[IP] Google's Web Accelerator is a big privacy risk (fwd from dave@farber.net)
- Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Thu, 5 May 2005 17:38:49 -0400 To: Ip ip@v2.listbox.com Subject: [IP] Google's Web Accelerator is a big privacy risk X-Mailer: Apple Mail (2.728) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Seth David Schoen [EMAIL PROTECTED] Date: May 5, 2005 4:08:54 PM EDT To: David Farber [EMAIL PROTECTED] Cc: Brian Carini [EMAIL PROTECTED] Subject: Re: [IP] Google's Web Accelerator is a big privacy risk David Farber writes: From: Brian Carini [EMAIL PROTECTED] Date: May 5, 2005 11:06:12 AM EDT To: David Farber [EMAIL PROTECTED] Subject: Google's Web Accelerator is a big privacy risk Reply-To: [EMAIL PROTECTED] I've said this before: I really like Google, but they are getting dangerous. Google has a great image as a good company. They have engendered a great amount of trust through their Don't Be Evil motto. And I think they really mean it. But the fact is that they are stockpiling a perilous amount of personal information about their users. Already, Google logs every search request with its IP address. Google has acknowledged this log in a number of interviews. But, they have never answered why they keep such a log. The search log by itself is not too harmful since the IP address identifies a computer and not a person. The searches cannot easily be traced to a particular person without help from the ISP, unless a person likes to Google their own name frequently. A bigger problem is that many Google search users are also Gmail users, and a cookie is shared between Gmail and Google search (because they use the same domain, google.com). Therefore, if a person uses Gmail and Google search from the same computer, even with a long period of time in between, Google will know the identity of the person responsible for those search queries. Google doesn't need to infer your identity from the content of your other web searches; it already knows it, if you're a Gmail user. This identification can be retroactive. If you used Google search for 3 years on a particular PC, and then signed up for a Gmail account, your search cookie from that PC would be sent to Google and the name you provided for your Gmail account could then be associated retroactively with your entire saved search history. Google cookies last as long as possible -- until 2038. If you've ever done a Google search on a given computer with a given web browser, you probably still have a descendant of the original PREF cookie that Google gave you upon your very first search, with the very same ID field (a globally unique 256-bit value). This problem is ubiquitous in the web portal industry, and Google is right to say that its privacy policy is better than many of its competitors'. However, Google is still assembling a treasure trove of personal information, possibly stretching back for years, that Google may release in response to any civil subpoena or governmental request: http://gmail.google.com/gmail/help/privacy.html#disclose -- Seth David Schoen [EMAIL PROTECTED] | Very frankly, I am opposed to people http://www.loyalty.org/~schoen/ | being programmed by others. http://vitanuova.loyalty.org/ | -- Fred Rogers (1928-2003), |464 U.S. 417, 445 (1984) - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net signature.asc Description: Digital signature
[IP] more on Google's Web Accelerator is a big privacy risk (fwd from dave@farber.net)
- Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Thu, 5 May 2005 17:39:40 -0400 To: Ip ip@v2.listbox.com Subject: [IP] more on Google's Web Accelerator is a big privacy risk X-Mailer: Apple Mail (2.728) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Lauren Weinstein [EMAIL PROTECTED] Date: May 5, 2005 5:13:59 PM EDT To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [IP] Google's Web Accelerator is a big privacy risk Dave, I guess it's going to take some kind of major Google-based privacy breakdown for people to finally understand what we've been saying. It doesn't matter how sweet, nice, trusted, or cool a service may be, the collection and archiving of vast amounts of users' Web search, e-mail, browsing, and other activities is a recipe for utter disaster. Google isn't the only culprit, but they're the big enchilada so they represent a very major risk. The only way to avoid abuse of such data is not to keep it around in the first place. Google's new Accelerator service ironically appears to wed the source masking aspects of caches (along with all of the usual problems with caches both for users and destination sites) to the worst aspects of Google's highly problematic data archiving policies. Google is smiling their way into becoming -- probably more through a bizarre combination of hubris and naivete than purposeful intentions -- a one-stop surveillance shopping center for every lawyer, police agency, district attorney, government agency, and so on who wants to know what people are doing on the Internet. Any entity able to pull a civil, criminal, Patriot/Homeland Security Act, or other investigatory operation out of their hats, will come to view Google as the mother lode of user tracking. Google is making money hand over fist. In exchange for their continued prosperity, it's time for lawmakers, regulators, and the Internet Community at large to demand not only that Google's data retention policies be made utterly transparent and public, but that they cease any long-term archival of detailed user activity data. --Lauren-- Lauren Weinstein [EMAIL PROTECTED] or [EMAIL PROTECTED] or [EMAIL PROTECTED] Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, EEPI - Electronic Entertainment Policy Initiative - http://www.eepi.