartered in London, with a U.S. headquarters in Washington D.C., they describe themselves as a chameleon-like group that advocates privacy but can also be a troublemaker. Privacy International's advisory group is not afraid to dive into a controversial campaign in order to protect privacy. Privacy International is a very involved privacy advocate group that uses the power of the pen to conduct studies and write reports that will benefit privacy for all.
Privacy International's website is very easy to use and navigate. It contains a listing of "Top News" articles that they are directly involved in, continues with a Key Resources section, followed by News and Developments and lastly a Reports/Studies/Campaigns section. The website also offers specific subject areas that offer more in depth coverage and information in such areas as: data protection and privacy laws, financial surveillance, and national ID cards. You can also search issues by specific privacy related keywords.
Privacy International's website is very easy to use and navigate. It contains a listing of "Top News" articles that they are directly involved in, continues with a Key Resources section, followed by News and Developments and lastly a Reports/Studies/Campaigns section. The website also offers specific subject areas that offer more in depth coverage and information in such areas as: data protection and privacy laws, financial surveillance, and national ID cards. You can also search issues by specific privacy related keywords.
Monday, July 14, 2008
Footprints in the electronic sand
Unlike the footprints we leave as we walk along the beach, electronic footprints don't wash away so easily. Most human activity leaves an electronic footprint that will last until we have an apocalyptic event. To put this into perspective, unless we are plunged into another dark age by a meteor, traces of our existence will last well beyond our lifetime. This leaves us with two choices, accept the inevitable or pay attention to the traces we leave.
Let's focus on the some of the traces we leave and the choices we have. From driving to surfing the Internet, we leave a huge volume of traces that we usually don't think about. Even if we have nothing to hide, maybe we should still know what traces we leave behind. I've chosen to accept some loss of privacy for the sake of convenience.
My car is equipped with OnStar. This is a great tool in case of an accident. It also helps when I'm lost or want to find the nearest gas station. But what traces does it leave? First off we know there is a GPS system that tracks the cars movement. This is how you get directions and how emergency personnel are notified in case of an accident. Should I worry about this? I don't, but what if I don't want people to know where I've been. Well I suppose I could decide not to take my car.
But wait, if I don't take my car I can still be tracked by my cell phone. It too sends out a signal that let's the phone company know where I am. It needs to send the signal so I can receive calls. I suppose that I could turn off my cell phone so that it's not sending out signals.
But wait, what car am I using? If it's a rental car, I had to pay for it with a credit card and show identification. That almost defeats the whole purpose of not using my car. And what if the rental car company has installed a tracker just in case their car was stolen. Hmmmmm.
Maybe I could borrow a friends car. If the friend picked me up, I could drop my friend off and drive to where ever I was going. Of course if I borrowed a car I'd have to make sure it did not have an electronic toll payment system like SunPass or EasyPass. And I'd probably want to return the car with gas. Hmmmm. I guess I would have to pay cash for the gas if I wanted to make sure I did not leave a trail.
But wait, where did I get the cash? If I went to an ATM then I left a trace at that machine. Worse yet, where did I go? Almost anything we do involves spending money. Having lunch, flying on an airplane, parking at the airport, renting a hotel room, buying clothes and well, just about anything. That's an awful lot of cash.
But maybe I don't go far or maybe I don't spend a lot of money. However, if I used the Internet to research a local park and the park hours, my ISP at home has a log of my activity. My PC also has the history of the browsing and maybe even a cookie.
Maybe this all seems a little over the top. The point is that in the world today we leave an electronic footprint. Someone can create a very detailed picture of our existence using that footprint. Should we worry about it, yes and no. Yes because with evil intent that information can be used against us in ways I don't even want to think about. And no, because there is very little we can do about it.
While I don't worry about it, I do recognize the footprints I leave behind. And when I am concerned about people with evil intentions, I try to minimize that footprint as much as possible.
Let's focus on the some of the traces we leave and the choices we have. From driving to surfing the Internet, we leave a huge volume of traces that we usually don't think about. Even if we have nothing to hide, maybe we should still know what traces we leave behind. I've chosen to accept some loss of privacy for the sake of convenience.
My car is equipped with OnStar. This is a great tool in case of an accident. It also helps when I'm lost or want to find the nearest gas station. But what traces does it leave? First off we know there is a GPS system that tracks the cars movement. This is how you get directions and how emergency personnel are notified in case of an accident. Should I worry about this? I don't, but what if I don't want people to know where I've been. Well I suppose I could decide not to take my car.
