Privacy Thread

[The Good Reverend Roger]

Full-Body Scan Technology Deployed In Street-Roving Vans

AS&E's Reiss counters privacy critics by pointing out that the ZBV scans don't capture nearly as much detail of human bodies as their airport counterparts. The company's marketing materials say that its "primary purpose is to image vehicles and their contents," and that "the system cannot be used to identify an individual, or the race, sex or age of the person."

Though Reiss admits that the systems "to a large degree will penetrate clothing," he points to the lack of features in images of humans like the one shown at right, far less detail than is obtained from the airport scans. "From a privacy standpoint, I'm hard-pressed to see what the concern or objection could be," he says.

WHAT THE FUCK WHY DO WE NEED THIS? WHAT THE FUCK! FUCK.

This is what evil looks like.

Well, actually, evil looks like 301,000,000 complacent fatasses that will not only put up with this sort of thing, but demand it.  "Make me SAFE", they say, "and don't worry about who watches the watchmen."

Tyranny doesn't just show up.  It's invited.

[Mesozoic Mister Nigel]

Full-Body Scan Technology Deployed In Street-Roving Vans

AS&E's Reiss counters privacy critics by pointing out that the ZBV scans don't capture nearly as much detail of human bodies as their airport counterparts. The company's marketing materials say that its "primary purpose is to image vehicles and their contents," and that "the system cannot be used to identify an individual, or the race, sex or age of the person."

Though Reiss admits that the systems "to a large degree will penetrate clothing," he points to the lack of features in images of humans like the one shown at right, far less detail than is obtained from the airport scans. "From a privacy standpoint, I'm hard-pressed to see what the concern or objection could be," he says.

WHAT THE FUCK WHY DO WE NEED THIS? WHAT THE FUCK! FUCK.

This is what evil looks like.

Well, actually, evil looks like 301,000,000 complacent fatasses that will not only put up with this sort of thing, but demand it.  "Make me SAFE", they say, "and don't worry about who watches the watchmen."

Tyranny doesn't just show up.  It's invited.

Point. 

[von]

Not to derail the discussion of what the ubiquidous "they" are doing with your data, but what about "grassroots" evildoers? Although I've not read the posted articles detailing the specifics of how facebook's tracking system works, the discussion leads me to the point that they're essentially storing a couple of session cookies which contain (among other things) a unique ID tying that cookie to your account.

Anyway, my point is, assuming I understand this fully, couldn't an attacker hypothetically obtain your account's unique ID (I dunno how itd be done...infosec isn't my specialty afterall) and then essentially modify/spoof one of these cookies and then rampantly impersonate you to make it appear that you're viewing "less than acceptable" materials?

[Cain]

Well...it'd be easier to use it to in order to compromise even more data about yourself and either empty your bank account or sell your identity onto people, but I suppose they could do that as well.  If they were really bored.

[von]

Lol...good point. I guess I got ahead of myself in that the methods used for stealing the cookie's data would probably be the same techniques used to steal financial account data.

A further point I could have made was that perhaps an attacker could set up a site with illegal content on it (CP, drug trafficing etc) as well as one of those "share it on facebook" things and then use your cookie to essentially frame you for looking at truely unsavory materials; but this too is a moot point...I'm sure if you could get enough access to loot and pillage financial data (and this cookie), you could probably plant illegal data onto the machine too...thanks for putting things into a wider perspective.

[Triple Zero]

Anyway, my point is, assuming I understand this fully, couldn't an attacker hypothetically obtain your account's unique ID (I dunno how itd be done...infosec isn't my specialty afterall) and then essentially modify/spoof one of these cookies and then rampantly impersonate you to make it appear that you're viewing "less than acceptable" materials?

No they can't. Because cookies like Javascript are subject to cross-domain restrictions.

The problem is that the FaceBook "Like" button that is so ubiquitous on the web is not just an image, but an IFRAME generated by a piece of JavaScript, which circumvents the cross-domain policy, but only in a one-way manner:

When the IFRAME is loaded, its src attribute points to an URL on a FB domain. The server at this domain receives a request from the user's browser. Because this request happens at a FB domain, the browser sends the FB cookie with this request. This is standard behaviour. The server now knows which FB account this is. But it also sees in the Referer header of the request the URL of the page where this IFRAME has been embedded. Combining these two pieces of knowledge, it looks up how many FB-friends of the user "Like" that Page/URL, then returns a piece of HTML that shows the "thumbs-up" icon and the text "23 of your friends like this" or whatever.

So that's how Facebook tracks your account to every website you visit (that has a "Like" button) regardless of whether you click it or not.

And then it turns out that even when you click "logout" from Facebook, it just marks your session as "logged out", but there's still a cookie that contains your Facebook user-ID. Facebook claims they don't use it to track you even if you're "logged out" (but for some other "technical" reason), but they could, and there's no way to tell.

[Precious Moments Zalgo]

http://venturebeat.com/2010/07/02/facial-recognition-camouflage/

The future will try its best to make us look as outlandish as possible. I'm calling it.

Or just make everybody join the KISS Army

Or become a Juggalo.

[Triple Zero]

http://www.youhavedownloaded.com/

Some Russian developers are monitoring and logging traffic on public torrent trackers, show what you have recently download via the torrents.

You can also enter other people's IP, which is interesting. It doesn't show all torrents, but they claim to be able to monitor about 20% of all public bittorrent downloads.

http://torrentfreak.com/i-know-what-you-downloaded-on-bittorrent-111210/

TorrentFreak got in touch with Suren Ter, one of the site's founders, to find out why they decided to create this spying tool.