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com - - - Begin forwarded message: From: Brian Carini [EMAIL PROTECTED] Date: May 5, 2005 11:06:12 AM EDT To: David Farber [EMAIL PROTECTED] Subject: Google's Web Accelerator is a big privacy risk Reply-To: [EMAIL PROTECTED] Dave, (for IP if you wish) Google is now offering a download and service called Web Accelerator (see http://webaccelerator.google.com/support.html ), which purportedly speeds up a broadband connection through proxy and caching. The application routes all page requests (except https) through Google's servers. Each page request is logged by Google. I've said this before: I really like Google, but they are getting dangerous. Google has a great image as a good company. They have engendered a great amount of trust through their Don't Be Evil motto. And I think they really mean it. But the fact is that they are stockpiling a perilous amount of personal information about their users. Already, Google logs every search request with its IP address. Google has acknowledged this log in a number of interviews. But, they have never answered why they keep such a log. The search log by itself is not too harmful since the IP address identifies a computer and not a person. The searches cannot easily be traced to a particular person without help from the ISP, unless a person likes to Google their own name frequently. If Google's search log makes you feel uneasy, Google Web Accelerator is much more threatening to privacy. When you use Google Web Accelerator, Google servers receive and log your page requests. (http://webaccelerator.google.com/privacy.html ) In other words, every non-encrypted web transaction is recorded permanently at Google. This page request log could be used to create a near-perfect reconstruction of a persons web use. Every page view, every search on every engine, every unencrypted login, any information (including name, address, email address, etc) submitted using the HTTP: GET or POST methods will stored in this page request log. I expect that it would be possible to identify a large proportion of individuals from their page request log. I don't think that Google currently has any evil intent for this data. That would be at odds with their Don't' Be Evil motto. I assume the current reason for collecting this data is simply for research. But, over time, slogans change, companies are
eBay Verify Account Information
Title: eBay Daily Status: Dec-19-04 06:21:56 PDT Your credit/debit card information must be updated Dear eBay Member, We recently noticed one or more attempts to log in to your eBay account from a foreign IP address and we have reasons to believe that your account was used by a third party without your authorization. If you recently accessed your account while traveling, the unusual login attempts may have been initiated by you The login attempt was made from: IP address: 172.25.210.66 ISP Host: cache-66.proxy.aol.com By now, we used many techniques to verify the accuracy of the information our users provide us when they register on the Site. However, because user verification on the Internet is difficult, eBay cannot and does not confirm each user's purported identity. Thus, we have established an offline verification system o help you evaluate with who you are dealing with. click on the link below, fill the form and then submit as we will verify http://www.ebay.com/aw-cgi/eBayISAPI.dll?VerifyRegistrationShow Please save this fraud alert ID for your reference Please Note - If you choose to ignore our request, you leave us no choice but to temporally suspend your account. * Please do not respond to this e-mail as your reply will not be received. Respectfully, Trust and Safety Department eBay Inc. Helpful links Search eBay - Find other items of interest My eBay - Track your buying and selling activity Discussion boards - Get help from other eBay members eBay Help - Find answers to your questions Learn More: Get notifications right on your desktop before an auction ends with the eBay Toolbar ! Trading guidelines eBay will not request personal data (password, credit card/bank numbers, and so on) in an email. Learn how to protect your account. Thank you for using eBay! http://www.ebay.com/ As outlined in our User Agreement, eBay will periodically send you information about site changes and enhancements. Visit our Privacy Policy and User Agreement if you have any questions. Copyright © 2004 eBay Inc. All Rights Reserved.Designated trademarks and brands are the property of their respective owners. eBay and the eBay logo are trademarks of eBay Inc.
