Commercial Aviation reports that:
Advertising in security checkpoints will be coming to an airport near you under a proposed Transportation Security Administration pilot program. … “TSA plans to launch a one-year pilot program where airport operators may enter into an agreement with vendors, who will provide divestiture bins, divestiture and composure tables, and metal-free bin return carts at no cost to TSA,” said spokeswoman Amy Kudwa. “In return for the equipment, TSA will allow airport operator-approved advertisements to be displayed on the bottom of the inside of the bins.” An initial test at Los Angeles began in July 2006, said Kudwa. TSA is holding an Industry Day Jan. 11 at its headquarters in Arlington, Va., for those interested in participating in the program.
(HT: Homeland Stupidity). What a great idea! First, entrap travelers in a security theater. Second, further annoy them with advertising. Here’s a recommendation to further fine-tune the program: Select passengers for in-depth screening on the basis of their ability to repeat the ad messages! If you can’t recall the ads, chances are that you are either a terrorist or in some other subversive manner harbor anti-consumerist attitudes. Either way, your bag needs some serious searching. And I thought the aptly named Captivate elevator TV screens recently installed in my building were annoying. Well, never underestimate human ingenuity.[tags]security, airport, TSA[/tags]
Published on
November 2, 2006 in
Privacy.
Privacy International published an interesting survey of the degree of informational privacy afforded by various countries to its citizens and the pervasiveness of electronic surveillance. Here are the key findings:
- The two worst ranking countries in the survey are Malaysia and China. The highest-ranking countries are Germany and Canada.
- In terms of statutory protections and privacy enforcement, the US is the worst ranking country in the democratic world. In terms of the health of national privacy protection, the US has been ranked between Thailand and Israel.
- The worst ranking EU country is the United Kingdom, which fell into the “black” category along with Russia and Singapore. The black category defines countries demonstrating “endemic surveillance”.
- Despite having no comprehensive national privacy law, the United States scored higher than the UK. Thailand and the Philippines also scored higher than the UK.
- Argentina scored higher than 20 of the 25 EU countries.
- Australia ranks higher than Slovenia but lower than Lithuania and Argentina. New Zealand ranks higher than Australia and has an equivalent ranking to the Czech Republic.
Here is the ratings table and a map based on the chart. If I was managing an email service provider in Germany, such as GMX, I would start marketing the comparative advantage in terms of privacy protection to US customers. (Hushmail, a great Canadian service, is already doing it.)
[tags]privacy, hush, gmx, surveillance[/tags]
Technology, not law, is the only reliable means for ensuring privacy. For example, take this excerpt from the fairly standard privacy policy of a provider of anonymous internet surfing:
[W]e disclose personal information only in the good faith belief that we are required to do so by law, or that doing so is reasonably necessary to: comply with legal process; respond to any spamming and related abuses of netiquette claims; or protect the rights, property or personal safety of [our company], our customers, or the public.
This affords virtually no protection. “Good faith” is primarily defined by the absence of outright bad faith — not a particularly taxing standard by any definition. And “reasonably necessary” is pretty much any means that is not obviously unrelated to the ends of protecting “the … property … of [our company], our customers, or the public.” And, of course:
[We]reserve[] the right to disclose your information … [w]hen required by law or by order of a court.
In practice, the company is free to turn over personal user information to any number of third parties, including the government, if (i) there is any claim to a right to receive that information made by the third party, which passes the red face test; or (ii) the disclosure would promote the protection of someone’s rights or property, and not be obviously frivolous or abusive.
