Utah Open Source Planet

If your Web service does anything that sets cookies, you'll probably bump up against the fact that Internet Explorer--since version 6--has implemented a fairly strict privacy policy regarding cookies. In a nutshell, if the site does not have the right P3P privacy policy, first-party cookies (i.e. from the site itself) are downgraded to session cookies and not stored in between browser sessions and third party cookies (i.e. from another site) are rejected completely. Here's what to do to solve this problem.

P3P, or the Platform for Privacy Preferences is a W3C "protocol allowing websites to declare their intended use of information they collect about browsing users." In IE 6 and 7, users can use a slider bar to set their desired degree of privacy and then IE will automatically check the privacy policy of the sites they visit and "protect" them according to their preferences. The default setting (medium-high, which most people never change) gives the behavior I describe above.

Deploying a P3P policy actually isn't very hard. There are some great tools for creating the policy itself. But it can be difficult to know exactly what to do. I followed these instructions but still have a few questions, so I'll document exactly what I did below.

The first step is to create the policy. I used IBM's P3P policy editor. It's a Java program, so it will run most anywhere. Using the tool takes a little work since it's not clear at first what you're editing. Create your policy from a template if you can since that will save a lot of decisions later. Once you've done that, select Policy->Policy Properties and fill in the information about your service and organization. If you look at the errors, you see that you have to fill just about everything in. Make sure you add a "privacy seal" even if it's just a notice that your customer service department can answer questions.

The policy itself is in the "groups" on the right. Double click each one and make sure you agree with what it says. Clicking on "Errors" will show you things left undone and clicking on "HTML Policy" will show you the human readable version of what you're creating. At the bottom it provides an analysis of how this policy will play in IE. Very helpful.

When you're done and there are no errors, you need to save four things:

1. The policy itself as name.xml where name is the name you selected under "Web Sites" in the Policy Properties pane. You will likely have just one, but you can have many covering different parts of your site.
2. A policy reference file as p3p.xml. This file provides discovery services for the policies. Whether you have one or many policies for your site, this file tells programs which policy applies where and how to find them
3. A human readable policy
4. A compact policy. This is a string of three and four letter acronyms that specify the policy in a compact manner.

Put the first two in http://yoursite.com/w3c/... Put the third in whatever URL you specified the human readable policy would be referenced by.

The compact policy is used in the HTTP headers that your server returns for ant HTTP request. This gets rid of one or more round trips to the server to request the XML version of the policy. In my experience, this was a necessary step to get IE to recognize the policy.

Having Apache return the compact policy in the header requires building and installing the mod_header module. I'd already done that so I simply added this line to my HTTP configuration file:

Header append P3P "CP=\"NOI DSP ADMo DEVo TAIo ... DEM STA\""

Once you've got all this installed, you should be able to open IE, double click on the eyeball with the red slash through it in the status bar and confirm that your cookies are no longer blocked. If there are no blocked cookies, the eyeball is not there at all.

That's it from a technology standpoint. The trickier part is deciding whether you can actually live with the restrictions you'll need to put in place to let IE store your cookies.

The whole thing feels like a waste of time. Your product won't be better and most people won't be any more protected when your done. But you need to do it in an IE world.

Tags: kynetx privacy internet+explorer

One of my friends sent me the following email:

Tomorrow, our Senate will vote on H.R. 6304, the FISA Amendments Act of 2008, which the House of Representatives recently approved. You can read Ron Paul’s observations about this bill here. Please urge Senators Hatch and Bennett to vote against it…

If our “limited government” Republican leadership passes this, they deserve to get kicked out of office.  That said, I shutter to think of the alternative.

Have you contacted your senators yet?

I covered VNC this afternoon in my Linux system administration course and the question came up on how to secure VNC. You may or may not be aware than VNC is not encrypted by default, which could be a security concern.

If you use VNC regularly to connect to other Linux machines you may want to consider adding a level of encryption with SSH. Here is a quick run-down on how that is done:

If you look at the man page for vncviewer (man vncviewer) you’ll notice there is a small section for -via. The -via option, as outlined in the man page will do:

Makes the connection go through SSH to a gateway host. The gateway should be the target host for best connection secrecy.

