Iran criminalizes Facebook

Iran is going from censorship to arrests of Facebook and other social media users.

More at ThePrivacyBlog.

Comment /Source

Lance Cottrell

I have my fingers in a great many pies. I am (in no particular order): Founder, Angel Investor, Startup Mentor/Advisor, Grape Farmer, Security Expert, Anonymity Guru, Cyber Plot Consultant, Lapsed Astrophysicist, Out of practice Martial Artist, Gamer, Wine Maker, Philanthropist, Volunteer, & Advocate for the Oxford Comma.

Canada now has some right to internet anonymity

An interesting Canadian ruling supporting the right to privacy in information stored by Internet providers. I think this is going to be a trend. We all keep so much in the cloud these days.

More on ThePrivacyBlog.

Comment

Lance Cottrell

I have my fingers in a great many pies. I am (in no particular order): Founder, Angel Investor, Startup Mentor/Advisor, Grape Farmer, Security Expert, Anonymity Guru, Cyber Plot Consultant, Lapsed Astrophysicist, Out of practice Martial Artist, Gamer, Wine Maker, Philanthropist, Volunteer, & Advocate for the Oxford Comma.

Iraq starts censoring social media

Comment

Lance Cottrell

I have my fingers in a great many pies. I am (in no particular order): Founder, Angel Investor, Startup Mentor/Advisor, Grape Farmer, Security Expert, Anonymity Guru, Cyber Plot Consultant, Lapsed Astrophysicist, Out of practice Martial Artist, Gamer, Wine Maker, Philanthropist, Volunteer, & Advocate for the Oxford Comma.

Fourth Amendment to protect cell location information?

My latest ThePrivacyBlog post is on a recent court ruling protecting cell tower location information

Comment

Lance Cottrell

I have my fingers in a great many pies. I am (in no particular order): Founder, Angel Investor, Startup Mentor/Advisor, Grape Farmer, Security Expert, Anonymity Guru, Cyber Plot Consultant, Lapsed Astrophysicist, Out of practice Martial Artist, Gamer, Wine Maker, Philanthropist, Volunteer, & Advocate for the Oxford Comma.

DHS will start swiping the cards in your wallet at the border

According to this Forbs article, DHS is going to start checking your cards at border entry points. They are doing this to find pre-paid / stored value cards which need to be declared like you would cash (you would, right?).

My worry is that this may allow them to capture account numbers and other information from any other cards that they swipe while checking to see which cards meet the criteria.

Comment /Source

Lance Cottrell

I have my fingers in a great many pies. I am (in no particular order): Founder, Angel Investor, Startup Mentor/Advisor, Grape Farmer, Security Expert, Anonymity Guru, Cyber Plot Consultant, Lapsed Astrophysicist, Out of practice Martial Artist, Gamer, Wine Maker, Philanthropist, Volunteer, & Advocate for the Oxford Comma.

Why is the population getting so much older on average?

Planet Money has a really interesting interactive infographic showing how lower birthrates is giving rise to a rapidly increasing ratio of elderly to working age people.

Comment /Source

Lance Cottrell

I have my fingers in a great many pies. I am (in no particular order): Founder, Angel Investor, Startup Mentor/Advisor, Grape Farmer, Security Expert, Anonymity Guru, Cyber Plot Consultant, Lapsed Astrophysicist, Out of practice Martial Artist, Gamer, Wine Maker, Philanthropist, Volunteer, & Advocate for the Oxford Comma.

No warrant to place a surveillance camera on your property?

CNET has a article on a district court ruling that it is OK for the DEA to place a surveillance camera on the suspects property without a warrant.

Wow.

I am amazed by how hard law enforcement resists having court oversight. It is the only reliable check we have on their activitie

Comment

Lance Cottrell

I have my fingers in a great many pies. I am (in no particular order): Founder, Angel Investor, Startup Mentor/Advisor, Grape Farmer, Security Expert, Anonymity Guru, Cyber Plot Consultant, Lapsed Astrophysicist, Out of practice Martial Artist, Gamer, Wine Maker, Philanthropist, Volunteer, & Advocate for the Oxford Comma.

My philosophy on privacy, anonymity, Anonymizer, and Ntrepid

I have recently seen chatter suggesting people are confused about my thinking and allegiances on various privacy issues. 

 

First, a few core beliefs that form the axioms underlying my actions and positions.

 

I believe that:

  • The basic design of the Internet and the protocols that run on top of it make it the most privacy hostile major communications media ever used.
  • Censorship and widespread surveillance are inimical to free speech and free expression.
  • Personal privacy is critical to our social, societal, and mental health.
  • There are criminals, terrorists, and governments whose activities will undermine the quality of life for myself, friends, and family.
  • Law enforcement and intelligence organizations are a necessary part of a functioning society.
  • Governments and other organizations are made up of real people with real and diverse opinions and are not monolithic entities and edifices of conformity.
  • If data is valuable to someone, and is sitting around in a database or other storage, it is very likely to be compromised at some point, in some way.

