Archive for the ‘Privacy’ Category

Privacy in the Modern Age, Part 5

Privacy In The Modern Age, Part 5   <– PDF

It sure is convenient in these modern times to have the internet available; there is so much more information than there was back in the days of the Encyclopedia at the local library.  But, take the bad with the good: there is also a lot of false and misleading garbage out there, too.  At least the cigar-chomping old guys who wrote the Encyclopedia had their work reviewed by competent experts, and if it was in the Encyclopedia, you can be sure that the authors and reviewers believed that their articles were true and correct at the time it was written.  The internet, on the other hand, is full of people who lie for a living.

There are a great many other issues to contend with regarding computers, the internet, and privacy.  If you use a Microsoft or Apple operating system, you cannot actually delete a file.  When you tell those operating systems to delete a file, all it does is delete the pointer to the first byte in the file, not the data itself.  That means that all your files are still there, and anyone who understands how the file system and pointer system can recover anything that you thought you had deleted, including all your financial and personal data.  The only remedy is to install special commercial software programs (Sdelete, ccleaner, or Eraser) that overwrite all disk space not actively being used (including the “deleted” files).  However, if you use a UNIX-based operating system, it will in fact entirely delete a file, and overwriting is not necessary.

There are other risks that can compromise your privacy entirely.  First, you do have control over what you download from the internet.  But you do not have any way to control, or even to know, what is being uploaded from your computer whether you are on the internet or not.  You, the PC user, are not provided with any tools that will allow you to see what is being sent from your PC without your express consent.

Second, we are all aware of the numerous “viruses” on the internet designed to shut your system down or encrypt your data until you pay a ransom to have it unlocked.

Third, the large tech companies are trying to convince you to store all your data on the “cloud”, which is (of course) advertised “for your convenience”.  They even tell you that all your data is encrypted.

Fourth, most internet search engines (especially google and bing) track all your internet searches and maintain a list of all the websites you have visited.

Here are some suggestions to mitigate these direct risks.  This is not foolproof, and it is only a first-order method; there are far stronger methods.

  1. Never store anything on the “cloud”. It may well be that your data is encrypted, but so what? What matters is who has the encryption key; and of course, no one is going to tell you what corporations or what government agencies have the keys.  You should not assume anything you place on the cloud is actually kept private.  Instead, use a separate external hard drive (a drive holding one terabyte now costs about $50), connected to your PC through one of the USB ports.
  2. Never store anything of value on your PC’s main hard drive. Store everything of any importance on the external drive only. Never store any financial records, personal data, pictures of yourself or your family, your driver’s license copy, or anything of relevance on the PC hard drive, only on the external drive.  The exception is that you can store individual documents on your PC hard drive only if they are encrypted. In addition, use thumb drives as backups to the external drive (since the external drive will fail at some point).
  3. Disconnect the external hard drive from your PC whenever you get on the internet. That way, if anything is being uploaded, only the things of no value can be uploaded without your knowledge.
  4. Use strong passwords of important documents; this utility is found on nearly all commercial software products (although you may have to access the non-helpful “help” to gain access to how it works. Your password should consist of at least 10 characters, and be a combination of letters, numbers, and symbols. Do not store the password anywhere on the PC; instead, write them down in a small notebook and put them in a secure place elsewhere in your home or office.
  5. Only use internet search engines that do not preserve a search history (such as DuckDuckGo, IXQuick, or StartPage). Do not use google or bing or any other ones that retain a search history.

 

Tags: ,
Posted in fourth amendment, Privacy | No Comments »

Privacy in the Modern Age, Part 4

Privacy In The ModernAge, Part 4   <– PDF

There are only two kinds of emails: professional and personal.

If you have a professional email account at your workplace, then everything stated in that email should be professional in tone, all business.  Your boss and others in your company have access to all of them, and if you put personal items into a workplace email or attach offensive pictures, then that is a problem you have created and should correct immediately.  Keep the workplace emails professional.  No one is going to get too concerned about occasional innocuous jokes about how computers don’t work, or why the soda machine eats your quarters.  But never mention any personal comments about other workers, or the boss, or company policy, unless your boss specifically directs you to do so.  Never put the company’s trade secrets in an email, unless directed by the company’s owner.  But if you are directed to put trade secrets in an email by some generic manager, make some excuse not to, and remind him that trade secrets are to be protected.