But wait, if I don't take my car I can still be tracked by my cell phone. It too sends out a signal that let's the phone company know where I am. It needs to send the signal so I can receive calls. I suppose that I could turn off my cell phone so that it's not sending out signals.
But wait, what car am I using? If it's a rental car, I had to pay for it with a credit card and show identification. That almost defeats the whole purpose of not using my car. And what if the rental car company has installed a tracker just in case their car was stolen. Hmmmmm.
Maybe I could borrow a friends car. If the friend picked me up, I could drop my friend off and drive to where ever I was going. Of course if I borrowed a car I'd have to make sure it did not have an electronic toll payment system like SunPass or EasyPass. And I'd probably want to return the car with gas. Hmmmm. I guess I would have to pay cash for the gas if I wanted to make sure I did not leave a trail.
But wait, where did I get the cash? If I went to an ATM then I left a trace at that machine. Worse yet, where did I go? Almost anything we do involves spending money. Having lunch, flying on an airplane, parking at the airport, renting a hotel room, buying clothes and well, just about anything. That's an awful lot of cash.
But maybe I don't go far or maybe I don't spend a lot of money. However, if I used the Internet to research a local park and the park hours, my ISP at home has a log of my activity. My PC also has the history of the browsing and maybe even a cookie.
Maybe this all seems a little over the top. The point is that in the world today we leave an electronic footprint. Someone can create a very detailed picture of our existence using that footprint. Should we worry about it, yes and no. Yes because with evil intent that information can be used against us in ways I don't even want to think about. And no, because there is very little we can do about it.
While I don't worry about it, I do recognize the footprints I leave behind. And when I am concerned about people with evil intentions, I try to minimize that footprint as much as possible.
Thursday, July 10, 2008
YouTube users get back at Viacom the only way they can...with more videos!
It seems that angry YouTube users are showing their discontent through the use of their freedom of speech...and by making videos aimed at telling Viacom exactly how they feel. A few days ago the Viacom/Google battle was in full swing (read the blog about YouTube user losing their Internet privacy), now Newsfactor is reporting on the backlash against Viacom's legal win over Google, forcing Google to give up all sorts of information about their YouTube users.
The copyright infringement lawsuit (for $1 billion) has angered users since now all of their information is being given up to Viacom so that the company can analyze the way viral videos vs copyrighted videos are viewed. While one good thing is that Viacom was not given YouTube's source code, user information was not safe from Viacom.
Angry users have been making videos urging the boycott of Viacom.
While the gigantic corporation is busy picking on YouTube users, they can't take a moment to comment on the subject. Instead they released a comment on the company's website stating, "A recent discovery order by the federal court hearing the case of Viacom v. YouTube has triggered concern about what information will be disclosed by Google and YouTube and how it will be used. Viacom has not asked for and will not be obtaining any personally identifiable information of any YouTube user." Well, I feel safe now...I am definitely positive that my information is safe and that Viacom will be responsible with it. Besides, if I can't trust a large corporation with very large financial incentives that go against my best interests, who can I trust?
The copyright infringement lawsuit (for $1 billion) has angered users since now all of their information is being given up to Viacom so that the company can analyze the way viral videos vs copyrighted videos are viewed. While one good thing is that Viacom was not given YouTube's source code, user information was not safe from Viacom.
Angry users have been making videos urging the boycott of Viacom.
While the gigantic corporation is busy picking on YouTube users, they can't take a moment to comment on the subject. Instead they released a comment on the company's website stating, "A recent discovery order by the federal court hearing the case of Viacom v. YouTube has triggered concern about what information will be disclosed by Google and YouTube and how it will be used. Viacom has not asked for and will not be obtaining any personally identifiable information of any YouTube user." Well, I feel safe now...I am definitely positive that my information is safe and that Viacom will be responsible with it. Besides, if I can't trust a large corporation with very large financial incentives that go against my best interests, who can I trust?
FTC: protecting America's consumers--most of the time.
A recent article by the McClatchy Washington Bureau reported that the Federal Trade Commission (FTC) will not intervene in the battle between data-miners and Internet marketers--ultimately allowing them to figure out for themselves how to protect the Internet privacy of its users. So much for the FTC's catchy slogan of "protecting America's consumers."
The FTC's official statement on the subject is, "Self-regulation may be the preferable approach for this dynamic marketplace." With this being the way it is, new legislation won't even be considered until the new President takes charge next January.
This battle has been raging, and now it may be at its all-time worst. With more consumers worrying about their privacy and more companies using behavioral targeting to advertise to potential customers, Internet privacy is a volatile and touchy subject. Without help from the FTC, this problem will not figure itself out. Limits will be tested and boundaries pushed by companies to see how far they can take the tracking and recording of private information without getting in trouble for it.
While self-regulation is a start, governments needs to step in and do something. Self-regulating is not the final solution, especially when the two sides are on completely different ends of the spectrum...it will be difficult to self-regulate when the corporations want more information and the consumers don't want their privacy invaded. FTC regulations would make everything uniform and consistent.
One of the comments to the article stated it in the best words possible when considering using only self-regulation: It's like letting the fox guard then hen house...
The FTC's official statement on the subject is, "Self-regulation may be the preferable approach for this dynamic marketplace." With this being the way it is, new legislation won't even be considered until the new President takes charge next January.
This battle has been raging, and now it may be at its all-time worst. With more consumers worrying about their privacy and more companies using behavioral targeting to advertise to potential customers, Internet privacy is a volatile and touchy subject. Without help from the FTC, this problem will not figure itself out. Limits will be tested and boundaries pushed by companies to see how far they can take the tracking and recording of private information without getting in trouble for it.
While self-regulation is a start, governments needs to step in and do something. Self-regulating is not the final solution, especially when the two sides are on completely different ends of the spectrum...it will be difficult to self-regulate when the corporations want more information and the consumers don't want their privacy invaded. FTC regulations would make everything uniform and consistent.
One of the comments to the article stated it in the best words possible when considering using only self-regulation: It's like letting the fox guard then hen house...
Friday, July 4, 2008
YouTube users...hand over your privacy!
Telegraph UK reported that search-engine giant Google, the proud owners of YouTube, were demanded to give up ALL of their users' information...that is correct. This started mainly because of a suit brought on by media juggernaut Viacom, who accuses Google/YouTube of hosting copyrighted information on the site. Google will have to hand information over to Viacom such your log-in details, viewing history, and the IP address from which you surf. I hope either A.) you didn't view any copyrighted movies or B.) you are using a proxy server to mask your IP and surf anonymously.
The EFF website also has some information on this subject, which it is calling a "setback to privacy rights." Viacom owns MTV and Paramount Pictures (among others) and is demanding this information because copyrighted programs have been appearing on YouTube and has led to an "explosion of copyright infringement." Googling is countering the $1 billion lawsuit by saying it already goes above and beyond any legal expectations to remove copyrighted materials...a strategy which hopefully works out, especially since I don't think I know a single person who doesn't go on YouTube.
Viacom has stated they want the user details so they can statistically compare original videos with copyrighted videos to show "the attractiveness of allegedly infringing video with that of non-infringing video" (I smell something...it smells a lot like b.s.).
I am just glad that Google does have the firepower to fight back against Viacom and that the EFF has also made their stance clear. I do not need my log-in details and IP address taken hostage so that a "statistical analysis" can be done. How does my personal information help Viacom conduct these studies? IT DOESN'T. Viacom promises not to pursue legal action against people who watch copyrighted content...so I guess we can trust them since they said they wouldn't do it. That has never happened before, why would a huge company like Viacom lie?
While Google has been involved in some privacy rights issues recently I am glad to see they are stepping up and fighting back. They are requesting to encrypt and anonymize the logs before sending them over to Viacom so that individual users are not prosecuted, but so that a statistical analysis can be done anonymously.
The EFF website also has some information on this subject, which it is calling a "setback to privacy rights." Viacom owns MTV and Paramount Pictures (among others) and is demanding this information because copyrighted programs have been appearing on YouTube and has led to an "explosion of copyright infringement." Googling is countering the $1 billion lawsuit by saying it already goes above and beyond any legal expectations to remove copyrighted materials...a strategy which hopefully works out, especially since I don't think I know a single person who doesn't go on YouTube.
Viacom has stated they want the user details so they can statistically compare original videos with copyrighted videos to show "the attractiveness of allegedly infringing video with that of non-infringing video" (I smell something...it smells a lot like b.s.).