 

So, these basic tenants lead me to take the following opinions:

Individuals need the ability to robustly protect their privacy when engaging on-line. While not all areas of the Internet are appropriate for anonymity (I really want my bank to make sure it is me accessing my accounts), anonymity / pseudonymity should be an option in most social spaces on the Internet.

Not only are most websites not inclined or incentivized to help you be anonymous, but the very structure of the Internet encourages detailed logging such that creating anonymity friendly systems is quite hard.

All providers of privacy services are fundamentally saying “trust me and I will protect you.” Any claims about how a service works rely on the operator to have actually implemented the system as claimed. At the end of the day this is only backed up by the reputation of the operators of those systems. Choose wisely.

Criminals and other “hostiles” are indiscriminate in their use of technologies. They will use the best tool for any job. The Internet is no exception to this rule. While there is a long history and extensive precedent for plain clothes and under cover police and intelligence activities in the meatspace, the same is not true for cyberspace. Yet, the same need applies. If one is trying to engage with a criminal on the Internet, doing so as a law enforcement officer, from known law enforcement IP addresses is going to imperil the investigation at the very least.

 

What does this mean for me and how I comport myself?

I have chosen to very publicly back the Anonymizer.com privacy services with my personal reputation. I have been active in the personal privacy space since I started running anonymous remailers as a grad student in 1992. I have been creating new privacy services since I wrote Mixmaster in 1993. I created the “Kosovo privacy project” during the Kosovo conflict to enable people in the country to report on atrocities going on. I have provided multiple anonymity and anti-censorship tools for the Chinese and Iranian people, protecting hundreds of thousands of their citizens against their own country. Human rights and free speech are passions of mine. Anonymizer.com itself has protected countless numbers of users of its services. In all that time there has never been a case where we have violated the privacy assurances we have made to our customers. This is not because we have not been tested. Anonymizer is regularly subpoenaed for information on our customers’ activities. Compare this to a relative newcomer “HideMyAss.com.” They, as it turns out, did keep logs and were compelled to compromise the privacy of a member of LulzSec. There are numerous examples of TOR exit nodes monitoring and even altering traffic. With a much longer and weightier track record, you will find no such incidents with Anonymizer. It is logically impossible to prove a negative, but our history speaks volumes. Anonymizer will never provide a back door or violate any of our privacy assurances while my name is attached to it. Reputation is hard to earn and easy to squander. It is my personally most valuable asset.

Law enforcement and other government entities need anonymity and pseudonymity tools too. In their cases the people trying to pierce the veil are often much more motivated, skilled, funded, and resourced, than those tying to identify ordinary individuals. It is not practical, reasonable, or desirable to have these groups simply ignore the Internet in the scope of their responsibilities I have been involved in the creation and operation of numerous tools to enable such organizations to do their jobs on-line as they do off-line. In working with these people I have discovered that they are “people.” They hold diverse opinions about privacy and anonymity. Many are personally closely aligned with my beliefs. They are also tightly constrained by legal limitations on what they can do. Watching my U.S. government customers struggle with their legal departments to do even the simplest and most innocuous activities, while very frustrating, makes me sleep much better at night.

While there have certainly been times when the U.S. Government has overstepped its authorities, they are rare, and we know about these because they came out. The diversity of people in these organizations makes any of the grand conspiracies I see discussed on the Internet absurd on their face. Secrets are either known by very few people and thus limited in scope, are reasonable to just about everyone who all agree they should be kept secret, or will get leaked or blown in some way.

Some users of my personal / consumer privacy services see themselves as in opposition to some or all of my corporate or government users, and vice versa. I think both are important and I protect the anonymity of all of my customers equally. There is no “crossing of the streams.” None of my customers get any special insight into the identities or activities of any of my other customers. As above, there are no secrets like that which would last very long, and it would destroy my reputation. 

 

Honor, reputation, and a man’s word being his bond may be very old fashioned ideas these days, but they carry great weight with me. I hope this clarifies where I stand.

Ulf Möller found murdered

Another of the key contributors to the Mixmaster Remailer project has died violently. Ulf Möller was found dead in his car in Eastern Germany. Apparently the victim of a robbery / murder.
Here are some reports of the incident (in German):
http://www.ndr.de/regional/schleswig-holstein/trittau115.html
http://www.ln-online.de/lokales/stormarn/3339992/die-polizei-sucht-ulf-moeller-aus-trittau
http://www.mz-web.de/servlet/ContentServer?pagename=ksta/page&atype=ksArtikel&aid=1321007898341

DOJ want to criminalize fibbing

Declan McCullagh in CNET reports that the Justice Department is pushing an absurd over broadening of the CFAA to criminalize violating website terms of service agreements.

The idea would be to treat all website terms of service as contracts fully limiting access to the site, therefor any violation of the TOS would be unauthorized access (A.K.A. Hacking) which is a felony.

Don't lie about your age, weight, height, or job title on that dating site!