Privacy, discussion list safety, security - trdev
0 views
Skip to first unread message
Robert Bacal
Apr 25, 2008, 9:08:57 PM4/25/08
to The Training World
I posted this on the trdev (training and development discussion list)
in response to a long time moderator's post justifying preventing most
people from finding, using, or benefiting from the discussion list on
training. Thought this might be of interest. Just as an aside the
reason I don't promote the training and development discussion list
has to do with the moderators' long time assertion that many things
should be hidden and secretive, rather than transparent and available.
A day or two ago, Bev posted her reasoning regarding taking
protectived measures on the list, such as keeping the archives
hidden, and so on. I started wondering about the usefulness of such
techniques, so I decided to try a little test.
(the relevance here applies to those that teach aspects of the
internet, develop policies, run lists, and for individual users, it
will be obvious).
My reasoning was: Given a person who is way above average in her
technical skills, and who is a lot more cautious and safety concerned
in
her internet use, what could a person find out about her on the net in
about 30 minutes. Given that Bev is the prime mover of TWO
professional
discussion list policies restricting access to those lists, I'd expect
the
result would be she'd be pretty hard to track.
So, I tried. Now, I'm not going to provide any details here, and
neither am I going to ask Bev to comment on the accuracy, because
that'd be inappropriate. What I "found" out is almost certainly not
perfect, and in a short time I couldn't confirm some of it (if I
worked at it I could.) I used nothing but a browser, used no trickery
or
technical tricks and did nothing illegal or unethical.
So how protected can one be?
Answer. While I could see Bev took special care to protect herself,
it all came to nothing. What I found (probably accurate to a degree)
her address and zipcode
appears to live on a corner lot
has a grey roof on the dwelling and looks like a tree on one side
appears to have some gardening space in the backyard
found her website and blog, largely abandoned
discovered some information about religious background (i think)
her age
places/states she lived in previously (probably)
possible information about her ethnic heritage and ancestry
other email addresses not public
...there's probably more. This is spending no money, and virtually no
time, and looking at someone who is trying to protect.
If I wanted to spend about five bucks, I could also have checked
legal records (was she ever busted), court proceedings (ever
bankrupt, had a mortgage foreclosed), and on and on (I've never done
that,
but I understand its easy.
So, this confirms what I expected. The ONLY way to protect against
spam, and your privacy is a) NEVER use the Internet (don't send email
even
private), or b) use anonymous mail everytime for your entire life,
since
even ONE slip can result in the ability for someone to jigsaw puzzle
things together.
NO list policy makes a difference. The fact that Bev indicated
elsewhere that she receives 200 spam messages a day should make that
obvious. All security does is make it harder for legit people to use a
service, or contact you (if you are a business).
I haven't even touched on the issue of how mail packets can be
intercepted, social engineering can be used, passwords broken,
keystroke loggers, phishing and trojans used, etc. Those fall into
"malevolent hacking" that require knowhow I sure don't have.
If I can find out so much personal stuff about a person who is trying
not
to be easily found, using simply a browser, what does that say about
trying to protect lists and users.
The reality is, you can't. It doesn't work. There are better ways and
education is one of them, hence this message.
If you are not permanently and completely anonymous re: your email
addresses, email content, etc, forever, you can be tracked, found and
found out about.
If you do a little to be more secure you are deluding yourself, since
that
stuff makes almost NO difference.
in response to a long time moderator's post justifying preventing most
people from finding, using, or benefiting from the discussion list on
training. Thought this might be of interest. Just as an aside the
reason I don't promote the training and development discussion list
has to do with the moderators' long time assertion that many things
should be hidden and secretive, rather than transparent and available.
A day or two ago, Bev posted her reasoning regarding taking
protectived measures on the list, such as keeping the archives
hidden, and so on. I started wondering about the usefulness of such
techniques, so I decided to try a little test.
(the relevance here applies to those that teach aspects of the
internet, develop policies, run lists, and for individual users, it
will be obvious).
My reasoning was: Given a person who is way above average in her
technical skills, and who is a lot more cautious and safety concerned
in
her internet use, what could a person find out about her on the net in
about 30 minutes. Given that Bev is the prime mover of TWO
professional
discussion list policies restricting access to those lists, I'd expect
the
result would be she'd be pretty hard to track.
So, I tried. Now, I'm not going to provide any details here, and
neither am I going to ask Bev to comment on the accuracy, because
that'd be inappropriate. What I "found" out is almost certainly not
perfect, and in a short time I couldn't confirm some of it (if I
worked at it I could.) I used nothing but a browser, used no trickery
or
technical tricks and did nothing illegal or unethical.
So how protected can one be?
Answer. While I could see Bev took special care to protect herself,
it all came to nothing. What I found (probably accurate to a degree)
her address and zipcode
appears to live on a corner lot
has a grey roof on the dwelling and looks like a tree on one side
appears to have some gardening space in the backyard
found her website and blog, largely abandoned
discovered some information about religious background (i think)
her age
places/states she lived in previously (probably)
possible information about her ethnic heritage and ancestry
other email addresses not public
...there's probably more. This is spending no money, and virtually no
time, and looking at someone who is trying to protect.
If I wanted to spend about five bucks, I could also have checked
legal records (was she ever busted), court proceedings (ever
bankrupt, had a mortgage foreclosed), and on and on (I've never done
that,
but I understand its easy.
So, this confirms what I expected. The ONLY way to protect against
spam, and your privacy is a) NEVER use the Internet (don't send email
even
private), or b) use anonymous mail everytime for your entire life,
since
even ONE slip can result in the ability for someone to jigsaw puzzle
things together.
NO list policy makes a difference. The fact that Bev indicated
elsewhere that she receives 200 spam messages a day should make that
obvious. All security does is make it harder for legit people to use a
service, or contact you (if you are a business).
I haven't even touched on the issue of how mail packets can be
intercepted, social engineering can be used, passwords broken,
keystroke loggers, phishing and trojans used, etc. Those fall into
"malevolent hacking" that require knowhow I sure don't have.
If I can find out so much personal stuff about a person who is trying
not
to be easily found, using simply a browser, what does that say about
trying to protect lists and users.
The reality is, you can't. It doesn't work. There are better ways and
education is one of them, hence this message.
If you are not permanently and completely anonymous re: your email
addresses, email content, etc, forever, you can be tracked, found and
found out about.
If you do a little to be more secure you are deluding yourself, since
that
stuff makes almost NO difference.
Reply all
Reply to author
Forward
0 new messages