Comments for Simon Krauss, Privacy Eye

Comment on Do Generations View Online Privacy Differently? by Bobby Finkle

Bobby Finkle — Fri, 17 Feb 2012 15:56:45 +0000

I liked you’re view on this, I talked about online privacy too check it out if you want.
http://bobbyloyalist.wordpress.com/wp-admin/post.php?post=88&action=edit

Comment on Should a Defendant be Compelled to Provide Prosecutor with Password to Encrypted Data? by Court Order to Turn Over Unencrypted Files not the Same as Order to Turn Over Password (Fricosu Revisited) « Simon Krauss, Privacy Eye

Sun, 29 Jan 2012 23:03:31 +0000

[...] In my first post of this year I commented on U.S. v. Ramona Camelia Fricosu, in which it was widely reported the government was trying to compel the Defendant to turn over the password to an encrypted hard drive found on a computer in her home. See: http://simonkraussprivacyeye.com/2012/01/08/should-a-defendant-be-compelled-to-provide-prosecutor-wi… [...]

Comment on Interesting Privacy Issues with Amazon’s Fire Tablet by slkrauss

slkrauss — Mon, 10 Oct 2011 03:10:20 +0000

You’re right Fred, it is kind of like a Man-in-the-Middle security attack, in which someone intercepts messages between sender and recipient. I guess the question in this case is whether the user is okay knowing the identity of the Man-in-the-Middle and whether there is full disclosure as to what Amazon will do with the data.

The incidental anonimization may be a nice feature, but there is existing free servies that provide this function without serving as a Man-in-the-Middle.

Comment on Interesting Privacy Issues with Amazon’s Fire Tablet by Fred H Schlegel

Fred H Schlegel — Sun, 09 Oct 2011 20:49:37 +0000

I’m trying to decide what to think of this. If Silk provides a vpn of to Amazon’s servers it could actually increase privacy between you and unencrypted sites since the local ISP’s would no longer be able to watch your actions. Easier to ‘trust’ Amazon than your local ISP – maybe. Also very curious how they are going to deal with https and password accessible sites. Sounds suspiciously like a man in the middle type strategy that would be very worrisome.

Comment on iPhones and iPads Track User Location — Is it Worth the Hysteria? by Fred H Schlegel

Fred H Schlegel — Sun, 24 Apr 2011 13:47:42 +0000

It is disconcerting that this unprotected file has been sitting around on my phone without my knowledge, however, I was aware that the information is nowhere near private for another reason. ATT and other providers all have access to this information by nature of the technology. I believe this information is also sold to law enforcement (and maybe others) without need of a warrant.

Finally, the idea that this information could ever be anonymized seems silly – I believe Google claims this concerning the location data they are gathering – Seems any forensics guy worth his salt could attach this type of file to an individual with minimal effort if they have some basic work and home location info to begin with.

Comment on How to Identify Individuals from Social Security Numbers by slkrauss

slkrauss — Wed, 09 Mar 2011 14:19:59 +0000

Since social security numbers are the only national unique identifier it is not surprising that it would be used for authentication in the U.S. The problem is that, as you point out, it is/was not necessarily stored securely everywhere and, as the researchers point out, it can be cracked.

One answer is use two factor authentication (using something you have, such as a user name, and something you know secretly such as a PIN) or multi-factor authentication which would be two factor authentication plus adding “something one is” (such as biometrics).

None of these methods of authentication will be useful in the long run if they are not stored securely, which is likely to happen with ubiquity of use. This requires different types of authentication for access to different services. This solution, however, creates complexity with having to remember multiple user names and passwords. Lots of work going on a finding and marketing a better solution.

Comment on How to Identify Individuals from Social Security Numbers by Fred H Schlegel

Fred H Schlegel — Tue, 08 Mar 2011 04:41:09 +0000

I guess what surprises me at this point is that there is any assumption that the social security number is at all private. So many banks, health care organizations, insurance companies, etc, have the number that it seems to have no value in proving identity at all. Unfortunately, I’m not sure what a satisfactory solution to the issue would be.

Comment on The FTC’s “Do Not Track” Solution — How will it Work? by slkrauss

slkrauss — Mon, 06 Dec 2010 16:32:46 +0000

Hi Fred,

I agree with you. It seems as though the FTC is seeking a middle ground between having “no tracking” as the default (which would be very disruptive), consumer opt out through a “Do Not Track” list, and what you suggest — dealing with the harm of inapparopriate data usage. The “Do Not Track” list does, however, provide a means to address the concerns of those who feel harmed by the online data collection itself. The FTC acknowledges in its report that it had been too narrow in the past in looking at the privacy harms and is now considering being creeped out (my words) and reputation damage into its calculus. I’m wondering how today’s brouhaha over “history sniffing” would fit with “Do No Track.”

Comment on The FTC’s “Do Not Track” Solution — How will it Work? by Fred H Schlegel

Fred H Schlegel — Mon, 06 Dec 2010 03:22:15 +0000

Hi Simon, This really feels like a ‘cat is out of the bag’ issue. I’d be more interested in legislation that deals with what can be done with the information once it is gathered rather than worrying that the tracking is going on.

Comment on New “Good or Evil?” Privacy Graphic Is it Good or Evil? by Fred H Schlegel

Fred H Schlegel — Wed, 27 Oct 2010 20:11:23 +0000

The use of color made me think at first that the little people were indications of evil (red) and good (blue). Tried to figure out why facebook was considered so good….