View Single Post
Old 10-30-2011, 03:54 AM   #12
jobleau
Tiny Dick Ultimate User
 
jobleau's Avatar
 
Join Date: Mar 2010
Location: Near Montreal, QC
Posts: 560
Default

Quote:
Originally Posted by hoverfly View Post
Invitation:
I would like to invite anybody with any insight into these security/privacy issues to share the knowledge with the community.
Looks like Hoverfly pushed one of my buttons...

I posted a few things so far. Hopefully, they might help some people. But at the same time, I realize most people don't really know how it works and what can happen.

While I won't pretend to know it all, after 25 years earning a living in the computer technology industry I sure learned a few basic things/facts and I'd like to share some of them.

Disclaimer: This is a long post. I can only hope the system can take it. And if you don't care about your privacy, don't bother reading it.

First and foremost, there are no possibilities of real PRIVACY on the net. Face it. I'm sorry to blow that whistle on you if you weren't aware of it, but that's how it is... But don't get paranoid either. Not everyone is after you personally. Yet, in a somewhat impersonal way, well, they are pretty much all after you...

Why is there no privacy possible on the net? For a very simple reason that I mentioned in a previous post:

Quote:
Originally Posted by jobleau View Post
Most people don't know or realize it but there never was any privacy on the net. From the very beginning, the second you're connected, you're traceable and and most likely will be. This is normal too as it comes from the technology that connects it all. If you want a specific page, the server needs to know where to send it for you to see it.
Let's try an analogy. If you want someone or an organization to be able to reach you, you will provide them with some means of contacting you, a phone number, an address. Your bank or suppliers request that from you and that's pretty normal. Obviously, if you want to receive your electrical bill, they need to know at least your address.

And if you move/change phone number, you need to advise them.

- Reality check:
While these (phone number/address) may seem somewhat private to you (hey, they do refer directly to you, and you only give them to whom you want to right?) these are actually stored in databases with pretty much all the organizations you deal with and also in the rather easy to access phone book, be it printed or on the net (just try searching your
name/phone number/address on the net. You'll be amazed at what you can find that is publicly available. Hell, you'll even find a view of your house on Google Street. But be aware your searches will be indexed and stored somewhere.).
- End of Reality check

So, as I said earlier, face it. There is no real world privacy as you need to divulge contact information at least to some people/organizations. I mean, to be totally anonymous in the real world, you'd have no phone, no address, no bills, not even a birth record. In such a case, you would not exist and you sure would not be reading this.

Now, there is a very subtle difference between the real world and the virtual world of the net. Even if you were homeless, had no phone or anything else traceable in the real world, the very second you'd connect to the virtual world, with whatever device you want, you'd get assigned an address (called an IP address). You don't even have a choice. That is how it works, pretty much as turning a light on by flipping the switch or starting your car by putting the key in the ignition and turning it. You do it, it happens. Period. Simple enough I hope.

So here you are with that nifty so called virtual IP address that allows you to communicate with the rest of the virtual world. And that IP address gets logged pretty much everywhere you'll go on that beautiful virtual world.

Herein lies the lack of anonymity that most people might think they have. IP addresses have been logged on servers since the very beginning of the internet, even before it became mainstream in the early 1990's.

A little sidetrack...
Quote:
Originally Posted by hoverfly View Post
2. More and more connections these days come with a static IP address, Sky, Virgin and all other cable providers will assign you a permanent IP address. Basically a unique address on the web, so that servers know who requested a page and where to send it to.
This is partially but not really true. Most connections actually get a dynamic, rather than a static, IP address, whatever your provider is or the technology used to connect to it. I won't get into the details but usually, only corporate/businesses get a fixed IP. 99.9% of individuals get a dynamic address under a dynamic protocol of some flavor (DHCP, PPOE to name some). These protocols allow for a leasing period of the IP address assigned when you connect. The default for the leasing period usually is 24 hours but this is configurable. So if you don't disconnect, or reconnect within the lease period, you will end up with the same IP address. That may very well look like you're getting a static IP. But in reality it's not the case. Note your IP address. Shutdown everything and go for a vacation for a week. Then reconnect when you come back. If you get the same IP, then your provider either really assigned you a static IP or their lease rate is unusually higher. With the current shortcomings on IP V4 addresses, the later would be very unlikely.

Yet, that been said, whatever IP you get does gets logged everywhere you go. And that is only the beginning...

More and more organizations try (and succeed) to track IP addresses movements on the net.
Quote:
Originally Posted by jobleau View Post
If you don't believe all this, have a look at PrivacyChoice - Making privacy easier. It will give you some hints.

If you are using Firefox and want to be flabbergasted by a visual representation of who is tracking you, go there https://secure.toolness.com/xpi/collusion.html, install the addon, let it run while you do your usual surfing and you'll be amazed.

Happy surfing, and beware, especially those 'Like' buttons.
I don't want to make a case of who's doing right or wrong here. But communication technologies have brought as much bad stuff as they've brought good stuff. Problem is, the bad stuff is not readily advertised on your local news. So you have to watch for it. There is a saying that goes by "If it's too good to be true...". I find it so applies to
communication technologies. Another popular quote from an American series also apply here: "Trust no one". And the "one" here is not so much an individual than a corporation. Here is an outstanding example: Mark Zuckerberg, the creator of Facebook:
Facebook's Zuckerberg Says The Age of Privacy is Over

At least he is being up front about this, contrarily to most other sites. Yet, that does not mean he is right or that I agree with him.

Just check these:

facebook privacy issues - Google Search

That might open your eyes on a certain number of things.

My pet peeve is that all these nifty corporations (insert whatever names you feel like here) are actually gathering data about us in all manner they can and they are using this data for their own profit while we, end users of their products, have no say about that. In my mind, this is just plainly morally wrong.

Have a look at these:
online privacy issues - Google Search

You'll find many places you're dealing with in there. And they all do it.

Now that I got you paranoid, you're probably going to try to find some smart way to bypass all this. Pretty much like using a PO address instead of your actual mail post address.
Quote:
Originally Posted by hoverfly View Post
7. Should you be familiar with the process, you might want to go through a web based proxy server. All you page requests will then be addressed to the IP of that server and not the one at your home. Only the proxy will know where the data eventually ends up, so be careful who you trust.
Nice try. But no cigar!

Services like these can be full of deceptions:

privacy tools - Google Search
And so called anonymizer tools are not reliable. Even The Onion Router (known as TOR) is not perfect:
Tor (anonymity network) - Wikipedia, the free encyclopedia

Quote:
Originally Posted by hoverfly View Post
5. This may prove diffcult but whenever you can, avoid google as a search engine full stop but then don't just move to yahoo, they are just as bad. Try https://ixquick.com instead, they are publicly funded and will never store your IP.

Also, as you may have noticed, you can use a secure HTTPS connection to their server.
Now, that is an interesting find. I'll have to investigate that.
jobleau is offline   Reply With Quote