What is Anonymous

2 Comments

There was an AP story yesterday (see, for example, the version on MSNBC)  that said that 25 suspected members of the group Anonymous had been arrested in Europe and South America.  The story noted that they were hackers, but what does that really mean?

A simple definition of a hacker is one who searches for weaknesses in computer programs and, once found, exploiting the weakness in the program.  Some hackers are nothing more than talented computer students who want to learn more about their craft and so they try to outsmart the designers of the software.  Others are people acting on a challenge from one’s peers.  Sometimes members of these two groups become “white hat” hackers who try to break into systems for the purpose of making those systems stronger.  Still others use hacking as a way of gaining access to financial accounts or to information that can be used to gain a profit.  However, the hackers associated with Anonymous are those who break into computer systems to make a political statement and/or to protest.

The “members” of Anonymous are part of a loosely affiliated and quite decentralized online community.  Anonymous has no leader or controlling party and relies on the collective power of its individual participants acting in such a way that the net effect benefits the group.  They communicate through electronic bulletin boards and image boards about injustices they perceive to exist in the world.  They then use hacking as a kind of activism to protest those injustices.  Early in their existence (circa 2008), these attacks were generally made against the motion picture and recording industries to protest anti-digital piracy campaigns by these industries.  Over the years, however, the members of Anonymous have broadened the issues about which they protest.

For example, members of Anonymous launched a protest against the Church of Scientology in response to its attempts to remove material from an interview with Tom Cruise ab0ut Scientology in 2008.  Recently Anonymous protested the proposed SOPA act.  Anonymous has also launched cyberattacks against Visa, MasterCard and PayPal as a protest against companies opposing Wikileaks.  The arrests cited by AP yesterday were for planning coordinated cyberattacks against institutions including Colombia’s defense ministry and presidential websites, Chile’s Endesa electricity company and national library.

Protests can take on a variety of forms.  Members of Anonymous might actually break into a system and steal data.  Or, they might launch Denial of Service attacks, which overload servers with too many users so that the servers cannot handle its regular users.

Why is it so hard to stop these hackers?  First, the members of Anonymous are located worldwide and are only loosely affiliated.  As said earlier, members might not know the identity of other members, so finding one might not lead you to another.  Second, the members use their knowledge of computers and computer networks to hide their tracks when they take action.  A command sent from London might be set up so that it appears to come from Sydney.

What does all of this mean to you, the web surfer?  It might just be an inconvenience.  Denial of Service attacks overwhelm servers so people like you cannot use them to check their accounts, make their purchases or find out information.  Or, it might mean that data about you is stolen  and released to others who might want to steal money or identity from you.  At the very least, it means that law enforcement is spending its time fighting this problem when it could be solving other crimes.

Google’s New Privacy Policy

Leave a comment

On March 1, Google will institute its new privacy policy, which will eliminate the 60 individual policies it has now and consolidate them all into one integrated policy.  Google says that nothing has changed, and that they are not collecting any new data.  However, with the new policy, they can use the information they collect across your searches, YouTube watching, Google + postings and all of the other Google product uses to provide “a beautifully simple, intuitive user experience that treats consumers as a single user across all our products.”

Google’s position is that there is nothing new, and that we are all going to benefit from this new policy.  But is that true?  As with most policies, the answer is “it depends.”

To explain the concern that some people have, I need to refer you back to an old example.   In August 2006, AOL published 650,000 users’ search histories on its website. A random ID was assigned to  each user’s logs, and no names were listed.  However,  several users’ identities were readily discovered based on their search queries. For instance, the New York Times connected the logs of user No. 4417749 with 62 year-old Thelma Arnold. These records exposed, as she put it, her “whole personal life.”

Since that time, we have all gotten much more dependent on the search capability, and generally our searches are in Google.  We watch YouTube videos assuming we are in the privacy of our own home.  We use Google+ believing that we are communicating with our friends and colleagues.  Further, we may not even be aware of the number of services we use that are all owned by Google.  So, not only are we using the services more than we did in 2006, there are more of them that we are using.  Even if none of them are associated with our names (and that is unlikely), it would be easy to identify many of us in the same way that the New York Times did in 2006.

You might ask, “so what?”  Well, as is often the case, I worry most about the teens and young adults who might search or behave in a way that might have long term implications for their lives and careers long before they have those careers.  But, even for the rest of us, it is a concern.  While Google claims to have the motto, “do no evil,” who knows what they will be in the future.  Further, suppose that someone steals the information from Google and begins to be a disruptive force in people’s lives.  Is it really so important for corporations to be able to target me specifically to purchase their products?   Does marketing provide a compelling reason for me to lose my privacy?