Re: Pi: Less Random Than We Thought
--- Tyler Durden [EMAIL PROTECTED] wrote: Let us remember, of course, that the digits of pi are not random whatsoever: they are the digits of pi! Random is in the eye of the beholder. -TD Exactly. What an algorithm gives out is always deterministic. We try to see if there is some structure that allows us to cryptanalyze it. Sarad. __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail
Re: Pi: Less Random Than We Thought
hi, --- Gil Hamilton [EMAIL PROTECTED] wrote: For example, is this sequence of bits random: 01100100010? How about this one: 00? From a true random number generator, both are completely possible and equally valid. Random as in the sense guessable and thus posing a problem to the cryptosystem. Sarad. Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html
EFF event on Tor, San Francisco, May 10 (fwd from arma@mit.edu)
- Forwarded message from Roger Dingledine [EMAIL PROTECTED] - From: Roger Dingledine [EMAIL PROTECTED] Date: Wed, 4 May 2005 18:19:28 -0400 To: [EMAIL PROTECTED] Subject: EFF event on Tor, San Francisco, May 10 User-Agent: Mutt/1.2.5.1i Reply-To: [EMAIL PROTECTED] Free Tor t-shirt if you run a Tor server. Hope to see some of you there. :) --Roger Explore the World of Anonymous Communication Online Join EFF at 111 Minna Gallery to Hear Stories From the Trenches About the Creation of Tor, an Anonymous Internet Communication System WHEN: Tuesday, May 10th, 2005 7:00 p.m. to 9:30 p.m. WHAT: Tor: A Brief History of the Most Important Privacy Software Since PGP Tor is a free/open source software project to create an anonymous communication system on the Internet. Tor runs on all major platforms (Windows, Mac OS X, and Linux/UNIX). WHO: Roger Dingledine - Tor Project - tor.eff.org Roger Dingledine is the chief researcher and developer of Tor and has worked on anonymity and security software at MIT, Reputation Technologies, and his own Freehaven Project. Roger will share his personal experiences about the creation of Tor. Chris Palmer - Electronic Frontier Foundation - www.eff.org Chris Palmer is EFF's Technology Manager. He will discuss EFF's goals and reasons for supporting the Tor Project. WHERE: 111 Minna Gallery 111 Minna Street San Francisco, CA 94105 Tel: (415) 974-1719 This event is free and open to the general public. You must be 21+. Refreshments will be served. Free t-shirts for people currently running Tor nodes. (Bring your IP address.) To learn how to set up a Tor node, see http://tor.eff.org/cvs/tor/doc/tor-doc.html#server. Please RSVP to (415) 436-9333 x129 or [EMAIL PROTECTED] 111 Minna Gallery is accessible via BART. Get off at the Montgomery station and exit at 2nd and Market. Walk south on 2nd Street for a block and a half, and take a right down the Minna Street Alley. 111 Minna Street is located between Mission and Howard. The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. EFF is a member-supported organization and maintains one of the most linked-to websites in the world: http://www.eff.org/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net signature.asc Description: Digital signature
Re: Pi: Less Random Than We Thought
From: Sarad AV [EMAIL PROTECTED] Sent: May 5, 2005 8:43 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Pi: Less Random Than We Thought Well, if it were generated by a random process, we'd expect to see every n-bit substring in there somewhere, sooner or later, since the sequence never ends or repeats. Thus, the wonderful joke/idea about selling advertising space in the binary expansion of pi. Not only will your message last forever, but it will be seen by any advanced civilization that develops math and computers, even ones in other galaxies. --John
Re: [IP] Google's Web Accelerator is a big privacy risk (fwd from dave@farber.net)
Google cookies last as long as possible -- until 2038. If you've And you are allowing cookies because ... ? And you are keeping cookies past the session because ... ? Too lazy not to? To lazy to login again? Inherent belief that commercial entity should make your life easy for purely philantropical reasons? Just plain dumb? end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail
Your site
I apologize for this incursion and hope you don't mind me dropping you an email just to see if you might be interested having some search engine ranking work done on your site. We specialize in web design and web marketing that ranks #1 on Google, Yahoo, MSN and many others. I would be happy to send you references if you wish. Thank you, Chris S. We get your email by browsing the web to find websites and businesses that could benefit from our web design and optimization services. We send only one email and we do not sell your email address. Your email address is only databased to ensure that we do not send you another email. You may reply to this email with REMOVE in the subject line and we will never e-mail you again. This option is in accordance with federal antispam law.
