The Electronic Frontier Foundation (EFF) has a new tool called Panopticlick that examines you browser configuration (or at least what it announces about itself) and compares against it's database to determine how unique your presense is. It turns out that significant identifying information is available even with IP obfuscation and cookies disabled; Private browsing doesn't quite cut it ...
Is your browser configuration rare or unique? If so, web sites may be able to track you, even if you limit or disable cookies.
Panopticlick tests your browser to see how unique it is based on the information it will share with sites it visits. Click below and you will be given a uniqueness score, letting you see how easily identifiable you might be as you surf the web.[from panopticlick.eff.org]
In case you didn't catch Clinton's address on cybersecurity last night, I'm imbedding it here:
Generally, she's saying the right things -- an open and uncensored Internet is a tremendous force for good in the world. She should also be addressing net neutrality in this context, but I can understand that she didn't want to broaden her scope too much.
Then, a couple of minutes in, she says this:
Now, all societies recognize that free expression has its limits. We do not tolerate those who incite others to violence, such as the agents of al-Qaida who are, at this moment, using the internet to promote the mass murder of innocent people across the world. And hate speech that targets individuals on the basis of their race, religion, ethnicity, gender, or sexual orientation is reprehensible. It is an unfortunate fact that these issues are both growing challenges that the international community must confront together. And we must also grapple with the issue of anonymous speech. Those who use the internet to recruit terrorists or distribute stolen intellectual property cannot divorce their online actions from their real world identities. But these challenges must not become an excuse for governments to systematically violate the rights and privacy of those who use the internet for peaceful political purposes.[Full text of the speech here]
So, privacy, anonymity, and an open economy of ideas is good except when our enemies have it? Despite all of the rhetoric to the contrary, I don't think she really wants a free Internet. She just wants an Internet that promotes US best-interests.
Considering some of the electronic surveillance actions our government took after 9/11, adminishing China is a little bit of the pot calling the kettle black. I was hoping that we'd also take this opportunity to embrace these ideas domestically as well as promoting them overseas.
Embracing a free exchange of information means embracing the exchange of dangerous and radical ideas along with the popular and prosperous ones. You cannot selectively grant privacy and anonymity -- either you support it or you don't.
Clearly, the mortgage industry had its hands full before Friday's arrest of a Citywide Financial Corp. employee for allegedly stealing sensitive personal information for up to two million mortgage applicants.
The FBI on Friday arrested a former Countrywide Financial Corp. employee and another man in an alleged scheme to steal and sell sensitive personal information, including Social Security numbers, of as many as 2 million mortgage applicants. The breach in security, which occurred over a two-year period though July. Countrywide detected the breach and alerted federal authorities, according to Suzy Martin, a spokeswoman for the company. [From Countrywide Financial Insider Steals And Sells Thousands Of Private Customer Records | CyberInsecure.com]
The Identity Theft Resource Center has released the 2008 Breach List. The 117 page document identifies 377 specific breaches that expose 17,011,691 identities as of July 22. It's a very specific and interesting look into data breaches so far this year.
About the center:
Identity Theft Resource Center® (ITRC) is a nonprofit, nationally respected organization dedicated exclusively to the understanding and prevention of identity theft. The ITRC provides consumer and victim support as well as public education. The ITRC also advises governmental agencies, legislators, law enforcement, and businesses about the evolving and growing problem of identity theft. [From Identity Theft Resource Center | A Nonprofit Organization]
Verizon just had a data breach, and they can't blame the technology or attackers.
HAGERSTOWN — A mistake by Verizon that led to the printing of about 12,500 unlisted or nonpublished telephone numbers and corresponding addresses in a telephone book has prompted fear and anger in some of those affected.
One woman, who asked that her name not be used because she feared for her safety, said she began to cry when she learned that her unlisted number and address were printed in the recently released 2008-09 Washington County Phone Book.
* * *
In March, Verizon inadvertently sold the numbers to Ogden Directory Inc. for publication in the phone book, said Harry Mitchell, Verizon's director of media relations.
The phone books were in the process of being distributed by the post office, but Ogden officials last week asked that distribution be halted after the problem was discovered.
There are always going to be studies that show how much data breaches cost companies, mostly because it's a factoid that security researchers think will persuade the C-level types.
The flip side is that the frequency of these data breaches among peer organizations lessen the impact when it "happens here" and that the financial downside is just a cost of doing business.
It can also promote a culture of cover-ups. If it's a common thing, then there's no reason to make a big deal of it.
A recent study by the Ponemon Institute shows, for example, that 55 percent of participants in this study said they had been informed of more than one security compromise involving their personal data over the last two years, and eight percent said that they have been informed of four or more of such compromises.
The Ponemon Institute's study also shows that 63 percent of the survey participants reported that the letters they received after data security compromises had occurred contained no information concerning what to do to safeguard their data afterwards. Furthermore, the majority of the respondents indicated that more than a month had transpired before they were finally informed that their personal data were compromised. At the same time, however, 98 percent of those who had fallen victim to a data security compromise actually became victims of identity theft afterwards. Most significantly, almost one out of every three individuals who were informed of a data security compromise involving their personal data have ceased doing business with the company that experienced the incident. [From High Tower Blogs > Security Insights » Blog Archive » The Business Costs of Security Compromises]
Later today Google is going to preview Friend Connect (it's not live yet at http://www.google.com/friendconnect),
a product that lets any website host OpenSocial applications. These
applications will enable a site's user to interact with their social
network from other sites (assuming they are logged in). Initially users
will be able to see their networks from Facebook (using their APIs),
Google Talk, and Orkut. Future participants will include hi5 and plaxo.
Initially Google will be letting websites in slowly. Upon
acceptance webmasters will be able to submit their website (URL and
name) and select colors. They can then select applications for their
site from a new application gallery.
The user experience is simple. When a user comes to a site in
the Friend Connect program they can sign into any social network that
is sharing their data. Their data is not actually shared with the site.
Impressively Google is supporting OpenID and OAuth in addition to their
own standard OpenSocial.
This sounds like it's expanding identity management from the authentication piece that projects such as OpenID and Shibboleth tackle to explore a richer version of identity.
Recent Comments