Digital Breadcrumbs

Discussion in 'privacy technology' started by Rmus, Dec 6, 2014.

  1. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I just read this article, and was surprised that anonymity is more difficult to achieve than I previously thought.

    -rich

    Digital breadcrumbs
    http://passcode.csmonitor.com/anonymity
     
  2. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Defending ones privacy or anonymity is much harder than defending against malicious code. That said, there's a growing overlap in those goals, especially when "official" malicious code is used to destroy ones ability to be anonymous.
     
  3. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    One big problem not mentioned in the article is how our basic tools (browsers, operating systems, security apps, etc) are steadily becoming hostile to anonymity and privacy. With browsers for instance, the user has to fight their way through the settings in order to stop the browser from calling home and literally announcing themselves the moment that they're launched. Other allegedly secure browsers won't completely obey their own proxy settings. Still others are selling us out to advertisers, which will feature-creep its way into allowing them to track and datamine us. Even when you get all of the leaks fixed, will they still be fixed after the next update?

    Likewise the operating systems record our every move. Like browsers, they call home and announce their presence when started. They give us eye candy and features while taking away the ability to control them. We disable undesired behaviors only to find that patches and updates often undo those changes.

    Security software is rapidly becoming openly hostile to privacy/anonymity. We have AVs that report and upload the contents of our systems. Some openly look for pirated material. We have security suites and firewalls that can't prevent data leakage or the bypassing of proxies and VPNs. Their HIPS components help eliminate insidious leaks like DLL injection while the firewall component leaves the front door open.

    The "breadcrumbs" are a big problem, especially when our systems are designed to create as many of them as possible.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    As noone_particular notes, there are many sources of "breadcrumbs" for adversaries to follow (OSs, browsers, multimedia apps, security software, etc). And then of course there's your IP address ;)

    The solution, as I've been going on about for years, is compartmentalization of online activity in multiple workspaces, at least VMs, and separate physical machines for better isolation. Network connectivity should also be compartmentalized, with each workspace reaching the Internet through a unique nested chain of VPNs, JonDonym and Tor. Also, software with a money trail to your true name should only be used for true-name activity.

    I agree with Mr. Kaminsky (who is notoriously against privacy, by the way) that "[a]bsolute anonymity is not a particularly achievable thing". Fortunately, however, absolute anonymity is rarely essential, or even important. What's important are pseudonymity, untracability and unattributability, and they are arguably achievable. How hard you must work at it depends on your risk model: what you defend, and against what adversaries, with what resources and capabilities.
    Nobody is seeking anonymity on Netflix :argh: There's a bloody money trail! And even if they were, accessing both Netflix ("anonymously") and the Internet Movie Database (non-anonymously) about the same movies in the same time frame (indeed, even at all) would be really a dumb move :thumbd:
     
    Last edited: Dec 6, 2014
  5. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    You can definitely reduce your digital footprint but not eliminate it completely. Using tools such as TOR, VPNs, Cookie Self Destruct you can create some anonymity but if the NSA really wants to find you there is probably not much you can do.
     
  6. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    When you look at the total of what they're doing and where they're doing it, it appears that they want to know what everyone, everywhere is doing at every moment in real time. It doesn't matter if you're an ally or an enemy, a citizen or a foreigner, civilian or military. Their behavior suggests that they consider everyone a potential enemy. I see 2 possible explanations for this behavior.
    1, They've become totally paranoid and see enemies everywhere they look, whether they exist or not.
    2, They and those they really work for (big money) intend to own and control everything in which case they are the enemy of humanity.
    My bet is on the 2nd option. When you look at all of the pieces and how they fit together, not just those relating to computers and internet, it's the only explanation that fits.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    That's not quite it, I think. Maybe eventually with AI, but for now it's still impossible. What they want first, I think, is to log as much data as they can, and retain it for as long as possible. They don't like to say "I'm sorry, but we don't have the data necessary to answer your question.", and they never ever want to say "I'm sorry, but we can't get the data necessary to answer your question."
     
  8. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    If you look just at the revelations about them and what they alone collect, you might come to that conclusion. They are just part of the picture. Phones and portable devices monitor people's location and movements in real time. So do modern vehicles. If one uses plastic for purchasing or bill paying, our financial activities and status are also monitored in real time. Medical records are going online. They'll include DNA profiles soon enough. People, especially students are being required to wear or carry RFID, making them trackable. These groups are sharing the data they collect and need to be regarded as a single entity.
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I get what you say. The big "they" (the "1%" and their lackeys) collect all that, plus data from drones, airplanes and satellites. Virtually everything, let's say.

    But still, they don't yet have the technology to actually know everything in an actionable way. There's just too much going on in the world. Also, they can't yet store everything indefinitely, just the metadata. And they can't yet decrypt everything, or at least not immediately.

    At some point, there may be strong enough AI. But then the AI will know everything, and will arguably be in charge. Maybe they already are, in some primitive way. Money rules, or whatever ;)
     
  10. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    Yes they are linking device to owner by hardware id's.
    This casts a whole new light on the used PC market.
     
Loading...