I have an email that I use for professional purposes.  Since I am an independent writer, I put things in my emails that are intended for public viewing, and I don’t much care what people think about them.  They are written specifically for public consumption.  But the normal workplace is very different: keep to the relevant subjects at hand that pertain to your work, and leave it at that.

Personal emails are a different thing altogether.  You will note that “hotmail”, “gmail”, and many others are given “free”, meaning that the provider pays the near-term direct costs, while you pay the long-term indirect costs.  When you delete an email from your “free” account, it may appear to be gone, but in fact all emails are retained permanently.  A clever enough hacker can obtain all your emails, current and deleted; and of course, the provider has access to them always.  Once again, we do not really know who has access to them or if the providers have agreements with marketing corporations or government agencies to provide copies of all emails for review.  The FBI has been using in-house software since the 1980’s (called OMNIVORE and CARNIVORE) to intercept emails and all internet traffic from a particular ISP.  It has now been replaced by a commercial code NARUSINSIGHT.  Supposedly, the software is designed to intercept only traffic between a certain individual against whom the FBI has secured a search warrant.  But in this age of mass electronic intercept and storage capabilities, it is reasonable to assume that all emails are searched for certain keywords that some government agency deems “offensive” or “threatening”. Remember: if a technology exists, it is first used against recognized national enemies, but the second use is against all citizens.   There is no way to know who has access to your emails, or for what purpose. At minimum, your emails are probably being scanned by corporations for the purpose of directing advertisements in your direction.  That is annoying but harmless; however it is common now for people to have their careers ruined for something they put in an email twenty years ago; and our current ruling elite seems fascinated and overjoyed at the power of intimidation and cancellation they now wield without consequence.

So what is the best you can do to preserve your privacy regarding personal emails?  Here are some simple rules:

a. Use end-to-end encryption if possible. But don’t rely entirely on encryption: someone somewhere has the means to either break the code or obtain the keys.

b. Never put anything in an email of any importance, such as full name, address, phone number, date and place of birth, Social Security Number, mother’s maiden name, names of relatives, places you have previously lived, banking information, or schools you attended. If this information is to be provided for some legitimate purpose (such as applying for a loan), make sure it is provided only on a secure website, not by email. Even better, send it by U. S. first-class mail.

c. Never attach pictures of yourself, your relatives or friends, or any that show your home, car, or street.  If you want to send pictures, have them printed and send them by U. S. first-class mail.

Tags: ,
Posted in Privacy | No Comments »

Privacy in the Modern Age, Part 3

Privacy In The Modern Age, Part 3  <– PDF

I was stopped at a stop light yesterday, and next to me, also stopped in the left-turn only lane, was a young lady in a sports car, looking down, clearly occupied with her phone.  She was the fourth car in line, and when the left-turn arrow turned green, the first three cars made the turn, but she just sat there, updating her Facebook [“The New AOL”] page or something much more important that paying attention in traffic.  Anyway, she happened to look up just as the arrow was turning yellow, so she accelerated from a dead stop and made the turn just as the arrow turned red.  Fortunately, there was no one behind her in line.

People now seem to be obsessed with whatever crap is on their phone, but that is not the worst of it.  The real problem is that people are now in the habit, a very bad habit, of storing important information on their “smart” phones.  Your “smart” phone represents a very high risk to your privacy.  First of all, it is likely that all “metadata” on all phone calls is being stored in some corporate or government database other than the phone provider.  “Metadata” is information on: a) your phone number; b) the other party’s phone number; c) both locations; d) time of day; and e) length of call.  It is collected automatically by the phone service providers (usually for billing purposes), but we do not know if that data is sold, to or whom it might be sold to, or what it is used for.  Marketing people can use metadata to target you for advertising, if the metadata determines that you call certain types of businesses.  The police can use it to determine if two people know each other.  Artificial intelligence algorithms are now in use that can use metadata in conjunction with public records to determine a person’s identity, even if they only know the phone numbers.  The data on the calls you make, and the calls made by your contacts, and the ones subsequently made by those parties will allow an algorithm can determine to what extent many different people are connected.