Basically this is saying that you can tunnel VNC over SSH within your connection command. Let’s give it a try.

vncviewer -via user@host localhost:0

This, of course, will require that you have both ssh and vnc access to a remote machine.

This is a much simpler method than many other tutorials I’ve found which generally suggest creating a tunnel with ssh -L and then using that tunnel.

Related

• Tunnel Web and DNS Traffic Over SSH

Clifford Thomson sent me a link to a talk Dan Solove gave at Google on his new book The Future of Reputation. I interviewed Dan on Technometria a while back about his earlier book The Digital Person.

Dan's a very interesting speaker and raises important issues in his books and in this video. This is well worth watching if you're interested in the intersection of privacy and reputation in the Internet age.

Tags: itconversations reputation identity video privacy

If you've been curious about privacy concerns over Facebook Beacon, this demo shows how it works and why some are concerned. I think Moveon.org is totally the wrong organization to take this on, but whatever.

If you're a Firefox user (one more good reason to switch), these instructions show how to use the BlockSite plugin to kill Beacon. This will still allow you to use the rest of Facebook.

Tags: facebook social+networking privacy

Doc, as usual, hits the nail on the head in explaining how to solve the privacy-problem-de-juer: Facebook's advertising platform. To wit:

If we want our reach to truly exceed Facebook's grasp, we can't just tell Facebook to stop grasping. We have do deals on our terms and not just theirs. We have to have real relationships and not just systems on the sell side built only to "manage" us, mostly by minimizing human contact.

Perhaps most of all, we need to come up with systems that help demand find supply, rather than just ones that help supply find (or "create") demand. That means we need alternatives to the outmoded and inefficient system of guesswork we call advertising.

That doesn't mean we make advertising go away. But it does mean that we find new paths between demand and supply. and it does mean that find ways to get unwanted advertising out of our face.

From Doc Searls Weblog · Making Rules, II
Referenced Mon Nov 26 2007 08:33:20 GMT-0700 (MST)

As I say in my piece at Between the Lines, I think there's more money and greater customer satisfaction in recommendations, but Facebook didn't go there.

Doc isn't, I'd guess, eschewing a commercial venture that would build these tools. Probably multiple commercial ventures. This doesn't have to be an open source project--although that's a possibility as well. People have made money--lots of it--connecting demand and supply for thousands of years. We don't have to imagine the alternative to demand generation as a revolution. Indeed, as Doc points out, it's a return to the long time order of things.

Tags: facebook privacy markets advertising

Believe it or not, there’s a company (immi) that is giving away “special” cell phones with free service. The catch? The phone is also a room bug:

The IMMI phone randomly samples 10 seconds of room audio every 30 seconds. These samples are reduced to digital signatures, which are uploaded continuously to the IMMI servers.

But why would they do that? Money, of course:

IMMI also tracks all local media outlets actively broadcasting in any given designated media area (DMA). To identify media, IMMI compares the uploaded audio signatures computed by the phones with audio signatures computed on the IMMI servers monitoring TV and radio broadcasts. IMMI also maintains client-provided content files, such as commercials, promos, movies, and songs.

By matching the signatures, IMMI couples media broadcasts with the individuals who are exposed to them. The process takes just a few seconds.

Panel Members may sometimes delay watching or listening to a program by using satellite radio, DVRs, VCRs, or TiVo. IMMI captures these viewings with a “look-back” feature that recognizes when a Panel Member is exposed to a program outside of its normal broadcast hour, and then goes back in time (roughly two weeks) to identify it.

Now, let’s think about this just a little. If anyone in a given room has bought into this free cell phone scam (yeah, that’s right, I’m calling it a scam; you gotta problem wit dat?), then they have chosen to give up their privacy. But what they probably don’t realize or think about is that everyone else in any room they are in has just lost his/her privacy and they don’t know it.

Personally, I want to know what these “special” cell phones look like so I can recognize them. When I see one, I’m going to politely ask the “owner” of it to remove the battery. I’m sure they’ll look at me funny, but I’ll calmly, patiently and very briefly explain why. If they refuse, then I will ask them to leave the room or bury the phone in a purse, briefcase, coat or computer bag where it can’t hear anything.