Even if those things were not an issue, many of us have different components to our lives that we do not want to confuse.  When Google merges all of these different kinds of information, they will merge all of those selves.  Let me explain with an example from Amazon.  Amazon prides itself on being able to recommend relevant purchases based on your past buying history.  When my son was a religious history major, I purchased books about a variety of religions.  My husband likes to read history, and I often give him history books for holidays.  I admit that I love mystery novels and do purchase them from Amazon.  I also use Amazon to purchase wedding and baby gifts for friends and relatives, and other items as gifts.  So, when I look at Amazon’s recommendations, I often find them amusing because they try to merge all of that information together into one profile and often miss the boat.  This same “unified profile” idea is what Google is going to be selling, and maybe publicizing. This will make it difficult to keep a “professional image” and “personal image” that are separate.

If you are not yet concerned, look at the information that Google has kept about you.  If you have a Google account, login and direct your browser to https://www.google.com/history.  You will then be looking at every search you have done since you got your Google account.  There may not be any individual searches that are troubling, but what kind of image do you present when you look at them all together?  These search data can reveal sensitive information about you, including facts about your location, interests, age, sexual orientation, religion, health concerns, and more.  Is this information the business of anyone else?!

The Electronic Frontier Foundation, an organization dedicated to protecting individual rights in the digital world, recommends that you remove your past search history before  March 1, so that it is not included in the future profiles.  If you have gone to your own history page, you can do this by selecting “remove all Web History.”  A complete discussion is provided on the EFF site.

In the future, you also need to remember not to login to Google before searching or viewing YouTube videos.  This will keep them from linking your information to you.  They will still keep the information about the use, and perhaps link it to your IP address, but at least it will not be linked to YOU.  Further, you might consider using different search engines for different kinds of information.  You can use Google for some searches, Bing for others, and Yahoo for still others.  This makes it harder for any one of them to understand too much about you. You might even want to use anonymousing software, such as Tor or Anonymizer, to hide not only your name, but also the computer.  For more information about how to protect yourself while surfing, check out the Six Tips to Protect Your Search Privacy from EFF.

Email Etiquette

Leave a comment

You might  ask if there are any rules of etiquette for email.   Of course, as with any other social group, there are certain accepted practices of which you should be aware, and we shall discuss them shortly.  It is important to remember, however, that there are social conventions among people that go beyond the realm of email.  Clearly, polite society recognizes polite communication whatever the medium, and email users expect the same.  Generally, it is useful to have a well written document as well to make it easier for the recipient to understand your point.  If your email is for a particular club, organization or place of work, remember the code of conduct in that group and follow it as you would in face-to-face settings.

First, think about your email and whether it is appropriate to put your message in that medium.  Emails can easily be forwarded, printed and saved.  If what you want to say is confidential or hurtful, you might not want to use email.  Remember, although you delete the email, not everyone does.  Do not put anything in email that you do not want the world to see.

The second accepted practice among email users is DO NOT USE ALL CAPITALS IN YOUR EMAIL.  Capitalization always adds emphasis to your point.  However, in the world of email, capitalization is considered shouting.  Do not shout in your email any more than you would shout in face-to-face communications.   Some email users I know avoid all use of capital letters in an e.e. cummings approach to prose.  Clearly it avoids the image of shouting, but it can also be difficult for the recipient to read.

Third, respond to email as you would respond to a telephone call.  Some people find it very annoying to send a message and never receive a response.  While this takes time, it is generally accepted practice.  However, if you do not know the sender of the email and it is not a wanted email , then never reply to it.

Most email systems have a way of marking an email as urgent.  When that email appears in a recipient’s inbox, it is marked with a red exclamation point to get his or her attention.  This is a good system to help people identify really important messages.  But, if all of your messages appear this way, the identifier loses any significance.  So, use the urgent marker sparsely.

Many systems also have a way of asking for a return receipt that the email was read.  These popups are annoying to users because it adds and extra step in reading email.  It also clutters the sender’s inbox with those acknowledgments.  When the message is urgent and you need to be sure the recipient has read the message, then use this option.  Otherwise, ignore it.

Many people believe society should be more cautious as to what email we forward to others.  One way to keep in touch with others is to forward meaningful stories, photos and jokes to one’s friends.  But, not everyone has the same sense of humor and not everyone wants to receive these items.  Be cautious and think about your recipient before automatically forwarding something.  In particular, think hard and long before sending chain letters that promise either good or bad luck.