Re: Pi: Less Random Than We Thought
Yes, but only provided the universe lasts long enough for those digits to be computed! -TD From: John Kelsey [EMAIL PROTECTED] To: Sarad AV [EMAIL PROTECTED], [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: Pi: Less Random Than We Thought Date: Fri, 6 May 2005 09:42:09 -0400 (GMT-04:00) From: Sarad AV [EMAIL PROTECTED] Sent: May 5, 2005 8:43 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Pi: Less Random Than We Thought Well, if it were generated by a random process, we'd expect to see every n-bit substring in there somewhere, sooner or later, since the sequence never ends or repeats. Thus, the wonderful joke/idea about selling advertising space in the binary expansion of pi. Not only will your message last forever, but it will be seen by any advanced civilization that develops math and computers, even ones in other galaxies. --John
[FoRK] Does the web have a public timestamper? (fwd from deafbox@hotmail.com)
- Forwarded message from Russell Turpin [EMAIL PROTECTED] - From: Russell Turpin [EMAIL PROTECTED] Date: Fri, 06 May 2005 19:14:35 + To: fork@xent.com Subject: [FoRK] Does the web have a public timestamper? Long ago, I thought some site -- maybe a certificate source like Thawte? -- should provide a provable timestamping service over the web. The basic idea is that when an application wants to timestamp some item, such as an entry in QuickBooks or an executed PDF or whatever, it would (1) generate a signature of the item, using SHA1 or the favorite hash function du jour, (2) then post a request to the timestamp site with the signature, (3) in the hope of receiving (a) a global timestamp and (b) a validation signature of the timestamp and item signature. The website also would maintain a globally accessible log, by time, of what validation signatures it had generated. These provide independent proof if ever needed that the item was indeed timestamped -- and hence, existed -- when claimed. It seems to me that this would be useful for a broad range of applications, from bookkeepping to facility monitoring. I can imagine all sorts of reasons for wanting a verified timestamp, from the legal to the mundane. Is anyone doing this? ___ FoRK mailing list http://xent.com/mailman/listinfo/fork - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net signature.asc Description: Digital signature
spoofing for dyslexic
Just a tiny interesting operation found out via routine misspelling that can breed paranoia in idle minds: sprint has smtp to SMS gateway for its customers running at messaging.sprintpcs.com, so if you e-mail to [EMAIL PROTECTED] the user gets message on the phone. Interestingly enough, there is also valid domain messaging.sprintpsc.com (note the swapped last two letters) that resolves to no less than 8 IP addresses. Someone wants it really reliable: Addresses: 69.25.27.171, 66.150.161.141, 69.25.27.170, 69.25.27.172 66.150.161.133, 66.150.161.140, 66.150.161.134, 66.150.161.136 sprintpsc.com is operated by po-box identified entity: Registrant: Acme Mail Box 455 Miami, FL 33265 US 305-201-4774 and of course messages sent to [EMAIL PROTECTED] do not end up on sprint's subscriber handset. Could be completely coincidental, of course. end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Discover Yahoo! Find restaurants, movies, travel and more fun for the weekend. Check it out! http://discover.yahoo.com/weekend.html
Links exchange with http://vegasreference.com.
Hello, We would like to exchange links between your site http://vegasreference.com and our exciting casino web site. Our site do NOT offer online gambling, it have information about different aspects of gambling and so it's very good and informative from our point of view. We require that our link to you is reciprocated. So please add our link to your site and send us it location, we will reply within 72 hours. Information about our site is next: URL: http://www.1-all-best-online-casinos.com Link Title: Online Casino Description: All Best Online Casino Games are here! Best regards, Ann Clark.
Re: Pi: Less Random Than We Thought
--- Tyler Durden [EMAIL PROTECTED] wrote: Let us remember, of course, that the digits of pi are not random whatsoever: they are the digits of pi! Random is in the eye of the beholder. -TD Exactly. What an algorithm gives out is always deterministic. We try to see if there is some structure that allows us to cryptanalyze it. Sarad. __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail
Re: Pi: Less Random Than We Thought
From: Sarad AV [EMAIL PROTECTED] Sent: May 5, 2005 8:43 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Pi: Less Random Than We Thought Well, if it were generated by a random process, we'd expect to see every n-bit substring in there somewhere, sooner or later, since the sequence never ends or repeats. Thus, the wonderful joke/idea about selling advertising space in the binary expansion of pi. Not only will your message last forever, but it will be seen by any advanced civilization that develops math and computers, even ones in other galaxies. --John
Re: Pi: Less Random Than We Thought
hi, --- Gil Hamilton [EMAIL PROTECTED] wrote: For example, is this sequence of bits random: 01100100010? How about this one: 00? From a true random number generator, both are completely possible and equally valid. Random as in the sense guessable and thus posing a problem to the cryptosystem. Sarad. Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html
Re: [IP] Google's Web Accelerator is a big privacy risk (fwd from dave@farber.net)
Google cookies last as long as possible -- until 2038. If you've And you are allowing cookies because ... ? And you are keeping cookies past the session because ... ? Too lazy not to? To lazy to login again? Inherent belief that commercial entity should make your life easy for purely philantropical reasons? Just plain dumb? end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail
Re: Pi: Less Random Than We Thought
Yes, but only provided the universe lasts long enough for those digits to be computed! -TD From: John Kelsey [EMAIL PROTECTED] To: Sarad AV [EMAIL PROTECTED], [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: Pi: Less Random Than We Thought Date: Fri, 6 May 2005 09:42:09 -0400 (GMT-04:00) From: Sarad AV [EMAIL PROTECTED] Sent: May 5, 2005 8:43 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Pi: Less Random Than We Thought Well, if it were generated by a random process, we'd expect to see every n-bit substring in there somewhere, sooner or later, since the sequence never ends or repeats. Thus, the wonderful joke/idea about selling advertising space in the binary expansion of pi. Not only will your message last forever, but it will be seen by any advanced civilization that develops math and computers, even ones in other galaxies. --John