I wonder what will happen when the first lawsuit is filed against the company for breaching other people’s privacy. I mean, since I haven’t signed their agreement, they are violating my privacy by placing the device with an irresponsible person who would allow it to be in the same room as me.

Researchers at the University of Washington have demonstrated a frighteningly easy way to track anyone who uses the Nike+IPod Sports Kit

One of them built the tracker hardware (for only $250) which they interfaced with Google Maps.

Their paper has the details.

This is a great example of how even without any personal information stored on an RFID chip, privacy is easily violated (as long it has anything unique on it, like an ID).

A man in Quincy, Massachusetts was refused service at the local IHOP restaurant when he refused to turn over his driver’s license before being seated.

Hilarious.

But there’s a great security point here, too. They wanted to reduce the incidence of “dine-n-dash” events, where people skip out without paying. Holding your driver’s license would surely help, or so they thought. But they didn’t count on the reaction to this violation of privacy or, more importantly, the inconvenience this was to their customers.

Security Rule #1: Security is only as good as the weakest link.
Security Rule #2: You’re weakest link will (almost) always be the users.
Security Rule #3: To users, security = inconvenience.

Observation of End Users in the Wild: Users will fight inconvenience.

Good security is invisible to users, or at least, it isn’t overtly present and doesn’t require them to do anything. That’s why supermarkets and convenience stores place monitors where customers can see that the front doors (and other high-value areas) are being watched. People make the assumption that the camera feeds are also being recorded (which is not always true, but often).

At least this IHOP incident wasn’t condoned by corporate management.

If you care about security issues and/or your privacy at all, you should be concerned about the deployments (and pending deployments) of passports with passports with RFID chips embedded in them.

Bruce Schneier, CTO of BT Counterpane, author and world-renowned security expert & privacy advocate gave an interview regarding RFID passports. It is available as a podcast.

There isn’t any new information in there, at least, nothing that I haven’t talked about before. However, it is an excellent, easy to understand explanation of the key issues surrounding RFID chips being embedded in government issued IDs. It’s not very long, but is good information for everyone from the technically challenged to government officials and even security experts.

The “Budapest Declaration on Machine Readable Travel Documents” is an interesting and informative read:

Abstract:

By failing to implement an appropriate security architecture, European governments have effectively forced citizens to adopt new international Machine Readable Travel Documents which dramatically decrease their security and privacy and increases risk of identity theft. Simply put, the current implementation of the European passport utilises technologies and standards that are poorly conceived for its purpose. In this declaration, researchers on Identity and Identity Management (supported by a unanimous move in the September 2006 Budapest meeting of the FIDIS “Future of Identity in the Information Society” Network of Excellence[1]) summarise findings from an analysis of MRTDs and recommend corrective measures which need to be adopted by stakeholders in governments and industry to ameliorate outstanding issues.

Thanks to Bruce Schneier for posting this on his blog.

A few days ago, Peter Abilla published a post about TrackMeNot.

I had read about TrackMeNot a little more than a week before on Bruce Schneier’s blog, and so I already knew TrackMeNot was a flawed idea. Peter also makes some very good points in his post, but, unfortunately, it falls short of pointing out some of the more serious problems with TrackMeNot.

I’ll just summarize the problems here. For further explanation, read Bruce’s post:

1. It does not hide your searches (they are still identifiable with you).
2. It’s far too easy to spot (and therefore, far too easy for AOL and others to defeat) and it’s schedule is regular & fixed.
3. Some of the generated searches are worse than what you would try to hide.
4. It wastes lots of bandwidth, while returning absolutely no privacy or security benefit.

I like this quote from Bruce’s post:

Yes, data mining is a signal-to-noise problem. But artificial noise like this isn’t going to help much.

I just read this story by Bruce Schneier on Wired.

You really should read the whole article,even though I summarize it here.

The folks at FairUse4WM cracked Microsoft’s PlaysForSure DRM software in Microsoft Windows Media Player.

If you really want to see Microsoft scramble to patch a hole in its software, don’t look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond’s DRM.

It only took a couple of days for the FairUse4WM people to compensate. I’m sure it won’t be long before Microsoft tries to patch this again.