If you do forward email, remove the heading material before you do.  The headings often include a list of people to whom (and from whom) the email has been passed previously.  It may include several people’s signature as well.  Hence, the recipient needs to scroll down (sometimes a long way) before seeing the content you intend.  By removing this material, you shorten the email and protect the privacy of those people who received it previously because their email addresses are not constantly rebroadcast (as discussed below).

Eight, think about whom you include in a carbon copy (cc:) of your email.   There are two reasons to be concerned about this. First, you are sharing the email addresses of all of the recipients with all other recipients.   If they know each other, this is fine.  However, many people do not like sharing their email address with unknown individuals.  Respect their privacy and be cautious about how you do this (you can always use bcc: if you need to copy them).  In addition, you may be sending a statement that you do not intend by copying another individual.  If it is a confidential conversation and you copy someone else, a recipient may be hurt or offended.  Follow your common sense and the practices of the group you are emailing to make this decision.

Nine, if you reply to an email, be aware of how you are replying.  In all email systems, there are two reply options, one labeled “reply” and one labeled “reply all.”   The first (reply) sends your email only to the person who sent the email to you.  The second, however, sends your email to both the person who sent the email and anyone who was copied on the original email.   If you intend your message just for the original sender, you might be terribly embarrassed if the entire group reads your response.  Alternatively, if your goal was to inform the entire group about your answer, you will have missed your opportunity if you simply chose the reply option.

Finally, always make sure it is obvious from whom the email was sent.  This includes signing the email and/or using a signature.

Free tickets, $1000 Visa Card, My Funny Name and Coke Giveaway

1 Comment

What do “free tickets on Southwest Airlines,” a “$1000 Visa Card, ” My Funny Name,”  “My Name Talks,” and “Coke Giveaway” all have in common?  Those are some of the recent scams available on Facebook.   They have taken on an interesting twist now.   Instead of a friend posting this on your news feed, you get an invitation to “like” a page.  But, like the other scams, when you like the page,  an application seeks permission to link to your profile, including personal information.  The next step is for the application to post to your wall, posing as you, and sending messages to your friends.  One can only guess what they do with the remainder of the personal information you provide.  Although the method is slightly different from the “normal” approach, the result is the same.  The advice that I provide is don’t click!  You are never going to get the free information, products or whatever.

When you are faced with a wonderful deal that is so very tempting, check before you click.  You can check for these scams on Facebook securityFacecrooks and/or snopes.com, or even just a Google search to see what is written about them.

What do you do if you have already clicked?  Well, first and foremost, remove the applications that have been installed so they will not do any additional damage.  Click on the small down arrow in the upper right hand corner of your browser, and select “apps.”   Follow the instructions to delete the application.  In addition, you must clean your news feed so that others do not see the offer and click on it.  Select the “x” in the upper right hand corner of each listing that mentions one of these offers (it becomes clear when the mouse is run over it).

Remember to follow the same rules  that you do in real life — if the offer sounds too good to be true, it probably is.  Walk away from such offers, or at least check them out before you provide data and access to them!

For more information, you can check out the recent post on Facecrooks.

 

Internet Voting?

1 Comment

My first experiences voting were in the city of Chicago, a city known for a “few” irregularities in voting from time to time.  At the time, we used voting machines on which there were a series of levers for each position on the ballot, and one that allowed people to vote a “straight” ticket for a particular party.  To vote, a voter pulled the right lever for one candidate and the left lever for another candidate …. except on some machines, it did not matter which levers you pulled, the machine recorded a straight ballot for one of the political parties.  These machines had clearly been tampered with in a manner that was difficult to detect, especially for the voter.

We moved from those voting machines to the punched card ballots.  Yes, there were challenges with hanging chads, but a voter could see how the vote was cast.  Then, in an effort to move ahead and improve voting efficiency,  communities adopted computerized voting machines.  It is possible to introduce viruses to these systems to effect votes, but it must be done on a machine by machine basis.  And, there is always the printed record of how a voter cast a ballot on most such machines.  (Personally, I always check the paper record, just to ensure it recorded how I intended to vote, and I recommend you do too!)

Now there are people who want to move our voting to the Internet.  Like most computer people, I look in horror at the thought of moving voting to the Internet.  Yes, it would make it much more convenient to vote, and might increase participation, but it would also attract some of the most determined hackers to break the system.  Will the voter know if his or her ballot is cast correctly, or will this be another example of the machines of old?  And, once elections get broken, will we be able to put it back together again?

