Matt Blaze analyzes why the widespread use of cryptography has had almsost no impact on our practical ability to do wiretaps and gather information under legitimate court orders. Not too technical and absolutely worth a read.

Matt Blaze: Wiretapping and Cryptography Today:

Revealing Secrets with a Click – Technology Review

This is a very nice interview that was just published by Technology Review on the importance of anonymity for businesses. This is a topic rarely covered. Generally either people are talking about anonymity for consumers, or businesses protecting or violating consumer privacy. Very little attention is paid to the legitimate needs of business to hide their identities on-line from time to time.

This article in Scientific American does a nice job of describing why it is difficult to track attacks back to their true origins.

This essay by Bruce Schneier goes farther arguing that it is fundamentally impossible to create an Internet without anonymity.

The core point of both articles is that identifying the computer that a given packet came from is not the same as identifying the sender. The computer could be a server set up to enable anonymous communications (like Anonymizer.com), it could be a compromised computer (like part of a botnet), or even a server run by the attacker purchased using pre-paid or stolen credit cards.

Whatever the mechanism, it will always be possible for attackers to hide their identities and activities. The real question is the degree to which we are willing to design the Internet to make tracking and monitoring of citizens easy for repressive regimes.

Face book announced that it will soon start automatically suggesting your name for tagging photos any time it thinks it recognizes you in a picture. This automatic facial recognition is the default and will be done unless you explicitly opt out.

It looks like you need to customize your privacy settings to disable this. In Facebook, look under the “account” menu and select “Privacy Settings”.

From there click the “Customize settings” link at the bottom of the table. Within there, look for ”Suggest photos of me to friends”, and set it to “Disabled”.

I suspect that few people will simply stumble on that.

Other people tagging you in photos can lead to embarrassment you might want to avoid. Having your name suggested just makes that more likely.

While you are at it, you might want to change the setting that allows others to “check you in” to locations. That can tell thieves you are away from home or stalkers where to find you.

CNN has a good article on the announcement. Facebook lets users opt out of facial recognition – CNN.com

Thanks to Bruce Schneier for linking to this interesting article on using patterns in language to identify the author of emails.

While the technique would not allow them to identify your anonymous emails in an ocean of others, that is rarely the real world threat scenario.

In many cases there is a relative hand full of likely authors of a given email or group of emails. It is often possible to gather large samples of emails known and acknowledged to be from the likely authors. In that case this technique has a small group of targets and excellent training materials which allow for very high levels of accuracy (the authors of the paper claim 80% – 90%). That is probably enough to get a warrant to search your home and computers.

Unless you have been unusually careful, the gig is probably up by then. Remember, this might not be for criminal matters. It many cases this would come up in whistle blowing or other non-criminal situations.