12 Jun
2013
12 Jun
'13
6:23 p.m.
PRISM is only the tiny tip of a huge iceberg, and below the water level
is the huge corporate data-mining complex that has the goal of knowing
more about you than you do. Fortunately most of it is easy to beat.
Install every tracking-blocker and cookie-blocker utility you can find,
on your browser, turn up the security settings as high as they go, and
quit your browser often (some of those anti-snooping utilities require
quitting the browser to flush out the bugs). Don't use gmail, google
voice, google docs, or facebook. Don't keep your data in a corporate
"cloud." Turn off your mobile device whenever you want to have a
private conversation face-to-face. Encrypt your email, obviously; and
for this to become ubiquitous is going to require crypto tools that are
far more user-friendly. Sprinkling keywords in your email doesn't help
and may only attract unwelcome attention.
Many of these steps are incredibly easy to take.
The goal here isn't to have 100% perfect results, it's to keep the
dossiers on you below the level of critical mass needed to assign you to
categories and predict your behavior. It may or may not be possible to
stop them knowing "anything" at all about you, but you can certainly
prevent them knowing "everything" about you.
Another goal here is to make the data-mining _uneconomical_. The more
people who opt out of being tracked, snooped, and sniffed, the less
profitable it is. If the cost of collecting data on everyone is more
than the marginal profit from doing so, it will stop. By analogy, if it
costs even a tiny fraction of a penny to send an email, that destroys
the business model of spam, so spammers go out of business.
-G.
=====
On 13-06-12-Wed 5:48 PM, Matthew Harbowy wrote:
Yes!
Don't ignore the tools, use them. Understand them. Expose weaknesses,
just as I did. Don't think the solution to tools is a better tool.
Better is meaningless. Better is very often worse.
Your solution, which you look like you're trying to shame me with, is
TERRIBLE. Imaging everyone spamming the networks constantly with
random messages. Oh wait- they already do that, it's called spam. Lets
fill the bandwidth limited fat pipes with random, so that signal is
obscured. Good luck trying to do anything useful.
Furthermore, a little Shannon style filtering and you can easily
defeat that. You know, if only a few people all use one technique,
they stand out like a sore thumb. Hide in crowds: Facebook has its uses.
More advice: Don't provide recipes for anything. People are easier to
track when they follow directions, do the same thing over and over.
Best advice I got out of 9/11 era Bernie Kerik was to be random: don't
always take the same route. Don't develop habits. Thieves and other
bad guys rely on you following patterns so that they can find the
right moment to strike. And meta: don't always be random. Don't accept
pre packaged anything all the time, that's garbage. Bake your own.
As soon as someone says "solved", tell them to GTFO. Three hackers
have already cracked it. But there are things you can do.
The while benefit of the realm of shared experience is that it plays
to the strength of one time pads for encryption. Learn about the
history of crypto and one time pads, and arm yourself. They can take
your freedom, but they can't take your intelligence, ingenuity, or
creativity; and an intelligent or creative person is forever free.
Matt
On Wednesday, June 12, 2013, Paul Ivanov wrote:
Hi Matt,
Matthew Harbowy, on 2013-06-12 16:17, wrote:
I'm mystified how any of this helps.
There is no silver bullet, so those recommendations won't be some
magical privacy pixie dust you can just sprinkle and feel warm
and fuzzy about, but at least encryption helps you secure the
content of your communication (not the fact that communication
occurred).
One can imagine even the latter being obscured. I could automate
the sending of randomly generated encrypted messages at a
particular time of day (say at 16:17), but have that process be
pre-empted by a real message, should I choose to send one (so not
my randomly generated message gets sent out, but the one I want
to actually send). One drawback, of course, is that if I queued
up a message at half past four, it would be almost 24 hours
before it got sent. (Though the upshot of a protocol like this
would be that the intended recipient would know they'd only have
to check their email once a day, if they're interested in
receiving messages from me)
Should more frequent communication be desired, you could switch
to sending gobbledygook messages at a certain minute of every
hour. Of course, the recipient has to "wade" through potentially
more random messages with that, but that's the price you pay.
So, for my vote, following recommendations like
this is a
terrible idea.
Are you proposing an alternative, or should be just throw our
hands up in resignation?
best,
--
_
/ \
A* \^ -
,./ _.`\\ / \
/ ,--.S \/ \
/ `"~,_ \ \
__o ?
_ \<,_ /:\
--(_)/-(_)----.../ | \
--------------.......J
Paul Ivanov
http://pirsquared.org
_______________________________________________
sudo-discuss mailing list
sudo-discuss(a)lists.sudoroom.org <javascript:;>
http://lists.sudoroom.org/listinfo/sudo-discuss
_______________________________________________
sudo-discuss mailing list
sudo-discuss(a)lists.sudoroom.org
http://lists.sudoroom.org/listinfo/sudo-discuss