I am just glad that Google does have the firepower to fight back against Viacom and that the EFF has also made their stance clear. I do not need my log-in details and IP address taken hostage so that a "statistical analysis" can be done. How does my personal information help Viacom conduct these studies? IT DOESN'T. Viacom promises not to pursue legal action against people who watch copyrighted content...so I guess we can trust them since they said they wouldn't do it. That has never happened before, why would a huge company like Viacom lie?
While Google has been involved in some privacy rights issues recently I am glad to see they are stepping up and fighting back. They are requesting to encrypt and anonymize the logs before sending them over to Viacom so that individual users are not prosecuted, but so that a statistical analysis can be done anonymously.
Thursday, July 3, 2008
EU and US privacy deal coming soon...
Guardian UK recently published an article updating the information about the E.U./U.S. privacy deal set to make way sometime next year. This deal is intended to help both sides in the war on terrorism. The two agreed in "principle" but still have numerous unresolved issues.
This deal would be a breakthrough, according to the article, for the U.S. since it faces very strict E.U. privacy laws when trying to find information on a suspected terrorist or criminal. Credit card transactions, travel history, and Internet habits are all protected by the E.U. (Look back at this previous post about U.S. and E.U. privacy laws).
While both sides want to get the ball rolling and make this happen, they do recognize that many issues still need to be resolved. Further they are not in a hurry to make something happen at the expense of citizens' privacy rights. This is especially true with the recent criticisms that have come about from other deals made between the two, especially one where the E.U. gave the U.S. access to private data about passengers traveling to the U.S. A key issue is the misuse of information, which, if happens, will allow E.U. citizens to sue the U.S. under the U.S. privacy act.
Some principles have been agreed on, while others are still being figured out. One of the major principles is that, "information revealing a person's racial or ethnic origins, political, religious or philosophical views and health or sexual behavior, may not be processed unless domestic legislation provides appropriate safeguards...people should be told about use of their data, which must be supervised by an independent authority."
Ultimately, I like this idea...assuming the two stay on the right track and continue progress towards ensuring the average Joe is protected. It definitely seems like every intention is being made to protect us...only time will tell how this plays out.
This deal would be a breakthrough, according to the article, for the U.S. since it faces very strict E.U. privacy laws when trying to find information on a suspected terrorist or criminal. Credit card transactions, travel history, and Internet habits are all protected by the E.U. (Look back at this previous post about U.S. and E.U. privacy laws).
While both sides want to get the ball rolling and make this happen, they do recognize that many issues still need to be resolved. Further they are not in a hurry to make something happen at the expense of citizens' privacy rights. This is especially true with the recent criticisms that have come about from other deals made between the two, especially one where the E.U. gave the U.S. access to private data about passengers traveling to the U.S. A key issue is the misuse of information, which, if happens, will allow E.U. citizens to sue the U.S. under the U.S. privacy act.
Some principles have been agreed on, while others are still being figured out. One of the major principles is that, "information revealing a person's racial or ethnic origins, political, religious or philosophical views and health or sexual behavior, may not be processed unless domestic legislation provides appropriate safeguards...people should be told about use of their data, which must be supervised by an independent authority."
Ultimately, I like this idea...assuming the two stay on the right track and continue progress towards ensuring the average Joe is protected. It definitely seems like every intention is being made to protect us...only time will tell how this plays out.
Monday, June 30, 2008
Hotels...making private information not so private.
Hotels could possibly be breaking data protection laws and illegally storing information about guests. A recent article by TimesOnline (UK) discussed the privacy risks that hotels are subjecting guests to. The hotels claim that by keeping the information they are able to improve service, even though collecting the information without the guests' knowledge or consent is against the Data Protection Act.
Information being stored includes credit card numbers, family-life information, occupation, nationalities, and even some other activities including consumption of alcohol and names of overnight visitors with the guest. Don't order an adult film or be rude to someone at the front desk, because that goes into your "permanent record." It's like middle school all over again.
Other information, which is not as sensitive, is also recorded. Employees use Internet searches to find information about the guests, ranging from the books or movies they like to a favorite sport. The file is then given out to the hotel employees, because this "systematic approach" to invasion of privacy seems to be the best method of customer service.
