Welcome to an Internet Without Privacy, by Bruce Schneier

16 Comments

Grifter • Mar 16, 2013 @7:13 pm

The Paula Broadwell example seems kind of weak…they could have done the same thing if she'd mailed them all out via snailmail, too, by correlating postmarks. I very much agree with the overall point, though.
En Passant • Mar 16, 2013 @8:06 pm

Grifter wrote Mar 16, 2013 @7:13 pm:

…they could have done the same thing if she'd mailed them all out via snailmail, too, by correlating postmarks. I very much agree with the overall point, though.

In fact, the FBI caught the only American ever prosecuted for spying for the Japanese during WWII by similar means, correlating data from snailmail.

Velvalee Dickinson sent jargon code letters to an address in Argentina, using return addresses of her doll shop customers. The Argentinian contact had fled, and several letters were returned to apparent senders, who contacted the FBI. Once the FBI learned they had all done business with the same shop, the game was over.
Colin • Mar 16, 2013 @8:35 pm

Wow, this is scary… check out the CMU research he links in that article… using face recognition to predict someone's SSN… crazy stuff…
naught_for_naught • Mar 16, 2013 @8:51 pm

True enough, if you want to hide, don't do it on the internet.
Aaron W • Mar 16, 2013 @9:48 pm

On the internet, everybody knows you're a dog.
Chris R. • Mar 16, 2013 @10:08 pm

All the examples he uses are people not maintaining strict anonymity at all times. If Broadwell had used public hotspots and either tor'd or used a proxy to a webmail client, she'd not get caught. Hector Monsegur didn't mask his IP once, but again he slipped up. The Chinese hackers, probably shouldn't be using work computers for Facebook. Everyone slips up given enough time.
gramps • Mar 17, 2013 @1:03 am

Cute that after all that they (CNN/author) invite you to follow them on Facebook….
AlphaCentauri • Mar 17, 2013 @6:21 am

People can get too comfortable on Tor and think it provides magic anonymity. It hides where you are, but not what you say. Anyone could be running and exit node and collecting your data.
Shawn Young • Mar 17, 2013 @7:19 am

I'm actually surprised anyone who has ever used the Internet regularly would harbour any expectation of privacy. I don't mean in the legal sense, but rather as a matter of common sense.

At the most basic level, I'm typing characters to form words and sending them out first wirelessly and then over wires in hopes they'll reach the Popehat blog intact, so that other people might read them. If a system transmits and records so well, why on earth would I think it was secure? Why would I think I could turn privacy off-and-on at my own whim?
Joe Pullen • Mar 17, 2013 @2:10 pm

To maintain true anonymity can be done but it requires some forethought on purchasing and maintaining sanitized equipment and software, use of obfuscation tools like TOR but also taking additional physical security precautions (ie. never logging in at home), paying for everything with cash or prepaid debit cards, carefully maintaining a separate identity, and rigorous consistency following procedures each and every time – up to and including not taking your own personal cell phone with you. It can be done but it’s inconvenient and most people will, as Chris mentioned, eventually slip up.
Ancel De Lambert • Mar 17, 2013 @3:22 pm

The word of the day is "decency." Yes, we can track you every second of every day no matter where you go or what you do, but we really shouldn't. As a matter of courtesy if nothing else. Of course, that's what we would hope for, nothing to say of how people actually act.
Narad • Mar 17, 2013 @3:55 pm

I take comfort in the fact that the things I post seem only to greatly confuse the algorithms involved.
Dave B • Mar 18, 2013 @12:36 am

Never logging in at home or near your home can reveal your location too.
"Sir, the perpetrator connected from all over town, except never from this appartment block/house."
But thats just what the police consultants on tv see.
AlphaCentauri • Mar 18, 2013 @5:26 am

I think we should all start tagging FB photos with other people's names.
En Passant • Mar 18, 2013 @6:43 am

Narad wrote Mar 17, 2013 @3:55 pm:

I take comfort in the fact that the things I post seem only to greatly confuse the algorithms involved.

I take comfort in the fact that I am a dog.
TMLutas • Mar 18, 2013 @7:48 am

It is possible to create a DVD of privacy enhanced services to reduce your use of privacy destroying services, load it onto a server at home, and use your own DNS, your own mail, automatically plug into TOR all the time, etc. If you care about privacy fund that kind of project and use it.