Consider the experience in the District of Columbia in 2010.  Voting administrators were prepared to run an election over the Internet and challenged hackers to try to break the system.  It took a University of Michigan team less than two days to break the system!  Yes, the system used in DC could be fixed to block the kind of hack that was used, but that might result in opening another kind of problem with the system.  The truly scary part of hacking is that hackers might change the election and there would be no evidence that a hack had even taken place.

Yes, I am cynical about election security, not only from my early experience in Chicago, but also from my knowledge of computing.  Let’s consider a recent report on NPR in which Mike McConnell, a former director of national intelligence and before that, the director of the National Security Agency is quoted as saying:

We know, and there’s good evidence … of very deliberate, focused cyber-espionage to capture very valuable research and development information, or innovative ideas, or source code or business plans for their own advantage

Earlier this year there were stories of the FBI and Scotland Yard’s electronic discussion being compromised.  Large companies across the US and the world have been hacked for corporate secrets or credit card numbers or personal identities.  Julian Assange and the Wikileaks people have hacked into a variety of companies because the corporation did not support their efforts.  Furthermore, it is not just hackers.  Even Google (whose motto is “do no evil”) has admitted to bypassing customer security systems and stealing information on people’s phones.  In other words, one needs to be concerned not only about the external forces that might cause damage, but also the people who write the software to conduct the election and protect the results.

You might be asking at this point whether I purchase online or bank online, and the answer is yes.  I do these things with full knowledge that someone might intercept or change my transaction.  So, what is the difference, you ask?  It is one of scale.  The odds are very low that someone will target my personal transactions, but if they do, I will clearly notice the result.   While it is a hassle to  have had credit card numbers stolen and had to address the issues of getting charges off of my accounts, I address those issues because (a) I can and (b) it is a price I pay for efficiency of shopping and banking.

The larger the target, though, the more people who will be trying to hack.   For example, people do not write viruses for Microsoft products because of a philosophical difference with Microsoft.  Rather, they do it because they can have a major impact because so many people use Microsoft products.  What could possibly be a bigger target than an election in the United States?

Yes, someday we will be able to provide elections on the Internet.  Not until we get better at security though.

I recommend the following PBS video on the topic from a couple of days ago.  It is pretty convincing, especially when you reflect on all the stories you have heard recently about company databases being hacked.

What is a Home Page?

Leave a comment

How do you know where “home” should be?  The home page (or homepage) is the point at which your browser will start each time it is opened.  If you have your own web page, as I do, that is probably your home page because it will have links to sources you visit often.  Most people do not have their own page though, and so they rely on another page.  This page should be something you read often, or that has links to other pages you like to read.

Many people select news sources for their home page.  Some of the common sites include: CNN’s site (http://www.cnn.com), the New York Times (http://www.nytimes.com), CBS News (http://www.cbsnews.com), or BBC (http://www.bbc.com) because these sources provide headlines, links to articles and search capabilities.  Other people prefer news sources closer to home.  In Chicago, many people select the Chicago Tribune’s home page (http://www.chicagotribune.com) because it focuses on Chicago news and events, while people in Cleveland are more likely to select the page of the Plain Dealer (http://www.cleveland.com/plaindealer/), and people in San Jose are more likely to select the Mercury News (http://www.mercurynews.com) because they focus on events local to their communities.  Many sports fans start their web browsing at ESPN’s site (http://www.espn.com) so they can get information about their favorite teams and sporting events.

Other people select what are called “portals” for their home pages.  These portals may provide news, but they also provide links to a variety of other subjects that are of interest, such as movies, maps, weather, music, shopping, sports, health information, greeting cards, and even horoscopes and comics.  In addition, the portals give you access to email accounts, seach capabilities and other internet functions such as instant messaging and chat rooms.  Yahoo’s page (http://www.yahoo.com) is probably the most commonly selected portal.  But, Google (http://www.google.com/ig) and Microsoft (http://www.msn.com) each have one too.    In addition to the wide range of sources of information, most of these portals are customizable.   That is, you can edit the page and decide what information should be available in what spot on the page each time you open it.  So, I might weather forecasts both at my home, and where we intend to vacation so I can plan both what to wear today and what to pack for the vacation.  If I am active in maintaining my own portfolio, I might also locate a stock price window at the top of my page.  Instead, I might have the sports scores or technology news high on my page so I see them each time I go to my home page.    Some even allow you to adjust the colors on the page to make it seem more like your own.

