Ben, you put together some interesting thoughts and links (I just finished the motherjones article and had to resist the temptation of quoting about half of it right here. Instead, let's get concrete and ask the best ISP in town (EFN) a few questions:
~~~~~~~~~~~~~ for EFN ~~~~~~~~~~~~~~~~~~~ - Have your records, logs, etc. ever been subpoenaed ? - Are you legally able, and willing to comment on such issues ? (I understand, that's pretty generally phrased (I am not a lawyer) -maybe EFN has some general policy on the subject that is public ? ) - For how long are dialup logs kept (the userID-dynIP-timestamp connection) ? ~~~~~~~~~~~~ end for EFN ~~~~~~~~~~~~~~~~ I don't question that there are reasons to subpoena some of the information we are talking about here under *specific* circumstances (e.g. the fairly recent bust of a cyber child-porn ring in our area) -in contrast, the Poindexter project is just a big fishing expedition. One comment on the motherjones article regarding google (towards the end of the article). Barlow may be right in judging the past and current situation. But then, so far we have only seen the episode 'Google -- part I'. Let's not forget, they are running an efficient business, and when they spend the money on collecting and storing all the client requests ever made together with all the client info they can get, one can only speculate what the business model for 'Google -- part II' may be like... - Horst On 5 Feb 2003, Ben_ wrote: > I'm glad you posted the google-watch links, that's very interesting > information. I am concerned by the popular belief that IP addresses > somehow identify a single computer, however!!! > In many cases, a single IP address is shared (say, via NAT) by dozens or > even hundreds of computers. It can also be spoofed. I do understand > that in certain instances it can be used to establish legal (ie, > criminal) identifiability, though I do find this troubling. > This bit, from the krane.html, bothered me in particular: > > "The fact that you record unique cookie ID, plus IP number, plus date > and time, makes much of your information "identifiable." Authorities can > also do a "sneak and peek" search of a Google user's hard drive when he > isn't home, retrieve a Google cookie ID, and then get a keyword search > history from you for this ID." > > Are they really suggesting that authorities will physically enter, JUST > to get a google cookie ID off a user's hard drive, and then return to > google to find out what that user has been searching for?? If they go > to the trouble of physically searching the hard drive, why would the > cookie ID be more useful than all the other data there?! > Or are they suggesting that they remotely access a user's hard drive? > Yeah, right -- that's the M$ NSAKEY backdoor, right. > > Just like John Perry Barlow reiterated in his recent motherjones > interview [1], the TIA [2] project mostly offers LOADS more haystacks, > and not many needles. I would personally suspect that anyone with > something to hide, something valuable anyway, would take efforts to > cover their backs. Look at how hard it has been to unravel the Enron > and other accounting scandals! There are plenty of web-anonymizing > services, and clever uses of proxies, etc, to allow for instance > dedicated information specialists in communist regimes to freely access > otherwise-blocked information (thanks in part to CDC [3] and other > "hactivists"), that methinks only the dumbest criminals would be > convicted based on google's secret data. So yes, I agree that it is > futile for google to abuse the general user's privacy to this extent. > > As far as google seeking a deployment engineer with gov't security > clearance, that makes sense to me!! I know a lot of organizations > deploy google on their LANs [4], and I'd assume that some of them indeed > need someone with clearance to simply be able to walk in their doors, > and do anything at all on their network (based on their IT/security > policies)... this does not simply imply federal/military ops, but also > the whole slew of privately-owned contracting businesses that work > indirectly for said ops... again, this is not limited to military, > either -- keep guessing. I don't see anything inherently evil in those > policies, although it certainly makes it difficult to public AUDIT those > organizations and operations! For those of us here, who fall into the > category of "freedom zealot", please remember that secrets are still > important in a free world!! The freedom of secrecy must be respected, > even if you don't agree with others' motivations. ciao. > > Ben B > > > On Tue, 2003-02-04 at 17:32, Horst wrote: > > And to add another aspect... > > > > Maybe your privacy is less threatened by individuals such as the one > > attempting step (1)-(4) than BigBrother himself: > > See quote below from http://www.google-watch.org/krane.html > > They ask some reasonable questions: > > - Why does google need a cookie that doesn't expires before 2038? > > - Why logging the originating IP (i.e. if you just throw your cookies > > away while having a (semi)static IP, an 'unusual' OS plus browser, still > > makes you a pretty unique client) > > > > And on http://www.google-watch.org/jobad.html > > - Why does google want to hire a Deployment Engineer (with security > > clearance): "Must have current government top security clearance (TS/SI)." > > > > "Google currently does not allow outsiders to gain access to raw data > > because of privacy concerns. Searches are logged by time of day, > The question, then, is, "who are [already] the *insiders*?" = ) > > > originating I.P. address (information that can be used to link searches to > > a specific computer), and the sites on which the user clicked. People tell > > things to search engines that they would never talk about publicly -- > > Viagra, pregnancy scares, fraud, face lifts. What is interesting in the > > aggregate can seem an invasion of privacy if narrowed to an individual. > > > > "So, does Google ever get subpoenas for its information? 'Google does not > > comment on the details of legal matters involving Google,' Mr. Brin > > responded." -- New York Times, 28 November 2002" > duh. Google has been making decisions since its stanford inception, to > gain popularity. Don't think that they are *owned* by the public, tho! > > > references: > > [1] http://www.motherjones.com/news/qa/2003/06/we_268_01.html > also see http://yro.slashdot.org/article.pl?sid=03/02/04/0348221 > > [2] http://www.darpa.mil/iao/TIASystems.htm > > [3] http://cultdeadcow.com/ > > [4] http://www.google.com/unclesam > * they might've needed clearance to set up this service, just to make > sure that no classified info gets assimilated!! > > and here are some other interesting links: > http://www.ncs.gov/ncs/html/library.html > http://www.ncs.gov/informationportal/tools.html > http://www.ncs.gov/informationportal/black_hats.html > _______________________________________________ Eug-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