Don’t get me wrong. I am not faulting the company, these are the good guys. It just goes to show that meaningful online privacy can only be ensured by technological means, in particular encryption and anonymous architectures such as Tor, which hide a user’s encrypted communication in a cloud of others. When it comes to online privacy, the law has deserted us. But not all is lost. Compare the above privacy policy with this legal and technological privacy architecture from CryptoHeaven:
We would like to stress that confidentiality of your data is mostly protected by our encryption technology and not entirely by our policy. Technology prevents us from accessing your data in the plain form. Your data stored on our servers is always encrypted, including message subjects, message body, file data, file names, file descriptions, folder names, folder descriptions, contact names, various keys and other information. Service administrators have access to the encrypted files, but its content is illegible to them without your user name and your passphrase. Your passphrase is never transmitted to us in a plain or encrypted form. CryptoHeaven has strict protocols that limit access to collected information. Only selected administrators have access to the user database itself. CryptoHeaven never associates IP addresses with user accounts, we never log demographic user access trends or user access times.
As a user I prefer the “we can’t” to the “we won’t” any day.
[tags]privacy, anonymity, surfing, nsa, eff, CryptoHeaven[/tags]
Published on
September 12, 2006 in
Privacy.
The EFF just published a six step program for protecting online search privacy, an increasingly important issue that we covered on this blog just a little while ago. The tips are:
- Don’t put personally identifying information in your search terms (easy)
- Don’t use your ISP’s search engine (easy)
- Don’t login to your search engine or related tools (intermediate)
- Block “cookies” from your search engine (intermediate)
- Vary your IP address (intermediate)
- Use web proxies and anonymizing software like Tor (advanced)
Few people realize how pervasive the threat to their privacy from associating search terms with their names really is. Part of the problem is that “privacy,” at least in the US discourse, has little emotional resonance. What we are really talking about here is the potential for blackmail and persecution — either today or decades from now, either in the US or abroad.
[tags]privacy, eff, google, search[/tags]
Published on
August 26, 2006 in
Privacy.
Freenigma is an ingenious little Firefox plugin that simplifies the social networking aspect of public key cryptography. At this point, Gmail, Hotmail, and Yahoo Mail are supported. Here is how it works. First, type your email as usual:
Then, hit encrypt to get a PGP encoded message.
The recipient hits “decrypt,” and that’s it. Freenigma is not a substitute for end-to-end encrypted communication, for example, the To: and From: fields of the email are still plaintext. But for the occasional sensitive message, Freenigma is a great, minimally intrusive solution.[tags]privacy, freenigma[/tags]
Published on
August 13, 2006 in
Privacy.
Internet privacy always entails a tradeoff between usability and anonymity. That tradeoff differs from application to application and from website to website. One of the greatest threats to privacy are personalized search histories. The latest AOL privacy breach is a vivid illustration of how much we reveal about ourselves through the use of search terms. Here is a practical, middle of the road setup for safeguarding your privacy against personalized data collection by search engines.
- Get Firefox. Really, that should be a no brainer.
- Install privoxy and tor. This is child’s play with the new installer package.
- Install foxyproxy. Amazingly, the zero configuration tor/privoxy wizard actually works. The great thing about foxyproxy is that you can designate individual sites that will be accessed through tor/privoxy.
- Add
*google.com/* to the whitelist, so that all google searches will be routed through tor/privoxy.
- Have Firefox delete all cookies upon exit. (Whitelist those sites whose cookies you wish to accept.)
- Have Firefox block all cookies set by
mail.google.com and gmail.com
As (6) effectively disables Gmail on Firefox, use Safari or IE to access Gmail. Using two browsers is essential, because once you log into Gmail, Gmail sets a cookie. Any search that you run in Google after starting Gmail will be linked to your Gmail identity. (Don’t believe me? Open Google in one tab, then log into Gmail in another tab. Return to Google and run a search. Your name will show up in the upper right hand corner.) The two browser setup effectively quarantines the Gmail session cookie.
Some might ask, sensibly, why I even use Gmail if I’m concerned about privacy. First, Gmail is far and away the best web based email client. I love it. It is a technological marvel. Second, I am not particularly concerned with email privacy, at least not with my private email. If I want some real privacy then I can (and do) encrypt my messages with PGP.
Another solution is provided by scroogle.org. Their search bar plugin is the way to go on computers, where you can’t install privoxy/tor (e.g., in the office).
[tags]privacy, tor, privoxy, eff[/tags]
