Blog posts tagged "privacy"

Netflix Friends, Privacy, and the Network

January 10th, 2005

One of the things I’ve always kind of liked about Netflix is the curtain of privacy it tosses around your viewing habits. It isn’t like you can rent porn on Netflix, but still you are alone with your tastes and indiscretions. Netflix is in a position to collect incredibly accurate information about viewing habits, because both renting and rating are done in private. Netflix Friends changes that dynamic.

With Netflix Friends you can see what your friends are watching and share your favorite movies with them.

Renting and in particular rating are once again performative acts. There is a real value there, and in services like Audioscrobbler, or All Consuming, or 43 Things, and even the undirected social network sites like Orkut or Friendster, and yet …

I mean, I already maintain a blog, do I really want to share what I’m listening to, what I’m reading, what I’m watching, what I’m working on, and who I know? I don’t know. I just know that even though I’m flirting with Netflix Friends, I am very aware of the virtual clinking of coins, as I barter a little more privacy for a little more leveraged access to the network.

(I also predict that Netflix will over the next 6 months see an increasing disconnect between what people rate high, and what they watch, the Masterpiece Theater vs. Jerry Springer syndrome, and an associated degradation in the quality of their data.)

When Nielsen used log-books to gather information on the viewing habits of their sample families, the results were heavily skewed to Masterpiece Theater and Sesame Street. Replacing the journals with set-top boxes that reported what the set was actually tuned to showed what the average American family was really watching: naked midget wrestling, America’s Funniest Botched Cosmetic Surgeries and Jerry Springer presents: “My daughter dresses like a slut!”

update: tom is already experiencing the “social” side of it all.

MD5’ing IP Addresses is Security Theater

December 21st, 2004

I felt dumb back in 2001 when I suggested that the solution to IMC’s ip address privacy concerns was to use a one-way hash (e.g. MD5), and a few basic facts where pointed out to me.

  • IPv4 provides a total possible search space for ~4 billion highly predictable records, a dictionary style attack against this is well within reason.
  • the effective address space is actually *much* less then 4 billion due to the way that IP addresses are distributed.
  • it is likely that the search space will actually be *drastically* smaller (a few hundred) based on the amount of information the attacker has already been able to gather.

I’m not a cypherpunk, but the numbers kind of speak for themselves. Hashing of IP addresses is useless. Which is why Indymedia doesn’t log IP addresses.

So its a little odd to see that bastion of geeky wisdom Slashdot, talking about how they’ve “voluntarily taken on the privacy burden of MD5’ing incoming IP addresses”.

I guess that prevents against accidental discovery, and maybe thats their threat model. (that must be nice)

This has been a public service announcement.

Tagged: Uncategorized ,

Documentation in the Age of Google

October 21st, 2004

When I was in high school I put some work into my conscientious objector portfolio. I let it slide after a few years when it became clear that CO status was probably going to remain a historical anomaly.

However the BBC’s “Google saves journalist” story makes me think that perhaps the concept isn’t moot, but merely mutated like so much in this modern age.

(alternate title: “You Shall Know Us by Our Pagerank”)

Tagged: Uncategorized , , ,

Zero Knowledge on a Budget

April 8th, 2004

My security culture is lousy, besides some basic self-censorship about what I talk about here on LM a quick Google search can find almost anything you wanted to know about me.

That said I find two websites have become an important part of my daily toolkit.

  • DodgeIt – free, receive-only email. No set up. Check via the web or RSS
  • BugMeNot – community maintained database of website logins, with a simple bookmarklet interface
And they work great together!

Are there other tools people are using?

Tagged: Uncategorized , , ,

Not Welcome

August 9th, 2003

Danny continues to provide interesting coverage of the real life issues dealing with visas, and passports in our new security state. Including the new, amazingly invasive DS-157 form.

A friend of mine was going to drop by while on a trip to San Francisco in a few months. Not anymore. He’s a french citizen living in the UK…And from October the 1st, the US is refusing visa-waivers to anyone without one. You have to get a normal visa. Male visa applicants aged between 16-45 also have to fill in this new extra form, DS-157.

Questions on the new form include:

  • Mother and father’s full name.
  • All the countries you have entered in the last ten years (with year)
  • Your last two employers (with address, telephone number and supervisor name)
  • All professional, social and charitable organisations to which you belong or have belonged, contribute or have contributed or with which you work (or have worked)
  • All educational institutions you attend or have attended (excluding elementary school)
  • A list of specific locations you will visit in the US
Understandably, he objects to filling in this form.

This a gross invasion of privacy, made more shocking by the fact that I probably never would have known it was out there, being an American citizen who can breezily blow through other peoples’ custom lines. (flying in the U.S. is a bit more tricky, involving unpacking every bag I bring, and nearly stripping after being “randomly extra security screening”)

However my first, selfish thought was, “This is going to make it even worse to travel as an American.” We can only abuse other the citizens of other countries so long, before an American passport stops being the gold currency for travelling, and advantage which I’ve always enjoyed. Currently the one downside of travelling as an American is our total lack of decent health care system in this country, which makes it nearly impossible to get health care from overseas providers who know wisely steer away from getting embroiled in the scam that pass for US health insurance. I think its going to get worse though.

Feels like a concerted effort to roll back the positive gains that globalization has made; people travelling and communicating, and learning about their neighbors is bad, only capital should be allowed to see the world.

Tagged: Uncategorized , , ,