Kink in exile

Notes from a kinky nomad

The internet, security, and privacy

I’ve been seeing a lot of chatter recently about how the FBI will soon be using social networks to spy on you.  While I think that headline overstates the issue in certain specific ways, I have been thinking about data security and privacy on the web for a while, and decided to take a stab at writing about it.

Why this is important and to whom:

You are reading a sex blog.  For some of you, this is an activity you are seeking to keep private from your partner, spouse, parents, children or employer.  Others of you may firmly believe in the value of transparency starting with your personal lives.  Regardless of if you *need* privacy, I encourage everyone to be aware of the information they share, how, with whom, and what impact that may have in various arenas.  If you believe you have nothing to hide, dig a little deeper.

What this is not (disclaimers):

1) I am not a network or data security professional.  There are people who will explain far better and in greater detail than I can how your data works, and in fact, I highly encourage those people to comment here and make this a deeper dive.

2) I believe that you start without an expectation of privacy on the internet and you add layers of privacy through securing your data and being critical about what you share.  I will not share your outrage at what Facebook does with your data because while Facebook may have violated an emotional belief you held about your privacy, they are acting in accordance with their policies in managing data you freely provided.  In other words: if you put it on the web, it is not private just like three people can keep a secret if two of them are dead.

Who uses your data:

I believe there are three main groups of people who want access to your information: other users, people with commercial interests, and government.

Other users including everyone from your mom on Facebook to crazy stalker blog fans.  They may want information for nice reasons (say to wish you a happy birthday on the right day), because of curiosity (or its dangerous older brother, obsession), or for malicious reasons.  As far as I can tell, for most of us, other users are the biggest threat.  Because commercial interests usually utilize aggregate data and most people don’t make FBI watch lists, your mom, boss, or ex is the biggest consumer of your private information.  These people may already know something about you (such as what city you live in or were born in) they are looking for you in specific so they are more likely to take the time to do targeted searches, and they have the most license to be outright malicious.

Commercial interest is where I have spent most of my time gathering data.  When I did user analytics for a video game company I was somewhat shocked by how much access I had to individual players data: IP addresses, names, emails, dollars spent, hours played, times of day they were logged on, etc.  Based on that and other data I could make predictions about their lifestyle, what other game players they may know out of game, what may or may not engage them deeper in the game, and so forth.  I know a lot of people are outraged by the idea that their personal information is being used to sell them things, but this doesn’t phase me.  First, most of the data sets I have worked with either in user analytics or marketing research have been aggregate.  It’s not about you, it’s about you and the other 999 people similar to you.  Second, when I have worked with personalized data, the person wasn’t really the focus – most marketers don’t want to sell to one person, they want to use a story to inform a brand or product that will speak to thousands.  So yes, it’s creepy to see the couch you browsed on Overstock.com follow you to OKCupid, but I don’t find it dangerous.  What does worry me, however, is that all the data search engines, game makers, and marketers have on you can be subpoenaed by the government.

This brings me to the next and last category of data users. The government. Big brother isn’t alarming because he is always watching, he doesn’t watch most people, big brother is alarming because of the scope of information available to him.  Imagine your search history, your library record, your legal record, your finger prints, your travel history, and your credit card usage all in one place.  Imagine the government changing as governments sometimes do and the activities you’ve done without fear suddenly becoming criminalized. The government of Iran uses Facebook friend connections to determine who might be of interest, for example.  Welcome to the future.  I will say that data is only as good as your capacity for analysis, and it is unclear to me at the present moment that the government has the capacity to preform deep analysis at scale.  I suspect, though I certainly could be wrong, that the government can act either as other user or as commercial interest meaning they can either take a deep dive and put all the dots together about a user they already know and are interested in, or they can look at aggregate populations and make some kind of predictions about the populations in question. I assume certain chatter is more or less interesting, but I don’t expect the FBI to start reading my chat logs every time I say the word “bomb.” After all, between “bombing that test” and “that girl being the bomb” simple word tracking would never be able to pull the signal from the noise.

So if you’re still reading, and this is something you’re thinking about, take a look at the EFF blog safety guidelines, review your social network privacy settings, disable geotagging wherever possible, check out the Tor project, change your passwords after breakups and job changes, don’t recycle your passwords, and take a deep breath.  I have very little expectation of privacy online, it helps that I don’t aspire to be president some day, but there you have it.

 

Written by kinkinexile

February 3, 2012 at 3:56 pm

5 Responses

Subscribe to comments with RSS.

  1. OK so I’m writing this on my phone so please bare with me. As a security researcher, it has been my experience that internet privacy is a joke at best. Individual users are also the easiest data consumers to limit data to after all they have the least available to them. From a marketing perspective studies have shown that personalities can be gathered from analytical data. The idea that not having your name on something somehow adds any privacy is appalling. Name is a box in the form just like any other, if I can pattern out your personality than getting your name is a bit arbitrary. Next comes government don’t kid yourself the spiders they have eating through public information have no problem finding context for red flag words like say “bomb” and picking out true flags and rejecting false positives. Flags are then automated to start in depth data mining about your personality, which can then be compiled into a report a human will see. Tor is nice however you need to make sure you are changing nodes regularly to avoid profiling, a huge down side to tor is exit nodes tend to be monitored. With regard to passwords I recommend using “public key encryption” (let me google that for you) and use the maximum number of characters, CAPS, and numbers allowed. Personally I use a password keeper like “keypass” or “1password” so I can use a different randomly generated password for everything.
    Happy browsing

    cobolt

    February 5, 2012 at 4:31 am

  2. Thanks Cobolt, I owe you a beer. In layman’s terms it sounds like “don’t have the personality profile of a bad guy as defined by our government and keep things changing for exit node/password/and probably browsing patterns version of things.”

    Thanks again.

    kinkinexile

    February 5, 2012 at 11:17 am

  3. If you’re not already using them, consider installing Ghostery, Disconnect.me, AdBlock, and a JavaScript blocker for your browser.

    Cobolt’s advice about using a password manager is also top-notch. Another he didn’t mention is LastPass.com.

    maymay

    March 24, 2012 at 2:31 am

  4. […] with the lowest possible barriers to entry.  To me this means many thing, from conversations about internet privacy and net neutrality, to finding ways to foster good communication, to combating sexual abuse, […]

  5. […] there was nothing to protect it besides hobbled search capabilities, and as I’ve said before your biggest security threat is someone who knows you, and they know how to find […]


Comments are closed.

%d bloggers like this: