A New Way to Stop Worrying About Privacy

Hey, if you don’t want to worry about your privacy anymore, why not publish your DNA? The old-fashioned method of publishing your family relationships for the world (and insurance companies) to see still leaves some shreds of privacy and potential for falsification. With this deal, that problem is solved!

More On Egregious Privacy Violations

Last episode (less than an hour old now – you might want to read it first) was about a case of computer rental companies engaging in truly horrifying invasions of privacy. The article I cited finished with a mention of an interview with an anonymous representative of the company DesignerWare, in which he said that he felt his company had done no wrong. DesignerWare is the company that created the software used to steal passwords and get pictures of unsuspecting nekkid people.

They say they’ve done no wrong!? Are you shitting me? They were pure evil!

Wait, no, that’s not quite right. They enabled pure evil. They didn’t activate “Detective Mode” on those computers, the mode that allowed such terrifying transgressions. They wrote the software, and they sold it, but it wasn’t they who turned it on in situations where it wasn’t warranted.

How do we assess the responsibility of DesignerWare? People tried to sue gun makers when people were shot, but with no success. Is Detective Mode like a gun, where the manufacturer can’t be held responsible for the behavior of its customers?

On DesignerWare’s site, they even tout the features they’ve added to protect users’ privacy. But behind the scenes they put in this super-spy-mode feature to help rental companies recover their hardware.

It wasn’t DesignerWare who turned on Detective Mode when it wasn’t warranted. That was something the dickheads at their client companies did. Those bastards deserve to be strung up by their short-and-curlys. No doubt there. But was DesignerWare wrong?

The key word, I believe, is ‘warranted’. Is such an invasion of privacy ever justified? The DesignerWare people would say yes, there are legitimate cases where the rental company has the right to use every means at its disposal to recover its property. Funny thing about ‘warranted’, though – law enforcement would have to get a warrant to conduct similar surveillance. (Well, not any more, but that’s another rant.)

My argument is this: if there’s no legal or ‘warranted’ way to use that software, then at the very least DesignerWare is guilty of fraud for selling it without telling their customers that use of that feature is illegal, rendering it valueless.

Detective Mode is not a gun. Gun companies argue that it’s not their responsibility if their customers use the product illegally. They can do this because there are legal uses of the product, and most gun owners follow those laws. DesignerWare can’t argue that they’re not responsible if their customers use the product illegally, because there is no other use.

So, yep, DesignerWare is evil.

Our Rights, Well-Defended

This morning I came across this brief article: FTC settles PC spying charges with rent-to-own computers. To paraphrase the text: The FTC caught people participating in jaw-dropping invasions of privacy, and brought the miscreants to justice.

Before we get to the penalty phase, let’s review some of the things these people did without the knowledge of the people using rental computers: They captured screen shots (that could have personal information like bank statements and legal documents), they captured user’s keystrokes (a technique for stealing passwords), and they even used the built-in cameras to send back pictures without the knowledge of the users. Apparently (according to other articles) pictures of children and of people having sex were collected.

There’s no reason to do this if you don’t plan to use that information, and there’s no use for that information that isn’t simply evil.

We can be happy then, that the boys at the FTC are on the job! At the very least, you’d figure Washington wants a monopoly on invading our privacy. So what was the ‘settlement’ they reached with these thieving bastards?

Oh, it was severe all right. They got the bad guys to promise not to do it anymore.

Shit, at least make them pick up litter for a weekend.


Tonight I created a new Google profile. The goal of the exercise is to increase my privacy by creating a separate Google account (with bogus information) so I can use the Google RSS service without dropping my pants. Not that I subscribe to anything particularly telling, but that’s my business. The answer: create a completely unique profile for only that purpose.

But, there’s a catch. There’s still a pretty good chance that the Goog (and all their pals) can still tell it’s me. They do this through fingerprinting.

Every time your browser asks for something over the Interwebs, it tells a little about itself. A lot of sites have little scripts they send your way that report back even more. It starts with screen resolution, the default colors for visited links, and a host of other little bits that, when put together, create a unique profile. Based on unprotected information, sophisticated sites can pin you down, even if you don’t (knowingly) volunteer information.

So tonight, before setting out to create a new Google account, I wanted to do something to prevent the Googlemind from figuring out that Arthur Kingman (not the name I used) was really me. It seemed like a pretty easy quest: I was looking for a plugin for my browser that would cause it to send slightly different information each time it made a request.

I found one (I think) — FireGlove for Firefox. I didn’t realize just how off Firefox I am until I was faced with the dilemma of using Firefox with this privacy plugin or using Opera naked. I never use Opera, so if I’m diligent and only use Opera in privacy mode when acting as my new alter ego it will be difficult for them to connect the dots. It’s inevitable, though, that at some point I will mess up.

It seems like there should be fingerprint randomizers for every browser. Maybe I’m just not looking in the right places. Anyone out there know where I might find one for any given browser?

