Some things to consider
From
Hal <pearrow@nvbell.net>
Date
Sun, 06 Aug 2000 19:08:08 -0700
[: hacktivism :]
I agree with the analysis of jjf, copied below. I have never bought
into the paranoia about Echelon snaring everyone by monitoring every
single e-mail that passes beyond your own personal server. These
numbers are simply overwhelming. If Echelon kicked out even 10,000 U.S.
messages a day, that would require humans to review them. Perhaps
100-500 a day would be identified for further study and I think you
begin to see the overwhelming personnel requiring just to run down
e-mail messages, not to mention all the other more immediately critical
jobs facing the FBI, et.al.
No, the problem, as jjf identifies, is the enormous amount of data that
can be identity-specific. *Once someone comes to the attention* of an
investigative body, they have at their fingertips almost everything a
computer user does during his day. Couple that with the Clipper Chip
and Carnivore, and that person's life is an open book.
But it's not nearly as bad as indicated in "Enemy of the State." At
least it doesn't have to be. They're not going to know your shoe size
is 10 unless you buy your shoes over the net or unless you give it to
some national chain for their data banks. In fact, it's possible to cut
off almost all collection of personal information. Here are some things
to consider doing:
1. Tell Radio Shack (and others) to drop dead. You don't have to give
them your name, address, etc., and allow them to accumulate your buying
patterns for the stores to share and for them to sell. I don't even
argue with them. I give them phony information. Let them put that into
their computers and stuff it.
2. Pay cash. It's not illegal. When I go out shopping, I usually go
to my bank's friendly ATM and draw out approximately what I think I'm
going to need. Sure, they can get at the fact I've drawn out $80, but,
for what? For the most part, I've stopped leaving an easily obtainable
trail through credit-card or check-card use. Saves interest, too. Look
at your next VISA statement. It's not that I'm buying an illegal pair
of shoes. It's just that they have no right to my "personality."
3. Use a Proxy service on your computer. This is simple to do and
virtually unnoticeable in operation. Without one, info is collected at
your site (for sale) concerning your using of news groups and also can
be done for your e-mail and each site you visit. *And,* each time you
visit a commercial site and some non-commercial sites, your e-mail
address is collected by them and can be traced back to whoever you are.
A proxy stops this. Each time you call up a news group or a URL, the
request through your server is for the proxy -- you go to the proxy a
lot but nowhere else. The proxy receives your request and fulfills it.
Also, and most important, a proxy blocks your trail to your site. When
they go looking for you, they get the proxy's address, not yours. A
proxy can also speed your internet connection any time you are
downloading. In copying something from a site, you actually copy it
twice -- once in the folder and again into a cache file. The proxy,
because of the lack of link, dumps that second copy before it gets to
you.
4. Use Hotmail or a similar server. If you worry about your e-mail,
Hotmail or a similar service is ideal, but have a proxy first. Once
your proxy is in place (absurdly simple), call up Hotmail and establish
a free mailbox using phony information. Hotmail won't know who your are
since you establish a phony name and the proxy blocks an attempt to
trace it back. Another solution is to have your computer encrypt your
e-mail but you would first have to provide a "certificate" to each
person receiving your mail. Yet another possibility is to use a
re-mailer, which strips your map lines. Then you would actually write
the e-mail inside the re-mailer, thus ending the trail (including the
ones for Carnivore). Hotmail is simpler. Simpler yet is not bothering
unless you worry about your e-mail.
5. Those "cookies" are killing you. Look at your Temporary Internet
Files. If you're normal, you'll have literally hundreds. Each one is a
doorway into your computer and personal data. In fact, many if not most
of them will cough up essentially *all* information you've ever given to
anyone, including SS numbers, credit-card numbers, bank and visa account
numbers, salary range, etc.
Almost all commercial companies and many other sites place a cookie (a
"temporary" file onto your computer. They can then read whatever you've
ever provided that company and, in many cases, whatever material you're
provided to everyone else.
How often are these bids for personal data? One friend install a
firewall that intercepted those bids, notified the user and asked
whether they are okay. He said that, for the first two weeks, it was
almost impossible to work long on the internet because of the large
number of times the firewall's screen popped into his work to notify him
of attempted intrusions. Only after refusing all did it slow down after
two weeks.
The simplest way to take care of this problem is to first, dump all of
the cookies already in your machine. Delete them from your Temporary
Internet Files. Then there is a place in your browser's preference to
deal with cookies. You can check the offering is several ways up to not
accepting any cookies. That's fine except that some companies simply
won't let you use their sites without being able to place the cookie. I
don't find a problem with that. Other than that, you can check: accept
only a cookie that is limited to access by the company that placed it.
Perhaps the most satisfying way to deal partially with the problem is a
program called Anonymous Cookies. It takes and dumps a large number of
false cookies into your machine. When someone goes to anonymously
collect your personal data, the program gleefully provides them with
tons of false information.
3. A firewall for your computer. Now this one is the extreme and
really only for the most paranoiac or for someone really needing to
protect his/her computer. A firewall stops virtually all incoming bids
by companies and sites for information. No-one gets into your computer
unauthorized; you're notified anytime they try.
It's unfortunate to have to deal with the problem. But it's already
here. As I mentioned as an example above, my friend dealt with dozens
of attempts to raid personal information from his computer in a two-week
period. Be aware, also, that if you ever draw attention from any
authority, they are going to be able to tap into these monstrous data
banks and can detail your routine better that you could.
Hal
[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]