Second, text messages are eternal; they are stored by the phone provider and on your phone, along with any and all pictures.  I like to watch the true crime (“dumb criminal”) TV shows in which a woman kills her boyfriend’s wife, then texts him, “Yup, I done killed her dead, I stabbed her 14 times and threw the knife in the dumpster behind the 7-11.”  You should regard text messages as being the equivalent of a billboard next to the interstate highway.  They are never deleted by the phone provider, even If you delete them from your phone.

Third, if your “smart” phone has internet access, all the sites you visit and all your email messages are being stored by your provider, and also on your phone, same as on your computer.   If your “smart” phone can take pictures, each picture is time-tagged along with the location of the phone when the picture was taken.

Fourth, we do not know who has access to all this metadata, and worse than that, we do not know who is recording our phone calls.  What is the possibility that such data could actually be stored?  Most phone calls end up on a communication channel that use the T-1 standard developed in the early 1960’s.  T-1 is a digital stream at 1.544 Mb/s that can handle 24 calls at 64 kb/s each (plus some additional timing and frame synchronization overhead).  Since a byte is 8 bits, T-1 voice channels operate at 8 kB/s.  Let’s suppose you are on the phone for an hour a day.  An hour is 60 minutes, each consisting of 60 seconds, for a total of 3600 seconds per hour.  At 8 kB/s, an hour of recorded voice in digital format would require 28.8 MB of data storage.  If there are 320 million people in the U. S. and each is on the phone an hour a day (assuming both two channels are required to obtain both sides of the conversation), the total storage requirement would be 9.216E+09 MB per day, or 9.216E+15 bytes per day.  A terabyte (TB) is 1000 gigabytes (GB), and a GB is 1000 megabytes (MB).  A terabyte disk drive can be purchased for about $50 retail.  Therefore a TB is 1.0E+12, and thus 9216 one-TB drives would suffice to record in digital form all these phone calls.  Multiply by 365 to get the storage requirement for one year: 3.364 million one-TB drives.  It is not too hard to conceive of a data storage facility with this capacity, given the density of storage units.  Recording and storing is the easy part; it is the indexing and accessing that would present a more difficult problem.  But it doesn’t matter: the fact that it can be done means that you should assume that it will be done, or maybe is already being done.

So, anyone with inside connections, or a cooperative agreement between your phone provider and the government, or your phone provider and a paying corporation, means that sooner or later, anyone who wants the content of your conversations and text messages will be able to get them.  That is leaving aside the current capability of the police to obtain all this if they are granted a search warrant under probable cause.  We do not know if there are any “secret” probable cause standards that may apply.

Once again, there is no reason to assume that corporations or governments (especially foreign governments) are abiding by their advertised “privacy” policies. You do not have the means to force them to prove it.  You should assume they are not abiding by their stated privacy policies, and that any data they possess about you is at least being used for marketing purposes.

So, what can you do to improve your privacy position?  You cannot prevent your phone provider from collecting metadata; that is written into the contract. But you can do several other things:

  1. Get rid of your “smart” phone and go back to the dumbest phone you can find.
  2. Stop texting; if it’s not important enough to talk to someone about, it probably isn’t important enough to bother them with. Go back to having normal conversations like humans are meant to do.
  3. Use your dumb phone to make one or two wrong number calls each day; completely random.
  4. Even if your dumb phone has camera capability, do not take pictures with it. Buy a separate camera for pictures.
  5. If you must have a “smart” phone, use encryption.
  6. No matter what kind of phone you have, turn it off most of the time and use pre-arranged times to turn it on and call people.
  7. Go back to a house phone and minimize the use of mobile phones (if you can afford the extra charge).
  8. Ward off “junk” phone calls by answering them with greetings like “Alien Abduction Hotline”, “Bigfoot Sighting Information Center”, “Internal Revenue Service Audit Division”, “Lucifer’s Mortuary”; and “Ford Pinto Parts and Service”. You get the idea.
Tags: ,
Posted in Bill of Rights, fourth amendment, Privacy | No Comments »

Privacy in the Modern Age, Part 2

Privacy In The Modern Age, Part 2   <– PDF

2          Wrong Attitudes Regarding Privacy

There are some very dangerous popular misconceptions that have served to weaken our overall privacy.  This essay will address four of them, and how, if you’ve fallen prey to one of these, you should consider re-calibrating your thinking on the subject.

