Archive for June 2011
Odd that they describe a 15 year old company as a “startup”….
This is a very nice interview that was just published by Technology Review on the importance of anonymity for businesses. This is a topic rarely covered. Generally either people are talking about anonymity for consumers, or businesses protecting or violating consumer privacy. Very little attention is paid to the legitimate needs of business to hide their identities on-line from time to time.
The press release linked at the bottom of this post is for a new website called AddressSearch.com. While I normally ignore most of the PR blasts sent to this blog, this one seemed worth posting because of the interesting realities and conflicts it exposes.
The idea is that you can use their database to find and email people. Their database contains 68.8 million email addresses, a huge number but only a fraction of all US email addresses. Given that many such databases exist, it seems inevitable that someone would set up a service like this.
On the positive side, they are doing a few different things to try to minimize abuse. First, they are limiting users to 5 message per day (although it is not clear how that is enforced). Second, they provide some general address location information about all the name matches to make it more likely that you are going to email the correct person. Finally, they don’t actually give you the recipients email address.
This last step is the most interesting. They allow you to write your email in a web form, then send it for you without revealing the recipients address to you. Of course it will be possible to abuse this, but probably not in any way that is not already widely possible. I also assume that this company keeps copies of the emails and adds your name and return address to their database. This is about protecting recipient privacy, not sender privacy.
On the whole, I am not happy that such services exist at all. I use social networking sites to make contact with me by strangers possible but only in the manner of my choosing. I don’t want random people sending messages to my personal or work email addresses. Imagine a distributed attack by members of Anonymous or LulzSec all sending 5 emails each to some victim. Of course the odds are that any attacker would have little difficulty in discovering the victim’s address through other means and then would not have any effective limit to the number of emails sent.
This may also turn out to be an unfortunate service for people who share a name with a celebrity. Interestingly, for people the service finds where it does not have an email address in the database, a paid ad refers you to Intelius.com where you can pay a couple of dollars to get the real address without any privacy features.
At the end of the day, the good news is that this company is making a significant effort to pay attention to the privacy implications of their service.
This article in Scientific American does a nice job of describing why it is difficult to track attacks back to their true origins.
This essay by Bruce Schneier goes farther arguing that it is fundamentally impossible to create an Internet without anonymity.
The core point of both articles is that identifying the computer that a given packet came from is not the same as identifying the sender. The computer could be a server set up to enable anonymous communications (like Anonymizer.com), it could be a compromised computer (like part of a botnet), or even a server run by the attacker purchased using pre-paid or stolen credit cards.
Whatever the mechanism, it will always be possible for attackers to hide their identities and activities. The real question is the degree to which we are willing to design the Internet to make tracking and monitoring of citizens easy for repressive regimes.
Face book announced that it will soon start automatically suggesting your name for tagging photos any time it thinks it recognizes you in a picture. This automatic facial recognition is the default and will be done unless you explicitly opt out.
It looks like you need to customize your privacy settings to disable this. In Facebook, look under the “account” menu and select “Privacy Settings”.
From there click the “Customize settings” link at the bottom of the table. Within there, look for ”Suggest photos of me to friends”, and set it to “Disabled”.
I suspect that few people will simply stumble on that.
Other people tagging you in photos can lead to embarrassment you might want to avoid. Having your name suggested just makes that more likely.
While you are at it, you might want to change the setting that allows others to “check you in” to locations. That can tell thieves you are away from home or stalkers where to find you.
CNN has a good article on the announcement. Facebook lets users opt out of facial recognition – CNN.com