Archived Weblog Entry - 08/24/2006: "Heads Up on TCF: HTTPS encryption won't protect your privacy"

[Previous entry: "Heads up on TCF"] [Main Index] [Next entry: "So this is the thinking behind the gutting of the Libertarian Party"]

08/24/2006 Archived Entry: "Heads Up on TCF: HTTPS encryption won't protect your privacy"

SECURE ACCESS WON'T PROTECT THE PRIVACY OF TCF
Bruce Schneier reports on a disturbing but unsuprising paper presented at the latest ACM SIGiR conference. The abstract of You are what you say: privacy risks of public mentions (PDF) describes how easy it is to correlate details revealed under a pseudonym with information associated with your real name. The statement that "This re-identification violates people's intentions to separate aspects of their life and can have negative consequences" is something of an understatement.

Secure access makes it harder to determine what information TCF members (or anyone else browsing "dangerous" websites) are viewing, but provides no protection against traffic analysis. Knowing that someone has viewed umpteen megabytes of material from a site can be enough to arouse suspicion, and in an age of warrantless surveillance of the entire population, mere suspicion is enough to cause plenty of trouble. TOR provides protection against traffic analysis, although it is rapidly falling victim to its own success, as too many people try to use too few servers.

Posting comments, rants, threats (always a bad idea) and opinions about anything and everything from the books one is reading, who attends what meet-ups, to where you buy your gold brings the threat of matching your real name with your screen nym(s). The paper points out that misdirection helps, but use it sparingly; too much or too obvious injection of random noise into the data set can easily be screened out, very possibly by automatic means.

I've lived with the knowledge of this threat for some time. The nature of my work makes me aware of the power and effectiveness of these techniques. That little revelation encapsulates the nature of the threat. How many people get paid to perform advanced statistical analysis of the behavior of squid bloggers? I accept the risk; free men don't live in fear. But it certainly changes what, when, and how I write, both as Silver and under my real name. Clearly this threat produces "a chilling effect" on free speech.

Blissfully ignorant Jim counsels "Strike no man, do no man wrong, be content with your wages. Problem solved." If only it were so. Our prisons, official and secret, overflow with people fitting that description.

In an era where people are arrested or even summarily executed by police for any reason, or no reason at all, the additional risk is not large. If they want you, they will come and get you, and quaint rituals like warrants, showing probable cause, or trials no longer restrain our masters. Still, it's worth remembering that everything you read, everything you write, and everything you say can and will be used against you.

Posted by Silver @ 07:07 AM CST
Link