Another source for a home page is that of organizations.  Some members of AARP (http://www.aarp.org/) use the AARP page as a home page in order to see information that is of importance to them.  Those who trade stocks and bonds might link to their broker, such as Ameritrade (http://www.tdameritrade.com/), or the New York Stock Exchange’s site (http://www.nyse.com/).  Others set their home page to the organization at which they work, or the one at which they study, or the one at which they worship.

There are specialized home pages based on interest.  Grandma Betty (http://grandmabetty.com/) provides a portal for “baby boomers and seniors.”  Ebay’s site (http://www.ebay.com) is selected by those who spend significant time with the online auction site.  The Sports Car Club of America (http://www.scca.com/) is a starting point for sports car enthusiasts, while collectors might start at the Collector’s Connection (http://www.collectorsconnection.com/) and knitters might start at http://www.patternworks.com/. What is the best home page?  There is no such thing as what is best.  Best is what provides the information and links that are of importance to you.

What is the Web?

Leave a comment

World Wide Web (frequently referred to just as “the Web”)  is similar to a library.  There are lots and lots of different kinds of documents sitting “out there” on computers around the world being maintained by different people.  All together they make up the Web.

Think about walking into your local library.  There are reference books, magazines, novels, nonfiction and more.  Some are well written, some are very good, and seem odd,and you wonder why your library bought them.  In addition, most libraries include a collection of newspapers, magazines and other periodicals, as well as videos/DVDs, music, and some government documents for citizens to browse.

All libraries have reference librarians, those magical people who expertly find just what you want, be it a particular book, references to some historical event, statistics, or your great grandfather’s birth certificate.  These people can help you find something specific, or teach you how to use the library, or provide summaries of information to help you investigate topics effectively.

Most libraries also have an announcements bulletin board and a place where local and not-for-profit organizations can place fliers so that people can learn about what is happening in their neighborhoods.  Sometimes people post “opinion statements” to share, or requests for help.

In addition, your library probably sponsors “book clubs.”  These groups select a genre of books, and select a particular book to discuss each month.  They meet at regular times, talk about the book and then decide what to discuss next time.

The library may sponsor other group discussions, such as young people’s groups, or people between jobs or whatever topic is of interest to the local community.  A quick look at my library’s offerings include sessions on Russian quilts, a career center workshop for job hunters, knitting and crocheting, introduction to genealogy, travelog Austria, tax assistance, and several needlework and crafting sessions.  All of the descriptions encourage citizens to bring a friend, or make new friends there.

The Web is all of this and more.  There are documents, periodicals, places to learn things, places to discuss things, places to voice your opinion, experts, clubs and more.  It is similar to a library – but it is very different from a library.  It is similar because there is a vast amount of information that is available to anyone – and most of it is available for free.  The Web, like a library, includes so much more than references.  It includes places for people to meet, ways of communicating, ways of sharing opinions, programs that accomplish some specific task and probably many things you may not yet have considered.

The scope of this library is enormous.  There are over 600 billion items on the Web today.  That’s over 100 items per person alive.  And, the number of web pages available is growing exponentially.  At your computer, you can access an amazing variety of music and video, an evolving encyclopedia, weather forecasts, help wanted ads, satellite images of anyplace on Earth, up-to-the-minute news from around the world, tax forms, TV guides, road maps with driving directions, real-time stock quotes, telephone numbers, real estate listings with virtual walk-throughs, pictures of just about anything, sports scores, places to buy almost anything, records of political contributions, library catalogs, appliance manuals, live traffic reports, archives to major newspapers, and more.   So, the Web is a very large library!

But, there are a few very important differences.  The first of these is that anyone can post whatever they want on the web and no one will stop them (usually).  This differs from what we see in books, newspapers and magazines, where an editor decides if the substance of the content is credible, well written and worthy of sharing.  On the Web, there generally is no editing, no overview and no one who decides that something is bad to include.  Readers need to consider things with a grain of salt, until they know of the writer’s credibility and credentials.

Second, the Web is alive.  What was available yesterday may not be available today, or if it is, it may have changed.  Documents are not like much-loved novels that read the same way today as hundreds of years ago.  People can, and do, update documents daily (or even more often), or replace them with something different.  So, it may be difficult to find items that you have seen before, even if you remember where you have seen them.

Third, in many ways, the Web is anonymous.  People need not identify themselves when posting pages (or as we shall see later, sending email or talking in a chat room).  People can, and do, disguise themselves both for reasonable purposes as well as for nefarious ones.  The user needs to have the same concerns for safety on the Web as they would in the “real world” and perhaps more.

Older Entries