"We just want to remind people that the Internet is not a place to expect privacy," he says. "Nowadays many people use it without understanding what information they leave behind. Also, even those who understand choose to ignore it quite often.

Very true indeed. Definitely makes me wonder if I should do something for myself about it. Though my downloads are all relatively tame, and Dutch legislation so far does not target individual citizens, it is only a matter of time, of course.

[Triple Zero]

Their "removal terms" are also interesting, to say the least:

http://www.youhavedownloaded.com/removeme

Requiring to identify by logging into your Facebook account? HA!

It's a fucking brilliant troll.

[Triple Zero]

There's also some evidence (domain registration etc) that they might be an America-based instead of Russian, btw.

Oh and then there's the "don't take it seriously" link/popup at the bottom left:

Don't take it seriously

The privacy policy, the contact us page — it's all a joke. We came up with the idea of building a crawler like this and keeping the maintenance price under $300 a month. There was only one way to prove our theory worked — to implement it in practice. So we did. Now, we find ourselves with a big crawler. We knew what it did but we didn't know how to use it. So we decided to make a joke out of it. That's the beauty of jokes — you can make them out of anything.

However, if you have a better idea — don't hesitate to contact us.

Still, the data is real. Though looking back through my old IPs (mine changes every few months or so), it's really hit and miss.

[Lord Cataplanga]

Still, the data is real. Though looking back through my old IPs (mine changes every few months or so), it's really hit and miss.

Is there a way to find out what your old IP addresses were? Or do you just happen to write yours down every month or so?

I ask because the website says isn't showing my downloads, so I think my IP address changed recently.

[Triple Zero]

Still, the data is real. Though looking back through my old IPs (mine changes every few months or so), it's really hit and miss.

Is there a way to find out what your old IP addresses were? Or do you just happen to write yours down every month or so?

I ask because the website says isn't showing my downloads, so I think my IP address changed recently.

Well, not really. It's cause I'm admin on PD and so I used the "Track User" admin feature on my own profile, which shows every IP I ever posted with

Looking at your profile, indeed it shows a fuckton of different IPs. I'll PM you the list. Unfortunately they're not sorted by date or anything. Figuring out the most recent few is a bit more clickwork.

Remember: While having a dynamic IP is hyper-useful when trolling and circumventing IP bans, it doesn't offer much protection against eventual lawsuits for downloading torrents, because your ISP is required to keep records of (among other things) which IP was assigned to which client during which time-period.

Are you on Linux or Windows? Cause your idea of writing them down makes me think it would be easy + you-never-know-useful to indeed keep track of my own IP per date/time. I mean, if my ISP keeps those records, I should have them too. So I'm gonna write a bash script to do just that--which is for Linux, it can be done with clever batch-files in Windows as well, but you're going to have to ask some other batch-scripting wizard to do it.

[Lord Cataplanga]

Oh, I never noticed I can see my own IP address underneath my own posts (you don't need to be an admin to see your own IPs, apparently).

I use Linux most of the time, but I keep a virtual machine with Windows XP and a cheap(ish) Nokia phone with an EDGE Internet connection for trolling, because there are already too many trolls in my ISP (I am sometimes IP banned in sites I've never visited  )

If you could share that bash script I would really appreciate it.

[Triple Zero]

Oh, I never noticed I can see my own IP address underneath my own posts (you don't need to be an admin to see your own IPs, apparently).

I use Linux most of the time, but I keep a virtual machine with Windows XP and a cheap(ish) Nokia phone with an EDGE Internet connection for trolling, because there are already too many trolls in my ISP (I am sometimes IP banned in sites I've never visited  )

If you could share that bash script I would really appreciate it.

Code Select Expand

#!/bin/bash

cat ips.txt | awk '
END {
    "curl -s http://whatismyip.org/" | getline CUR_IP;
    "date +\"%F %R\"" | getline NOW;
    if (CUR_IP != $3) print NOW, CUR_IP;
}' >> ips.txt

Just needs two things that I haven't completely figured out yet, 1) it needs to be run daily, so it needs to go into the crontab or something, and 2) currently it appends the date+IP (if it has changed) to the file ips.txt in the current directory (which must exist) but I'm not sure what the current directory will be for a script that's run from the crontab so it should be changed to some file with an absolute path (twice), like /home/triplezero/ips.txt or something.

[Lord Cataplanga]

Oh, I never noticed I can see my own IP address underneath my own posts (you don't need to be an admin to see your own IPs, apparently).

I use Linux most of the time, but I keep a virtual machine with Windows XP and a cheap(ish) Nokia phone with an EDGE Internet connection for trolling, because there are already too many trolls in my ISP (I am sometimes IP banned in sites I've never visited  )

If you could share that bash script I would really appreciate it.

Code Select Expand

#!/bin/bash

cat ips.txt | awk '
END {
    "curl -s http://whatismyip.org/" | getline CUR_IP;
    "date +\"%F %R\"" | getline NOW;
    if (CUR_IP != $3) print NOW, CUR_IP;
}' >> ips.txt

Just needs two things that I haven't completely figured out yet, 1) it needs to be run daily, so it needs to go into the crontab or something, and 2) currently it appends the date+IP (if it has changed) to the file ips.txt in the current directory (which must exist) but I'm not sure what the current directory will be for a script that's run from the crontab so it should be changed to some file with an absolute path (twice), like /home/triplezero/ips.txt or something.

Strange. When I visit http://whatismyip.org/ with my web browser, it gives the correct IP (it matches the one at the bottom of my post), but when I do this:

Code Select Expand

curl "http://whatismyip.org/"
on the command line, it says 46.22.211.117 

Oh, well, guess I'll just have to lurk less and post more