But the real moral of the story is that companies like Microsoft don’t actually care about security except when it embarrass them or directly threatens their strategic agreements (like with record labels).

You might have heard of the new Browzar web browser. Their website claims: “With Browzar you can search and surf the web without leaving any visible trace on the computer you are using.”

Well, it’s just not true.

It’s only a thin wrapper around Microsoft’s Internet Explorer version 5.5 (or later). Since IE stores all sorts of stuff in places on your system without telling you, Browzar can’t deal with all of it. Scott Hanselman has actually shown that Browzar misses the mark on this point.

There are other problems with this, too. For example, this program will not affect any servers that you visit, or any caching proxy servers in between (like at work or a university).

Anonymity on the web is not just about the stuff that’s on your computer, though it’s an important part; it’s also about the things those servers you connect to keep track of and tell each other.

Web browsers such as KDE’s Konqueror, Mozilla’s Firefox, Apple’s Safari (built on/from Konqueror, BTW) and others already support local privacy features. These include Konqueror’s excellent cookie management capabilities and Firefox’s support for auto deletion of cached data. All of these browsers sport these privacy enhancing features, though they have differing approaches and levels of control.

Today, I decided to take a look at a couple of the links that blog spammers have been trying to put up in my blogs’ comments. Most of it actually led to “anti-spam” websites that are actually spam list phishers. This is, of course, very clever of the spammers.

First, they put spam up that includes links to their phishing sites on blogs they troll the net for. This part is very easy, thanks to services like Technorati and Blogger.

Next, “young” bloggers (i.e., those who are still fairly new to the “sport” of blogging), see comments. Either they naively authorize the spam comment, don’t moderate at all or decide to follow the links and check it out before authorizing the comment. If the comment gets posted to the blog, then others who read the blog can fall into the trap. If the blogger decides to visit the pages, they could get sucked in to all kinds of things.

But as I looked at a few of the links, they turned out to cause redirects to either www.abusepost.com or www.spamcop.net (I didn’t make those into links on purpose; DISCLAIMER: GO TO THOSE SITES AT YOUR OWN RISK, I’M NOT RESPONSIBLE FOR YOUR CHOICES). Of course, the vast majority of bloggers, both experienced and just getting started might think that those sites are providing a pretty good service. Looking a little more closely at the form and at the HTML itself reveals that these sites look suspicious. They require your name, email address and website address (which will be the blog that they hooked you at in the first place, for most people).

Were you paying close attention? They require you to provide the exact information spammers want in order to “report” a site that they are already “about to shut down”? Doesn’t make much sense to me.

Do you smell phish or am I the only one?

A word to the wise: Just Say No.

Here are some simple rules for Internet safety, though, they apply (with proper contextual edits) to any online communication:

1. Moderate — Whether it’s comments on your blog(s), forums (which I hate, BTW) or mailing lists. Moderation is currently the most consistently effective way to defeat all forms of SPAM.
2. Never give out your information if you don’t have to — Just because a particular website’s “form” says that it requires your information, doesn’t mean they should be given any. We all know not to publish our credit card numbers online, but it’s amazing how many people don’t understand that your name, email address, street address, phone numbers, websites, employer’s name, favorite color, mother’s maiden name, etc. are not needed by most websites. When in doubt, don’t give it out.
3. The only stupid questions are the ones you do not ask — In other words, ask someone you know who has lots of experience with the Internet, email, spam, security, etc., any questions about specific websites or other items in general. Keeping yourself safe is hard enough to do, but keep trying to do it without the right information and you just might make things much worse.
4. Don’t open HTML emails — If someone sends me an HTML email (and I think it’s worth this effort), I send it back to them with a simple, polite note explaining that for security reasons, I do not accept nor read emails that are not in plain text. Too many people are using stupid email programs like Microsoft Outlook and Outlook Express that have hundreds of severe security flaws when it comes to processing HTML email, alone.
5. Don’t Panic — It can be easy to let fear take over at this point and abandon your dreams of blogging and the “Internet lifestyle”. Don’t worry, it’s not that hard to keep yourself safe. Once you know how to recognize the dangers, it’s easy to avoid them.
6. Think — (OK, this one could sound kinda mean, but it’s not; it’s just a sad truth, so don’t take it too personally) The spammers and the Phishers keep doing what they do because it works. There are just too many people on the Internet who do not think for themselves. You have a brain and I’m sure it functions at least well enough to read this far. I’m sure you have a lot more capacity to figure things out than you might be giving yourself credit for. Being able to think is not enough on it’s own, but with a little bit of knowledge, your brain can be used to help keep yourself, and your loved ones, safe on the Internet.
7. If in doubt, bail out — You don’t have to go any further than you already have when visiting any website or continuing a discussion on IM in a chat room or on a mailing list. You can pull the rip-cord at any time.

