Saturday, November 22, 2008

Data Mining Moves from Big Brother to Baby Brother


In the past we only had reason to fear Big Brother tools from intrusive government spy agencies and monster telco's that invade your privacy by digging into your past and eavesdropping on your digital lifestream with hugely expensive tools and massive databases.

Now we all have reason to fear what might be called "Baby Brother" as more powerful tools are becoming available for free to any script kiddy hacker or truly junior bad guys and mischief makers. New open source snooping software is now available to anyone to easily mine your data and invade your personal, financial and medical privacy.

A Forbes Magazine article published Friday titled, "When Everyone Can Mine Your Data" profiles a former hacker, who is a South African electronic engineer by trade. Roelof Temmingh has created a company around new open source software he developed named "Maltego". He's built a $430 software tool which mines all publicly available databases for data on anyone.

Temmingh has begun selling his snoop software to government agencies for a 10% discount. Clearly he is going the route nobody needs to go with governments, which, rather than use a watered down open source version for free will choose the Gold Plated version that could easily cost a hundred times more.

The point here is that data mining software is becoming available as open source, meaning bad guys will bolt on suddenly available free open source plug-in tools for identity theft and Private Investigators will bolt on the open source PI plug-ins and governments will build their own versions based on the code base that anyone can use and keep those to themselves for whatever invasive purpose they can come up with.

Data mining is definitely here for the masses - but mostly for masses of troublemakers and bad guys.

Labels: , , , , , , , , , , , ,


Save To Del.icio.us    Digg! Digg This!
posted by RealitySEO at 7:11 AM 0 comments

Sunday, July 20, 2008

Private Eye Says Privacy is Dead


This C-Net news article focuses on how simple it is - through social networks, cell phone tracking, security cameras, credit card records, etc. - to learn almost anything about someone being researched or investigated.

I'm actually quite surprised how few TV cop shows or movies about crime solving detectives go into using the web, even though they do quite often show bad guys using technology to hack into places they don't belong and either make their criminal activity easier or to research or commit actual crimes. I always cheer the good guys in their use of the web to solve crimes and stop criminal activity because I'm a technology enthusiast and love that it can be used for good.

Maybe there are just so many times you can show someone tapping away at keyboards and staring at slick user interfaces before television or movie viewers tire of the scene or those inevitably geeky characters doing the typing.

But the point here is not that good-guy/ bad-guy drama of crime-fighting - but how easy it is to access data once it is digitally stored and/or distributed. The ease of access issue is the concern.

We've repeatedly heard the line from data miners and law enforcement that goes something like, "If you have nothing to hide, you have nothing to fear." That is a truism that can't be denied.

The problem for all of us comes when erroneous data or erroneous conclusions are drawn from innocent or incorrect data. The problem comes when that ease of access to data lets bad guys use technology and the web to commit a multitude of crimes.

The problem comes when data is treated with less care than it deserves by those entrusted with it and is either stolen, lost, hacked or otherwise abused due to neglect or bad policy. The problem comes when the public fails to understand how widely distributed their private data can become when posted to the web or sent digitally to anyone, anywhere.

Labels: , , , , ,


Save To Del.icio.us    Digg! Digg This!
posted by RealitySEO at 10:27 AM 0 comments

Friday, July 18, 2008

Privacy Capitulation: Where Do We Go From Here?


The idea that we have any privacy left is becoming sort of a naive and quaint concept. Nearly all services we use routinely can be monitored in real-time or mined from data stored in a multitude of digital storage farms - making digital record of all traffic and content. Phone service has moved to IP telephony, whether that is through Skype, business, home cable or call routers at the phone companies.

Corporate networks monitor employee activity through their computers and phone calls. Your internet service provider knows every web site you visit, every email you send/receive and every file you download and sells all of that data to marketers (in aggregate we are assured - so not just yours - everyone at once) to as many sources as they can find to pay for it. Your bank and/or credit card companies know all details of every electronic transaction immediately.

So that laundry list of potential breaches, security holes, hacks and thefts by both internal and external bad guys grows longer each day.