I can see the logic behind this method...but I also remember someone telling me "The road to hell is paved with good intentions." How does this massive invasion of privacy help out that much? I understand keeping a profile of hotel-related activities such as if a smoking room is preferred. But knowing my favorite channels and the type of alcohol I drink at the hotel bar seem to be details that do not help the hotel...and make me feel uncomfortable. The hotel employees do not need to know that much personal information. I especially do not need a manager Googling me or looking at a MySpace page to get personal information.
Information being stored includes credit card numbers, family-life information, occupation, nationalities, and even some other activities including consumption of alcohol and names of overnight visitors with the guest. Don't order an adult film or be rude to someone at the front desk, because that goes into your "permanent record." It's like middle school all over again.
Other information, which is not as sensitive, is also recorded. Employees use Internet searches to find information about the guests, ranging from the books or movies they like to a favorite sport. The file is then given out to the hotel employees, because this "systematic approach" to invasion of privacy seems to be the best method of customer service.
I can see the logic behind this method...but I also remember someone telling me "The road to hell is paved with good intentions." How does this massive invasion of privacy help out that much? I understand keeping a profile of hotel-related activities such as if a smoking room is preferred. But knowing my favorite channels and the type of alcohol I drink at the hotel bar seem to be details that do not help the hotel...and make me feel uncomfortable. The hotel employees do not need to know that much personal information. I especially do not need a manager Googling me or looking at a MySpace page to get personal information.
Thursday, June 26, 2008
The creepiness factor and your Internet privacy...
Everyday millions Internet users make purchases online. Most people do not realize the dangers lurking behind recommendations that websites make based on your purchases. In theory it seems like a great idea...I purchased the latest Stephen King book and here is a list of other books I may like based on my previous purchase. What's not to like about that? That is great customer service...or is it? A recent article published by the Wharton School of Business shows the underlying dangers of behavioral targeting.
The article starts off by turning the tables...what if you buy your favorite movie and then see recommendations for other movies you may like? That is something we all appreciate. But what if the next time you visit the site you see an ad that has nothing to do with your movie choices? Instead the advertisement is for debt consolidation or treatment for a medical problem...this is what the article describes as the "creepiness factor," the private part of your life that is somehow not private anymore.
The way the creepiness factor comes from marketing companies tracking your surfing habits and building up a profile about you based on the sites you visit, e-mails you write, etc.... The companies argue that focusing advertisements based on your needs is beneficial to you as a consumer, and that the trade-off between better advertisements and your personal privacy and Internet anonymity is worth it. I disagree...and so do most people. A recent research study, presented in the article, showed that 91% of adult Internet users would use some sort of tool to surf anonymously and avoid having their information tracked and stored.
The article continues to discuss how technology has evolved over the years, but the policy for protecting us while using the Internet has not. There is no barrier. Any law that is intended to help us has a loophole. For example, the government can't collect certain information from us without a warrant, so they buy it from a company's marketing department that collects the information legally without us knowing it.
I would like to know when my information is being stored in some database and how it will be used by the company. Protecting your privacy needs to be proactive. The use of proxy servers and other privacy tools can help hide your IP address and keep you from having your identity stolen.
The article starts off by turning the tables...what if you buy your favorite movie and then see recommendations for other movies you may like? That is something we all appreciate. But what if the next time you visit the site you see an ad that has nothing to do with your movie choices? Instead the advertisement is for debt consolidation or treatment for a medical problem...this is what the article describes as the "creepiness factor," the private part of your life that is somehow not private anymore.
The way the creepiness factor comes from marketing companies tracking your surfing habits and building up a profile about you based on the sites you visit, e-mails you write, etc.... The companies argue that focusing advertisements based on your needs is beneficial to you as a consumer, and that the trade-off between better advertisements and your personal privacy and Internet anonymity is worth it. I disagree...and so do most people. A recent research study, presented in the article, showed that 91% of adult Internet users would use some sort of tool to surf anonymously and avoid having their information tracked and stored.
The article continues to discuss how technology has evolved over the years, but the policy for protecting us while using the Internet has not. There is no barrier. Any law that is intended to help us has a loophole. For example, the government can't collect certain information from us without a warrant, so they buy it from a company's marketing department that collects the information legally without us knowing it.
I would like to know when my information is being stored in some database and how it will be used by the company. Protecting your privacy needs to be proactive. The use of proxy servers and other privacy tools can help hide your IP address and keep you from having your identity stolen.
Subscribe to:
Posts (Atom)