I’m sure there are other things that we could put in that list. Perhaps some commenters will try to help me out in that regard. But I think these basics should be enough to get you started.

This is one of my favorite Turkish proverbs:

No matter how far you have gone down the wrong road, turn back.

Wow. This story even includes a WoW reference. Yet another example of security by overreaction.

Although I’m not a lawyer in Canada or anywhere else, but it sure feels like this guys rights were ignored. It is especially disturbing to me that his notebook was riffled after he was already cleared; after the authorities decided that it was a complete false alarm.

I also think that it’s both good and bad that these kinds of overreactions are being ignored by the mainstream media. It’s good because they’re not fearmongering as much as they did. It’s bad because they are not showing how the recent fearmongering is still affecting us and they are missing out on the civil rights/anti-privacy story. Then again, it would seem that the mainstream media doesn’t understand privacy. Perhaps it’s not in the “journalist’s Glossary”?

Thanks again go to Bruce Schneier for bringing this example to our attention.

In yet another interesting article in today’s issue of USA Today, I read about AT&T’s latest move regarding it’s privacy policy.

Oh, and the EFF gets mentioned in the article, starting from the second paragraph.

I just read this great article by Bruce Schneier.

Privacy is a very important matter. Privacy is a central, core component to liberty and true freedom. If we (US Citizens) don’t pay attention to it, there are forces who would like to take it away. Most of the time, we call those forces terrorists, but there are other more subtle forces also at work in the world.

My good friend, Pete Ashdown has an exellent position on the issue of privacy, and I support him on these efforts.
(more…)

I just created an account at Proquo and spent 15 minutes stopping the insane amount of junk mail I get. Most of the "do not mail" lists you get on with a simple click and some require filling out a form off the site. The most obnoxious was the DMA, which charges a dollar "to cut down on fraud"--yeah, sure. Like I trust them. The credit card link, unfortunately, didn't work--I'd love to get Capital One out of my life. I'll see if in a few months the volume has significantly reduced and let you know.

Tags: identity privacy

On the last day of the Utah Open Source Conference 2007 (UTOSC), there was a PGP/GPG key signing party, hosted by Scott Paul Robertson. It was good to be able to get set up to properly sign so many keys, but it did give me a little problem; I needed to sign everyones’ keys with each of my 4 active keys. That would have been over 100 times running the gpg command. Sounds like something begging to be scripted, so I did.

I’m posting the script, which is still very rough, as I didn’t both taking any time when I whipped it up last night to take care of everything that it really should be doing. Still, I’ll work on it here and there, I’m sure. You can download it from http://www.openbrainstem.net/download/sign-lots-o-keys. If you feel like makeing some fixes, either post your patches (please, create them as a unified diff file, if you wouldn’t mind) and put a link in the comments here and/or on your own blog.

Enjoy!

On August 5th, 2007, President Bush signed S.1927 into law, after it passed a Senate vote (60 for, 28 against, 12 present but not voting) on the 3rd, and a House vote (227 for, 183 against, 23 present but not voting).

The new law amends the “Foreign Intelligence Surveillance Act of 1978 to provide additional procedures for authorizing certain acquisitions of foreign intelligence information and for other purposes.” It was sponsored by Sen. Mitch McConnell [R-KY] and Sen. Christopher Bond [R-MO].

I haven’t had time, yet, to fully read the resulting text of the bill (there are always amendments to bills as they pass through Congress), so I will reserve any specific commentary for a latter time. However, it appears that this new law could seriously affect privacy under certain circumstances in the United States.