They ARE Watching You

Near the beginning of the novel 1984, Winston Smith is in his apartment, doing his state-mandated exercises in front of the TV. Suddenly a voice blares from the speaker and reprimands him for not making more of an effort. We learn at that moment that the telescreen is a two-way device; it watches you as you’re watching it.

Now we call that machine Kinect for XBOX Live.

Some of this is old news in privacy circles; it was more than a year ago that Microsoft first bragged to investors that the Kinect platform could be used to gather data on people using their product — what people are wearing, and things like that. This is what happens when you have a Web-cam in the house that’s always connected to the Internet, and someone you don’t know is on the other end.

Well, as you might expect, these revelations raised quite a kerfuffle. Microsoft very quickly and very loudly promised not to use data gathered through the camera in your home for targeted advertising. In the articles I read, journalists took two approaches:

  1. Whew! I’m sure glad Microsoft promised not to be evil!
  2. You know, targeted advertising isn’t as bad a people keep claiming. Relax and get information tailored to you.

The commentary, and Microsoft’s reassurances, miss the point entirely. With the government pulling flagrant rights violations like National Security Letters, how long before the video feed in your living room is handed over to the FBI? Hell, it might have happened already. Microsoft would be legally barred from telling anyone it even happened. This is the state of our constitution these days.

(If the government really thinks this is all cool and the public wouldn’t mind, why do they work so hard to keep it secret?)

There are ways to prevent the video feed from reaching the outside world, but as I understand it, the default is always on. Not only can it report what game (or political convention) you’re watching, it can report when you cheer. Better think twice about that Che Guevara poster on the far wall from the TV. My video-game playing, dope-smoking neighbors may not be too concerned about privacy anyway (judging by the clouds drifting through the neighborhood), but I doubt they’d feel great about knowing they have a live video feed that any government monkey with a frightening letter will be able to watch.

Let me repeat that just so I’m clear: Any government monkey with a frightening letter will have access to a live video feed from your living room, as well as every email you’ve ever sent and what you checked out at the library. Things are bad enough without handing them the most invasive tool yet to pry into your lives.

I would LOVE to see a big company like Microsoft stand up to the government and publish a policy that states that they will not surrender the feed without a legal warrant signed by a judge. The chances of that actually happening are zero — unless Microsoft thinks it’s losing a very large amount of business due to those privacy concerns. That’s not an indictment of Microsoft, I doubt any major US corporation is ready to go to the mat with the Feds on this one.

Microsoft once more finds itself in the very familiar position of creating something that sounds really cool without considering all the consequences, much like when they put into Microsoft Office a system specifically tailored for adding executable code to Office documents. Office automation, they called it. A great time-saver. “Capital idea!” shouted the virus writers with glee. Now once more Microsoft has come up with something that is almost magic in how it works (e.g., parental controls based on the metrics of the people in the room), but those things require the camera to be on, even when you’re just watching TV.

If someone gave me a free Kinect and XBOX, I’d probably use it. But I’d be very, very careful about when the Internet connection is active. And, while exercising I’ll be sure to give it my all.

Securing Dropbox

As I mentioned recently, Dropbox is awesome. When using it, however, it’s important to think about security. The dropbox guys lock up your data nice and tight – but they hold the keys.

Think of it this way: You’re on a cruise ship, and you have a priceless diamond tiara (don’t we all?). You know it’ll be much safer in the ship’s vault than in your cabin. The ship’s purser is only too happy to watch over your valuables in their very strong safe. Now you can rest easy.

Except… there’s someone besides you who can open the vault. What if the government serves the purser with a warrant (or some other constitutionally-questionable writ) and takes your tiara? What if someone fools the purser into handing over your tiara? For most things, trusting the purser is fine, but that tiara is really something special. What you need, then, is a special box with a really strong lock. You give the purser the box and neither he nor anyone else can even see what’s inside, and you can make it a really strong box, so even if the purser hands over the keys to his vault, your stuff is still safe.

The same principle applies with Dropbox. It’s really convenient and pretty darn secure, but someone else is holding the keys. For most things, like my writing, no further security is necessary. Yet I have a few files that I don’t want to leave to someone else to protect, but I still want the convenience and data backup Dropbox provides. On my mac I’ve set up a very simple system that allows me to see my most secret files whenever I need to on any of my machines, but protects them from prying eyes. It’s actually pretty simple, and there’s almost certainly a direct analog on Windows.