I suppose the most common one is “I have nothing to hide, so why should I care what anyone knows?”  That is patently false.  As a matter of principle, you, the citizen, have everything to hide on the grounds that the details of your life are no one else’s business.  They are by definition, only your business, and only those close to you whom you trust to know.  Knowledge regarding you and your family depends on their “need to know”, and you decide who “needs to know”.  Mark “Junior High” Zuckerberg does not need to know how many children you have, or if any of them are toddlers.  Your local sheriff does not need to know where you work or where you live or your occupation.  The members of your local government do not need to know how anything about your income, or how you vote, or if you vote.  Jeff “I own that too” Bezos does not need to know what kind of car you drive, or your opinion on the man-made climate change hoax, or any other opinions you hold.  You business is yours, and theirs is theirs, and the two should never meet.  What do you know about Mark “Junior High” Zuckerberg, or Jeff “I own that too” Bezos, or your local sheriff, or your mayor?  You know virtually nothing about them, other than what they choose to release to the public.  Note the key words: “what they choose to release to the public”.  You should apply the same criteria to yourself and your family: you choose, not them.

Another common falsehood is “I am not a crook, so it doesn’t matter who knows what.”  There are two problems with this one.  First is, given the large mass of confusing and contradictory legislation, court rulings, and bureaucratic edicts, how do you know you’re not a crook?  The truth is, in this modern age, you are a crook if any penny-ante bureaucrat decides to make you a crook, even if you haven’t actually violated any law.  It is not even necessary to charge you with anything; all they have to do is put you “under investigation”, or spread a few rumors.  Enough innocuous information about you can be pieced together in such a way that you appear to be a crook.  The second problem is that even innocuous information can make you a target for blackmail, if it is construed “in the right way”.  Remember, the government already assumes you are a crook, since you are required to sign your tax forms under penalty of perjury.

The third common fallacy is “no one is interested in me”.  The fact is that everyone is interested in you, albeit for different reasons.  The commercial world is interested so they can send you advertisements and sell your data to other advertisers and “interested parties”, although you do not know who the “interested parties” are.  The government is interested because it wants to know who holds what political opinions, which is to say, whether you are a friend or an enemy of the political establishment.  It is worse than that: now that “political correctness” has reached extreme levels, one post on an obscure social media site can get you fired from your job, and it is possible that you could have difficulty finding work.  You can be denied the ability to provide for your family because some screeching moron with political or media connections was offended (or pretends to be offended) by some comment you made.  The lesson here is: if you tell them something, the commercial world will try to sell you something, and the political world will try to regulate you.  Both are equally bad because you, the citizen, have allowed yourself to become a commodity to be used and abused as the powerful see fit.  Since you are the commodity, there is always an interest in you.

The last one I’ll consider is “the government cannot do anything they want.”  How do you know?  Can your mayor call the IRS and get copies of all your tax returns?  Can the local school board access a database and find out if you are opposed to “Core Math”?  There is no way for us, the common citizen, to know if any of these are happening.  Certainly government employees are not going to admit to doing anything that violates their oaths, or that openly violates your rights.  But it would be short-sighted to assume that governments and corporations are not cooperating; a government can hire a private corporation to do indirectly what the government cannot do directly.  No one is going to tell us anything about what the government and corporations are actually doing with any data about us.  There is no reason to assume that corporations or the government are keeping their “privacy” promises.  Therefore, there is no reason for you, the citizen, to tell them anything of value.

There are no doubt a great many other common fallacies about privacy, but I think you get the idea.  Privacy is exactly what it says it means: it is private until you say otherwise.

Tags:
Posted in Bill of Rights, critical thinking, fourth amendment, Privacy | No Comments »