Search This Blog

Tuesday, February 1, 2011

week VII Privacy-enhancing technologies

Users of the Internet may or may not be aware that every post that they make to a blog, a wiki, an email or even Web pages that are viewed, can be viewed and saved without the users knowledge. Let’s assume for a second that we are not talking about spying on credit card or bank information, social security numbers or even home addresses. We need instead to talk about the very basics of why privacy is extremely important.


The authors of Digital Privacy: Theory, Technologies and Practices discusses a wide array of privacy issues including but not limited to email, remailers and privacy enhancing technologies. They go on to say that identity theft is the number one growing crime in America today. (Acquisti, Gritzalis, Lambrinoudakis, & Vimercati, 2008) Another alarming fact is that databases are shared between government and private organizations.

The text discusses various types of remailers. Basically, a remailer is a computer service which renders your email private, as technology changed, so did the abilities of the remailer to hide the origin of the original sender. Why would someone want to hide their identity in email? Suppose someone is sending an email within an organization that they know that the head of their department is going to be fired by week’s end? If that department head were to be able to access and read that email, it may jeopardize many other jobs. In many countries, such as China and Iran as examples, monitor their government run Internet Service Providers (ISP), every web page visited is recorded and they review emails to see if there are dissidents within their jurisdiction and act as an actual Big Brother [1] .

The most famous remailer that was shut down was anon.penet.fi (Acquisti, et al., 2008) . I looked up this remailer, along with others such as alpha.c2.org and found that they were in fact, shut down for legal reasons. Anon.penet.fi was founded by Julf Helsingius . (Anonymous, 1996) An example of why someone would want to use a re-mailer, Helsingius told Wired Magazine that he used the debate of caller ID on a regular phone. When it first became popular, people were upset that the person being called would be able to know who was calling.

Many people believe that the same thing applies to email, that the privacy of the sender must remain anonymous. Unfortunately, there is a dark side to having an anonymous email. Since the email is encrypted and/ or stripped of its headers, less than scrupulous people can come up with a plethora of reasons why they would not want to be known.

Ironically, there are many websites that utilize remailers and the non-technical person is usually not aware of its presence. Websites such as www.craigslist.com, dating sites such as www.eharmony.com and www.match.com all use pseudo anonymous remailers. This means that they are using an email such as joestud@match.com but is then forwarded to Harold Smith’s (false name) actual Yahoo! or Gmail account.

I researched a few remailers that exist right now, including the two included in the text book. PGP Desktop and Gnu PG were what were included in the text as ideal remailers, which appear to be honest organizations with integrity. The problem that I saw with both of those examples was that they are both installed programs on the computers hard drive, whereas a company such as www.hushmail.com is a remailer that is web based. Having the ability to utilize email on any computer is more convenient in my eyes, but it is a personal preference.

Hush mail claims on its website that it is the most secure email system in the world. It also discloses however that if it finds out that any illegal activity is discovered, they will report the incident to the proper authorities. It goes on to say that it will only comply with any subpoena that is part of, or a reciprocating member of the government of British Columbia, Canada.

I personally utilize MS Outlook to access my POP3 Gmail account. Outlook comes already setup so that all email sent is encrypted. This however, does not preclude the ISP from unencrypting the message.

Another security issue are anti-phishing tools that I found to be important. Phishing is when an attack happens to a user when they visit a site that was disguised as a known site without the user’s knowledge. (Acquisti, et al., 2008) I have installed on my personal computer Mozilla, Internet Explorer (my default browser by choice) and Firefox. What I found interesting is that Firefox 3.6.13 comes with McAfee site advisor as part of the program. It checks the security certificate of every site that is visited. Also, when loaded, it checks software that may need updates.

As technology develops programs such as MS Outlook with built-in encryption and Firefox’s security checks will be part of all future programs, both web based and installed program.


References

Acquisti, A., Gritzalis, S., Lambrinoudakis, C., & Vimercati, S. D. C. d. (Eds.). (2008). Digital Privacy: Theory, Technologies, and Practices. New York: Auerbach Publications.

Anonymous. (1996). Press Release. http://w2.eff.org/Privacy/Anonymity/960830_penet_closure.announce.

--------------------------------------------------------------------------------

[1] Big Brother was a term used to characterize the government spying on citizens in George Orwell’s book, 1984. Ironically, this and other terms were written in this book that was first written in 1949.






No comments:

Post a Comment