The disk utility that comes with Macs can create an encrypted disk image using pretty dang strong encryption. If you put that image file in your dropbox, then any files you add to that virtual disk will encrypted and saved to your Dropbox when you unmount the disk. Here are the steps:

  1. Fire up Disk Utility (it’s in the Utilities folder).
  2. Click New Image
  3. Decisions, decisions….
    • Name your new disk. If you name it “secret stuff” that will just make people curious.
    • Size: For reasons I’ll go into shortly, I’d advise not making this any bigger than you really need. If you’re protecting text files, it can be pretty small. The 100MB setting is probably more than enough for most people.
    • Format: Just use the default
    • Encryption: I say, what the heck. Go for the maximum unless you’ll be using a really old machine.
    • Partition: just use the default.
    • Image Format: sparse disk image – this will keep the size of the actual disk file down. UPDATE – As of MacOS X 10.5, there’s a new option called “sparse bundle disk image”. DON’T USE THAT! It seems perfect at first (see below) but things get mucked up if there’s a conflict.
  4. Save. You will be asked for a password. You’ll not need to remember it, so make it good and strong, nothing like any password you’ve used anywhere else. Keep the “save in keychain” option selected. (If you need it later, you can find it with Keychain Access.) – Remember: this is the secret that protects all your other secrets.
  5. Voila! Put the disk image in your Dropbox folder. When you open the image file, a new hard drive will appear in finder. Anything you put on the drive will be added to the .dmg file you created.
  6. “Eject” the drive on that machine and open the .dmg on any other machines you want to share the information. While you remember your crazy password, get it saved in the keychains of your various machines.

A couple of notes:

  • The .dmg file will only update when you “eject” the drive. So I advise you not keep it mounted most of the time. Open it, add/access the files inside, and close it again. If you open it on two machines at the same time, you will end up with two versions in your Dropbox folder.
  • I advised saving your password on your keychain, but remember that anyone who can access your computer can also access your secrets. So you might want to consider not putting the password in your laptop’s keychain, for instance, if you think it might fall into the wrong hands.
  • Since your secret files are saved as a single blob of data, you won’t have automatic backups of individual files. If you need to recover one, you’ll have to find the right version of the image file.
  • Since your information is saved as a big ol’ blob, if you make a huge .dmg file it will eat up space in your Dropbox and burn up unnecessary bandwidth each time your save. ‘Sparse’ images only grow to the maximum as you use the space (but never shrink unless you intervene with Disk Utility).
  • UPDATE – Apple has created a new format that saves the image file as a whole bunch of little blobs, rather than one big one. With that option, when you make changes, only the little blobs that changed need to get updated. This was to make Time Machine work better, and at first I thought it would be perfect for Dropbox. Then I spent a few minutes testing and discovered that the way Dropbox handles conflicts (two computers updating the file at the same time) gets royally hosed when you use this format. Bummer. So, don’t use it.
  • It’s possible to set things up to protect individual files, but it’s complicated. Hopefully it won’t always be.
  • Important! If you only store the password on one machine – Save it somewhere else also!. If you lose that password (if your hard drive crashes or your computer is stolen, for instance), you’re not getting into your strongbox. Ever. That was the whole point, after all.

New Public Key

For those who have joined my tiny push for better internet privacy, please note that during an upgrade of my key software my old keychain got knocked akimbo. Everything’s fine now, but while I was at it I created a new public key using the newer (better) encryption. Hopefully I can revoke the old key, but in the meantime please go to my key page to get the new one.

The software upgrade that caused the trouble was to get around a bug in the way GPGMail and MacGPG2 interacted. The GPGMail guys have done a great job ironing out the wrinkles I encountered (as far as I can tell so far), and they’ve built an excellent installer that makes it much easier for Mac users to get up and running protecting themselves from prying eyes. I’ll be updating (and shortening) my instruction page soon.

A New Privacy Invasion to Fight

They are probably not unique, but spokeo.com has robots diligently combing the world for your personal information. What they have on you might be surprising. And, while it is possible, they don’t make it obvious how you can delete (or at lease hide from public view) the data about you they have gathered for profit.

Telephone numbers, addresses, relationships, and of course age are only a few of the things about you that they are selling.

So: time to get your profiles off of spokeo.com. If anyone out there knows of similar services out there, let’s consolidate the “quit making profit by selling my personal data” list.

NOTE: These instructions might be more complicated than necessary, but this method is what I tested.

  1. Go to spokeo.com
  2. Enter your name. Scan the matches for any that might be you. You will have to delete each profile individually.
  3. Select a profile. In the window that pops up, select “see it all”.
  4. You will go to a screen that tries to sell you the service, including “See all available information, including photos, profiles, lifestyle and wealth data.” Now you remember why you’re dong this.
  5. Copy the entire URL from the address bar of your browser.
  6. Down at the bottom of the screen is a teeny, tiny little link that says “privacy”. Click that.
  7. Paste in the URL.
  8. Supply an email address. TIP: you can tag your address with a plus sign. For instance, instead of [email protected] you can use [email protected]. That way any email they send to you will be tagged. (This opens up a different discussion that I will leave for another day.)
  9. Try to decipher the CAPTCHA, then submit.
  10. When the email arrives, click the link and your data will be “removed”. I don’t honestly expect the data is actually deleted, but at least it’s a little more hidden.
  11. Repeat the process with any other profiles that might be you. You will have to use a different email tag each time.
  12. Write a robot that automatically deletes records from their database. If I had the skills I’d do it myself. With robots they gather, with robots we take away.

I recommend that you don’t do this “later”, or “tomorrow”, but now. If you have any troubles, leave a comment and I’ll clarify the instructions. If you know of other “services” like this one, let’s add them here!