Home About Meetings FOSS

March 24th 2010 Privacy and the Web

Posted on March 26, 2010
( 3 minute read )

Alice told the story of privacy and the Web. In the beginning, ownership was confined to a few with most people in serfdom; then mortgages allowed people to begin to own things. In computing, one started with the mainframe where you didn’t own anything; then people got PCs which allowed them to own the hardware but not the code; Linux allowed people to own the hardware, the code and the data. With Web 2.0 you once again don’t own the hardware or the code or even your data; with the cloud you don’t own the hardware. In future IPv6 will be able to be used as ID numbers.

The Internet is a public place on which traffic can take many alternative routes; anyone could be intercepting what you have sent; its structure is constantly changing because its original design was [deliberately] naïve and not fixed. TCP/IP has a private flag but all that means is ‘Don’t listen.’

Web 2.0 was not designed with privacy in mind; there is always something new because, the more that is connected, the easier things can spread.

In response to a question, he said that Internet banking is relatively secure.

Encryption is the first step to privacy but that can easily be broken. Even if you are sending encrypted data, someone else can see with whom you are communicating, the size of the data and your IP numbers. When online, start by managing cookies, using an adblocker and using anonymous proxy.

The top five ways of protecting yourself are to:

Tor is an online anonymous service comprising software, a network and a protocol. It is open source and run by a community of researchers, developers, users and relay operators. It has received funding from the US Department of Defense and the Electronic Frontier Foundation, Voice of America, Google, etc. The fact that you are using Tor is obvious because the last link is unencrypted.

The Tor network benefits from having a lot of users who collectively generate ‘white noise.’ Because Tor nodes are constantly joining and exiting, it is very difficult to track. The information at the exit node can prove that someone is using Tor. You can operate a Darknet by never leaving Tor, using hidden services, Dn42, etc.

Telecoms interception is widespread with commercial interception hardware being sold by Nokia and Siemens. You can use GPG encryption but one of the problems in setting up authentication is that chains of signed keys enable people to see who you know.

Stylometry allows you to check a person’s identity with 6,500 words.

There is also Wikileaks — which looks like ending up in Iceland.