Recently I've been tempted to sign up for a half-dozen free web services, and due to my very unusual habit of actually reading those long "terms of service" pages presented during sign-up for web-based services or those software "End User License Agreement" (EULA) - which most of us click right past during download or installation to our machines - I stumble across one very common and unacceptable line.

... you automatically grant (or warrant that the owner of such rights has expressly granted) us an irrevocable, royalty-free, transferable and worldwide non-exclusive right and license to use, copy, modify, adapt, publish, translate, create derivative works from and sell and distribute such materials or incorporate such materials into any form, medium or technology without compensation to you. In addition, you warrant that all so-called moral rights in those materials have been waived. None of the materials shall be subject to any obligation ...

Now the above line, along with many variations on the theme, means you are giving up your right to any content you contribute using that web service or software if it comes under the provisions of the contract - yes I said contract, which you are signing by clicking "Agree" during signup or installation of any software carrying that language.

So I've signed up for a couple, realizing that anything I post, record or upload can be recorded, stored and sold. I resolve not to put anything there that I'm not willing to lose or lose money on by selling myself. But my point here is that most users fail, not only to read, but to care about the loss of privacy or content or money due to that ridiculous provision that has become standard for most web services and many EULA's signed by millions of users.

So if nobody knows they are signing away their privacy and sometimes their profits - and even fewer care when they do know - where do we go from here? I don't have an answer and don't expect others to either. It seems we've traded privacy for convenience and in most cases, are willing to make that trade-off in order to use free or ad-supported services or software.

I've given up hope that people will begin to care about privacy until they experience identity theft or get fired from their job or lose their potential profit from great ideas because they traded away their privacy and content rights for that convenience. It's just plain sad.

Scott McNealy of Sun Microsystems said it in January of 1999 - "You have no privacy - Get over it!"

Labels: , , , , , , , , , ,


Save To Del.icio.us    Digg! Digg This!
posted by RealitySEO at 10:03 AM 0 comments

Sunday, April 13, 2008

All Your Datas are Belong to Yahoo: Social=NO Privacy


I belong to and use about a dozen social networking sites, including LInkedIn, Facebook, Plaxo, a bunch of Google services and publicly link to profiles on several that I want to be public. But it wasn't until I visited my settings page on MyBlogLog (a Yahoo owned social network) that I realized how companies hope to "mine" that data and use it for their own purposes.

The first annoyance was when I jumped over to MyBlogLog and was asked for my Yahoo ID - which I begrudgingly provided and thought to myself, "Damn! I wish they didn't own so many things!" From there it took me to a screen with tabs across the top, one of which was labeled "Data Collection" - "Well," I thought, "at least they are being honest about that title - most times it is marked something tame like "Your info" or "Details" - but being charmed by their honesty didn't last long after visiting the page. (shown below)

Data Collection - MyBlogLog
Uploaded with plasq's Skitch!

I noted that I was "Opted-in" by default, realizing that being a part of this community meant sharing my photo or avatar and publicly agreeing to be tracked across the MyBlogLog member communities that I visited. I like this service and use it fairly often. One thing I like is how the service prompts you to "Join Community" after you've visited a blog a preset number of times *(mine is set to 10 visits - but you can choose 5). Alright, I realize they need to track me to make this feature work and I find it useful.

But then I got REALLY disturbed when I clicked on a tab that is benignly labeled "Services" to see a list of over 40 online social sites with those I had previously provided were pre-filled with each of my identities and/or URL's. But then I started to scroll the list to see over 40 other services listed, including OpenID, Plaxo and other aggregators. This is a bit much - what does this do to improve the MyBlogLog user experience? It seems to me that it only helps Yahoo track members of MyBlogLog - no?

Edit Services - MyBlogLog
Uploaded with plasq's Skitch!

These are hard to read at this size, but click the images to see larger versions. What do you think - is this useful for you as a member of MyBlogLog? How would listing your membership data for all of those services/sites improve your user experience? Am I missing something here? Why are they collecting that data? Why do people provide it willingly? Hmmm.

Labels: , , , , ,


Save To Del.icio.us    Digg! Digg This!
posted by RealitySEO at 10:18 AM 1 comments